Cryptology ePrint Archive: Report 2009/149

Secure EPC Gen2 compliant Radio Frequency Identification

Mike Burmester and Breno de Medeiros and Jorge Munilla and Alberto Peinado

Abstract: The increased functionality of EPC Class1 Gen2 (EPCGen2) is making this standard a de facto specification for inexpensive tags in the RFID industry. Recently three EPCGen2 compliant protocols that address security issues were proposed in the literature. In this paper we analyze these protocols and show that they are not secure and subject to replay/impersonation and statistical analysis attacks. We then propose an EPCGen2 compliant RFID protocol that uses the numbers drawn from synchronized pseudorandom number generators (RNG) to provide secure tag identification and session unlinkability. This protocol is optimistic and its security reduces to the (cryptographic) pseudorandomness of the RNGs supported by EPCGen2.

Category / Keywords: EPCGen2 compliance, security, identification, unlinkability

Publication Info: not published or accepted for publication

Date: received 31 Mar 2009, last revised 14 May 2009

Contact author: burmester at cs fsu edu

Available format(s): PDF | BibTeX Citation

Version: 20090514:173033 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]