Vulnerability Analysis of a Mutual Authentication Protocol Conforming to EPC Class-1 Generation-2 Standard (original) (raw)

The security level of the EPC Class-1 Generation-2 RFID standard is very low, as shown in previous works such as [1-4]. In particular, the security of the access and kill passwords of an RFID tag is almost non-existent. A first initiative by Konidala and Kim [5] tried to solve these problems by proposing a tag-reader mutual authentication scheme (TRMA) to protect the tag access password. However, Lim and Li showed how a passive attacker can recover the access password of the tag [6]. Recently, Konidala and Kim proposed a new version of the TRMA scheme (TRMA +) in which the tag access and kill passwords are used for authentication [7]. In this paper, we show that this new version still contains serious security flaws. The 16 least significant bits of the access password can be obtained with probability 2 −2 , and the 16 most significant bits with a probability higher than 2 −5. Finally, we show how an attacker can recover the entire kill password with probability 2 −2 within 4 eavesdropped sessions in the case of a passive attack, or just 2 consecutive sessions under an active attack.