Date Added: Sep 2012
RAPP (RFID Authentication Protocol with Permutation) is a recently proposed efficient ultra-lightweight authentication protocol. The operation used in this protocol is totally different from the other existing ultra-lightweight protocols due to the use of new introduced data dependent permutations and avoidances of modular arithmetic operations and biased logical operations such as AND and OR. The designers of RAPP claimed that this protocol resists against de-synchronization attacks since the last messages of the protocol is sent by the reader and not by the tag. This paper challenges this assumption and shows that RAPP is vulnerable against de-synchronization attack. This attack has a remarkable probability of success and is effective whether Hamming weight-based or modular-based rotations are used by the protocol.