EPCglobal Generation 2 UHF RFID tag standard agreed - but no encryption !
December 18, 2004
Thanks to Ross Stapleton-Gray's SurPriv blog for the news that the EPCglobal Generation 2 UHF RFID tag standard has been agreed - but there is still no encryption !
This is the new standard for RFID tags favoured by both the US Department of Defense and the supermarket giant Wal-Mart for passive RFID tags working at Ultra High Frequencies of betweene 860Mhz and 960MHz. This promises faster reading of tags at greater ranges than the current generation of RFID tags which have been tested in various warehouse and, more controversially, supermarket shelf trials.
We have already speculated:
"Compared to the existing weak 24 bit Class 0 and the trivially weak 8 bit Class 1 "Kill Codes" the proposal to have a 32 bit one must be an improvement, but whether this actually offers any real improvement in security from Denial of Service attacks or actually helps with Privacy is still open to question until the full specification and the alleged "secure communications between reader and tag" are explained."
So does the new Generation 2 protocol solve these problems ? We have not yet seen a detailed copy of this agreed protocol, but according to this internetnews.com article (again, thanks to Ross Stapelton-Gray), it looks as if the security and privacy issues have not yet been properly sorted out:
Cross posted from Spy Blog
Posted by wtwu