Breaking anonymity of some recent lightweight RFID authentication protocols

  • Karim Baghery
  • Behzad Abdolmaleki
  • Shahram Khazaei
  • Mohammad Reza Aref


Due to their impressive advantages, Radio Frequency IDentification (RFID) systems are ubiquitously found in various novel applications. These applications are usually in need of quick and accurate authentication or identification. In many cases, it has been shown that if such systems are not properly designed, an adversary can cause security and privacy concerns for end-users. In order to deal with these concerns, impressive endeavors have been made which have resulted in various RFID authentications being proposed. In this study, we analyze three lightweight RFID authentication protocols proposed in Wireless Personal Communications (2014), Computers & Security (2015) and Wireless Networks (2016). We show that none of the studied protocols provides the desired security and privacy required by the end-users. We present various security and privacy attacks such as secret parameter reveal, impersonation, DoS, traceability, and forward traceability against the studied protocols. Our attacks are mounted in the Ouafi–Phan RFID formal privacy model which is a modified version of well-known Juels–Weis privacy model.


Anonymous RFID authentication protocol Internet of Things (IoT) Security and privacy Hash functions Ouafi–Phan privacy model 



Two first authors were supported by the Estonian Research Council grant (PRG49). The third author has been supported by Iranian National Science Foundation (INSF) under contract No. 92027548 and Sharif Industrial Relation Office (SIRO) under Grant No. G931223.


  1. 1.
    Xie, W., Xie, L., Zhang, C., Wang, Q., Xu, J., Zhang, Q., et al. (2014). RFID seeking: Finding a lost tag rather than only detecting its missing. Journal of Network and Computer Applications, 42, 135–142.CrossRefGoogle Scholar
  2. 2.
    Tajima, M. (2007). Strategic value of RFID in supply chain management. Journal of purchasing and supply management, 13(4), 261–273.CrossRefGoogle Scholar
  3. 3.
    Van Deursen, N., Buchanan, W. J., & Duff, A. (2013). Monitoring information security risks within health care. Computers & Security, 37, 31–45.CrossRefGoogle Scholar
  4. 4.
    Gross, H., Wenger, E., Martín, H., & Hutter, M. (2014). Pioneera prototype for the internet of things based on an extendable EPC gen2 RFID tag. In International Workshop on Radio Frequency Identification: Security and Privacy Issues (pp. 54–73). Springer.Google Scholar
  5. 5.
    Galins, A., Beinarovics, P., Laizans, A., & Jakusenoks, A., et al. (2016). RFID application for electric car identification at charging station. In Engineering for Rural Development: Proceedings of the 15th International scientific conference (pp. 25–27).Google Scholar
  6. 6.
    Farash, M. S., Turkanović, M., Kumari, S., & Hölbl, M. (2016). An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the internet of things environment. Ad Hoc Networks, 36, 152–176.CrossRefGoogle Scholar
  7. 7.
    Baghery, K., Abdolmaleki, B., Akhbari, B., & Aref, M. R. (2016). Enhancing privacy of recent authentication schemes for low-cost RFID systems. The ISC International Journal of Information Security, 7(2), 135–149.Google Scholar
  8. 8.
    Suh, W. S., Yoon, E. J., & Piramuthu, S. (2013). RFID-based attack scenarios in retailing, healthcare and sports. Journal of Information Privacy and Security, 9(3), 4–17.CrossRefGoogle Scholar
  9. 9.
    Jannati, H. (2015). Analysis of relay, terrorist fraud and distance fraud attacks on RFID systems. International Journal of Critical Infrastructure Protection, 11, 51–61.CrossRefGoogle Scholar
  10. 10.
    Amendola, S., Lodato, R., Manzari, S., Occhiuzzi, C., & Marrocco, G. (2014). RFID technology for iot-based personal healthcare in smart spaces. IEEE Internet of Things Journal, 1(2), 144–152.CrossRefGoogle Scholar
  11. 11.
