Paper 2015/980

Analysis of an RFID Authentication Protocol in Accordance with EPC Standards

Behzad Abdolmaleki, Hamidreza Bakhshi, Karim Baghery, and Mohammad Reza Aref

Abstract

In the past few years, the design of RFID authentication protocols in accordance with the EPC Class-1 Generation-2 (EPC C1 G2) standards, has been one of the most important challenges in the information security domain. Although RFID systems provide user-friendly services for end-users, they can make security and privacy concerns for them. In this paper we analyze the security of an RFID mutual authentication protocol which is based on EPC Class-1 Generation-2 standard and proposed in 2013. The designers of protocol claimed that their protocol is secure against different security attacks and provides user privacy. In this paper, we show that unlike their claims, their protocol is not secure against most of the security attacks such as replay attack, the tag’s ID exposure, and the spoofing attacks. As a result, their protocol cannot provide security of RFID users in different authentication applications. Finally, in order to prevent the aforementioned attacks and overcome all the existing weaknesses, we apply a modification in the updating procedure of the protocol and propose a strengthened version of it.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. International Journal of Information & Communication Technology Research
Keywords
Security and PrivacyRFIDAuthentication protocols
Contact author(s)
abdolmaleki behzad @ yahoo com
History
2015-10-12: received
Short URL
https://ia.cr/2015/980
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/980,
      author = {Behzad Abdolmaleki and Hamidreza Bakhshi and Karim Baghery and Mohammad Reza Aref},
      title = {Analysis of an {RFID} Authentication Protocol in Accordance with {EPC} Standards},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/980},
      year = {2015},
      url = {https://eprint.iacr.org/2015/980}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.