Cryptanalysis and strengthening of SRP+ protocol

Recently, many lightweight authentication schemes have been designed for RFID systems since the release of the EPC Class1 Generation2 (EPC-C1G2) standard. In 2013, Pang et al. proposed a novel secure RFID authentication protocol, named SRP+, and claimed that their scheme efficiently guarantees the tag privacy and satisfies the security requirements. But later, Wang et al. showed that SRP+ is vulnerable to de-synchronization attack and presented a simple disclosure attack which requires 216 off-line evaluations of a PRNG function. However, in this paper, we present another de-synchronization attack on the SRP+ based on toggling only one bit of the transferred random number. We also show that the attacker can retrieve all secret parameters at the cost of at most 24 CRC evaluations after eavesdropping two consecutive sessions. Given those secret parameters, it would be trivial to apply any other attack in the context of the protocol. To counteract such flaws, we revise the SRP+ to provide the claimed security properties.