Paper 2009/149

Secure EPC Gen2 compliant Radio Frequency Identification

Mike Burmester, Breno de Medeiros, Jorge Munilla, and Alberto Peinado


The increased functionality of EPC Class1 Gen2 (EPCGen2) is making this standard a de facto specification for inexpensive tags in the RFID industry. Recently three EPCGen2 compliant protocols that address security issues were proposed in the literature. In this paper we analyze these protocols and show that they are not secure and subject to replay/impersonation and statistical analysis attacks. We then propose an EPCGen2 compliant RFID protocol that uses the numbers drawn from synchronized pseudorandom number generators (RNG) to provide secure tag identification and session unlinkability. This protocol is optimistic and its security reduces to the (cryptographic) pseudorandomness of the RNGs supported by EPCGen2.

Available format(s)
Publication info
Published elsewhere. not published or accepted for publication
EPCGen2 compliancesecurityidentificationunlinkability
Contact author(s)
burmester @ cs fsu edu
2009-05-14: last of 4 revisions
2009-04-01: received
See all versions
Short URL
Creative Commons Attribution


      author = {Mike Burmester and Breno de Medeiros and Jorge Munilla and Alberto Peinado},
      title = {Secure EPC Gen2 compliant Radio Frequency Identification},
      howpublished = {Cryptology ePrint Archive, Paper 2009/149},
      year = {2009},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.