부산대학교 도서관

To deliver robust privacy-aware RFID authentication scheme against malicious tracing activities, automatically secret updating mechanism is exploited at both tag end and server/database end during each authentication session to support forward/backward security. Nevertheless, an adversary may easily interrupt transmission of necessary key update message in each authentication session such that key resynchronization between tag and server/database cannot be completed. For this reason, current RFID authentication protocols have applied secret/key redundancy design to allow a tag with desynchronized secret to successfully communicate with server/database in its next authentication session. In this paper, we identify that several RFID authentication protocols cannot defend against desynchronization attack. All of these schemes are insecure because the secret/key redundancy mechanisms are not well-designed.