EPCglobal Generation 2 UHF RFID tag standard agreed - but no encryption !

December 18, 2004

Thanks to Ross Stapleton-Gray's SurPriv blog for the news that the EPCglobal Generation 2 UHF RFID tag standard has been agreed - but there is still no encryption !

Spy Blog:

This is the new standard for RFID tags favoured by both the US Department of Defense and the supermarket giant Wal-Mart for passive RFID tags working at Ultra High Frequencies of betweene 860Mhz and 960MHz. This promises faster reading of tags at greater ranges than the current generation of RFID tags which have been tested in various warehouse and, more controversially, supermarket shelf trials.

We have already speculated:

"Compared to the existing weak 24 bit Class 0 and the trivially weak 8 bit Class 1 "Kill Codes" the proposal to have a 32 bit one must be an improvement, but whether this actually offers any real improvement in security from Denial of Service attacks or actually helps with Privacy is still open to question until the full specification and the alleged "secure communications between reader and tag" are explained."

So does the new Generation 2 protocol solve these problems ? We have not yet seen a detailed copy of this agreed protocol, but according to this internetnews.com article (again, thanks to Ross Stapelton-Gray), it looks as if the security and privacy issues have not yet been properly sorted out:

Cross posted from Spy Blog

Posted by wtwu


We have established a hyperlink from our website to yours. Let us know if that is not permissible.

Also, if you wish, you may link to our non-profit RFID organizations website at www.svrfid.org

The goal of the Silicon Valley RFID is to promote the emerging RFID technology, foster understanding, and build relationships within the industry and the public.

We plan to deliver, within the framework of a Special Interest Group, education, information, and networking via technology domain briefings, seminars, and scheduled meetings in Silicon Valley locations.

We focus on RFID technology from passive to active UWB, from access control to retail applications, and issues from design to data security, protection, privacy, and SCM.

Ours is a grass roots endeavor and we welcome contribution, in whatever form, and encourage your participation.

Posted by: Greg Galat at December 29, 2004 11:34 PM
Post a comment

Remember personal info?