Full Secret Disclosure Attack against an EPC- C1 G2 Compliant Authentication Protocol

Security analysis of a protocol is an important step toward the public trust on its security. Recently, in 2018, Moradi et al. considered the security of the Wei and Zhang RFID EPC-C1 G2 compliant authentication protocol and presented desynchronization attack and also server/reader impersonation attack against it. Then they proposed an improved version of the protocol. However, in this paper as the first third party analysis of this protocol to the best of our knowledge, we present an efficient secret disclosure attack with the complexity of only two runs of protocol and doing O(216) PRNG offline evaluations. We also recommend that designing a secure protocol by using 16-bit CRCs and 16-bit PRNGs in the framework of EPC-C1 G2 may not be possible and changing this standard to allow the use of lightweight cryptographic functions should be inevitable. In this line, we present an improved version of the Moradi et al. protocol and also prove its security both informally and formally, through GNY logic.