Abstract

EPCglobal Class-1 Generation-2 specification (Gen2 in brief) has been approved as ISO18000-6C for global use, but the identity of tag (TID) is transmitted in plaintext which makes the tag traceable and clonable. Several solutions have been proposed based on traditional encryption methods, such as symmetric or asymmetric ciphers, but they are not suitable for low-cost RFID tags. Recently, some lightweight authentication protocols conforming to Gen2 have been proposed. However, the message flow of these protocols is different from Gen2. Existing readers may fail to read new tags. In this paper, we propose a novel authentication protocol based on Gen2, called Gen2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">+</sup> , for low-cost RFID tags. Our protocol follows every message flow in Gen2 to provide backward compatibility. Gen2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">+</sup> is a multiple round protocol using shared pseudonyms and Cyclic Redundancy Check (CRC) to achieve reader-to-tag authentication. Conversely, Gen2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">+</sup> uses the memory read command defined in Gen2 to achieve tag-to-reader authentication. We show that Gen2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">+</sup> is more secure under tracing and cloning attacks.