This paper analyzes the cryptographic security of J3Gen, a
promising pseudo random number generator for low-cost passive RFID
tags. Although J3Gen has been shown to fulfill the randomness
criteria set by the EPCglobal Gen2 standard and is intended for
security applications, we describe here two cryptanalytic attacks
which question its security claims: i) a probabilistic attack
based on solving linear equation systems, and ii) a
deterministic attack based on the output sequence decimation.
Numerical results, supported by simulations, show that for the
specific recommended values of the configurable parameters, a low
number of intercepted output bits are enough to crytanalyze J3Gen.
We then make some recommendations which address these issues.
↧