Phan.pdf (1.03 MB)
Download file

Cryptanalysis of a new ultralightweight RFID authentication protocol—SASI

Download (1.03 MB)
journal contribution
posted on 16.12.2009, 11:19 by Raphael C.-W. Phan
Since RFID tags are ubiquitous and at times even oblivious to the human user, all modern RFID protocols are designed to resist tracking so that the location privacy of the human RFID user is not violated. Another design criterion for RFIDs is the low computational effort required for tags, in view that most tags are passive devices that derive power from an RFID reader’s signals. Along this vein, a class of ultralightweight RFID authentication protocols has been designed, which uses only the most basic bitwise and arithmetic operations like exclusive- OR, OR, addition, rotation, and so forth. In this paper, we analyze the security of the SASI protocol, a recently proposed ultralightweight RFID protocol with better claimed security than earlier protocols. We show that SASI does not achieve resistance to tracking, which is one of its design objectives.



  • Mechanical, Electrical and Manufacturing Engineering


PHAN, R.C.-W., 2009. Cryptanalysis of a new ultralightweight RFID authentication protocol—SASI. IEEE Transactions on Dependable and Secure Computing, 6(4), pp. 316-320




VoR (Version of Record)

Publication date



This journal article is published in IEEE Transactions on Dependable and Secure Computing[© IEEE]. It is also available at: Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.