Cryptanalysis of a novel authentication protocol conforming to EPC-C1G2 standard (original) (raw)
Related papers
EPC class 1 Generation 2(or in short term EPC-C1 G2) is one of the most important standards for RFID passive tags. However, the original protocol known to be insecure. To improve the security of this standard, several protocols have been proposed compliant to this standard. In this paper we analyze the improved Yeh et al. 's protocol by Yoon which is conforming to EPC-C1 G2 standard and is one of the most recent proposed protocol in this field. We present several efficient attacks against this protocol. Our first attack is a passive attack that can retrieve all secret parameters of the tag on the cost of eaves-dropping only one session of protocol between the tag and a legitimate reader (connected to the back-end database) and O(2 16) evaluations of PRNG-function in off-line . Although the extracted information are enough to mount other relevant attacks (e. g. such as traceability, tag impersonation, reader impersonation, and desynchronization attacks) and would be enough to rul...
Security and Privacy Flaws in a Recent Authentication Protocol for EPC C1 G2 RFID Tags
Recently, due to widespread use of Radio Frequency IDentification (RFID) systems in personal applications, security and privacy of these systems have got more attention. In order to provide security and privacy of RFID users, different authentication protocols have been proposed. In 2014, Mohammadi et al. proposed an improved authentication protocol for RFID systems. They claimed that their protocol is secure against various attacks. In this study, we investigate security and privacy of their protocol. It is shown that their protocol is not safe against several attacks including secret parameters reveal, tag impersonation, data integrity, desynchronization and also it cannot provide user privacy. Then, in order to omit aforementioned weaknesses, we apply some changes on Mohammadi et al.’s protocol and we propose an improved protocol. In addition, the security and privacy of the proposed protocol are analyzed against various attacks.
Attacks On A Mutual Authentication Scheme Conforming To EPCglobal Class-1 Generation-2 RFID System$
projectice.eu
EPCglobal introduced Electronic Product Code (EPC) to identify objects and trace them in a wide network area. EPCglobal and ISO confirmed EPC Class-1 Generation-2 (EPC-C1G2) that includes the requirements of lightweight RFID tags. However, these tags are vulnerable to some inevitable attacks such as tracking by adversaries, tag cloning and data leakage. Lately, many authentication and privacy protection protocols have been published to protect RFID systems. Some of them do not adequately satisfy these security issues. Chen and Deng proposed a mutual authentication and privacy protection protocol conforming to EPC-C1G2 standard to ensure RFID security and privacy of the tags. In this paper, we show that most of the privacy protection and authentication protocol objectives are not met in Chen and Deng's proposal. We also show that an adversary can impersonate not only the tags but also the legitimate reader. In addition, we show that a counterfeit tag can be simply cloned. For these reasons, Chen and Deng's scheme is not a secure and reliable protocol to use in EPC-C1G2 specification.
Practical Attacks on a RFID Authentication Protocol Conforming to EPC C-1 G-2 Standard
Arxiv preprint arXiv:1102.0763, 2011
. They have claimed that their protocol is secure against adversarial attacks and also provides forward secrecy. In this paper we will show that the proposed protocol does not have proper security features. A powerful and practical attack is presented on this protocol whereby the whole security of the protocol is broken. Furthermore, Yeh et al. protocol does not assure the untraceabilitiyand backwarduntraceabilitiy aspects. Namely, all past and next transactions of a compromised tag will be traceable by an adversary.
