The Security of EPC Gen2 Compliant RFID Protocols
Source: Florida State University
The increased functionality of EPC Class1 Gen2 (EPCGen2) is making this standard the de facto specification for inexpensive tags in the RFID industry. EPCGen2 supports only very basic security tools such as a 16-bit Pseudo-Random Number Generator and a 16-bit Cyclic Redundancy Code. Recently two EPCGen2 compliant protocols that address security issues were proposed in the literature. This paper analyzes these protocols and show that they are not secure and subject to replay/impersonation and synchronization attacks. The paper then considers the general issue of supporting security in EPCGen2 compliant protocols and proposes two RFID protocols that are secure within the restricted constraints of this standard, and an anonymous RFID mutual authentication protocol with forward secrecy that is compliant with the EPC Class2 Gen2 standard.