Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols

  • Ticyan Li
  • Guilin Wang
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 232)


In this paper, we analyze the security vulnerabilities of two ultra-lightweight RFID mutual authentication protocols: LMAP and M2 AP, which are recently proposed by Peris-Lopez et al. We identify two effective attacks, namely Desynchronization attack and Fulldisclosure attack, against their protocols. The former attack can break the synchronization between the RFID reader and the tag in a single protocol run so that they can not authenticate each other in any following protocol runs. The latter attack can disclose all the secret information stored on a tag by interrogating the tag multiple times. Thus it compromises the tag completely. Moreover, we point out the potential countermeasures to improve the security of above protocols.


Authentication Protocol Mutual Authentication Secret Information Effective Attack Simple Attack 


  1. 1.
    M. Aigner and M. Feldhofer. Secure Symmetric Authentication for RFID Tags. Telecommunication and Mobile Computing, March 2005.Google Scholar
  2. 2.
    G. Avoine. Security and Privacy in RFID Systems,
  3. 3.
    B. Defend, K. Fu and A. Juels. Cryptanalysis of Two Lightweight RFID Authentication Schemes. In: Proc. of PERSEC’07, March 2007.Google Scholar
  4. 4.
    A. Juels and R. Pappu. Squealing euros: Privacy protection in RFID-enabled banknotes. In: Proc. of FC’03, LNCS 2742, pp. 103–121. Springer-Verlag, 2003.Google Scholar
  5. 5.
    A. Juels. Minimalist Cryptography for Low-Cost RFID Tags. In: Proc. of SCN’04, LNCS 3352, pp. 149–164. Springer-Verlag, 2004.Google Scholar
  6. 6.
    A. Juels and S. Weis. Authenticating pervasive devices with human protocols. In: Proc. of CRYPTO’05, LNCS 3126, pp. 293–308. Springer-Verlag, 2005.Google Scholar
  7. 7.
    A. Juels. RFID Security and Privacy: A Research Survey. IEEE Journal on Selected Areas in Communications, 24(2): 381–394, Feb. 2006.Google Scholar
  8. 8.
    H. Lipmaa and S. Moriai. Efficient Algorithms for Computing Differential Properties of Addition. In: Proc. of FSE’ 01, LNCS 2355, pp. 336–350. Springer-Verlag, 2001.Google Scholar
  9. 9.
    D. Molnar and D. Wagner. Privacy and Security in Library RFID: Issues, Practices, and Architectures. In: Proc. of CCS’04, pp. 210–219. ACM Press, 2004.Google Scholar
  10. 10.
    D. Molnar, A. Soppera, and D. Wagner. A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags. In: Proc. of SAC’05, LNCS 3897, pp. 276–290. Springer-Verlag, 2005.Google Scholar
  11. 11.
    M. Ohkubo, K. Suzuki, and S. Kinoshita. Cryptographic approach to privacyfriendly tags. In: Proc. of RFID Privacy Workshop, 2003.Google Scholar
  12. 12.
    P. Peris-Lopez, J. C. Hernandez-Castro, J. M. Estevez-Tapiador, and A. Ribagorda. LMAP: A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags. In: Proc. of 2nd Workshop on RFID Security, July 2006.
  13. 13.
    P. Peris-Lopez, J. C. Hernandez-Castro, J. M. Estevez-Tapiador, and A. Ribagorda. M2AP: A Minimalist Mutual-Authentication Protocol for Low-cost RFID Tags. In: Proc. of International Conference on Ubiquitous Intelligence and Computing UIC’06, LNCS 4159, pp. 912–923. Springer-Verlag, 2006.Google Scholar
  14. 14.
    I. Vajda and L. Buttyan. Lightweight authentication protocols for low-cost RFID tags. In: Proc. of UBICOMP’03, 2003.Google Scholar
  15. 15.
    S. Weis, S. Sarma, R. Rivest, and D. Engels. Security and privacy aspects of lowcost radio frequency identification systems. In: Proc. of 1st Int. Conf. on Security in Pervasive Computing, LNCS 2802, pp. 201–212. Springer-Verlag, 2003.Google Scholar
  16. 16.
    S. Weis. Security parallels between people and pervasive devices. In: Proc. of PERSEC’05, pp. 105–109. IEEE Computer Society Press, 2005.Google Scholar

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Ticyan Li
    • 1
  • Guilin Wang
    • 1
  1. 1.Systems and Security DepartmentInstitute for Infocomm Research(I2R)Singapore

Personalised recommendations