recently, baghery et al. [1, 2] presented some attacks on two rfid protocols, namely yoon and jung et al. protocols, and proposed the improved version of them. however, in this note, we show that the improved version of the jung et al. protocol suffers from desynchronization attack and the improved version of the yoon's protocol suffers from secret disclosure attack. the success probabilit...

Recently, Baghery et al. [1, 2] presented some attacks on two RFID protocols, namely Yoon and Jung et al. protocols, and proposed the improved version of them. However, in this note, we show that the improved version of the Jung et al. protocol suffers from desynchronization attack and the improved version of the Yoon's protocol suffers from secret disclosure attack. The succe...

In this paper we analyze the security of the mutual authentication and ownership transfer protocols which have been recently proposed by Kulseng et al. Our analysis demonstrates a variety of attacks against these protocols. We present a secret parameters disclosure attack which discloses any secret parameter between the tag and the reader. Our disclosure attack can be easily used as an imperson...

Research in information security, risk management and investment has grown in importance over the last few years. However, without reliable estimates on attack probabilities, risk management is difficult to do in practice. Using a novel data set, we provide estimates on attack propensity and how it changes with disclosure and patching of vulnerabilities. Disclosure of software vulnerability has...

In this paper, we analyze the security of AZUMI protocol which is compliant with the EPCClass-1 Generation-2 standard and recently has been proposed by Peris et al. This protocol is an improvement to a protocol proposed by Chen and Deng which has been cryptanalysed by Peris et al. and Kapoor and Piramuthu. However, our security analysis clearly shows that the designers were not successful in th...

Radio frequency identification (RFID) technologies have many advantages in applications such as object tracking and monitoring, ticketing, supply-chain management, contactless payment systems. However, the RFID system may bring about various security and privacy problems. In this paper we present our security analysis of the LAK protocol and the CWH protocol. First, we show that the LAK protoco...

In this paper we consider the security of a PUF based RFID Authentication protocol which has been recently proposed by Bassil et al. [2]. The designers have claimed that their protocol offers immunity against a broad range of attacks while it provides excellent performance. However, we prove in contrary to its designers claim, this protocol does not provide any security. We present an efficient...

In September 2009, David and Prasad proposed at MobiSec’09 an interesting new ultralightweight mutual authentication protocol for low-cost RFID tags. In this paper, we present a quite powerful cryptanalytic attack against their proposal: we start with a traceability attack, then describe how it can be extended to leak long-term stored secrets, and finally present a full disclosure attack (named...

Tian et al. proposed a novel ultralightweight RFID mutual authentication protocol [4] that has recently been analyzed in [1], [2], [5]. In this letter, we first propose a desynchronization attack that succeeds with probability almost 1, which improves upon the 0.25 given by the attack in [1]. We also show that the bad properties of the proposed permutation function can be exploited to disclose ...

Tian et al. proposed a novel ultralightweight RFID mutual authentication protocol [4] that has recently been analyzed in [1], [2], [5]. In this letter, we first propose a desynchronization attack that succeeds with probability almost 1, which improves upon the 0.25 given by the attack in [1]. We also show that the bad properties of the proposed permutation function can be exploited to disclose ...