    Khoo, B. (2011). RFID as an enabler of the internet of things: Issues of security and privacy. In: Internet of Things (iThings/CPSCom), 2011 international conference on and 4th international conference on cyber, physical and social computing (pp. 709–712). IEEE.Google Scholar
  12. 12.
    Bolic, M., Rostamian, M., & Djuric, P. M. (2015). Proximity detection with RFID: A step toward the internet of things. IEEE Pervasive Computing, 14(2), 70–76.CrossRefGoogle Scholar
  13. 13.
    Memon, I., Arain, Q. A., Memon, H., & Mangi, F. A. (2017). Efficient user based authentication protocol for location based services discovery over road networks. Wireless Personal Communications, 95(4), 3713–3732.CrossRefGoogle Scholar
  14. 14.
    Memon, I., Hussain, I., Akhtar, R., & Chen, G. (2015). Enhanced privacy and authentication: An efficient and secure anonymous communication for location based service using asymmetric cryptography scheme. Wireless Personal Communications, 84(2), 1487–1508.CrossRefGoogle Scholar
  15. 15.
    Da Xu, L., He, W., & Li, S. (2014). Internet of things in industries: A survey. IEEE Transactions on Industrial Informatics, 10(4), 2233–2243.CrossRefGoogle Scholar
  16. 16.
    Welbourne, E., Battle, L., Cole, G., Gould, K., Rector, K., Raymer, S., et al. (2009). Building the internet of things using RFID: The RFID ecosystem experience. IEEE Internet Computing, 13(3), 48–55.CrossRefGoogle Scholar
  17. 17.
    Shifeng, Y., Chungui, F., Yuanyuan, H., & Shiping, Z. (2011). Application of IoT in agriculture. Journal of Agricultural Mechanization Research, 7, 190–193.Google Scholar
  18. 18.
    Wang, J., Ni, D., & Li, K. (2014). RFID-based vehicle positioning and its applications in connected vehicles. Sensors, 14(3), 4225–4238.CrossRefGoogle Scholar
  19. 19.
    Hayajneh, T., Mohd, B. J., Imran, M., Almashaqbeh, G., & Vasilakos, A. V. (2016). Secure authentication for remote patient monitoring with wireless medical sensor networks. Sensors, 16(4), 424.CrossRefGoogle Scholar
  20. 20.
    Sun, D.-Z., & Zhong, J.-D. (2012). A hash-based RFID security protocol for strong privacy protection. IEEE Transactions on Consumer Electronics, 58(4), 1246–1252.CrossRefGoogle Scholar
  21. 21.
    Safkhani, M., Bagheri, N., & Naderi, M. (2012). On the designing of a tamper resistant prescription RFID access control system. Journal of medical systems, 36(6), 3995–4004.CrossRefGoogle Scholar
  22. 22.
    Cho, J.-S., Jeong, Y.-S., & Park, S. O. (2015). Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (RFID) tag mutual authentication protocol. Computers & Mathematics with Applications, 69(1), 58–65.CrossRefzbMATHGoogle Scholar
  23. 23.
    Farash, M. S. (2014). Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography. The Journal of Supercomputing, 70(2), 987–1001.MathSciNetCrossRefGoogle Scholar
  24. 24.
    Chen, C.-L., & Deng, Y.-Y. (2009). Conformation of EPC class 1 generation 2 standards RFID system with mutual authentication and privacy protection. Engineering Applications of Artificial Intelligence, 22(8), 1284–1291.CrossRefGoogle Scholar
  25. 25.
    Gope, P., & Hwang, T. (2015). A realistic lightweight authentication protocol preserving strong anonymity for securing RFID system. Computers & Security, 55, 271–280.CrossRefGoogle Scholar
  26. 26.
    Niu, B., Zhu, X., Chi, H., & Li, H. (2014). Privacy and authentication protocol for mobile RFID systems. Wireless Personal Communications, 77(3), 1713–1731.CrossRefGoogle Scholar
  27. 27.
