A practical implementation attack on weak pseudorandom number generator designs for EPC Gen2 tags

Joan Melià-Seguí; Joaquin Garcia-Alfaro; Jordi Herrera-Joancomartí

doi:10.1007/s11277-010-0187-1

A practical implementation attack on weak pseudorandom number generator designs for EPC Gen2 tags

Joan Melià-Seguí, Joaquin Garcia-Alfaro, Jordi Herrera-Joancomartí

Department of Information and Communications Engineering

Research output: Contribution to journal › Article › Research › peer-review

19 Citations (Scopus)

Abstract

The Electronic Product Code Generation 2 (EPC Gen2) is an international standard that proposes the use of Radio Frequency Identification (RFID) in the supply chain. It is designed to balance cost and functionality. As a consequence, security on board of EPC Gen2 tags is often minimal. It is, indeed, mainly based on the use of on board pseudorandomness, used to obscure the communication between readers and tags; and to acknowledge the proper execution of password-protected operations. In this paper, we present a practical implementation attack on a weak pseudorandom number generator (PRNG) designed specifically for EPC Gen2 tags. We show that it is feasible to eavesdrop a small amount of pseudorandom values by using standard EPC commands and using them to determine the PRNG configuration that allows to predict the complete output sequence. © 2010 Springer Science+Business Media, LLC.

Original language	English
Pages (from-to)	27-42
Journal	Wireless Personal Communications
Volume	59
Issue number	1
DOIs	https://doi.org/10.1007/s11277-010-0187-1
Publication status	Published - 1 Jul 2011

Keywords

Attack implementation
Eavesdropping
EPC Gen2
PRNG
RFID
Security

Access to Document

10.1007/s11277-010-0187-1

Cite this

@article{f0ed2a972c5f479d919db3cc4d91e142,

title = "A practical implementation attack on weak pseudorandom number generator designs for EPC Gen2 tags",

abstract = "The Electronic Product Code Generation 2 (EPC Gen2) is an international standard that proposes the use of Radio Frequency Identification (RFID) in the supply chain. It is designed to balance cost and functionality. As a consequence, security on board of EPC Gen2 tags is often minimal. It is, indeed, mainly based on the use of on board pseudorandomness, used to obscure the communication between readers and tags; and to acknowledge the proper execution of password-protected operations. In this paper, we present a practical implementation attack on a weak pseudorandom number generator (PRNG) designed specifically for EPC Gen2 tags. We show that it is feasible to eavesdrop a small amount of pseudorandom values by using standard EPC commands and using them to determine the PRNG configuration that allows to predict the complete output sequence. {\textcopyright} 2010 Springer Science+Business Media, LLC.",

keywords = "Attack implementation, Eavesdropping, EPC Gen2, PRNG, RFID, Security",

author = "Joan Meli{\`a}-Segu{\'i} and Joaquin Garcia-Alfaro and Jordi Herrera-Joancomart{\'i}",

year = "2011",

month = jul,

day = "1",

doi = "10.1007/s11277-010-0187-1",

language = "English",

volume = "59",

pages = "27--42",

journal = "Wireless Personal Communications",

issn = "0929-6212",

number = "1",

}

TY - JOUR

T1 - A practical implementation attack on weak pseudorandom number generator designs for EPC Gen2 tags

AU - Melià-Seguí, Joan

AU - Garcia-Alfaro, Joaquin

AU - Herrera-Joancomartí, Jordi

PY - 2011/7/1

Y1 - 2011/7/1

N2 - The Electronic Product Code Generation 2 (EPC Gen2) is an international standard that proposes the use of Radio Frequency Identification (RFID) in the supply chain. It is designed to balance cost and functionality. As a consequence, security on board of EPC Gen2 tags is often minimal. It is, indeed, mainly based on the use of on board pseudorandomness, used to obscure the communication between readers and tags; and to acknowledge the proper execution of password-protected operations. In this paper, we present a practical implementation attack on a weak pseudorandom number generator (PRNG) designed specifically for EPC Gen2 tags. We show that it is feasible to eavesdrop a small amount of pseudorandom values by using standard EPC commands and using them to determine the PRNG configuration that allows to predict the complete output sequence. © 2010 Springer Science+Business Media, LLC.

AB - The Electronic Product Code Generation 2 (EPC Gen2) is an international standard that proposes the use of Radio Frequency Identification (RFID) in the supply chain. It is designed to balance cost and functionality. As a consequence, security on board of EPC Gen2 tags is often minimal. It is, indeed, mainly based on the use of on board pseudorandomness, used to obscure the communication between readers and tags; and to acknowledge the proper execution of password-protected operations. In this paper, we present a practical implementation attack on a weak pseudorandom number generator (PRNG) designed specifically for EPC Gen2 tags. We show that it is feasible to eavesdrop a small amount of pseudorandom values by using standard EPC commands and using them to determine the PRNG configuration that allows to predict the complete output sequence. © 2010 Springer Science+Business Media, LLC.

KW - Attack implementation

KW - Eavesdropping

KW - EPC Gen2

KW - PRNG

KW - RFID

KW - Security

U2 - 10.1007/s11277-010-0187-1

DO - 10.1007/s11277-010-0187-1

M3 - Article

SN - 0929-6212

VL - 59

SP - 27

EP - 42

JO - Wireless Personal Communications

JF - Wireless Personal Communications

IS - 1

ER -

A practical implementation attack on weak pseudorandom number generator designs for EPC Gen2 tags

Abstract

Keywords

Access to Document

Fingerprint

Cite this