Cryptology ePrint Archive: Report 2016/387

Game-Based Cryptanalysis of a Lightweight CRC-Based Authentication Protocol for EPC Tags

K. Baghery, B. Abdolmaleki, M. J. Emadi

Abstract: The term "Internet of Things (IoT)" expresses a huge network of smart and connected objects which can interact with other devices without our interposition. Radio frequency identification (RFID) is a great technology and an interesting candidate to provide communications for IoT networks, but numerous security and privacy issues need to be considered. In this paper, we analyze the security and the privacy of a new RFID authentication protocol proposed by Shi et al. in 2014. We prove that although Shi et al. have tried to present a secure and untraceable authentication protocol, their protocol still suffers from several security and privacy weaknesses which make it vulnerable to various security and privacy attacks. We present our privacy analysis based on a well-known formal privacy model which is presented by Ouafi and Phan in 2008. Moreover, to stop such attacks on the protocol and increase the performance of Shi et al.ís scheme, we present some modifications and propound an improved version of the protocol. Finally, the security and the privacy of the proposed protocol were analyzed against various attacks.

Category / Keywords: cryptographic protocols / Internet of things; RFID authentication protocols; Security and privacy; Ouafi-Phan privacy model; EPC C1 G2 standard.

Original Publication (in the same form): Amirkabir International Journal of Electrical & Electronics Engineering (AIJ-EEE)

Date: received 16 Apr 2016

Contact author: abdolmaleki behzad at yahoo com

Available format(s): PDF | BibTeX Citation

Version: 20160419:165904 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]