Security study on C1G2 UHF RFID air interface

Abstract

This project studies EPC C1G2 UHF RFID air interface protocol which defines the communication between C1G2 RFID readers and tags. The EPC C1G2 air interface protocol standard defines the physical and logical requirement for the passive-backscatter, interrogator-talks-first (ITF) Radio Frequency Identification (RFID) system operating in 860-960 MHz frequency range which is specified by EPCGlobal.

Current standard suffers from various security threats as well system problems of low system mobility and survivability. By carefully examination of the current protocol, we identified and solved a new security flaw in its anti-collision mechanism, solved open RFID security problem of tag tracing as well as conventional security concerns including spoofing attack, impersonation attack, replay attack, conventional DoS attack and eavesdropping attack. A new authentication scheme and a new anti-collision mechanism are proposed as the intermediate outcome and these two outcomes are integrated together in a form of tag state diagram as our final contributions. Replace the state diagram in current EPC C1G2 standard will result in a new version of standard with significant security and functionality enhancement without obvious tag cost increase.