Analysis on the Performance of Server-less RFID Searching Protocol

Radio frequency identification (RFID) has spread into many fields. Its security and privacy has received more and more attention. Based on traditional authentication protocols, some other branches related to practical applications have been introduced including server-less authentication and searching protocols. The server-less searching protocol is extended from server-less authentication protocol and both of them are executedwithout the support from the backend servers. Through analyzing some proposed protocols, we found that the probabilistic tracking attack is one of the major threats on the serverless RFID security protocols. The probability of being tracked and the cost on computation are related with the probability of the undesired tag’s response. Based on the analysis, a practical conclusion is given which can be used in most of the server-less RFID systems

Security Analysis of Fan et al. Lightweight RFID Authentication Protocol for Privacy Protection in IoT

The designers of Radio-Frequency IDentification (RFID) systems have a challenging task for proposing secure mutual authentication protocols for Internet of Things (IoT) applications. Recently, Fan et al. proposed a new lightweight RFID mutual authentication protocol in the journal of IEEE Transactions on Industrial Informatics. They claimed that their protocol meets necessary security properties for RFID systems and can be applied for IoT. In this paper, we analyze the security of this protocol and show that it is vulnerable against secret disclosure, reader impersonation and tag traceability attacks. Additionally, we show that in their protocol the anonymity of the tag does not held

Security Analysis of an Ultra-lightweight RFID Authentication Protocol for M-commerce

Over the last few years, more people perform their social activities on mobile devices, such as mobile payment or mobile wallet. Mobile commerce (m-commerce) refers to manipulating electronic commerce (e-commerce) by using mobile devices and wireless networks. Radio frequency identification(RFID) is a technology which can be employed to complete payment functions on m-commerce. As an RFID subsystem is applied in m-commerce and supply chains, the related security concerns is very important. Recently, Fan et al. have proposed an ultra-lightweight RFID authentication scheme for m-commerce(ULRAS) and claimed that their protocol is enough efficient, and provides a high level of security. In this paper, we show that their protocol is vulnerable to secret disclosure and reader impersonation attacks. Finally, we improve the Fan et al. protocol to present a new one, which is resistant to the mentioned attacks presented in this paper and the other known attacks in the context of RFID authentication. Our proposed improvement does not impose any additional workload on the RFID tag