A Provable Secure Batch Authentication Scheme for EPCGen2 Tags
Lecture Notes in Computer Science, 2014
EPC Class1 Gen2 (EPCGen2) is an international industrial standards for low cost RFID system used in many applications such as supply chain and consumer service. While RFID technology offers convenience and being employed in various applications in our society, security and privacy issues are still the number one concern of most RFID applications today. In this paper, we study the problems occurring where a reader wants to authenticate and identify legitimate RFID EPCGen2 tags in a batch to guarantee the integrity of the products. Most of the EPCGen2 tags are passive and have limited computational ability to compute cryptographic functions. For this reason, to design a mechanism to protect low-cost EPCGen2 tags from security and privacy risks is a challenging task. We propose a provable secure batch authentication scheme for EPCGen2 tags using the pseudo-random number generator (PRNG) and cyclic redundancy check (CRC) code. Our ultra-lightweight scheme which integrates the operations of EPCGen2 and only relies on build-in CRC-16 and PRNG function with secret keys inside the tags. We formally analyze security and privacy of the proposed scheme by using mathematical modeling and proof. Our analysis shows that our scheme provides strong ability to prevent existing possible attacks.
Vulnerability Analysis of a Mutual Authentication Scheme under the EPC Class1 Generation2 Standard
The security level of the EPC Class-1 Generation-2 RFID standard is very low, as shown in previous works such as . In particular, the security of the access and kill passwords of an RFID tag is almost non-existent. A first initiative by Konidala and Kim [5] tried to solve these problems by proposing a tag-reader mutual authentication scheme (TRMA) to protect the tag access password. However, Lim and Li showed how a passive attacker can recover the access password of the tag [6]. Recently, Konidala and Kim proposed a new version of the TRMA scheme (TRMA + ) in which the tag access and kill passwords are used for authentication . In this paper, we show that this new version still contains serious security flaws. The 16 least significant bits of the access password can be obtained with probability 2 −2 , and the 16 most significant bits with a probability higher than 2 −5 . Finally, we show how an attacker can recover the entire kill password with probability 2 −2 within 4 eavesdropped sessions in the case of a passive attack, or just 2 consecutive sessions under an active attack.
Secure EPC Gen2 Compliant Radio Frequency Identification
Lecture Notes in Computer Science, 2009
The increased functionality of EPC Class1 Gen2 (EPCGen2) is making this standard a de facto specification for inexpensive tags in the RFID industry. Recently three EPCGen2 compliant protocols that address security issues were proposed in the literature. In this paper we analyze these protocols and show that they are not secure and subject to replay/impersonation and statistical analysis attacks. We then propose an EPCGen2 compliant RFID protocol that uses the numbers drawn from synchronized pseudorandom number generators (RNG) to provide secure tag identification and session unlinkability. This protocol is optimistic and its security reduces to the (cryptographic) pseudorandomness of the RNGs supported by EPCGen2.
EPC RFID tag security weaknesses and defenses
Proceedings of the 16th ACM conference on Computer and communications security - CCS '09, 2009
EPC (Electronic Product Code) tags are industry-standard RFID devices poised to supplant optical barcodes in many applications. We explore the systemic risks and challenges created by the increasingly common use of EPC for security applications. As a central case study, we examine the recently issued United States Passport Card and Washington State "enhanced drivers license" (WA EDL), both of which incorporate Gen-2 EPC tags. We measure multiple weaknesses, including susceptibility to cloning, extended read ranges, and the ability to remotely kill a WA EDL. We study the implications of these vulnerabilities to overall system security, and offer suggestions for improvement. We demonstrate anti-cloning techniques for off-the-shelf EPC tags, overcoming practical challenges in a previous proposal to co-opt the EPC "kill" command to achieve tag authentication. Our paper fills a vacuum of experimentally grounded evaluation of and guidance for security applications for EPC tags not just in identity documents, but more broadly in the authentication of objects and people.
—In this paper we scrutinize the security properties of an RFID authentication protocol conforming to the EPC Class-1 Generation-2 standard. The protocol is suitable for Gen-2 passive tags and requires simple computations. The authors claim that the scheme provides privacy protection and authentication and offers resistant against commonly assumed attacks. We propose a de-synchronization and an impersonation attack in which the disclosing of the secret information (i.e. secret key and static identifier) shared between the tag and the reader is unnecessary to success in these attacks. Keywords—