Cryptanalysis of a new EPC class-1 generation-2 standard compliant RFID protocol | Neural Computing and Applications Skip to main content
Springer Nature Link
Log in

Cryptanalysis of a new EPC class-1 generation-2 standard compliant RFID protocol

  • Original Article
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

EPC class 1 Generation-2 (or in short term EPC-C1 G2) is one of the most important standards for RFID passive tags. However, the original protocol is known to be insecure. To improve the security of this standard, several protocols have been proposed which are compliant to this standard. In this paper, we analyze the security of a protocol which has been recently proposed by Lo and Yeh (2010). Despite the designers’ claim, which is optimal security, however, we present a passive attack which can retrieve all secret parameters of the tag efficiently. The cost of this attack is eavesdropping only one session of protocol between the tag and a legitimate reader and 216 PRNG-function evaluations in off-line. In addition, we show that an active adversary can retrieve secret parameters more efficiently, that is, with the complexity of two consequence sessions of protocol and without the need for PRNG-function evaluation. The success probability of the given attacks are “1”. To counteract such flaws, we propose an enhanced EPC-compliant protocol entitled YAYA, by applying some minor modifications to the original protocol so that it provides the claimed security properties.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Japan)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

References

  1. Bailey DV, Juels A (2006) Shoehorning security into the EPC tag standard. In: Prisco RD, Yung M (eds) SCN, vol 4,116 of Lecture Notes in Computer Science. Springer, Berlin, pp 303–320

    Google Scholar 

  2. Burmester M, de Medeiros B (2008) The security of EPC gen2 compliant RFID protocols. In: Bellovin SM, Gennaro R, Keromytis AD, Yung M (eds) ACNS, vol 5,037 of Lecture Notes in Computer Science. Springer, Heidelberg, pp 490–506

  3. Burmester M, de Medeiros B, Munilla J, Peinado A (2009) Secure EPC gen2 compliant radio frequency identification. In: Ruiz PM, Garcia-Luna-Aceves JJ (eds). ADHOC-NOW, vol 5,793 of Lecture Notes in Computer Science. Springer, Berlin, pp 227–240

    Google Scholar 

  4. Chen C-L, Deng Y-Y (2009) Conformation of EPC class 1 generation 2 standards RFID system with mutual authentication and privacy protection. Eng Appl AI 22(8):1284–1291

    MathSciNet  Google Scholar 

  5. Chien H-Y, Chen C-H (2007) Mutual authentication protocol for RFID conforming to EPC class 1 generation 2 standards. Comput Stand Interfaces 29(2):254–259

    Article  MathSciNet  Google Scholar 

  6. Choi EY, Lee DH, Lim JI (2009) Anti-cloning protocol suitable to EPCglobal class-1 generation-2 RFID systems. Comput Stand Interfaces 31(6):1124–1130

    Article  Google Scholar 

  7. Class-1 generation 2 UHF air interface protocol standard version 1.2.0, Gen2, (2008) http://www.epcglobalinc.org/standards/

  8. Habibi MH, Alaghband MR, Aref MR (2011) Attacks on a lightweight mutual authentication protocol under EPC C-1 G-2 standard. In: Ardagna CA, Zhou J (eds) WISTP, vol 6,633 of Lecture Notes in Computer Science. Springer, Berlin, pp 254–263

    Google Scholar 

  9. Habibi MH, Gardeshi M, Alaghband MR (2011) Practical attacks on a RFID authentication protocol conforming to EPC C-1 G-2 standard. 2(1):1–13, Feb. 04 Comment: 13 page, International Journal of Ubicomp

  10. Information technology? Radio frequency identification for item management? (2005) Part 6: parameters for air interface communications at 860 MHz to 960 MHz. http://www.iso.org

  11. Jin G, Jeong EY, Jung H-Y, Lee KD (2009) RFID authentication protocol conforming to EPC class-1 generation-2 standard. In: Arabnia HR, Daimi K (eds) Security and Management. CSREA Press, USA, pp 227–231

