In September 2009, David and Prasad proposed at MobiSec’09 an interesting new ultralightweight mutual authentication protocol for low-cost RFID tags. In this paper, we present a quite powerful cryptanalytic attack against their proposal: we start with a traceability attack, then describe how it can be extended to leak long-term stored secrets, and finally present a full disclosure attack (named...

Tian et al. proposed a novel ultralightweight RFID mutual authentication protocol [4] that has recently been analyzed in [1], [2], [5]. In this letter, we first propose a desynchronization attack that succeeds with probability almost 1, which improves upon the 0.25 given by the attack in [1]. We also show that the bad properties of the proposed permutation function can be exploited to disclose ...

Recently Chen et al. have proposed a RFID access control protocol based on the strategy of indefinite-index and challenge-response. They have claimed that their protocol provides optimal location privacy and resists against man in the middle, spoofed tag and spoofed reader attacks. However, in this paper we show that Chen et al. protocol does not provide the claimed security. More precisely, we...

In this paper we present new constraints to EPCglobal Class 1 Generation 2 (EPCC1 G2) standard which if they have been considered in the design of EPC-C1 G2 complaint authentication protocols, lead to prevent predecessor’s protocols’ weaknesses and also present the secure ones. Also in this paper as an example, we use Pang et al. EPC-C1 G2-friendly protocol which has been recently proposed, to ...

EPC class 1 Generation 2(or in short term EPC-C1 G2) is one of the most important standards for RFID passive tags. However, the original protocol known to be insecure. To improve the security of this standard, several protocols have been proposed compliant to this standard. In this paper we analyze the improved Yeh et al. ’s protocol by Yoon which is conforming to EPC-C1 G2 standard and is one ...

Recently Qian et al. [38] have proposed a new attack for RFID systems, called counting attack, where the attacker just aims to estimate the number of tagged objects instead of steal the tags’ private information. They have stated that most of the existing RFID mutual authentication protocols are vulnerable to this attack. To defend against counting attack, they propose a novel Anti-Counting Sec...

traceability is a basic requirement for the most of products from the viewpoint of governments and customers. it has base of quality systems and supports integration of supply chain information systems. this paper has presented a holistic model for supply chain traceability through structural equation modeling. this model will support recall of products, quality assurance requirements, improve ...

Traceability is the ability to map events in cyberspace, particularly on the Internet, back to real-world instigators, often with a view to holding them accountable for their actions. Anonymity is present when traceability fails. I examine how traceability on the Internet actually works, looking first at a classical approach from the late 1990s that emphasises the rôle of activity logging and r...

Design of ultra-lightweight authentication protocols for RFID systems conformed with the EPC Class-1 Generation-2 standard is still a challenging issue in RFID security. Recently, Maurya et al. have proposed a CRC based authentication protocol and claimed that their protocol can resist against all known attacks in RFID systems. However, in this paper we show that their protocol is vulnerable to...

The Radio Frequency Identification (RFID) technology has a diverse base of applications, but it is also prone to security threats. There are different types of security attacks which limit the range of the RFID applications. For example, deploying the RFID networks in insecure environments could make the RFID system vulnerable to many types of attacks such as spoofing attack, location traceabil...