    Luo, H., Wen, G., Su, J., & Huang, Z. (2016). SLAP: Succinct and lightweight authentication protocol for low-cost RFID system. Wireless Networks, 24, 1–10.Google Scholar
  28. 28.
    He, D., & Zeadally, S. (2015). An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet of Things Journal, 2(1), 72–83.CrossRefGoogle Scholar
  29. 29.
    Abdolmaleki, B., Baghery, K., Khazaei, S., & Aref, M. R. (2017). Game-based privacy analysis of RFID security schemes for confident authentication in IoT. Wireless Personal Communications, 95(4), 5057–5080.CrossRefGoogle Scholar
  30. 30.
    Alavi, S. M., Baghery, K., Abdolmaleki, B., & Aref, M. R. (2015). Traceability analysis of recent RFID authentication protocols. Wireless Personal Communications, 83(3), 1663–1682.CrossRefGoogle Scholar
  31. 31.
    Akgün, M., Bayrak, A. O., & Çaglayan, M. U. (2015). Attacks and improvements to chaotic map-based RFID authentication protocol. Security and Communication Networks, 8(18), 4028–4040.CrossRefGoogle Scholar
  32. 32.
    Abdolmaleki, B., Baghery, K., Akhbari, B., Alavi, S. M., & Aref, M. R. (2016). Securing key exchange and key agreement security schemes for rfid passive tags. In Electrical Engineering (ICEE), 2016 24th Iranian Conference on, (pp. 1475–1480). IEEE.Google Scholar
  33. 33.
    Moradi, F., Mala, H., Ladani, B. T., & Moradi, F. (2018). Security analysis of an epc class-1 generation-2 compliant rfid authentication protocol. Journal of Computing and Security, 3(3).Google Scholar
  34. 34.
    Hopper, N. J., & Blum, M. (2001). Secure human identification protocols. In International conference on the theory and application of cryptology and information security (pp. 52–66). Springer.Google Scholar
  35. 35.
    Juels, A., & Weis, S. A. (2005). Authenticating pervasive devices with human protocols. In Annual international cryptology conference (pp. 293–308). Springer.Google Scholar
  36. 36.
    Bringer, J., Chabanne, H., & Dottax, E. (2006). Hb\(^{\wedge } +^{\wedge }+\): A lightweight authentication protocol secure against some attacks. In Second international workshop on security, privacy and trust in pervasive and ubiquitous computing (SecPerU’06) (pp. 28–33). IEEE.Google Scholar
  37. 37.
    Piramuthu, S. (2006). Hb and related lightweight authentication protocols for secure RFID tag/reader authentication title. CollECTeR Europe, 2006, 239.Google Scholar
  38. 38.
    Peris-Lopez, P., Hernandez-Castro, J. C., Estévez-Tapiador, J. M., & Ribagorda, A. (2006). Lmap: A real lightweight mutual authentication protocol for low-cost RFID tags. In Workshop on RFID security (pp. 12–14).Google Scholar
  39. 39.
    Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). M2ap: A minimalist mutual-authentication protocol for low-cost RFID tags. In International conference on ubiquitous intelligence and computing, (pp. 912–923). Springer.Google Scholar
  40. 40.
    Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). Emap: An efficient mutual-authentication protocol for low-cost RFID tags. In: OTM Confederated International Conferences ”On the Move to Meaningful Internet Systems” (pp. 352–361). Springer.Google Scholar
  41. 41.
    Li, T., & Wang, G. (2007). Security analysis of two ultra-lightweight RFID authentication protocols. In IFIP international information security conference (pp. 109–120). Springer.Google Scholar
  42. 42.
    Li, T., & Deng, R. (2007). Vulnerability analysis of emap-an efficient RFID mutual authentication protocol. In Availability, reliability and security, 2007. ARES 2007. The second international conference on IEEE (pp. 238–245).Google Scholar
  43. 43.
