Abstract: | Radio Frequency Identification (RFID)‐based parking management systems provide facilities to control parking lot systems within easy access and secure inspection. Chen and Chong have presented a scheme to prevent car thefts for parking lot management systems, which is based on EPC C1‐G2 RFID standard. They claimed that their protocol is resistant against well‐known RFID attacks. In this paper, we prove that Chen and Chong's scheme is not resistant against secret disclosure and impersonation attacks. Therefore, in Chen and Chong parking lot system, a car may be stolen without having a valid tag. In this paper, we also show that the proposed impersonation attack works for any length of cyclic redundancy check and the secret disclosure attack costs at most 216 evaluations of the used pseudo random number generator. The success probability of both attacks is 1 while their complexity is only 2 runs of the protocol. Finally, we present an improved protocol and formally and informally prove that the improved protocol provides the desired level of security and privacy. |