We found similar flaws in the protocols in [OTYT06,KCL07].
References
[ALP07] Basel Alomair, Loukas Lazos, and Radha Poovendran. Passive attacks on a class of authentication protocols for RFID. In ICISC, pages 102–115, 2007. 6.3
[Avo05] Gildas Avoine. Adversary model for radio frequency identi-fication. Technical Report LASEC-REPORT-2005-001, Swiss Federal Institute of Technology (EPFL), Security and Cryptog-raphy Laboratory (LASEC), Lausanne, Switzerland, September 2005. 3.3,13.3
[BCI08] Julien Bringer, Herv´e Chabanne, and Thomas Icart. Crypt-analysis of EC-RAC, a RFID identification protocol. In CANS, pages 149–161, 2008.
[CC07] Hung-Yu Chien and Che-Hao Chen. Mutual authentication pro-tocol for RFID conforming to EPC class 1 generation 2 stan-dards. Computer Standars & Interfaces, Elsevier Science Pub-lishers, 29(2):254–259, February 2007. 6.3
[CH07] Hung-Yu Chien and Chen-Wei Huang. A lightweight RFID pro-tocol using substring. In Embedded and Ubiquitous Computing (EUC), pages 422–431, 2007. 1,5.3,7.3,10.4,14.3
[CLL05] Eun Young Choi, Su Mi Lee, and Dong Hoon Lee. Efficient RFID authentication protocol for ubiquitous computing envi-ronment. In Tomoya Enokido, Lu Yan, Bin Xiao, Daeyoung Kim, Yuanshun Dai, and Laurence Yang, editors, International Workshop on Security in Ubiquitous Computing Systems – se-cubiq 2005, volume 3823 of Lecture Notes in Computer Science, pages 945–954, Nagasaki, Japan, December 2005. Springer-Verlag. 6.3
[CM05] C.J.F. Cremers and S. Mauw. Operational semantics of security protocols. In S. Leue and T.J. Syst¨a, editors, Scenarios: Mod-els, Algorithms and Tools (Dagstuhl 03371 post-seminar pro-ceedings, September 7–12, 2003), volume 3466 of LNCS, pages 66–89, 2005.
[DFJ07] Benessa Defend, Kevin Fu, and Ari Juels. Cryptanalysis of two lightweight RFID authentication schemes. In PerCom Work-shops, pages 211–216, 2007. 6.3
[DH76] Whitfield Diffie and Martin E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644–654, 1976.
[DM07] Roberto Di Pietro and Refik Molva. Information confinement, privacy, and security in RFID systems. In ESORICS, pages 187–202, 2007. 2
[DMR08] Ton van Deursen, Sjouke Mauw, and Saˇsa Radomirovi´c. Un-traceability of RFID protocols. In Information Security Theory and Practices. Smart Devices, Convergence and Next Genera-tion Networks, volume 5019 of Lecture Notes in Computer Sci-ence, pages 1–15, Seville, Spain, 2008. Springer.
[DMRV09] Ton van Deursen, Sjouke Mauw, Saˇsa Radomirovi´c, and Pim Vullers. Secure ownership and ownership transfer in RFID sys-tems. In Proc. 14th European Symposium On Research In Com-puter Security (ESORICS’09), Lecture Notes in ComCom-puter Sci-ence. Springer, 2009. To appear.
[DP08] Ivan Damg˚ard and Michael Østergaard Pedersen. RFID secu-rity: Tradeoffs between security and efficiency. In CT-RSA, pages 318–332, 2008.
[DR08a] Ton van Deursen and Saˇsa Radomirovi´c. Security of an RFID protocol for supply chains. In Proceedings of the 1st Workshop on Advances in RFID, AIR’08 (to appear). IEEE Computer Society, October 2008.
[DR08b] Ton van Deursen and Saˇsa Radomirovi´c. Security of RFID pro-tocols – A case study. In Proceedings of the 4th International Workshop on Security and Trust Management, STM 2008 (to appear), ENTCS. Elsevier, June 2008.
[DR09] Ton van Deursen and Saˇsa Radomirovi´c. Algebraic attacks on RFID protocols. In Information Security Theory and Practices.
