Abstract
The EPC Gen2 is an international standard that proposes the use of Radio Frequency Identification (RFID) in the supply chain. It is designed to balance cost and functionality. The development of Gen2 tags faces, in fact, several challenging constraints such as cost, compatibility regulations, power consumption, and performance requirements. As a consequence, security on board of Gen2 tags is often minimal. It is, indeed, mainly based on the use of on board pseudorandomness. This pseudorandomness is used to blind the communication between readers and tags; and to acknowledge the proper execution of password-protected operations. Gen2 manufacturers are often reluctant to show the design of their pseudorandom generators. Security through obscurity has always been ineffective. Some open designs have also been proposed. Most of them fail, however, to prove their correctness. We analyze a recent proposal presented in the literature and demonstrate that it is, in fact, insecure. We propose an alternative mechanism that fits the Gen2 constraints and satisfies the security requirements.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Balachandran, G., Barnett, R.: A 440nA true random number generator for passive RFID tags. IEEE Transactions on Circuits and Systems I: Regular Papers 55(11), 3723–3732 (2008)
Che, W., Deng, H., Tan, X., Wang, J.: A Random Number Generator for Application in RFID Tags. In: Networked RFID Systems and Lightweight Cryptography, ch. 16, pp. 279–287. Springer, Heidelberg (2008)
Chen, C.L.: Linear Dependencies in Linear Feedback Shift Registers. IEEE Transactions on Computers C-35(12), 1086–1088 (1986)
EPCglobal. EPC radio-frequency identity protocols class-1 generation-2 UHF RFID protocol for communications at 860-960 MHz. Tech. report (2007), http://www.epcglobalinc.org/standards/
Garcia, F., Koning, G., Muijrers, R., van Rossum, P., Verdult, R., Wichers, R., Jacobs, B.: Dismantling MIFARE Classic. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 97–114. Springer, Heidelberg (2008)
Haahr, M.: True random number service, http://www.random.org
Hell, M., Johansson, T., Meier, W.: Grain: a stream cipher for constrained environments. International Journal of Wireless and Mobile Computing 2(1), 86–93 (2007)
Hellebrand, S., Rajski, J., Tarnick, S., Venkataraman, S., Courtois, B.: Built-in test for circuits with scan based on reseeding of multiple-polynomial linear feedback shift registers. IEEE Transactions on Computers 44(2), 223–233 (1995)
Herlestam, T.: On Functions of Linear Shift Register Sequences. In: Pichler, F. (ed.) EUROCRYPT 1985. LNCS, vol. 219, pp. 119–129. Springer, Heidelberg (1986), doi:10.1007/3-540-39805-8
Holcomb, D., Burleson, W., Fu, K.: Initial SRAM state as a fingerprint and source of true random numbers for RFID tags. In: Proceedings of the Conference on RFID Security (July 2007)
Klimov, A., Shamir, A.: A New Class of Invertible Mappings. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 470–483. Springer, Heidelberg (2003)
Lehtonen, M., Staake, T., Michahelles, F., Fleisch, E.: From Identification to Authentication - A Review of RFID Product Authentication Techniques. In: Networked RFID Systems and Lightweight Cryptography, ch. 9, pp. 169–187. Springer, Heidelberg (November 2007)
Motorola. XR Series RFID Readers. Product Guide (2008), https://docs.symbol.com/manuals/SIGN_71773.pdf
Peris-Lopez, P., Hernandez-Castro, J., Estevez-Tapiador, J., Ribagorda, A.: LAMED A PRNG for EPC Class-1 Generation-2 RFID specification. Computer Standards & Interfaces (2008)
Peris-Lopez, P.: Lightweight Cryptography in Radio Frequency Identification (RFID) Systems. PhD Thesis (2008)
Ranasinghe, D., Cole, P.: An Evaluation Framework. In: Networked RFID Systems and Lightweight Cryptography, ch. 8, pp. 157–167. Springer, Heidelberg (November 2007)
Rosinger, P., Al-Hashimi, B.M., Nicolici, N.: Dual multiple-polynomial LFSR for low-power mixed-mode BIST. IEE Proceedings on Computers and Digital Techniques 150(4), 209–217 (2003)
Strüker, J., Wonnemann, C., Kähmer, M., Gille, D.: Managing the Deactivation Process of EPC Class-1 Generation-2 Tags in Retail Industry. University of Freiburg, Germany (2007), http://www.telematik.uni-freiburg.de
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Melia-Segui, J., Garcia-Alfaro, J., Herrera-Joancomarti, J. (2010). Analysis and Improvement of a Pseudorandom Number Generator for EPC Gen2 Tags. In: Sion, R., et al. Financial Cryptography and Data Security. FC 2010. Lecture Notes in Computer Science, vol 6054. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14992-4_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-14992-4_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14991-7
Online ISBN: 978-3-642-14992-4
eBook Packages: Computer ScienceComputer Science (R0)