Tracking and impersonating tags in a CRC-based ultralightweight RFID authentication protocol

  • Seyed Farhad Aghili
  • Hamid MalaEmail author


Design of ultralightweight authentication protocols for RFID systems conformed with the EPC Class-1 Generation-2 standard is still a challenging issue in RFID security. Recently, Maurya et al. proposed a CRC-based authentication protocol and claimed that their protocol resists against all attacks known in RFID systems. However, in this paper, we criticize employment of CRC function as a security primitive for authentication protocols by proposing two serious attacks against Maurya et al.’s protocol. These two effective and low-complexity attacks include a tag impersonation attack and a tag traceability attack. Our attacks use the linearity of the CRC function employed in this protocol. Our analyses show that the success probability of our attacks is “1” while the complexity is only one session eavesdropping, two XORs and one CRC computation. Moreover, we verify correctness of our attacks by simulating them.


RFID EPC-C1G2 Cyclic redundancy code Ultralightweight Authentication Impersonation attack Traceability attack 



  1. 1.
    EPCglobal Inc. Class 1 Generation 2 UHF Air Interface Protocol Standard Version 1.09. Available online at. Last access 2013/12/14
  2. 2.
    Aghili SF, Ashouri-Talouki M, Mala H (2018) DoS, impersonation and de-synchronization attacks against an ultra-lightweight RFID mutual authentication protocol for IoT. The Journal of Supercomputing 74(1):509–525CrossRefGoogle Scholar
  3. 3.
    Aghili SF, Bagheri N, Gauravaram P, Safkhani M, Sanadhya SK (2013) On the security of two RFID mutual authentication protocols. In: RFIDSEc, lecture notes in computer science. Springer, vol 8262, pp 86–99Google Scholar
  4. 4.
    Aghili SF, Mala H (2019) Security analysis of an ultra-lightweight RFID authentication protocol for m-commerce. Int J Commun Syst 32(3):e3837CrossRefGoogle Scholar
  5. 5.
    Ahmadian Z, Salmasizadeh M, Aref MR (2013) Desynchronization attack on RAPP ultralightweight authentication protocol. Inf Process Lett 113(7):205–209MathSciNetCrossRefGoogle Scholar
  6. 6.
    Akgün M., Caglayan MU (2013) On the Security of Recently Proposed RFID Protocols. IACR Cryptol ePrint Arch 2013:820Google Scholar
  7. 7.
    Avoine G, Carpent X (2012) Yet another ultralightweight authentication protocol that is broken. RFIDSec 7739:20–30Google Scholar
  8. 8.
    Bagheri N, Safkhani M, Peris-Lopez P, Tapiador JE (2014) Weaknesses in a new ultralightweight RFID authentication protocol with permutation—RAPP. Secur Commun Netw 7(6):945–949CrossRefGoogle Scholar
  9. 9.
    Baghery K, Abdolmaleki B, Emadi M (2014) Game-based Cryptanalysis of a Lightweight CRC-based Authentication Protocol for EPC Tags. AUT J Electr Eng 46(1):27–36Google Scholar
  10. 10.
    Bilal Z, Masood A, Kausar F (2009) Security analysis of ultra-lightweight cryptographic protocol for low-cost RFID tags: Gossamer protocol. In: 2009. NBIS’09. International conference on Network-based information systems. IEEE, pp. 260–267Google Scholar
  11. 11.
    Burmester M, de Medeiros B (2008) The security of EPC gen2 compliant RFID protocols. In: Bellovin SM, Gennaro R, Keromytis A.D, Yung M (eds) ACNS, Lecture Notes in Computer Science, vol 5037, pp 490–506CrossRefGoogle Scholar
  12. 12.
    Cao T, Bertino E, Lei H (2009) Security analysis of the SASI protocol. IEEE Trans Depend Sec Comput 6(1):73–77CrossRefGoogle Scholar
  13. 13.
    Chen CL, Chien CF (2013) An ownership transfer scheme using mobile RFIDs. Wirel Person Commun 68 (3):1093–1119CrossRefGoogle Scholar
  14. 14.
    Chen CL, Deng YY (2009) Conformation of EPC Class 1 Generation 2 standards RFID system with mutual authentication and privacy protection. Eng. Appl. AI 22(8):1284–1291CrossRefGoogle Scholar
  15. 15.
    Chien HY (2007) SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans Depend Sec Comput 4(4):337–340CrossRefGoogle Scholar
  16. 16.
    Chien HY, Chen CH (2007) Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards. Comput Stand Interfaces 29(2):254–259CrossRefGoogle Scholar
  17. 17.
    van Deursen T (2011) 50 Ways to Break RFID Privacy. Privacy and Identity Management for Life IFIP Advances in Information and Communication Technology, vol 352, pp 192–205Google Scholar
  18. 18.
    Duc DN, Park J, Lee H, Kim K (2006) Enhancing security of EPCglobal GEN-2 RFID tag against traceability and cloning. In: Proceedings of the Symposium on Cryptography and Information Security, pp 17–20Google Scholar
  19. 19.
    Fan K, Ge N, Gong Y, Li H, Su R, Yang Y (2016) An ultra-lightweight RFID authentication scheme for mobile commerce. Peer-to-Peer Networking and Applications, pp 1–9Google Scholar
