Cryptology ePrint Archive: Report 2019/1125

Breaking Anonymity of Some Recent Lightweight RFID Authentication Protocols

Karim Baghery and Behzad Abdolmaleki and Shahram Khazaei and Mohammad Reza Aref

Abstract: Due to their impressive advantages, Radio Frequency IDentification (RFID) systems are ubiquitously found in various novel applications. These applications are usually in need of quick and accurate authentication or identification. In many cases, it has been shown that if such systems are not properly designed, an adversary can cause security and privacy concerns for end-users. In order to deal with these concerns, impressive endeavors have been made which have resulted in various RFID authentications being proposed. In this study, we analyze three lightweight RFID authentication protocols proposed in Wireless Personal Communications (2014), Computers & Security (2015) and Wireless Networks (2016). We show that none of the studied protocols provides the desired security and privacy required by the end-users. We present various security and privacy attacks such as secret parameter reveal, impersonation, DoS, traceability, and forward traceability against the studied protocols. Our attacks are mounted in the Ouafi–Phan RFID formal privacy model which is a modified version of the well-known Juels–Weis privacy model.

Category / Keywords: applications / Anonymous RFID authentication protocol, Internet of Things (IoT), Security and privacy, Hash functions, Ouafi–Phan privacy model

Original Publication (with minor differences): Wireless Networks

Date: received 30 Sep 2019

Contact author: karim baghery at ut ee

Available format(s): PDF | BibTeX Citation

Note: This is a preprint of an article published in Journal of Wireless Networks, 2019, 25: 1235.

Version: 20191002:075623 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]