A Practical Implementation Attack on Weak Pseudorandom Number Generator Designs for EPC Gen2 Tags
- 204 Downloads
The Electronic Product Code Generation 2 (EPC Gen2) is an international standard that proposes the use of Radio Frequency Identification (RFID) in the supply chain. It is designed to balance cost and functionality. As a consequence, security on board of EPC Gen2 tags is often minimal. It is, indeed, mainly based on the use of on board pseudorandomness, used to obscure the communication between readers and tags; and to acknowledge the proper execution of password-protected operations. In this paper, we present a practical implementation attack on a weak pseudorandom number generator (PRNG) designed specifically for EPC Gen2 tags. We show that it is feasible to eavesdrop a small amount of pseudorandom values by using standard EPC commands and using them to determine the PRNG configuration that allows to predict the complete output sequence.
KeywordsRFID EPC Gen2 PRNG Security Eavesdropping Attack implementation
Unable to display preview. Download preview PDF.
- 1.EPCglobal. (2008). EPC radio-frequency identity protocols class-1 generation-2 UHF RFID protocol for communications at 860–960 MHz. http://www.epcglobalinc.org/standards/. Accessed 15 July 2010.
- 5.Peris-Lopez, P. (2008). Lightweight cryptography in radio frequency identification (RFID) systems. PhD Thesis. http://www.lightweightcryptography.com/. Accessed 15 July 2010.
- 9.Herlestam, T. (1995). On functions of linear shift register sequences. Advances in Cryptology EUROCRYPT’ 85, LNCS. doi: 10.1007/3-540-39805-8.
- 11.Schneier B. (1996) Applied cryptography. John Wiley & Sons, Hoboken, NJ, USAGoogle Scholar
- 13.National Institute of Standards and Technology. (2008). Random number generation. http://csrc.nist.gov/groups/ST/toolkit/rng/. Accessed 15 July 2010.
- 14.SIC, Stiftung Secure Information and Communication Technologies. (2009). UHF RFID Demo Tag. http://jce.iaik.tugraz.at/sic/products/rfid_components. Accessed 15 July 2010.
- 15.M. Aigner et al. (2007). BRIDGE—building radio frequency identification for the global environment. Report on first part of the security WP: Tag security (D4.2.1). http://www.bridge-project.eu/. Accessed 15 July 2010.
- 16.Atmel Corporation. (2009). http://www.atmel.com/. Accessed 15 July 2010.
- 17.Rowley Crossworks IDE. (2009). Crossworks v1.4 and v2.0 for AVR. http://www.rowley.co.uk/. Accessed 15 July 2010.
- 18.CAEN RFID. (2009). http://www.caen.it/rfid. Accessed 15 July 2010.