Exposing an effective denial of information attack from the misuse of EPCglobal standards in an RFID authentication scheme

In this paper, we expose a denial of information attack that is possible due to the misuse of the kill password (specified under the EPC Class-1 Gen-2 standard [1]) in a previously proposed RFID tag-reader mutual authentication scheme [2]. We show how a passive eavesdropper can obtain useful information by monitoring the authentication session involving a target tag and correlating the information received. By repeating the process over a few authentication sessions, the eavesdropper can collect enough information about the kill password to launch a successful attack to kill and disable the tag. From our simulation analysis, we find that the attack can be carried out effectively using only three to five eavesdropped sessions in most cases. In addition, we discuss the implications of this attack and describe a few other weaknesses that we have observed in the scheme.