Paper 2010/463

Passive Cryptanalysis of the UnConditionally Secure Authentication Protocol for RFID Systems

Mohammad Reza Sohizadeh Abyaneh


Recently, Alomair et al. proposed the rst UnConditionally Secure mutual authentication protocol for low-cost RFID systems(UCS- RFID). The security of the UCS-RFID relies on ve dynamic secret keys which are updated at every protocol run using a fresh random number (nonce) secretly transmitted from a reader to tags. Our results show that, at the highest security level of the protocol (security parameter= 256), inferring a nonce is feasible with the probability of 0.99 by eavesdropping(observing) about 90 runs of the protocol. Finding a nonce enables a passive attacker to recover all ve secret keys of the protocol. To do so, we propose a three-phase probabilistic approach in this paper. Our attack recovers the secret keys with a probability that increases by accessing more protocol runs. We also show that tracing a tag using this protocol is also possible even with less runs of the protocol.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
RFIDAuthentication ProtocolPassive Attack
Contact author(s)
reza sohizadeh @ ii uib no
2011-01-04: last of 4 revisions
2010-09-01: received
See all versions
Short URL
Creative Commons Attribution


      author = {Mohammad Reza Sohizadeh Abyaneh},
      title = {Passive Cryptanalysis of the UnConditionally Secure Authentication Protocol for RFID Systems},
      howpublished = {Cryptology ePrint Archive, Paper 2010/463},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.