Lokesh P. Bharule, Anjali A. Yadav
The widespread distribution of RFID technologies may generate new threats to user privacy and security. The International Standards Organization (ISO) has incorporated the Electronic Product Code Class-1 Generation-2 (EPC C1G2) ultrahigh frequency (UHF) standard into its ISO/IEC 18000-6 as type C on UHF RFID for item management, and contributes using only very basic security tools using pseudorandom number generator (PRNG) and cyclic redundancy code (CRC). An authentication scheme was originally included as part of the EPC C1G2 industrial standard to secure RFID transactions. However, the EPC C1G2 specifications do not fully support privacy incursion and data security issues. The weakness can be alleviated by including a RFID tag-reader mutual authentication scheme. Here, a simple, cost-effective, light-weight RFID tag-reader mutual authentication scheme is proposed. Most importantly the proposed scheme does not demand the implementation of any cryptographic hash functions / keys with the tag and a center server / database, which in turn requires synchronization for security of key/hash values. The scheme utilizes only XOR operation, and tag‘s access password for achieving tag-reader mutual authentication. A specially designed pad generation (PadGen) function is employed to enhance security. The function PadGen is used to develop a cover-coding pad to mask the transponder‘s access password before data is transmitted. Therefore, in this proposed scheme, data between the tag and the reader is never exposed even to the stockholder‘s reader, and yet accomplish tag-reader mutual authentication. The proposed scheme based on XOR operation to generate PadGen function is an improvement over the weak one-way reader-to-tag authentication scheme proposed by the ISO 18000-6C protocol.