On security with the new Gen2 RFID security framework

Radio frequency identification (RFID) systems compliant to the EPCglobal Generation 2 (Gen2) passive UHF RFID protocol are being deployed in a broad range of applications including access control, automated tolling, personal identification, anti-counterfeiting, and supply chain management. With the broad applications and the demand for ever increasing amounts of on-tag functionality, security on the tag has become a critical enabling functionality in many applications. To address this growing marketplace need, EPCglobal is developing a standard security framework within which security functionality may be integrated seamlessly into the Gen2 protocol. We review the proposed Gen2 security framework and introduce example cryptographic suites to illustrate how to utilize this framework to provide a range of security functionality. We analyze the security of the Gen2 protocol and this new functionality in the context of timing-based attacks. We conclude that the tight communication timings specified in the Gen2 protocol mitigate timing-based attacks; however, the loose timing implementations on commercial interrogators and limited timing enforcement on tags lesson the effectiveness of the specified timing constraints. Further, we conclude that the new security framework allows for the efficient integration of secure functionality that, as specified, is resistant to timing-based attacks; however, we caution that using the delayed response of the new Gen2 security functionality creates new vulnerabilities to timing based attacks such as relay attacks and man-in-the-middle attacks.