Security analyses of EPC based recent RFID Authentication Protocols

Radio-frequency identification (RFID) is an up-and-coming technology. The major limitations of RFID technology are security and privacy concerns. Many methods, including encryption, authentication and hardware techniques, have been presented to overcome security and privacy problems. However, it is still unclear about the feasibility of such protocols, since the hardware implementation of such protocols has long been neglected. Besides, it is extremely challengeable to achieve the balance among security, low power, and low cost. In this paper, we analyze two lightweight RFID authentication protocols proposed in recent years. We show that none of the studied protocols provides the desired security and privacy required by the end-users. We present various security and privacy attacks such as secret parameter reveal, EPC reveal and traceability against the studied protocols. Our attacks are mounted in the Ouafi-Phan RFID formal privacy model.