Cryptanalysis of Flyweight RFID Authentication Protocol

Recently, Burmester and Munilla proposed flyweight RFID authentication protocol, which is an EPC-Gen2 compliant protocol. The protocol uses synchronized pseudorandom number generator shared between backend server and tag. They argue that their protocol provides session unlinkability, and is secure against statistical analysis and impersonation attacks. Their protocol is optimal in that it requires 4 passes in case of passive attacker and 6 passes in a scenario of active attacker detection. In this paper, we will show that Burmester and Munilla protocol is vulnerable to desynchronization attack, which leads the system into Denial of Service (DoS) attack. After that, we suggest a remedy to cope with the problem of the protocol.