In the last few years, a plethora of RFID authentication protocols have been proposed and several security analyses have been published creating the impression that designing such a protocol must be, more or less, a straightforward task. In this paper, we investigate the security of two recently proposed schemes, showing that designing a secure RFID authentication protocol is still a demanding process. One is a mature work; in the sense that it has predecessors that have been extensively analyzed, while the other is a fresh proposal. Our security analysis demonstrates that both are weak, as they suffer from a similar desychronization attack. In addition we prove the existence of a fatal tag impersonation attack against the second one.
展开▼