Cryptanalysis of a new EPC class-1 generation-2 standard compliant RFID protocol

Abstract

EPC class 1 Generation-2 (or in short term EPC-C1 G2) is one of the most important standards for RFID passive tags. However, the original protocol is known to be insecure. To improve the security of this standard, several protocols have been proposed which are compliant to this standard. In this paper, we analyze the security of a protocol which has been recently proposed by Lo and Yeh (2010). Despite the designers’ claim, which is optimal security, however, we present a passive attack which can retrieve all secret parameters of the tag efficiently. The cost of this attack is eavesdropping only one session of protocol between the tag and a legitimate reader and 216 PRNG-function evaluations in off-line. In addition, we show that an active adversary can retrieve secret parameters more efficiently, that is, with the complexity of two consequence sessions of protocol and without the need for PRNG-function evaluation. The success probability of the given attacks are “1”. To counteract such flaws, we propose an enhanced EPC-compliant protocol entitled YAYA, by applying some minor modifications to the original protocol so that it provides the claimed security properties.