The first version was published in 2004, and since then, there h

The first version was published in 2004, and since then, there have been many attempts to secure EPCG2 protocols with the use of the passwords defined by the standard (e.g., [8,9]) or based on the CRC (e.g., [10,11]). Nevertheless, practically, they all have proven unsuccessful, due to the length of the keys, which are also static, and the linearity properties of CRC [12]. As a result, PRNG has become the key element in most security protocols proposed in the literature for this kind of tag (e.g., [13�C17]). These protocols are based on the assumption that the PRNG implemented in the tag is cryptographically secure. In the new version (second) of the standard, tags may support one or more cryptographic suites (which must be specified), but then again, these would most likely require the implementation of a secure PRNG.

The PRNG is also used for some processes, such as the anti-collision algorithm or link-cover coding (a basic privacy mechanism described in the standard). Nevertheless, despite its practical significance, EPCG2 does not specify any possible PRNG implementation, and although security through obscurity has shown to be not advisable (e.g., [18,19]), manufacturers are still reluctant to make their designs publicly accessible. In addition, in the literature, there are only a few descriptions of PRNGs for low-cost RFID tags (e.g., [20�C24]). Thus, as far as we know, the works of Meli�� et al. [25] and Mandal et al. [26], which is a modification of the previous one, are hitherto the only references that propose EPCG2 compliant PRNGs and that check how it meets the specific randomness requirements established by the standard.

Meli��-Segu�� et al. describe, in the first version [25] and Entinostat then with more details in this journal [27], a PRNG for low-cost passive RFID tags (including, but not limited to EPCG2), called J3Gen, which provides a very high level of unpredictability, with a reduced computational complexity and low-power consumption. J3Gen is based on a linear feedback shift register (LFSR) configured with multiple feedback polynomials, and its authors claim that it is suitable for security purposes (e.g., [28,29]).Nevertheless, in this paper we analyze the design of J3Gen and show that the security level provided by this PRNG falls well short of its security claims. Two different cases, for two different sets of suggested parameters, are analyzed. As a result, the randomness of the generated sequences decreases dramatically, and its use for security applications is questioned. We then suggest some values for the choice of parameters that could hinder these cryptanalyses, as well as some possible changes to strengthen the protocol.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>