Analysis and Improvement of a Pseudorandom Number Generator for EPC Gen2 Tags
The EPC Gen2 is an international standard that proposes the use of Radio Frequency Identification (RFID) in the supply chain. It is designed to balance cost and functionality. The development of Gen2 tags faces, in fact, several challenging constraints such as cost, compatibility regulations, power consumption, and performance requirements. As a consequence, security on board of Gen2 tags is often minimal. It is, indeed, mainly based on the use of on board pseudorandomness. This pseudorandomness is used to blind the communication between readers and tags; and to acknowledge the proper execution of password-protected operations. Gen2 manufacturers are often reluctant to show the design of their pseudorandom generators. Security through obscurity has always been ineffective. Some open designs have also been proposed. Most of them fail, however, to prove their correctness. We analyze a recent proposal presented in the literature and demonstrate that it is, in fact, insecure. We propose an alternative mechanism that fits the Gen2 constraints and satisfies the security requirements.
KeywordsReceive Signal Strength Indicator Pseudorandom Number Generator Linear Feedback Shift Register Pseudorandom Generator Cyclic Redundancy Check
Unable to display preview. Download preview PDF.
- 2.Che, W., Deng, H., Tan, X., Wang, J.: A Random Number Generator for Application in RFID Tags. In: Networked RFID Systems and Lightweight Cryptography, ch. 16, pp. 279–287. Springer, Heidelberg (2008)Google Scholar
- 3.Chen, C.L.: Linear Dependencies in Linear Feedback Shift Registers. IEEE Transactions on Computers C-35(12), 1086–1088 (1986)Google Scholar
- 4.EPCglobal. EPC radio-frequency identity protocols class-1 generation-2 UHF RFID protocol for communications at 860-960 MHz. Tech. report (2007), http://www.epcglobalinc.org/standards/
- 6.Haahr, M.: True random number service, http://www.random.org
- 9.Herlestam, T.: On Functions of Linear Shift Register Sequences. In: Pichler, F. (ed.) EUROCRYPT 1985. LNCS, vol. 219, pp. 119–129. Springer, Heidelberg (1986), doi:10.1007/3-540-39805-8Google Scholar
- 10.Holcomb, D., Burleson, W., Fu, K.: Initial SRAM state as a fingerprint and source of true random numbers for RFID tags. In: Proceedings of the Conference on RFID Security (July 2007)Google Scholar
- 12.Lehtonen, M., Staake, T., Michahelles, F., Fleisch, E.: From Identification to Authentication - A Review of RFID Product Authentication Techniques. In: Networked RFID Systems and Lightweight Cryptography, ch. 9, pp. 169–187. Springer, Heidelberg (November 2007)Google Scholar
- 13.Motorola. XR Series RFID Readers. Product Guide (2008), https://docs.symbol.com/manuals/SIGN_71773.pdf
- 14.Peris-Lopez, P., Hernandez-Castro, J., Estevez-Tapiador, J., Ribagorda, A.: LAMED A PRNG for EPC Class-1 Generation-2 RFID specification. Computer Standards & Interfaces (2008)Google Scholar
- 15.Peris-Lopez, P.: Lightweight Cryptography in Radio Frequency Identification (RFID) Systems. PhD Thesis (2008)Google Scholar
- 16.Ranasinghe, D., Cole, P.: An Evaluation Framework. In: Networked RFID Systems and Lightweight Cryptography, ch. 8, pp. 157–167. Springer, Heidelberg (November 2007)Google Scholar