Wireless Personal Communications

, Volume 59, Issue 1, pp 27–42 | Cite as

A Practical Implementation Attack on Weak Pseudorandom Number Generator Designs for EPC Gen2 Tags

  • Joan Melià-Seguí
  • Joaquin Garcia-Alfaro
  • Jordi Herrera-Joancomartí


The Electronic Product Code Generation 2 (EPC Gen2) is an international standard that proposes the use of Radio Frequency Identification (RFID) in the supply chain. It is designed to balance cost and functionality. As a consequence, security on board of EPC Gen2 tags is often minimal. It is, indeed, mainly based on the use of on board pseudorandomness, used to obscure the communication between readers and tags; and to acknowledge the proper execution of password-protected operations. In this paper, we present a practical implementation attack on a weak pseudorandom number generator (PRNG) designed specifically for EPC Gen2 tags. We show that it is feasible to eavesdrop a small amount of pseudorandom values by using standard EPC commands and using them to determine the PRNG configuration that allows to predict the complete output sequence.


RFID EPC Gen2 PRNG Security Eavesdropping Attack implementation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    EPCglobal. (2008). EPC radio-frequency identity protocols class-1 generation-2 UHF RFID protocol for communications at 860–960 MHz. Accessed 15 July 2010.
  2. 2.
    Che W., Deng H., Tan X., Wang J. (2008) Chapter 16, a random number generator for application in RFID tags. In: Cole P. H., Ranasinghe D. C. (eds) Networked RFID systems and lightweight cryptography. Springer, Berlin, pp 279–287CrossRefGoogle Scholar
  3. 3.
    Ranasinghe D. C., Cole P. H. (2008) Chapter 8, an evaluation framework. In: Cole P. H., Ranasinghe D. C. (eds) Networked RFID systems and lightweight cryptography. Springer, Berlin, pp 157–167CrossRefGoogle Scholar
  4. 4.
    Feldhofer M., Rechberger C. et al (2006) A case against currently used hash functions in RFID protocols. In: Meersman R. (eds) On the move to meaningful internet systems 2006: OTM 2006 workshops. Springer, Berlin, pp 372–381CrossRefGoogle Scholar
  5. 5.
    Peris-Lopez, P. (2008). Lightweight cryptography in radio frequency identification (RFID) systems. PhD Thesis. Accessed 15 July 2010.
  6. 6.
    Garcia F., Koning G., Muijrers R., Rossum P., Verdult R., Wichers R., Jacobs B. (2008) Dismantling MIFARE classic. In: Jajodia S., Lopez J. (eds) Computer security—ESORICS 2008. Springer, Berlin, pp 97–114CrossRefGoogle Scholar
  7. 7.
    Peris-Lopez P., Hernandez-Castro J., Estevez-Tapiador J., Ribagorda J. (2009) LAMED—A PRNG for EPC class-1 generation-2 RFID specification. Computer Standards & Interfaces 31(1): 88–97CrossRefGoogle Scholar
  8. 8.
    Melia-Segui J., Garcia-Alfaro J., Herrera-Joancomarti J. et al (2010) Analysis and improvement of a pseudorandom number generator for EPC Gen2 tags. In: Curtmola R. (eds) Financial cryptography and data security 2010 workshops, LNCS. Springer, Berlin, pp 34–46CrossRefGoogle Scholar
  9. 9.
    Herlestam, T. (1995). On functions of linear shift register sequences. Advances in Cryptology EUROCRYPT’ 85, LNCS. doi: 10.1007/3-540-39805-8.
  10. 10.
    Chen C. L. (1986) Linear dependencies in linear feedback shift registers. IEEE Transactions on Computers C-35(12): 1086–1088CrossRefGoogle Scholar
  11. 11.
    Schneier B. (1996) Applied cryptography. John Wiley & Sons, Hoboken, NJ, USAGoogle Scholar
  12. 12.
    Joux A. (2009) Algorithmic cryptanalysis. CRC Press, Boca Raton, FL, USAzbMATHCrossRefGoogle Scholar
  13. 13.
    National Institute of Standards and Technology. (2008). Random number generation. Accessed 15 July 2010.
  14. 14.
    SIC, Stiftung Secure Information and Communication Technologies. (2009). UHF RFID Demo Tag. Accessed 15 July 2010.
  15. 15.
    M. Aigner et al. (2007). BRIDGE—building radio frequency identification for the global environment. Report on first part of the security WP: Tag security (D4.2.1). Accessed 15 July 2010.
  16. 16.
    Atmel Corporation. (2009). Accessed 15 July 2010.
  17. 17.
    Rowley Crossworks IDE. (2009). Crossworks v1.4 and v2.0 for AVR. Accessed 15 July 2010.
  18. 18.
    CAEN RFID. (2009). Accessed 15 July 2010.

Copyright information

© Springer Science+Business Media, LLC. 2010

Authors and Affiliations

  • Joan Melià-Seguí
    • 1
  • Joaquin Garcia-Alfaro
    • 2
  • Jordi Herrera-Joancomartí
    • 3
  1. 1.Universitat Oberta de CatalunyaBarcelonaSpain
  2. 2.Institut Telecom, Telecom BretagneCesson-SevigneFrance
  3. 3.Universitat Autònoma de Barcelona, Edifici QBellaterraSpain

Personalised recommendations