    Chien, H.-Y. (2007). Sasi: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing, 4(4), 337–340.CrossRefGoogle Scholar
  44. 44.
    Phan, R. C. (2009). Cryptanalysis of a new ultralightweight RFID authentication protocol-sasi. IEEE Transactions on Dependable and Secure Computing, 6(4), 316.CrossRefGoogle Scholar
  45. 45.
    Avoine, G., Carpent, X., & Martin, B. (2010). Strong authentication and strong integrity (sasi) is not that strong. In International workshop on radio frequency identification: security and privacy issues (pp. 50–64). Springer.Google Scholar
  46. 46.
    Avoine, G., Carpent, X., & Martin, B. (2012). Privacy-friendly synchronized ultralightweight authentication protocols in the storm. Journal of Network and Computer Applications, 35(2), 826–843.CrossRefGoogle Scholar
  47. 47.
    Duc, D. N., Lee, H., & Kim, K. (2006). Enhancing security of epcglobal Gen-2 RFID against traceability and cloning. Auto-ID Labs Information and Communication University, White Paper.Google Scholar
  48. 48.
    Karthikeyan, S., & Nesterenko, M. (2005). RFID security without extensive cryptography. In: Proceedings of the 3rd ACM workshop on security of ad hoc and sensor networks (pp. 63–67). ACM.Google Scholar
  49. 49.
    Chien, H.-Y., & Chen, C.-H. (2007). Mutual authentication protocol for RFID conforming to EPC class 1 generation 2 standards. Computer Standards & Interfaces, 29(2), 254–259.CrossRefGoogle Scholar
  50. 50.
    Yoon, E.-J. (2012). Improvement of the securing RFID systems conforming to EPC class 1 generation 2 standard. Expert Systems with Applications, 39(1), 1589–1594.CrossRefGoogle Scholar
  51. 51.
    Ha, J., Moon, S., Zhou, J., & Ha, J. (2008). A new formal proof model for RFID location privacy. In European symposium on research in computer security (pp. 267–281). Springer.Google Scholar
  52. 52.
    Jung, S. W., & Jung, S. (2013). Hmac-based RFID authentication protocol with minimal retrieval at server. In The fifth international conference on evolving internet (pp. 52–55).Google Scholar
  53. 53.
    Chen, Y.-Y., Huang, D.-C., Tsai, M.-L., & Jan, J.-K. (2012). A design of tamper resistant prescription RFID access control system. Journal of medical systems, 36(5), 2795–2801.CrossRefGoogle Scholar
  54. 54.
    Liu, B.-H., Nguyen, N.-T., Pham, V.-T., & Yeh, Y.-H. (2016). A maximum-weight-independent-set-based algorithm for reader-coverage collision avoidance arrangement in rfid networks. IEEE Sensors Journal, 16(5), 1342–1350.CrossRefGoogle Scholar
  55. 55.
    Rahman, F., Hoque, M. E., & Ahamed, S. I. (2017). Anonpri: A secure anonymous private authentication protocol for rfid systems. Information Sciences, 379, 195–210.CrossRefGoogle Scholar
  56. 56.
    Rahman, F., Bhuiyan, M. Z. A., & Ahamed, S. I. (2017). A privacy preserving framework for rfid based healthcare systems. Future Generation Computer Systems, 72, 339–352.CrossRefGoogle Scholar
  57. 57.
    Nguyen, N.-T., Liu, B.-H., & Pham, V.-T. (2016). A dynamic-range-based algorithm for reader-tag collision avoidance deployment in rfid networks. In Electronics, information, and communications (ICEIC), 2016 international conference on IEEE (pp. 1–4).Google Scholar
  58. 58.
    Mohd, B. J., Hayajneh, T., Khalaf, Z. A., Yousef, A., & Mustafa, K. (2016). Modeling and optimization of the lightweight hight block cipher design with fpga implementation. Security and Communication Networks, 9(13), 2200–2216.Google Scholar
  59. 59.
