Strong Authentication and Strong Integrity (SASI) Is Not That Strong

In this paper, the authors present a practical passive attack on SASI, an ultra-lightweight mutual authentication protocol for RFID. The recent ubiquitous deployment of RFID systems raised many concerns about privacy. There is a growing need of lightweight authentication protocols to be implemented on low-cost tags that ensure privacy protection. Some existing solutions involve expensive building blocks, such as hash functions and pseudorandom number generators and do not scale well. More recent proposals focus on extremely lightweight protocols that rely on bitwise operations, additions, or bit rotations.