Skip to main content

Cryptanalysis of an EPC Class-1 Generation-2 standard compliant authentication protocol

Peris-Lopez, Pedro, Hernandez-Castro, Julio C., Tapiador, Juan E., van der Lubbe, Jan C. A. (2011) Cryptanalysis of an EPC Class-1 Generation-2 standard compliant authentication protocol. Engineering Applications of Artificial Intelligence, 24 (6). pp. 1061-1069. ISSN 0952-1976. (doi:10.1016/j.engappai.2011.04.001) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided) (KAR id:31943)

Language: English

Restricted to Repository staff only
[thumbnail of Cryptanalysis of an EPC Class-1 Generation-2 standard compliant authentication protocol.pdf]
Official URL


Recently, Chen and Deng (2009) proposed an interesting new mutual authentication protocol. Their scheme is based on a cyclic redundancy code (CRC) and a pseudo-random number generator in accordance with the EPC Class-1 Generation-2 specification. The authors claimed that the proposed protocol is secure against all classical attacks against RFID systems, and that it has better security and performance than its predecessors. However, in this paper we show that the protocol fails short of its security objectives, and in fact offers the same security level than the EPC standard it tried to correct. An attacker, following our suggested approach, will be able to impersonate readers and tags. Untraceability is also not guaranteed, since it is easy to link a tag to its future broadcast responses with a very high probability. Furthermore, readers are vulnerable to denial of service attacks (DoS), by obtaining an incorrect EPC identifier after a successful authentication of the tag. Moreover, from the implementation point of view, the length of the variables is not compatible with those proposed in the standard, thus further discouraging the wide deployment of the analyzed protocol. Finally, we propose a new EPC-friendly protocol, named Azumi, which may be considered a significant step toward the security of Gen-2 compliant tags.

Item Type: Article
DOI/Identification number: 10.1016/j.engappai.2011.04.001
Uncontrolled keywords: Authentication; Cryptanalysis; EPC; RFID; Security
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Julio Hernandez Castro
Date Deposited: 24 Oct 2012 12:47 UTC
Last Modified: 16 Nov 2021 10:09 UTC
Resource URI: (The current URI for this page, for reference purposes)
Hernandez-Castro, Julio C.:
  • Depositors only (login required):