Cryptanalysis of an EPC Class-1 Generation-2 Standard Compliant Authentication Protocol
Source: University of York
Recently, Chen and Deng proposed a mutual authentication protocol. Their scheme is based on a Cyclic Redundancy Code (CRC) and a pseudo-random number generator in accordance with the EPC Class-1 Generation-2 specification. The authors claimed that the proposed protocol is secure against all attacks on RFID systems, offering and increase in security and performance in comparison with their predecessors. However, in this paper, they show that the protocol is as insecure as the EPC standard it unsuccessfully tries to improve, which security limitations are well known. An attacker, following their suggested approach, will be able to impersonate both readers and tags.