Peris-Lopez, Pedro and Hernandez-Castro, Julio C. and Estevez Tapiador, Juan and Ribagorda, Arturo (2009) Cryptanalysis of a novel authentication protocol conforming to EPC-C1G2 standard. Computer Standards and Interfaces, 31 (2). pp. 372-380. ISSN 0920-5489.
Restricted to Repository staff only
| Contact us about this Publication
In 2006, the standard EPC Class-1 Generation-2 (EPC-C1G2) was ratified both by EPCglobal and ISO. This standard can be considered as a "universal" specification for low-cost RFID tags. Although it represents a great advance for the consolidation of RFID technology, it does not pay due attention to security and, as expected, its security level is very low. In 2007, Chien et al. published a mutual authentication protocol conforming to EPC-C1G2 which tried to correct all its security shortcomings. In this article, we point out various major security flaws in Chien et al.'s proposal. We show that none of the authentication protocol objectives are met. Unequivocal identification of tagged items is not guaranteed because of possible birthday attacks. Furthermore, an attacker can impersonate not only legitimate tags, but also the back-end database. The protocol does not provide forward security either. Location privacy is easily jeopardized by a straightforward tracking attack. Finally, we show how a successful auto-desynchronization (DoS attack) can be accomplished in the back-end database despite the security measures taken against it.
|Uncontrolled keywords:||Authentication; Cryptanalysis; EPC-C1G2; RFID; Security|
|Subjects:||Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science|
|Divisions:||Faculties > Science Technology and Medical Studies > School of Computing > Security Group|
|Depositing User:||Julio Hernandez-Castro|
|Date Deposited:||24 Oct 2012 13:19|
|Last Modified:||18 Mar 2013 16:30|
|Resource URI:||http://kar.kent.ac.uk/id/eprint/31952 (The current URI for this page, for reference purposes)|
- Depositors only (login required):