Cryptanalysis of an EPC Class-1 Generation-2 standard compliant authentication protocol

P. Peris-Lopez, Julio Hernandez-Castro, J. Estevez-Tapiador, J. Van der Lubbe

Research output: Contribution to journalArticlepeer-review


Recently, Chen and Deng(2009) proposed an interesting new mutual authentication protocol.Their scheme is based on a cyclic redundancy code (CRC) and a pseudo-random number generator in accordance with the EPC Class-1 Generation-2 specification. The authors claimed that the proposed protocol is secure against all classical attacks against RFID systems, and that it has better security and performance than its predecessors. However, in this paper we show that the protocol fails short of its security objectives, and in fact offers the same security level than the EPC standard it tried to correct. An attacker, following our suggested approach, will be able to impersonate readers and tags. Untraceability is also not guaranteed, since it is easy to link a tag to its future broadcast responses with a very high probability. Furthermore, readers are vulnerable to denial of service attacks(DoS), by obtaining an incorrect EPC identifier after a successful authentication of the tag. Moreover, from the implementation point of view, the length of the variables is not compatible with those proposed in the standard, thus further discouraging the wide deployment of the analyzed protocol. Finally, we propose a new EPC-friendly protocol, named Azumi, which may be considered a significant step toward the security of Gen-2 compliant tags.
Original languageEnglish
Pages (from-to)1061-1069
Number of pages9
JournalEngineering Applications of Artificial Intelligence
Issue number6
Publication statusPublished - Sept 2011


Dive into the research topics of 'Cryptanalysis of an EPC Class-1 Generation-2 standard compliant authentication protocol'. Together they form a unique fingerprint.

Cite this