SUMMARY
In 2008, a scalable radio frequency identification (RFID) authentication protocol was proposed by Yanfei Liu to provide security and privacy for RFID tags. This protocol only needs O(1) time complexity to find out the identifier of the RFID tag irrespective of the total number of the tags in the system. Based on our analysis, however, a security flaw, which has gone unnoticed in the design of the protocol, makes the scheme vulnerable to tracking attack, tag impersonation attack, and desynchronization attack, if the attacker has the possibility to tamper with only one RFID tag. Because low‐cost devices are not tamper‐resistant, such an attack could be feasible, and we can apply the resulting attacks on authentication, untraceability, and desynchronization resistance of the protocol. To counteract such flaws, we revise the scheme with a stateful variant and also show that the proposed model requires less tag and server‐side computation. Copyright © 2011 John Wiley & Sons, Ltd.