Cryptanalysis and Improvement on a New RFID Mutual Authentication Protocol Compatible with EPC Standard

The developing of RFID systems in sensitive applications like e-passport, e-health, credit cards, and personal devices, makes it necessary to consider the related security and privacy issues in precise. Among other security characteristic of an RFID authentication protocol, the untraceability and synchronization are the most important attributes. The former is strongly related to the privacy of tags and their holders, while the later has a significant role in the security and availability parameters. In this paper we investigate the recent proposed RFID authentication protocol by Yeh, Wang, Kuo, and Wang in terms of privacy and security. At first, a powerful and practical attack is presented on this protocol whereby the whole security of the protocol is broken. Furthermore, Yeh et al.'s protocol does not assure the untraceabilitiy and backward untraceabilitiy attributes. We also will propose our revision to safeguard the Yeh et al.'s protocol against the cited attacks. (Abstract)