On the Designing of EPC C1 G2 Authentication protocol using AKARI-1 and AKARI-2 PRNGs

Abstract

Chen \textit{et al.} have recently proposed a mutual authentication scheme for RFID compliant EPCglobal Class 1 Generation 2 standard (or in brief EPC C1 G2) and claimed that their protocol can provide immunity against usual attacks same as replay attack, traceability attack and secret disclosure attack. However, in this paper we prove unfortunately these claims do not hold. For this purpose, we present tag impersonation attack, server impersonation attack and traceability attack against Chen \textit{et al.} protocol. The success probability of tag impersonation and server impersonation attacks is 1 while the complexity of them is only two runs of the protocol. The success probability of traceability attack is ``$1 - \frac {1}{2^n}$" while the complexity is only two runs of protocol. In addition, we propose an improved protocol exploiting lightweight PRNGs same as AKARI-1 and AKARI-2. We also prove our scheme solves its predecessor weaknesses and is resistant against the attacks presented in this paper and the other known active and passive attacks. Our security analysis of improved protocol shows it has better security level than its predecessors.

DOI: http://dx.doi.org/10.5755/j01.itc.44.1.5883