Security Analysis of an EPC Class-1 Generation-2 Compliant RFID Authentication Protocol

Design of secure authentication solutions for low-cost RFID tags is still an open and quite challenging problem, though many protocols have been published in the last decade. In 2013, Wei and Zhang proposed a new lightweight RFID authentication protocol that conforms to the EPC-C1G2 standard and claimed that the protocol would be immune against all known attacks on RFID systems. In this paper, we consider the security of this protocol and show that it cannot provide secure authentication for RFID users. An attacker, by following our suggested approach, will be able to impersonate server/reader, and destroy synchronization between the back-end server and the tag. Finally, we enhance this protocol, and by using formal and informal security analysis we show that the enhanced protocol strongly inhibits the security flaws of its predecessor.