Peris-Lopez, Pedro and Hernandez-Castro, Julio C. and Tapiador, Juan E. and van der Lubbe, Jan C. A. (2011) Cryptanalysis of an EPC Class-1 Generation-2 standard compliant authentication protocol. Engineering applications of artificial intelligence, 24 (6). pp. 1061-1069. ISSN 0952-1976.
Restricted to Repository staff only
| Contact us about this Publication
Recently, Chen and Deng (2009) proposed an interesting new mutual authentication protocol. Their scheme is based on a cyclic redundancy code (CRC) and a pseudo-random number generator in accordance with the EPC Class-1 Generation-2 specification. The authors claimed that the proposed protocol is secure against all classical attacks against RFID systems, and that it has better security and performance than its predecessors. However, in this paper we show that the protocol fails short of its security objectives, and in fact offers the same security level than the EPC standard it tried to correct. An attacker, following our suggested approach, will be able to impersonate readers and tags. Untraceability is also not guaranteed, since it is easy to link a tag to its future broadcast responses with a very high probability. Furthermore, readers are vulnerable to denial of service attacks (DoS), by obtaining an incorrect EPC identifier after a successful authentication of the tag. Moreover, from the implementation point of view, the length of the variables is not compatible with those proposed in the standard, thus further discouraging the wide deployment of the analyzed protocol. Finally, we propose a new EPC-friendly protocol, named Azumi, which may be considered a significant step toward the security of Gen-2 compliant tags.
|Uncontrolled keywords:||Authentication; Cryptanalysis; EPC; RFID; Security|
|Subjects:||Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science|
|Divisions:||Faculties > Science Technology and Medical Studies > School of Computing > Security Group|
|Depositing User:||Julio Hernandez-Castro|
|Date Deposited:||24 Oct 2012 12:47|
|Last Modified:||18 Mar 2013 15:09|
|Resource URI:||http://kar.kent.ac.uk/id/eprint/31943 (The current URI for this page, for reference purposes)|
- Depositors only (login required):