Cryptanalysis of a novel authentication protocol conforming to EPC-C1G2 standard

P. Peris-Lopez, Julio Hernandez-Castro, J. Estevez-Tapiador, A. Ribagorda

Research output: Contribution to journalArticlepeer-review


In 2006, the standard EPC Class-1 Generation-2 (EPC-C1G2) was ratified both by EPCglobal and ISO. This standard can be considered as a “universal” specification for low-cost RFID tags. Although it represents a great advance for the consolidation of RFID technology, it does not pay due attention to security and, as expected, its security level is very low. In 2007, Chien et al. published a mutual authentication protocol conforming to EPC-C1G2 which tried to correct all its security shortcomings. In this article, we point out various major security flaws in Chien et al.'s proposal. We show that none of the authentication protocol objectives are met. Unequivocal identification of tagged items is not guaranteed because of possible birthday attacks. Furthermore, an attacker can impersonate not only legitimate tags, but also the back-end database. The protocol does not provide forward security either. Location privacy is easily jeopardized by a straightforward tracking attack. Finally, we show how a successful auto-desynchronization (DoS attack) can be accomplished in the back-end database despite the security measures taken against it.
Original languageEnglish
Pages (from-to)372-380
Number of pages9
JournalComputer Standards & Interfaces
Issue number2
Publication statusPublished - Feb 2009


Dive into the research topics of 'Cryptanalysis of a novel authentication protocol conforming to EPC-C1G2 standard'. Together they form a unique fingerprint.

Cite this