| Article ID: | iaor20131660 |
| Volume: | 113 |
| Issue: | 7 |
| Start Page Number: | 205 |
| End Page Number: | 209 |
| Publication Date: | Apr 2013 |
| Journal: | Information Processing Letters |
| Authors: | Ahmadian Zahra, Salmasizadeh Mahmoud, Aref Mohammad Reza |
| Keywords: | security, computers: data-structure |
RAPP (RFID Authentication Protocol with Permutation) is a recently proposed and efficient ultralightweight authentication protocol. Although it maintains the structure of the other existing ultralightweight protocols, the operation used in it is totally different due to the use of new introduced data dependent permutations and avoidance of modular arithmetic operations and biased logical operations such as AND and OR. The designers of RAPP claimed that this protocol resists against desynchronization attacks since the last messages of the protocol is sent by the reader and not by the tag. This letter challenges this assumption and shows that RAPP is vulnerable against desynchronization attack. This attack has a reasonable probability of success and is effective whether Hamming weight‐based or modular‐based rotations are used by the protocol.