Securit Analysis of Low Cost RFID Systems Ahmed Maarof TSE/SIME, ENSIAS Rabat, Morocco ahmed.maarof@gmail.com Mohamed Senhadji TSE/S[ME, ENS[AS Rabat, Morocco m.senhadji@um5s.net.ma Abstract -RFID technology attracts strong interest worldwide; it provides a means for automatic identifcation of objects and is regarded as an indispensable part in the vision of the Internet of things. With the aid of RFID systems, life shall become more convenient and businesses shall become more productive. The low cost RFID technology faces serious security and privacy threats, wireless communication and cost-down consideration on RFID systems are the two main factors that cause these security threats. In order to comply with the resource constraint, a few new authentication protocols with lightweight encryptions are invented to f the physical limitation of a passive tag. However, those proposed schemes cannot provide enough security level in general; more specifcally, they cannot prevent all major or general attacks such as eavesdropping, tracking, replay attack and Denial of Service, and preserve the forward secrecy of tagged object at the same time. Kewords- RFID Securit, Authentication Protocol, Privac, Low Cost RFl I. [NTRODUCTION RFID systems are increasingly being used in high security applications, such as access systems and systems for making payments or issuing tickets. However, the use of RFID systems in these applications necessitates the use of security measures to protect against attempted attacks, in which people try to trick the RFID system in order to gain unauthorized access to buildings or avail themselves of services (tickets) without paying. A passive radio-fequency identifcation (RFID) tag is a microchip that is capable of transmitting a static identifer or serial number for a short distance. It is typically activated by a query fom a nearby reader, which also transmits power for the operation of the tag. Low-cost Radio Frequency Identifcation (RFID) tags afxed to consumer items as smart tag are emerging as one of the most pervasive computing technology in history. This can have huge security implications. More expensive RFID tags can execute advanced cryptographic and other fnctions, but we concern ourselves in this paper with the inexpensive Zouheir Labbi TSE/SIME, ENSIAS Rabat, Morocco Zouhir.labbi@gmail.com Mostafa Belkasmi TSE/S[ME, ENS[AS Rabat, Morocco belkasmi@ensias.ma variety geared, called low-cost RFID, to serve as a next generation successor to barcodes. The present article surveys the technical security challenges of RFID systems. We frst provide an overview about the state of the art on RFID systems, specially the fnctional aspects and the components of low cost RFID system architecture. Next, we provide a brief study of the cost, performance & security trade-off and we evaluate the cost of this technology, afer we classif the RFID authentication protocols based on the required capacity on tags. Next we examine two RFID authentication protocols by addressing both the functional aspects and the weakness to their use, and we will compare their time complexity and security. Finally, we give our proposition and some perspectives before concluding a conclusion. [I. OVERVIEW OF RFID SYSTEMS A. RFID System Components RFID systems are made up of three main components that we briefy describe in the following: the transponder or RFID tag, the transceiver or RFID reader, and the back-end database. Fig. I. Components of RFID systems I) Transponder or RFID Tag: In an RFID system, each object will be labeled with a tag. Each tag contains a microchip with some computation and storage capabilities, and a coupling element, such as an antenna coil for 978-1-4799-7054-4/14/$31.00 ©2014 IEEE