Securing RFID systems conforming to EPC Class 1 Generation 2 standard

RFID, capable of remote automatic identification, is taking the place of barcodes to become electronic tags of the new generation. However, the information transmitted in the air could easily be intercepted and eavesdropped due to its radio transmission nature. On top of this, its prevalence has brought the stress on its security and privacy issues. EPC Class 1 Generation 2 (Gen 2) has served as the most popular standard for passive tags. Passive tags possess limited computation ability and capacity that just makes designing of the security protocol even more challenging. Researchers have proposed quite a few security protocols for RFID, but most of them are just too complicated to be implemented on Gen 2. Chien and Chen (2007) proposed a mutual authentication protocol conforming to this standard. However, it is found vulnerable to DoS attacks. Due to the bad properties of the CRC function used in the protocol, the claimed security objectives are also not met. Moreover, the database must use brute search for each tag's authentication. This paper will give demonstrations on what have caused these weaknesses, and more of that, an improved protocol is also proposed which are free from worries of the problems mentioned above. The improved protocol could thus be applied in high security demanding environments. (C) 2010 Elsevier Ltd. All rights reserved.