A practical implementation attack on weak pseudorandom number generator designs for EPC Gen2 tags

The Electronic Product Code Generation 2 (EPC Gen2) is an international standard that proposes the use of Radio Frequency Identification (RFID) in the supply chain. It is designed to balance cost and functionality. As a consequence, security on board of EPC Gen2 tags is often minimal. It is, indeed,...

Descripción completa

Detalles Bibliográficos
Autores: Melià-Seguí, Joan, Garcia-Alfaro, Joaquin, Herrera-Joancomartí, Jordi
Tipo de recurso: artículo
Estado:Versión aceptada para publicación
Fecha de publicación:2010
País:España
Institución:Universitat Oberta de Catalunya (UOC)
Repositorio:O2, repositorio institucional de la UOC
OAI Identifier:oai:openaccess.uoc.edu:10609/109802
Acceso en línea:http://hdl.handle.net/10609/109802
Access Level:acceso abierto
Palabra clave:RFID
EPC Gen2
PRNG
security
eavesdropping
attack
implementation
seguretat
espionatge
atac
implementació
seguridad
espionaje
ataque
implementación
Computer security
Seguretat informàtica
Seguridad informática
Descripción
Sumario:The Electronic Product Code Generation 2 (EPC Gen2) is an international standard that proposes the use of Radio Frequency Identification (RFID) in the supply chain. It is designed to balance cost and functionality. As a consequence, security on board of EPC Gen2 tags is often minimal. It is, indeed, mainly based on the use of on board pseudorandomness, used to obscure the communication between readers and tags; and to acknowledge the proper execution of password-protected operations. In this paper, we present a practical implementation attack on a weak pseudorandom number generator (PRNG) designed specifically for EPC Gen2 tags. We show that it is feasible to eavesdrop a small amount of pseudorandom values by using standard EPC commands and using them to determine the PRNG configuration that allows to predict the complete output sequence.