6th Workshop on Radio Frequency Identification Security, İstanbul, Türkiye, 8 - 09 Haziran 2010, cilt.6370, ss.66-67
In this paper we show how to break the most recent version of EC-RAC with respect to privacy. We show that both the ID-Transfer and ID&PWD-Transfer schemes from EC-RAC do not provide the claimed privacy levels by using a man-in-the-middle attack. The existence of these attacks voids the presented privacy proofs for EC-RAC.