Research Information System
6th Workshop on Radio Frequency Identification Security, İstanbul, Turkey, 8 - 09 June 2010, vol.6370, pp.66-67
In this paper we show how to break the most recent version of EC-RAC with respect to privacy. We show that both the ID-Transfer and ID&PWD-Transfer schemes from EC-RAC do not provide the claimed privacy levels by using a man-in-the-middle attack. The existence of these attacks voids the presented privacy proofs for EC-RAC.