Cryptanalysis of an EPC Class-1 Generation-2 standard compliant authentication protocol

Peris-Lopez, Pedro and Hernandez-Castro, Julio C. and Tapiador, Juan E. and van der Lubbe, Jan C. A. (2011) Cryptanalysis of an EPC Class-1 Generation-2 standard compliant authentication protocol. Engineering Applications of Artificial Intelligence, 24 (6). pp. 1061-1069. ISSN 0952-1976. (Access to this publication is restricted)

PDF
Restricted to Repository staff only
Contact us about this Publication Download (489kB)
[img]
Official URL
http://dx.doi.org/10.1016/j.engappai.2011.04.001

Abstract

Recently, Chen and Deng (2009) proposed an interesting new mutual authentication protocol. Their scheme is based on a cyclic redundancy code (CRC) and a pseudo-random number generator in accordance with the EPC Class-1 Generation-2 specification. The authors claimed that the proposed protocol is secure against all classical attacks against RFID systems, and that it has better security and performance than its predecessors. However, in this paper we show that the protocol fails short of its security objectives, and in fact offers the same security level than the EPC standard it tried to correct. An attacker, following our suggested approach, will be able to impersonate readers and tags. Untraceability is also not guaranteed, since it is easy to link a tag to its future broadcast responses with a very high probability. Furthermore, readers are vulnerable to denial of service attacks (DoS), by obtaining an incorrect EPC identifier after a successful authentication of the tag. Moreover, from the implementation point of view, the length of the variables is not compatible with those proposed in the standard, thus further discouraging the wide deployment of the analyzed protocol. Finally, we propose a new EPC-friendly protocol, named Azumi, which may be considered a significant step toward the security of Gen-2 compliant tags.

Item Type: Article
Uncontrolled keywords: Authentication; Cryptanalysis; EPC; RFID; Security
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Divisions: Faculties > Science Technology and Medical Studies > School of Computing > Security Group
Depositing User: Julio Hernandez-Castro
Date Deposited: 24 Oct 2012 12:47
Last Modified: 23 Apr 2014 13:20
Resource URI: http://kar.kent.ac.uk/id/eprint/31943 (The current URI for this page, for reference purposes)
  • Depositors only (login required):

Downloads

Downloads per month over past year