Cryptanalysis of two recently proposed ultralightweight authentication protocol for IoT

Abstract: By expanding the connection of objects to the Internet and their entry to human life, the issue of security and privacy has become important. In order to enhance security and privacy on the Internet, many security protocols have been developed. Unfortunately, the security analyzes that have been carried out on these protocols show that they are vulnerable to one or few attacks, which eliminates the use of these protocols. Therefore, the need for a security protocol on the Internet of Things (IoT) has not yet been resolved. Recently, Khor and Sidorov cryptanalyzed the Wang et al. protocol and presented an improved version of it. In this paper, at first, we show that this protocol also does not have sufficient security and so it is not recommended to be used in any application. More precisely, we present a full secret disclosure attack against this protocol, which extracted the whole secrets of the protocol by two communication with the target tag. In addition, Sidorv et al. recently proposed an ultralightweight mutual authentication RFID protocol for blockchain enabled supply chains, supported by formal and informal security proofs. However, we present a full secret disclosure attack against this protocol as well.