Vulnerability Analysis of Two Ultralightweight RFID Authentication Protocols

Yousof Farzaneh¹, Mahdi Azizi², Masoud Dehkordi¹, and Abdolrasoul Mirghadri²

 ¹School of Mathematics, Iran University of Science and Technology, Iran

²Faculty of Communication and Information Technology, IHU University, Iran

Abstract: Ultralightweight Radio Frequency Identification (RFID) authentication protocols are suitable for low-cost RFID tags with restricted computational power and memory space. Recently, Lee proposed two ultra lightweight authentication protocols for low-cost RFID tags, namely DIDRFID and SIDRFID protocols. The first protocol is based on dynamic identity and the second one on static identity. Lee claimed that his protocols can resist tracking, replay, impersonation, and DOS attacks. In this paper, we show that Lee’s protocols are not secure and they are vulnerable against tracking, impersonation, and full disclosure attacks. Specially, an adversary can accomplish an effective full disclosure attack on DIDRFID protocol by eavesdropping two consecutive sessions and gets all the secret information stored on a tag. Also, we demonstrate that an adversary with ability of obtaining secret information of a single compromised tag in SIDRFID protocol, can get the secret information of other tags and she/he can completely control the whole RFID system.

 Keywords: Low-cost RFID, cryptography, protocol, vulnerability.