Improvement of an EPC Gen2 Compliant RFID Authentication Protocol

Recently, lightweight RFID authentication protocol has been investigated extensively due to the awareness of practical requirements on individual privacy, robust system security and resource limitation of low-cost tags. Research studies have demonstrated major advancements in the direction of designing a secure access control mechanism for RFID system with resource-constrained tags. In 2008, Burmester and Medeiros developed an EPC Class 1 Generation 2 (EPC Gen2) compliant authentication protocol, called TRAP-3, to support tag anonymity, data confidentiality and forward security in which only primitive computation functions such as 32-bit pseudo random generator and simple exclusive-or operation are required. Nevertheless, TRAP-3 is vulnerable to desynchronization attack. The secret key value, which is shared between the tag and the backend database, can be out of synchronization by just performing a series of challenge-response operations. To remedy this authentication flaw, in this study we develop a countermeasure mechanism and accordingly gain security enhancement for TRAP-3.