Security analysis of two ultra-lightweight RFID authentication protocols

In this paper, we analyze the security vulnerabilities of two ultra-lightweight RFID mutual authentication protocols: LMAP and M2AP, which are recently proposed by Peris-Lopez et al.We identify two e®ective attacks, namely De-synchronization attack and Full-disclosure attack, against their protocols. The former attack can break the synchro- nization between the RFID reader and the tag in a single protocol run so that they can not authenticate each other in any following protocol runs. The latter attack can disclose all the secret information stored on a tag by interrogating the tag multiple times. Thus it compromises the tag completely. Moreover, we point out the potential countermeasures to improve the security of above protocols