Pitfalls in Ultralightweight Authentication Protocol Designs
There are increasing concerns on the security of RFID usages. Recently, Lu et al. presented ACTION, a privacy preservative authentication protocol for RFID. It is claimed that it achieves high level of security even if a large number of tags is compromised. However, we found that this protocol is vulnerable to two severe attacks: Desynchronizing attacks and Tracking attacks. In this paper, we present how these two attacks work even if the protocol parameters are moderated.