Server Impersonation Attacks and Revisions to SLAP, RFID Lightweight Mutual Authentication Protocol

Abstract

In this paper, we analyze the security of the lightweight RFID mutual authentication protocol called SLAP proposed by Godor et al. at Globecom 2008. It is claimed that SLAP can resist the well-known attacks and does not demand high computational capacity. We present server impersonation attacks against SLAP in which an adversary that does not know the internal state of the tag can easily impersonate the valid back-end to valid tag. This attack also breaks synchronization between back-end and tag. We also propose a revised mutual authentication protocol that eliminates the vulnerabilities of the SLAP.