Passive Attack Against the M2AP Mutual Authentication Protocol for RFID Tags

In this paper, the authors present a passive attack for finding out the secrets used in M2AP (Minimalist Mutual Authentication Protocol), which is an authentication protocol between RFID tags and RFID readers. They describe an algorithm that breaks the protocol after eavesdropping a few consecutive rounds of communication. After two eavesdropped runs of the protocol, the attacker can learn the identification number of the tag and some of the common secrets shared by the tag and the reader. For finding out all of the secrets, the attacker needs to eavesdrop some more rounds of the protocol. This means that in the subsequent rounds the attacker can successfully impersonate both the targeted tag and the reader.