Security Analysis and Improvement of Reconstruction Based Radio Frequency Identification Authentication Protocol

Abstract

Several ultra-lightweight mutual authentication protocols were proposed to overcome the security problems present in Radio Frequency Identification systems. However; these protocols were proven to fall short of the claimed security properties. Hence, the proposed ultra-lightweight mutual authentication protocols require further study in order to identify their vulnerabilities and then to be improved with the aim of achieving the desired security levels. In this work, we analyze a recently proposed ultra-lightweight mutual authentication protocol, named Reconstruction Based Radio Frequency Identification Authentication Protocol (R2AP), and expose weaknesses that allow for the de-synchronization attack and the active full-disclosure attack to be launched against it. The proposed de-synchronization attack has a high success probability of 0.81 while the full-disclosure attack exposes all secrets in R2AP after interrogating the tag for about 225 times. Moreover, this paper proposes an improvement for R2AP to resist the proposed full-disclosure attack and to add more complexity to the proposed de-synchronization attack while, at the same time, maintains an approximately similar implementation cost compared to the original protocol.