Securing RFID systems conforming to EPC Class 1 Generation 2 standard

RFID, capable of remote automatic identification, is taking the place of barcodes to become electronic tags of the new generation. However, the information transmitted in the air could easily be intercepted and eavesdropped due to its radio transmission nature. On top of this, its prevalence has brought the stress on its security and privacy issues. EPC Class 1 Generation 2 (Gen 2) has served as the most popular standard for passive tags. Passive tags possess limited computation ability and capacity that just makes designing of the security protocol even more challenging. Researchers have proposed quite a few security protocols for RFID, but most of them are just too complicated to be implemented on Gen 2. Chien and Chen (2007) proposed a mutual authentication protocol conforming to this standard. However, it is found vulnerable to DoS attacks. Due to the bad properties of the CRC function used in the protocol, the claimed security objectives are also not met. Moreover, the database must use brute search for each tag's authentication. This paper will give demonstrations on what have caused these weaknesses, and more of that, an improved protocol is also proposed which are free from worries of the problems mentioned above. The improved protocol could thus be applied in high security demanding environments.

[1]  Jung Lyu,et al.  Integrating RFID with quality assurance system - Framework and applications , 2009, Expert Syst. Appl..

[2]  Yang Xiao,et al.  Security co-existence of wireless sensor networks and RFID for pervasive computing , 2008, Comput. Commun..

[3]  Tsuyoshi Takagi,et al.  An Efficient and Secure RFID Security Method with Ownership Transfer , 2006, 2006 International Conference on Computational Intelligence and Security.

[4]  Juan E. Tapiador,et al.  Cryptanalysis of a novel authentication protocol conforming to EPC-C1G2 standard , 2009, Comput. Stand. Interfaces.

[5]  Chris J. Mitchell,et al.  RFID authentication protocol for low-cost tags , 2008, WiSec '08.

[6]  Mikhail Nesterenko,et al.  RFID security without extensive cryptography , 2005, SASN '05.

[7]  Daesung Kwon,et al.  Vulnerability of an RFID authentication protocol conforming to EPC Class 1 Generation 2 Standards , 2009, Comput. Stand. Interfaces.

[8]  Kwangjo Kim,et al.  Enhancing Security of EPCglobal Gen-2 RFID Tag against Traceability and Cloning , 2006 .

[9]  Hung-Yu Chien,et al.  Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards , 2007, Comput. Stand. Interfaces.

[10]  Bruce Schneier,et al.  Ten Risks of PKI , 2004 .

[11]  Ari Juels,et al.  Strengthening EPC tags against cloning , 2005, WiSe '05.

[12]  Soo-Young Kang,et al.  A study on secure RFID mutual authentication scheme in pervasive computing environment , 2008, Comput. Commun..

[13]  Nai-Wei Lo,et al.  An Efficient Mutual Authentication Scheme for EPCglobal Class-1 Generation-2 RFID System , 2007, EUC Workshops.

[14]  Koutarou Suzuki,et al.  RFID Privacy Issues and Technical Challenges , 2005, IEEE Engineering Management Review.