    Google Scholar 

  12. Kim JG, Shin WJ, Yoo JH (2007) Performance analysis of EPC class-1 generation-2 RFID anti-collision protocol. In: Gervasi O, Gavrilova ML (eds) ICCSA (3), vol 4,707 of Lecture Notes in Computer Science. Springer, Berlin, pp 1017–1026

    Google Scholar 

  13. Lo N-W, Yeh K-H (2007) An efficient mutual authentication scheme for EPCglobal class-1 generation-2 RFID system. In: Denko MK, Shih C-S, Li K-C, Tsao S-L, Zeng Q-A, Park S-H, Ko Y-B, Hung S-H, Park JH (eds) EUC Workshops, vol 4,809 of Lecture Notes in Computer Science. Springer, pp 43–56

  14. Lo N-W, Yeh K-H (2010) A secure communication protocol for EPCglobal Class 1 Generation 2 RFID systems. In: IEEE 24th international conference on advanced information networking and applications workshops, IEEE pp 562–566

  15. Peris-Lopez P, Castro JCH, Estévez-Tapiador JM, Ribagorda A (2009) Cryptanalysis of a novel authentication protocol conforming to EPC-C1G2 standard. Comput Stand Interfaces 31(2):372–380

    Article  Google Scholar 

  16. Peris-Lopez P, Hernandez-Castro JC, Estevez-Tapiador JM, Ribagorda A (2008) RFID specification revisited. In: Yan L, Zhang Y, Yang LT, Ning H (eds) The internet of things: from RFID to the next-generation pervasive networked systems. Taylor & Francis Group, London, pp 311–346

  17. Peris-Lopez P, Hernandez-Castro JC, Tapiador JE, van der Lubbe JCA (2011) Cryptanalysis of an EPC class-1 generation-2 standard compliant authentication protocol. Eng Appl AI 24(6):1061–1069

    Google Scholar 

  18. Peris-Lopez P, Li T, Hernandez-Castro JC (2010) Lightweight props on the weak security of EPC class-1 generation-2 standard. IEICE Trans 93-D(3):518–527

    Google Scholar 

  19. Peris-Lopez P, Li T, Hernandez-Castro JC, Tapiador JE (2009) Practical attacks on a mutual authentication scheme under the EPC class-1 generation-2 standard. Comput Commun 32(7-10):1185–1193

    Article  Google Scholar 

  20. Shirai T, Shibutani K, Akishita T, Moriai S, Iwata T (2007) The 128-bit blockcipher CLEFIA (extended abstract). In: Biryukov A (ed) FSE, vol 4,593 of Lecture Notes in Computer Science. Springer, Berlin, pp 181–195

    Google Scholar 

  21. Yeh K-H, Lo N-W (2009) Improvement of an EPC gen2 compliant RFID authentication protocol. In: IAS. IEEE Computer Society, pp 532–535

  22. Yeh T-C, Wang Y-J, Kuo T-C, Wang S-S (2010) Securing RFID systems conforming to EPC class 1 generation 2 standard. Expert Syst Appl 37(12):7678–7683

    Article  Google Scholar 

  23. Yoon E-J (2011) Improvement of the securing RFID systems conforming to EPC class 1 generation 2 standard. Expert Systems with Applications, In Press, Corrected Proof

Download references

Author information

Authors and Affiliations

  1. Electrical Engineering Department, Shahid Rajaee Teacher Training University, 16788-15811, Tehran, Iran

    Nasour Bagheri

  2. Electrical Engineering Department, Iran University of Science and Technology, Tehran, Iran

    Masoumeh Safkhani & Majid Naderi

Authors
  1. Nasour Bagheri
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Masoumeh Safkhani
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Majid Naderi
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Nasour Bagheri.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bagheri, N., Safkhani, M. & Naderi, M. Cryptanalysis of a new EPC class-1 generation-2 standard compliant RFID protocol. Neural Comput & Applic 24, 799–805 (2014). https://doi.org/10.1007/s00521-012-1283-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-012-1283-9

Keywords