A Gen2-Based RFID Authentication Protocol for Security and Privacy

EPCglobal Class-1 Generation-2 specification (Gen2 in brief) has been approved as ISO18000-6C for global use, but the identity of tag (TID) is transmitted in plaintext which makes the tag traceable and clonable. Several solutions have been proposed based on traditional encryption methods, such as symmetric or asymmetric ciphers, but they are not suitable for low-cost RFID tags. Recently, some lightweight authentication protocols conforming to Gen2 have been proposed. However, the message flow of these protocols is different from Gen2. Existing readers may fail to read new tags. In this paper, we propose a novel authentication protocol based on Gen2, called Gen2+, for low-cost RFID tags. Our protocol follows every message flow in Gen2 to provide backward compatibility. Gen2+ is a multiple round protocol using shared pseudonyms and Cyclic Redundancy Check (CRC) to achieve reader-to-tag authentication. Conversely, Gen2+ uses the memory read command defined in Gen2 to achieve tag-to-reader authentication. We show that Gen2+ is more secure under tracing and cloning attacks.

[1]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[2]  Andrew S. Tanenbaum,et al.  RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management , 2005, ACISP.

[3]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[4]  Hung-Yu Chien,et al.  A Lightweight RFID Protocol Using Substring , 2007, EUC.

[5]  Min-Shiang Hwang,et al.  RFID Authentication Protocol for Anti-Counterfeiting and Privacy Protection , 2007, The 9th International Conference on Advanced Communication Technology.

[6]  Jeeyeon Kim,et al.  Privacy threats and issues in mobile RFID , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[7]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[8]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[9]  Bo Sheng,et al.  Severless Search and Authentication Protocols for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom'07).

[10]  Kwangjo Kim,et al.  Enhancing Security of EPCglobal Gen-2 RFID Tag against Traceability and Cloning , 2006 .

[11]  Tae Sung Kim,et al.  Privacy protection for secure mobile RFID service , 2006, 2006 1st International Symposium on Wireless Pervasive Computing.

[12]  Ari Juels,et al.  Soft blocking: flexible blocker tags on the cheap , 2004, WPES '04.

[13]  Leonid Bolotnyy,et al.  Physically Unclonable Function-Based Security and Privacy in RFID Systems , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom'07).

[14]  Philippe Oechslin,et al.  A scalable and provably secure hash-based RFID protocol , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[15]  Stephen A. Weis Security and Privacy in Radio-Frequency Identification Devices , 2003 .

[16]  Ari Juels,et al.  Strengthening EPC tags against cloning , 2005, WiSe '05.

[17]  Ari Juels,et al.  Minimalist Cryptography for Low-Cost RFID Tags , 2004, SCN.

[18]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[19]  Howon Kim,et al.  Privacy-Friendly Mobile RFID Reader Protocol Design based on trusted Agent and PKI , 2006, 2006 IEEE International Symposium on Consumer Electronics.

[20]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[21]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[22]  Hervé Chabanne,et al.  Noisy Cryptographic Protocols for Low-Cost RFID Tags , 2006, IEEE Transactions on Information Theory.

[23]  Gene Tsudik,et al.  YA-TRAP: yet another trivial RFID authentication protocol , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[24]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[25]  István Vajda,et al.  Lightweight Authentication Protocols for Low-Cost RFID Tags , 2003 .

[26]  Jan Camenisch,et al.  Untraceable RFID tags via insubvertible encryption , 2005, CCS '05.

[27]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[28]  Howon Kim,et al.  Privacy Protection based on User-defined Preferences in RFID System , 2006, 2006 8th International Conference Advanced Communication Technology.

[29]  Hung-Min Sun,et al.  On the Security of Chien's Ultralightweight RFID Authentication Protocol , 2011, IEEE Transactions on Dependable and Secure Computing.

[30]  Jian Huang,et al.  An approach to security and privacy of RFID system for supply chain , 2004, IEEE International Conference on E-Commerce Technology for Dynamic E-Business.

[31]  Daniel W. Engels,et al.  RFID Systems and Security and Privacy Implications , 2002, CHES.

[32]  Kwangjo Kim,et al.  Security and Privacy on Authentication Protocol for Low-cost RFID , 2005 .