Weaknesses of two RFID protocols regarding de-synchronization attacks

Radio Frequency Identification (RFID) protocols should have a secret updating phase in order to protect the privacy of RFID tags against tag tracing attacks. In the literature, there are many lightweight RFID authentication protocols that try to provide key updating with lightweight cryptographic primitives. In this paper, we analyze the security of two recently proposed lightweight RFID authentication protocol against desynchronization attacks. We show that secret values shared between the back-end server and any given tag can be easily desynchronized. This weakness stems from the insufficient design of these protocols.