Efficient Passive Full-disclosure Attack on RFID Light-weight Authentication Protocols LMAP++ and SUAP

Radio Frequency Identification (RFID) is a technology that has been widely used in daily life, such as in access control, in electronic passports, in payment and ticketing. However, since the RFID information may be easily unveiled over the air, security and the privacy issues always exist. Many RFID authentication protocols have been proposed to preserve security and privacy of the system. Nevertheless, most of these protocols are analyzed and it is shown that they can not provide security against some RFID attacks. LMAP++ and SUAP are two typical and recently proposed RFID lightweight authentication protocols, which were presented to resist passive attack. In this work, utilizing the particular structures of these two protocols and the property of bitwise operations, we present a new and efficient passive full-disclosure attack on LMAP++, SUAP-1 and SUAP-3 protocol. We point out the construction weakness of these two protocols and our passive attack can be used to reveal all the secrets shared by the Reader and Tag by eavesdropping about 20 rounds of the authentication messages.