Security Analysis of an RFID Protocol Based on Insubvertible Encryption

Radio frequency identification (RFID) is a very important technique for object identification in modern life (for instance it can be widely used in manufacture，transportation，medical treatment, etc)．RFID has many advantages such as its celerity, low cost, veracity in processing data through unique identification and so on．Insubvertible encryption is a new type of re-encryption method, which plays an important role in the security design of RFID system. Recently, Osaka et. al. presented an RFID protocol based on insubvertible encryption and guardian proxy. They claimed that their RFID protocol was secure against the tag spoofing and swapping attacks and so on. However, in this paper, we found that there is a differential invariable relationship between the random numbers of read and guardian proxy in computing the sharing key. Based on this observation, we propose an asynchronous attack on this RFID protocol. By forging two random numbers from read and guardian proxy, we can successfully fulfill all the authentication steps of Read and back-end database server. Moreover, the sharing secret between the tag and server is changed such that a legitimate tag cannot normally pass the authentication in RFID protocol. It means that this RFID protocol is very insecure under the asynchronous attack.