RFID, capable of non-contact automatic identification using the small, low-cost RFID tags, is taking the place of barcodes to become electronic tags of the new generation. EPCglobal Class-1 Generation-2 specification (Gen2 in brief) has been approved as ISO18000-6C for global use, but the identity of tag (TID) is delivered in plaintext which makes insecurity. Several solutions have been proposed based on Cyclic Redundancy Check (CRC). Due to the bad properties of the CRC function used in the protocol; the claimed security objectives are not met. In this paper, we propose a novel authentication protocol based on Gen2 for low-cost RFID tags which use the Pseudo-Random Number Generator (PRNG in brief) function instead of the CRC function. The advantages of the novel authentication is that the proposed protocol could withstand de-synchronization attack, disclosure attack and cloning attack, furthermore, it also could provide anonymity and mutual authentication.

• 出版日期2012
• 单位北京大学