A provable secure batch authentication scheme for EPCGen2 tags

Abstract

EPC Class1 Gen2 (EPCGen2) is an international industrial standards for low cost RFID system used in many applications such as supply chain and consumer service. While RFID technology offers convenience and being employed in various applications in our society, security and privacy issues are still the number one concern of most RFID applications today. In this paper, we study the problems occurring where a reader wants to authenticate and identify legitimate RFID EPCGen2 tags in a batch to guarantee the integrity of the products. Most of the EPCGen2 tags are passive and have limited computational ability to compute cryptographic functions. For this reason, to design a mechanism to protect low-cost EPCGen2 tags from security and privacy risks is a challenging task. We propose a provable secure batch authentication scheme for EPCGen2 tags using the pseudo-random number generator (PRNG) and cyclic redundancy check (CRC) code. Our ultra-lightweight scheme which integrates the operations of EPCGen2 and only relies on build-in CRC-16 and PRNG function with secret keys inside the tags.We formally analyze security and privacy of the proposed scheme by using mathematical modeling and proof. Our analysis shows that our scheme provides strong ability to prevent existing possible attacks.