For an EPC-C1 G2 RFID compliant Protocol, CRC with Concatenation : No; PRNG with Concatenation : Yes

In this paper we present new constraints to EPCglobal Class 1 Generation 2 (EPCC1 G2) standard which if they have been considered in the design of EPC-C1 G2 complaint authentication protocols, lead to prevent predecessor’s protocols’ weaknesses and also present the secure ones. Also in this paper as an example, we use Pang et al. EPC-C1 G2-friendly protocol which has been recently proposed, to show our proposed constraints in EPC-C1 G2 standard. Pang et al.’s protocol security analysis show how its security claim based on untraceability and resistance against de-synchronization attacks is ruined. More precisely, we present very efficient de-synchronization attack and traceability attack against the protocol. Finally, take Pang et al. protocol’s vulnerability points, we present new conditions to design EPC-C1 G2 complaint protocols and based on it we propose a secure (EPC-C1 G2) RFID authentication scheme which is a good sample to EPC-C1 G2 complaint protocols. keywords: RFID, Mutual Authentication, EPC-C1 G2, Cyclic Redundancy Code, Pseudo Random Number Generator, De-synchronization, Traceability Attack.