    Mohd, B. J., Hayajneh, T., & Vasilakos, A. V. (2015). A survey on lightweight block ciphers for low-resource devices: Comparative study and open issues. Journal of Network and Computer Applications, 58, 73–93.CrossRefGoogle Scholar
  60. 60.
    Ouafi, K., & Phan, R.C.-W. (2008). Privacy of recent RFID authentication protocols. In Information security practice and experience (pp. 263–277). Springer.Google Scholar
  61. 61.
    Abdolmaleki, B., Baghery, K., Akhbari, B., & Aref, M. R. (2014). Attacks and improvements on two new-found RFID authentication protocols. In Telecommunications (IST), 2014 7th international symposium on IEEE (pp. 895–900).Google Scholar
  62. 62.
    Juels, A. (2006). RFID security and privacy: A research survey. IEEE Journal on Selected Areas in Communications, 24(2), 381–394.MathSciNetCrossRefGoogle Scholar
  63. 63.
    Vaudenay, S. (2007). On privacy models for RFID. In International Conference on the Theory and Application of Cryptology and Information Security (pp. 68–87). Springer.Google Scholar
  64. 64.
    Coisel, I., & Martin, T. (2013). Untangling RFID privacy models. Journal of Computer Networks and Communications, 2013, 710275. Scholar
  65. 65.
    Avoine, G. (2005). Adversarial model for radio frequency identification. IACR Cryptology ePrint Archive, 2005, 49.Google Scholar
  66. 66.
    Juels, A., & Weis, S. A. (2009). Defining strong privacy for RFID. ACM Transactions on Information and System Security (TISSEC), 13(1), 7.CrossRefGoogle Scholar
  67. 67.
    Deng, R. H., Li, Y., Yung, M., & Zhao, Y. (2010). A new framework for RFID privacy. In European Symposium on Research in Computer Security (pp. 1–18). Springer.Google Scholar
  68. 68.
    Hermans, J., Pashalidis, A., Vercauteren, F., & Preneel, B. (2011). A new RFID privacy model. In European symposium on research in computer security (pp. 568–587). Springer.Google Scholar
  69. 69.
    Habibi, M. H., Aref, M. R., & Ma, D. (2011). Addressing flaws in RFID authentication protocols. In International conference on cryptology in India (pp. 216–235). Springer.Google Scholar
  70. 70.
    Phan, R. C.-W., Wu, J., Ouafi, K., & Stinson, D. R. (2011). Privacy analysis of forward and backward untraceable RFID authentication schemes. Wireless Personal Communications, 61(1), 69–81.CrossRefGoogle Scholar
  71. 71.
    Alagheband, M. R., & Aref, M. R. (2013). Unified privacy analysis of new-found RFID authentication protocols. Security and Communication Networks, 6(8), 999–1009.CrossRefGoogle Scholar
  72. 72.
    Wang, S., Liu, S., & Chen, D. (2015). Security analysis and improvement on two RFID authentication protocols. Wireless Personal Communications, 82(1), 21–33.CrossRefGoogle Scholar
  73. 73.
    Safkhani, M., Peris-Lopez, P., Hernandez-Castro, J. C., & Bagheri, N. (2014). Cryptanalysis of the cho et al. protocol: A hash-based RFID tag mutual authentication protocol. Journal of Computational and Applied Mathematics, 259, 571–577.MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  • Karim Baghery
    • 1
  • Behzad Abdolmaleki
    • 1
  • Shahram Khazaei
    • 2
  • Mohammad Reza Aref
    • 3
  1. 1.Institute of Computer ScienceUniversity of TartuTartuEstonia
  2. 2.Department of Mathematical SciencesSharif University of TechnologyTehranIran
  3. 3.ISSL Lab, Department of Electrical EngineeringSharif University of TechnologyTehranIran

Personalised recommendations