Security analysis of an ultra-lightweight RFID authentication protocoluSLMAP*

Computational constraints mostly driven by the cost concerns of radio frequency identification tags only permit to have security schemes that are simple combinations of elementary operations rather than the bullet proven yet computationally intensive cryptographic primitives. As ultra-lightweight authentication protocols use only basic bitwise and arithmetic operations such as XOR, OR, and addition modulo powers of 2, they are considered as a class of these schemes. Because most of the early proposed ultra-lightweight authentication protocols are easily broken, it turned out that designing such protocols is a much deeper task than presumed. This study analyzes a modified version of the stable lightweight mutual authentication protocol denoted by SLMAP*. After exploiting an unnoticed flaw in its design rationale, it is shown that some of the freshly produced variables can be assigned to different values for the reader and the tag that presumably causes a desynchronization vulnerability. Copyright (C) 2011 John Wiley & Sons, Ltd.