Cryptanalysis of the Cho et al. protocol: A hash-based RFID tag mutual authentication protocol

Radio frequency identification systems need secure protocols to provide confidentiality, privacy protection, mutual authentication, etc. These protocols should resist active and passive attacks such as forgery, traceability, replay and de-synchronization attacks. Cho et al. recently proposed a hash-basedmutual authentication protocol (Cho et al., 2012) and claimed that their scheme addresses all privacy (Juels, 2006) and forgery concerns (Dimitriou, 2005; Yang et al., 2005) linked to RFID technology. However, we show in the following that the protocol fails to bear out many of the authors’ security claims, which renders the protocol useless. More precisely, we present the following attacks on this protocol: 1. De-synchronization attack: the success probability of the attack is 1 while the attack complexity is one run of the protocol. 2. Tag impersonation attack: the success probability of the attack is 4 for two runs of the protocol. 3. Reader impersonation attack: the success probability of the attack is 8 for two runs of the protocol. We also show an additional and more general attack, which is still possible when the conditions needed for the ones above do not hold, and that highlights the poor design of the group ID (RIDi ). Additionally we show how all the above mentioned attacks are applicable against another protocol, highly reminiscent of that of Cho et al. (2012) and designed in Cho et al. (2011), and also against an enhanced version of the Cho et al. protocol proposed by Kim (2012). Finally we end up by showing how slightmodifications in the original protocol can prevent the aforementioned security faults. © 2013 Elsevier B.V. All rights reserved.