Over the past decade, besides authentication, ownership
management protocols have been suggested to transfer or
delegate the ownership of RFID tagged items. Recently, Niu et
al. have proposed an authentication and ownership management
protocol based on 16-bit pseudo random number generators and
exclusive-or operations which both can be easily implemented on
low-cost RFID passive tags in EPC global Class-1 Generation-2
standard. They claim that their protocol offers location and data
privacy and also resists against desynchronization attack. In this
paper, we analyze the security of their proposed authentication
and ownership management protocol and show that the protocol
is vulnerable to secret disclosure and desynchronization attacks.
The complexity of most of the attacks are only two runs of the
protocol and the success probability of the attacks are almost 1.
↧