Smart Devices, Pervasive Systems, and Ubiquitous Networks (to appear), Lecture Notes in Computer Science, Brussels, Belgium, 2009. Springer.
[DY83] D. Dolev and A.C. Yao. On the security of public key protocols.
IEEE Transactions on Information Theory, IT-29(2):198–208, March 1983.
[GRS05] Henri Gilbert, Matthew Robshaw, and Herv´e Sibert. An active attack against HB+ – a provably secure lightweight authentica-tion protocol. Manuscript, July 2005. 2.3
[HM04] Dirk Henrici and Paul M¨uller. Hash-based enhancement of lo-cation privacy for radio-frequency identifilo-cation devices using varying identifiers. In PerCom Workshops, pages 149–153, 2004.
3.3,12,13.3
[HMNB07a] JaeCheol Ha, Sang-Jae Moon, Juan Manuel Gonz´alez Nieto, and Colin Boyd. Low-cost and strong-security RFID authenti-cation protocol. In Embedded and Ubiquitous Computing (EUC) Workshops, pages 795–807, 2007. 3,12.3,13.3
[HMNB07b] JaeCheol Ha, Sang-Jae Moon, Juan Manuel Gonz´alez Nieto, and Colin Boyd. Security analysis and enhancement of one-way hash based low-cost authentication protocol (OHLCAP).
In PAKDD Workshops, pages 574–583, 2007. 6.3
[JW05] Ari Juels and Stephen Weis. Authenticating pervasive devices with human protocols. In Victor Shoup, editor, Advances in Cryptology – CRYPTO’05, volume 3126 of Lecture Notes in Computer Science, pages 293–308, Santa Barbara, California, USA, August 2005. IACR, Springer-Verlag. 2.3
[JW07] Ari Juels and Stephen Weis. Defining strong privacy for RFID.
In International Conference on Pervasive Computing and Com-munications – PerCom 2007, pages 342–347, New York, USA, March 2007. IEEE, IEEE Computer Society Press.
[KCL07] Il Jung Kim, Eun Young Choi, and Dong Hoon Lee. Secure mobile RFID system against privacy and security problems. In SecPerU 2007, 2007. 4,10.4,11.3,15.3
[KCLL06] Kyoung Hyun Kim, Eun Young Choi, Su-Mi Lee, and Dong Hoon Lee. Secure EPCglobal class-1 gen-2 RFID sys-tem against security and privacy problems. In On The Move (OTM) Workshops (1), pages 362–371, 2006. 1.3, 5, 7.3,14.3, 15.3
[KN05] Jeonil Kang and Daehun Nyang. RFID authentication protocol with strong resistance against traceability and denial of service attacks. In Refik Molva, Gene Tsudik, and Dirk Westhoff, ed-itors, European Workshop on Security and Privacy in Ad hoc and Sensor Networks – ESAS’05, volume 3813 of Lecture Notes in Computer Science, pages 164–175, Visegrad, Hungary, July 2005. Springer-Verlag. 6,15.3
[LAK06] RFID mutual authentication scheme based on synchronized se-cret information. In Symposium on Cryptography and Informa-tion Security, Hiroshima, Japan, January 2006.1.3,5.3,7,14.3, 15.3
[LBV07] Yong Ki Lee, Lejla Batina, and Ingrid Verbauwhede. Provably secure RFID authentication protocol EC-RAC (ECDLP based randomized access control). 2007. 8,8.3,9.3
[LBV08] Yong Ki Lee, Lejla Batina, and Ingrid Verbauwhede. EC-RAC (ECDLP based randomized access control): Provably secure RFID authentication protocol. In Proceedings of the 2008 IEEE International Conference on RFID, pages 97–104, 2008. 8.3,9 [LCUL06] Yong-Zhen Li, Young-Bok Cho, Nam-Kyoung Um, and Sang Ho
Lee. Security and privacy on authentication protocol for low-cost RFID. In Computational Intellegence and Security (CIS), pages 788–794, 2006. 10.4
[LD07] Yingjiu Li and Xuhua Ding. Protecting RFID communications in supply chains. In ASIACCS, pages 234–241, 2007. 10,10.1 [Low97] Gavin Lowe. A hierarchy of authentication specifications. In
CSFW, pages 31–44, 1997.
