International Journal of UbiComp (IJU), Vol.3, No.3, July 2012 31 DOI:10.5121/iju.2012.3303          Mahdi Azizi 1 , Nasour Bagheri 2 Abdolrasol Mirgadri 3 1 Faculty of Communication and Information Technology, IHU University, Tehran, Iran, mmazizi2006@gmail.com 2 Electrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran, Iran, NBagheri@srttu.edu 3 Faculty of Communication and Information Technology, IHU University, Tehran, Iran, amrghdri@ihu.ac.ir ABSTRACT In this paper we analyze an authentication protocol so-called Pasargad which proposed by Arjemand et al. [1]. The Pasargad protocol is a distance bounding protocol which has been designed for RFID-based electronic voting systems. The designers have claimed that this protocol is more secure than Preneel and Single protocol [2], against relay attacks. However, in this paper, we present some efficient attacks against it. Our attacks include conditional impersonation attack and recovery key attack. Moreover, we show that this protocol has some structural flaw which may prevent to execution the protocol. KEYWORDS Distance bounding protocol, RFID, Electronic voting system, Pasargad protocol, relay attack. 1. INTRODUCTION Radio frequency identification (RFID) system is composed of a Transponder (tag), reader and backend server. This technology can be used to link a user with a machine for authentication. First time, the RFID systems are used by the British Army during the Second World War, for identification friends/foes military aircraft. Now day, RFID systems have many applications like supply chain, access controlling, collecting road tolls, tracking animals, Passports, military and etc. One of the applications of RFID technology is electronic voting (e-voting) which is important to governments for elections. In e-voting systems, the voter must have a smart card or memory card instead of the paper bolts in a traditional voting system. This card can be an RFID tag. An e- voting system should satisfy the following criteria • Authentication: only authorized voters can vote. • Uniqueness : voter cannot vote more than once.