Paper 2013/490

For an EPC-C1 G2 RFID compliant Protocol, CRC with Concatenation : No; PRNG with Concatenation : Yes

Masoumeh Safkhani and Nasour Bagheri

Abstract

In this paper we present new constraints to EPCglobal Class 1 Generation 2 (EPC-C1 G2) standard which if they have been considered in the design of EPC-C1 G2 complaint authentication protocols, lead to prevent predecessor's protocols' weaknesses and also present the secure ones. Also in this paper as an example, we use Pang \textit{et al.} EPC-C1 G2-friendly protocol which has been recently proposed, to show our proposed constraints in EPC-C1 G2 standard. Pang \textit{et al.}'s protocol security analysis show how its security claim based on untraceability and resistance against de-synchronization attacks is ruined. More precisely, we present very efficient de-synchronization attack and traceability attack against the protocol. Finally, take Pang \textit{et al.} protocol's vulnerability points, we present new conditions to design EPC-C1 G2 complaint protocols and based on it we propose a secure (EPC-C1 G2) RFID authentication scheme which is a good sample to EPC-C1 G2 complaint protocols.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
RFIDMutual AuthenticationEPC-C1 G2Cyclic Redundancy CodePseudo Random Number GeneratorDe-synchronizationTraceability Attack
Contact author(s)
na bagheri @ gmail com
History
2013-08-15: received
Short URL
https://ia.cr/2013/490
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/490,
      author = {Masoumeh Safkhani and Nasour Bagheri},
      title = {For an EPC-C1 G2 RFID compliant Protocol, CRC with Concatenation : No;   PRNG with Concatenation : Yes},
      howpublished = {Cryptology ePrint Archive, Paper 2013/490},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/490}},
      url = {https://eprint.iacr.org/2013/490}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.