The EPC-C1G2 standard is widely regarded as an international mainstream when developing RFID applications due to its major property of lightweight cost. Up to now, many RFID authentication protocols conforming to EPC-C1G2 have been proposed. In 2010, Lo and Yeh proposed an EPC-C1G2 RFID authentication protocol, and employed a formal logic proof to prove the security of their protocol. Herein, we show that Lo-Yeh's protocol is vulnerable to an EPC cracking attack, a location tracking attack, and two impersonation attacks. To improve the security of EPC-C1G2 without incurring much extra cost and overhead, we propose an extended version of EPC-C1G2, called EPC-C1G2∗, which only employs stronger CRC and PRNG functions. And then, we propose an improved RFID authentication protocol conforming to EPC-C1G2∗, and show that our improved protocol has better security.
展开▼