National Dong Hwa University
In order to protect privacy of RFID tag against malicious tag tracing activities, most RFID authentication protocols support forward/backward security properties by updating the same secret values held at both tag end and database end asynchronously during each authentication session. In this paper, the authors first categorize existing authentication protocols into three types based on their key update mechanisms. Then security evaluation on de-synchronization attack is conducted for type I and II protocols. Two attack models and theorems show that synchronization mechanisms used in type I and II schemes cannot defend against de-synchronization attack. Finally, three remarks are further presented to support their important finding: most existing RFID authentication schemes cannot simultaneously provide forward/backward security and resistance for de-synchronization attack in practical setting.