Recently, in IEEE Transactions on Industrial Informatics, Fan et al. proposed a lightweight RFID protocol which has been suggested to be employed for protecting the Medical Privacy in an IoT system. However, the protocol has trivial flaws, as it is shown recently by Aghili et al., in Future Generation Computer Systems. Aghili \textit{et al.} also proposed an improved version of the protocol, based on the similar designing paradigm, called SecLAP. Although the protocol's designers claimed full security against all attacks in the context, we show that the proposed protocol has serious security flaws, by presenting traceability and passive secret disclosure attacks against this protocol. More precisely, we present passive partial secret disclosure attack with the complexity of eavesdropping one session of the protocol and success probability of `1'. The disclosed parameters can be used to trace the tag/reader in any later session which compromises the tag/reader privacy. In addition, we present a passive full secret disclosure attack against SecLAP which can disclose $2n$-bit secret key, $n$-bit $TID$ and $n$-bit $RID$ with the computational complexity of $27n^7$. In addition, we show that, as it is expected, Fan et al.'s protocol has the worse possible security in random oracle model, where the adversary's advantage after $q$ queries to distinguish the protocol from a random oracle is $1- 2^{-q}$. We also evaluate the security of SecLAP in the random oracle model and show that it is as insecure as its predecessor.

All News