  20. 20.
    Fan K, Gong Y, Liang C, Li H, Yang Y (2015) Lightweight and ultralightweight RFID mutual authentication protocol with cache in the reader for IoT in 5G. Secur Commun Netw 9(16):3095–3104CrossRefGoogle Scholar
  21. 21.
    Gao L, Ma M, Shu Y, Wei Y (2014) An ultralightweight RFID authentication protocol with CRC and permutation. J Netw Comput Appl 41:37–46CrossRefGoogle Scholar
  22. 22.
    Han D, Kwon D (2009) Vulnerability of an RFID authentication protocol conforming to EPC Class 1 Generation 2 Standards. Comput Stand Interfaces 31(4):648–652CrossRefGoogle Scholar
  23. 23.
    Li T (2008) Employing lightweight primitives on Low-Cost RFID tags for authentication. In: 2008. VTC 2008-fall. IEEE 68th Vehicular technology conference. IEEE, pp. 1–5Google Scholar
  24. 24.
    Lim TL, Li T, Gu T (2008) Secure RFID identification and authentication with triggered hash chain variants. In: ICPADS 08: Proceedings of the 2008 14th IEEE International Conference on Parallel and Distributed Systems. IEEE Computer Society, Washington, pp. 583–590Google Scholar
  25. 25.
    Ling S, Xing C (2004) Coding theory: a first course. Cambridge University Press, CambridgeGoogle Scholar
  26. 26.
    Lo NW, Yeh KH (2007) An Efficient Mutual Authentication Scheme for EPCglobal Class-1 Generation-2 RFID System. In: Denko M.K., Shih C.S., Li K.C., Tsao S.L., Zeng Q.A., Park S.H., Ko Y.B., Hung S.H., Park J.H. (eds) EUC Workshops, Lecture Notes in Computer Science, vol 4809. Springer, pp 43–56Google Scholar
  27. 27.
    Lyubashevsky V, Masny D (2013) Man-in-the-middle Secure Authentication Schemes from LPN and Weak PRFs. In: Canetti R, Garay JA (eds) CRYPTO (2), Lecture Notes in Computer Science, vol 8043. Springer, pp 308–325Google Scholar
  28. 28.
    Maurya PK, Pal J, Bagchi S (2017) A coding theory based ultralightweight RFID authentication protocol with CRC. Wirel Person Commun 97(1):967–976CrossRefGoogle Scholar
  29. 29.
    Pang L, Li H, He L, Alramadhan A, Wang Y (2014) Secure and efficient lightweight RFID authentication protocol based on fast tag indexing. Int J Commun Syst 27(11):3244–3254Google Scholar
  30. 30.
    Peris-Lopez P, Castro JCH, Estévez-Tapiador JM, Ribagorda A (2009) Cryptanalysis of a novel authentication protocol conforming to EPC-c1g2 standard. Comput Stand Interfaces 31(2):372–380CrossRefGoogle Scholar
  31. 31.
    Peris-Lopez P, Hernandez-Castro JC, Estevez-Tapiador JM, Ribagorda A (2006) EMAP: An efficient mutual-authentication protocol for low-cost RFID tags. In: OTM Confederated international conferences on the move to meaningful internet systems. Springer, pp. 352–361Google Scholar
  32. 32.
    Peris-Lopez P, Hernandez-Castro JC, Estevez-Tapiador JM, Ribagorda A (2006) M2AP: A minimalist mutual-authentication protocol for low-cost RFID tags. In: International conference on ubiquitous intelligence and computing. Springer, pp. 912–923Google Scholar
  33. 33.
    Peris-Lopez P, Hernandez-Castro JC, Tapiador JM, Ribagorda A (2008) Advances in ultra-lightweight cryptography for low-cost RFID tags: Gossamer protocol. In: International workshop on information security applications. Springer, pp. 56–68Google Scholar
  34. 34.
    Safkhani M, Bagheri N (2016) Passive secret disclosure attack on an ultralightweight authentication protocol for Internet of Things. The Journal of Supercomputing, pp 1–7Google Scholar
  35. 35.
    Shao-hui W, Zhijie H, Sujuan L, Dan-wei C (2012) Security analysis of RAPP an RFID authentication protocol based on permutation. College of computer, Nanjing University of Posts and Telecommunications Nanjing, pp 210046Google Scholar
  36. 36.
    Shi Z, Xia Y, Zhang Y, Wang Y, Dai J (2014) A crc-based lightweight authentication protocol for epcglobal class-1 gen-2 tags. In: International conference on algorithms and architectures for parallel processing. Springer, pp. 632–643Google Scholar
  37. 37.
    Taqieddin E (2017) On the improper use of CRC for cryptographic purposes in RFID mutual authentication protocols. Int J Commun Netw Inf Sec 9(2):230–240Google Scholar
  38. 38.
    Tewari A, Gupta B (2016) Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags. J Supercomput 73(3):1085–1102CrossRefGoogle Scholar
  39. 39.
    Tian Y, Chen G, Li J (2012) A new ultralightweight RFID authentication protocol with permutation. IEEE Commun Lett 16(5):702–705CrossRefGoogle Scholar
  40. 40.
    Wang KH, Chen CM, Fang W, Wu TY (2017) On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. The Journal of Supercomputing, pp 1–6Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of Information Technology Engineering, Faculty of Computer EngineeringUniversity of IsfahanIsfahanIran

Personalised recommendations