ISSN 2394-7349 International Journal of Novel Research in Engineering and Science Vol. 2, Issue 1, pp: (7-13), Month: March 2015 - August 2015, Available at: www.noveltyjournals.com Page | 7 Novelty Journals Analysis of a Recent Quadratic Residue Based Authentication Protocol for Low-Cost RFID Tags Mehmet Hilal ÖZCANHAN Computer Engineering, Dokuz Eylul University, Izmir, Turkey Abstract: Radio frequency identification is the hot topic of wireless security research, because RFID message exchanges through open air are attracting the attention of malicious users. The Quadratic Residue assumption supported by the Chinese Remainder Theorem (QR-CR duo) is one of the many diverse functions used for encrypting the exchanged messages. However, authentication protocols using the QR-CR duo have been facing severe analysis. The present work analyzes one of the very latest works using the QR-CR duo in a scheme, similar to protocols previously shown to have vulnerabilities. The analysis demonstrates the presence of serious vulnerabilities in the design. The consequences of the deficiencies in the scheme are important in reaching a final decision whether to recommend the proposed scheme; because the protection of the users of an authentication protocol is of great concern. Keywords: Full-disclosure attack, mutual authentication, Quadratic Residue, RFID, security, tag, traceability. I. INTRODUCTION RADIO Frequency Identification (RFID) is now mature and yet a growing technology [1]. The second version of Electronic Product Code (EPC) Global Class-1 Generation-2 Standard (Gen-2) for Ultra High Frequency (UHF) tags has been released, in 2013 [2]. On the other front, the High Frequency (HF) version of RFID which is named as Near Field Communication (NFC); now has readers fitted in all high-end mobile phones. The popularity of RFID is increasing due to its growing integration in ubiquitous systems. RFID is used in object identification in diverse areas such as tracking commercial goods in supply chains, managing patients and assets in hospitals, tracking inmates in prisons and transportation payment systems. Any object worth identifying or tracking is a potential RFID sticker holder. RFID identification stickers are called tags, which can be in the form of wristbands, paper stickers or plastic cards. The tags contain the vital, unique identification (ID) information; i.e. the EPC; uniquely identifying the tagged object [3]. Invariably, an RFID set up is made of a server, a reader and a tag, as shown in Fig. 1. Basically, the reader requests the ID of the tag and passes it to the server, after receiving it. The tag ID is linked to the information of the tagged object, in the server‟s database. Among other purposes, the ID is used with some pre-shared secrets, during the mutual authentication of the tag and the server. Wired Network – Assumedly Secure Channel Enlarged UHF Tag Wireless Network – Insecure Channel Server Insecure Air Channel Tag Reader Tag Fig. 1: A typical RFID server-reader-tag communication set-up.