[LW07] Tieyan Li and Guilin Wang. Security analysis of two ultra-lightweight RFID authentication protocols. In IFIP SEC 2007, Sandton, Gauteng, South Africa, May 2007. IFIP. 6.3
[LY07a] N. W. Lo and Kuo-Hui Yeh. An efficient mutual authentication scheme for EPCglobal class-1 generation-2 RFID system. In Embedded and Ubiquitous Computing (EUC) Workshops, pages 43–56, 2007. 3.3,12,13.3
[LY07b] N. W. Lo and Kuo-Hui Yeh. Hash-based mutual authentica-tion protocol for mobile RFID systems with robust reader-side privacy protection, to appear. 2007. 3.3,12,13.3
[LY07c] N. W. Lo and Kuo-Hui Yeh. Novel RFID authentication schemes for security enhancement and system efficiency. In Se-cure Data Management, pages 203–212, 2007. 3.3,12,13.3 [OTYT06] Kyosuke Osaka, Tsuyoshi Takagi, Kenichi Yamazaki, and
Os-amu Takahashi. An efficient and secure RFID security method with ownership transfer. In Computational Intellegence and Se-curity (CIS), pages 778–787, 2006. 10.4,11,15.3
[PLCETR06a] Pedro Peris-Lopez, Julio C´esar Hern´andez Castro, Juan M.
Est´evez-Tapiador, and Arturo Ribagorda. EMAP: An efficient mutual-authentication protocol for low-cost RFID tags. In On The Move (OTM) Workshops (1), pages 352–361, 2006. 6.3 [PLCETR06b] Pedro Peris-Lopez, Julio C´esar Hern´andez Castro, Juan M.
Est´evez-Tapiador, and Arturo Ribagorda. LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. Printed handout of Workshop on RFID Security – RFID-Sec 06, July 2006. 6.3
[PLCETR06c] Pedro Peris-Lopez, Julio C´esar Hern´andez Castro, Juan M.
Est´evez-Tapiador, and Arturo Ribagorda. M2AP: A minimal-ist mutual-authentication protocol for low-cost RFID tags. In Ubiquitous Intellegence and Computing (UIC), pages 912–923, 2006. 6.3
[PLHCETR07] Pedro Peris-Lopez, Julio Cesar Hernandez-Castro, Juan Estevez-Tapiador, and Arturo Ribagorda. Cryptanalysis of a novel authentication protocol conforming to EPC-C1G2 stan-dard., 2007. 6.3
[PV08] Radu-Ioan Paise and Serge Vaudenay. Mutual authentication in RFID: Security and privacy. In ACM Symposium on Informa-tion, Computer and Communications Security (ASIACCS’08), pages 292–299. ACM Press, 2008.
[SLK06] Youngjoon Seo, Hyunrok Lee, and Kwangjo Kim. A scalable and untraceable authentication protocol for RFID. In Embedded and Ubiquitous Computing (EUC) Workshops, pages 252–261, 2006. 12.3,13
[SM08] Boyeon Song and Chris J. Mitchell. RFID authentication pro-tocol for low-cost tags. In Wireless Network Security (WISEC), pages 140–147, 2008. 1.3,5.3,7.3,14,15.3
[THG98] F.J. Thayer F`abrega, J.C. Herzog, and J.D. Guttman. Strand spaces: Why is a security protocol correct? In Proc. 1998 IEEE Symposium on Security and Privacy, pages 66–77, Oak-land, California, 1998.
[Vau07] Serge Vaudenay. On privacy models for RFID. In Advances in Cryptology - ASIACRYPT 2007, volume 4833 of Lecture Notes in Computer Science, pages 68–87, Kuching, Malaysia, Decem-ber 2007. Springer-Verlag.
[VB03] Istv´an Vajda and Levente Butty´an. Lightweight authentication protocols for low-cost RFID tags. In Second Workshop on Se-curity in Ubiquitous Computing – Ubicomp 2003, Seattle, WA, USA, October 2003. 6.3
[YPL+05] Jeongkyu Yang, Jaemin Park, Hyunrok Lee, Kui Ren, and Kwangjo Kim. Mutual authentication protocol for low-cost RFID. Handout of the Ecrypt Workshop on RFID and Lightweight Crypto, July 2005. 10.4,11.3,15,15.3