Abstract
The increased functionality of EPC Class1 Gen2 (EPCGen2) is making this standard a de facto specification for inexpensive tags in the RFID industry. Recently three EPCGen2 compliant protocols that address security issues were proposed in the literature. In this paper we analyze these protocols and show that they are not secure and subject to replay/impersonation and statistical analysis attacks. We then propose an EPCGen2 compliant RFID protocol that uses the numbers drawn from synchronized pseudorandom number generators (RNG) to provide secure tag identification and session unlinkability. This protocol is optimistic and its security reduces to the (cryptographic) pseudorandomness of the RNGs supported by EPCGen2.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Avoine, G., http://lasecwww.epfl.ch/~gavoine/rfid/
Burmester, M., de Medeiros, B.: The security of EPC Gen2 compliant RFID protocols. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 490–506. Springer, Heidelberg (2008)
Burmester, M., de Medeiros, B., Motta, R.: Robust, Anonymous RFID Authentication with Constant Key-Lookup. In: Abe, M., Gligor, V.D. (eds.) ASIACCS, pp. 283–291. ACM, New York (2008); Extended version: J. Applied Cryptography 1(2), 79–90 (2008)
Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proc. IEEE Symp. on Foundations of Computer Science (FOCS 2001), pp. 136–145. IEEE Press, Los Alamitos (2001)
Chen, C.-L., Deng, Y.-Y.: Conformation of EPC Class 1 Generation 2 Standards RFID system with Mutual Authentication and Privacy Protection. In: Engineering Applications of Artificial Intelligence. Elsevier, Amsterdam (in Press), Corrected Proof. doi:10.1016/j.engappai.2008.10.022
Dimitriou, T.: A lightweight RFID protocol to protect against traceability and cloning attacks. In: Proc. IEEE Intern. Conf. on Security and Privacy in Communication Networks (SECURECOMM 2005). IEEE Press, Los Alamitos (2005)
Dimitriou, T.: A secure and efficient RFID protocol that can make big brother obsolete. In: Proc. Intern. Conf. on Pervasive Computing and Communications (PerCom 2006). IEEE Press, Los Alamitos (2006)
EPC Global. EPC Tag Data Standards, http://www.epcglobalinc.orgbl
Eun Young Choi, D.H.L., Lim, J.I.: Anti-cloning protocol suitable to Epcglobal Class-1 Generation-2 RFID systems. In: Computer Standards & Interfaces, Elsevier, Amsterdam (in press), Corrected Proof. doi:10:1016/j.csi.2008.11.002
ISO/IEC. Standard # (18000) – RFID Air Interface Standard, http://www.hightechaid.com/standards/18000.htm
Juels, A.: Minimalist cryptography for low-cost RFID tags. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 149–164. Springer, Heidelberg (2005)
Kim, C.H., Avoine, G., Koeune, F., Standaert, F.-X., Pereira, O.: The Swiss-Knife RFID Distance Bounding Protocol. In: Lee, P.J., Cheon, J.H. (eds.) ICISC. LNCS, vol. 5461, pp. 98–115. Springer, Heidelberg (2008)
Molnar, D., Soppera, A., Wagner, D.: A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 276–290. Springer, Heidelberg (2006)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to “privacy-friendly” tags. In: Proc. RFID Privacy Workshop (2003)
Qingling, C., Yiju, Z., Yonghua, W.: A minimalist mutual authentication protocol for RFID system and ban logic analysis. In: ISECS International Colloquium on Computing, Communication, Control and Management, vol. 2, pp. 449–453 (2008), doi:10.1109/cccm.2008.305
Sun, H.-M., Ting, W.-C.: A Gen2-based RFID authentication protocol for security and privacy. IEEE Transactions on Mobile Computing 99, 1 (2009)
Tsudik, G.: YA-TRAP: Yet another trivial RFID authentication protocol. In: Proc. IEEE Int. Conf. on Pervasive Computing and Communications (PerCom 2006). IEEE Press, Los Alamitos (2006)
van Le, T., Burmester, M., de Medeiros, B.: Universally Composable and Forward-secure RFID Authentication and Authenticated Key Exchange. In: Proc. of the ACM Symp. on Information, Computer, and Communications Security (ASIACCS 2007), pp. 242–252. ACM Press, Singapore (2007)
Weis, S., Sarma, S., Rivest, R., Engels, D.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Burmester, M., de Medeiros, B., Munilla, J., Peinado, A. (2009). Secure EPC Gen2 Compliant Radio Frequency Identification. In: Ruiz, P.M., Garcia-Luna-Aceves, J.J. (eds) Ad-Hoc, Mobile and Wireless Networks. ADHOC-NOW 2009. Lecture Notes in Computer Science, vol 5793. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04383-3_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-04383-3_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04382-6
Online ISBN: 978-3-642-04383-3
eBook Packages: Computer ScienceComputer Science (R0)