Skip to main content

Cryptanalysis of the Cho et al. protocol: A hash-based RFID tag mutual authentication protocol

Safkhani, Masoumeh, Peris-Lopez, Pedro, Hernandez-Castro, Julio C., Bagheri, Nasour (2014) Cryptanalysis of the Cho et al. protocol: A hash-based RFID tag mutual authentication protocol. Journal of Computational and Applied Mathematics, 259 (Pt B). pp. 571-577. ISSN 0377-0427. (doi:10.1016/ (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided) (KAR id:45298)

PDF (Restricted due to publisher policy) Publisher pdf
Language: English

Restricted to Repository staff only
Contact us about this Publication
[thumbnail of Restricted due to publisher policy]
Official URL


Radio frequency identification systems need secure protocols to provide confidentiality, privacy protection, mutual authentication, etc. These protocols should resist active and passive attacks such as forgery, traceability, replay and de-synchronization attacks. Cho et al. recently proposed a hash-based mutual authentication protocol (Cho et al., 2012) and claimed that their scheme addresses all privacy (Juels, 2006) and forgery concerns (Dimitriou, 2005; Yang et al., 2005) linked to RFID technology. However, we show in the following that the protocol fails to bear out many of the authors’ security claims, which renders the protocol useless. More precisely, we present the following attacks on this protocol:




We also show an additional and more general attack, which is still possible when the conditions needed for the ones above do not hold, and that highlights the poor design of the group ID (View the MathML source). Additionally we show how all the above mentioned attacks are applicable against another protocol, highly reminiscent of that of Cho et al. (2012) and designed in Cho et al. (2011), and also against an enhanced version of the Cho et al. protocol proposed by Kim (2012). Finally we end up by showing how slight modifications in the original protocol can prevent the aforementioned security faults.

Item Type: Article
DOI/Identification number: 10.1016/
Uncontrolled keywords: RFID; Privacy; Authentication; De-synchronization attack; Tag impersonation attack; Reader impersonation attack
Subjects: Q Science
Q Science > QA Mathematics (inc Computing science)
Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Julio Hernandez Castro
Date Deposited: 22 Nov 2014 00:28 UTC
Last Modified: 16 Feb 2021 13:20 UTC
Resource URI: (The current URI for this page, for reference purposes)
Hernandez-Castro, Julio C.:
  • Depositors only (login required):


Downloads per month over past year