Security analysis of ultra-lightweight protocol for low-cost RFID tags: SSL-MAP

Abstract

In this paper, we analyze the security vulnerabilities of SSL-MAP, an ultra-lightweight RFID mutual authentication protocol recently proposed by Rama N, Suganya R. We present two effective attacks, a de-synchronization attack and a full-disclosure attack, against this protocol. The former permanently disables the authentication capability of a RFID tag by destroying synchronization between the tag and the RFID reader. The latter completely threats a tag by extracting all the secret information that are stored in the tag. The de-synchronization attack can be carried out in three round of interaction in SSL-MAP while the full-disclosure attack is accomplished across several runs of SSL-MAP. We also discuss ways to counter the attacks. © 2011 Springer-Verlag.