EPCglobal introduced Electronic Product Code (EPC) for identifying objects and trace them in a wide network area. EPCglobal and ISO confirmed EPC Class-1 Generation-2 (EPC-C1G2) that includes the requirements of lightweight RFID tags. However, these class of tags are vulnerable to some inevitable attacks such as tracking, cloning and data leakage. Recently, numerous authentication protocols have been proposed for RFID systems. Many of them suffers from either the security and privacy issues or identification efficiency. Yeh et al. and Lo and Yeh proposed two mutual authentication protocols conforming to EPC-C1G2 standard. They claim their protocols provide forward secrecy against strong adversary. In this paper, we prove that both protocols do not satisfy this security objective. Moreover, we point out the potential counter measures in order to enhance the security of above protocols.
Keywords: RFID, EPCglobal, privacy, security, attack.