Formal analysis on RFID authentication protocols against de-synchronization attack

Since RFID security, one of the most important issues, is the design of efficient authentication protocols with robust forward security. In this paper, we identify that a cluster of existing ultra-lightweight RFID authentication protocols cannot defend against a de-synchronization attack, where an adversary is able to easily interrupt the transmission of necessary secret/key update messages in each authentication session such that the secret/key resynchronization between the tag and server/database cannot be completed. All of these vulnerable schemes are in the wrong development direction in terms of the design of their secret/key redundancy mechanisms. To conquer this problem, a secure transmission model for RFID authentication is proposed to deliver robust forward security, and to end the weakness-finding-and-fixing loop for ad-hoc RFID authentication protocols with the same vulnerable secret/key redundancy mechanisms.