Vulnerability Analysis of Two Ultra lightweight RFID Authentication Protocols

Ultra lightweight Radio Frequency Identification (RFID) authentication protocols are suitable for low-cost RFID tags with restricted computational power and memory space. Recently, Lee proposed two ultra lightweight authentication protocols for low-cost RFID tags, namely DIDRFID and SIDRFID protocols. The first protocol is based on dynamic identity and the second one on static identity. Lee claimed that his protocols can resist tracking, replay, impersonation and DOS attacks. In this paper, we show that Lee's protocols are not secure and they are vulnerable against tracking, impersonation, and full disclosure attacks. Specially, an adversary can accomplish an effective full disclosure attack on DIDRFID protocol by eavesdropping two consecutive sessions and gets all the secret information stored on a tag. Also, we demonstrate that an adversary with ability of obtaining secret information of a single compromised tag in SIDRFID protocol, can get the secret information of other tags and she/he can completely control the whole RFID system