Security and Privacy Flaws in a Recent Authentication Protocol for EPC C1 G2 RFID Tags
Abstract
Recently, due to widespread use of Radio Frequency IDentification (RFID) systems in personal applications, security and privacy of these systems have got more attention. In order to provide security and privacy of RFID users, different authentication protocols have been proposed. In 2014, Mohammadi et al. proposed an improved authentication protocol for RFID systems. They claimed that their protocol is secure against various attacks. In this study, we investigate security and privacy of their protocol. It is shown that their protocol is not safe against several attacks including secret parameters reveal, tag impersonation, data integrity, desynchronization and also it cannot provide user privacy. Then, in order to omit aforementioned weaknesses, we apply some changes on Mohammadi et al.’s protocol and we propose an improved protocol. In addition, the security and privacy of the proposed protocol are analyzed against various attacks.
Keywords
RFID Authentication Protocol; EPC C1 G2 Standard; Security and Privacy; Attack