What security capabilities can be implemented with EPC Gen 2 Class 1 RFID tags?
EPC Gen 2 RFID tags were designed for supply chain applications (tagging cases and pallets of consumer goods) and had the primary goals to be low cost, to be able to be read from a long distance, and to be able to support dense tag environments (where there are many tags within range of several readers). The EPC Gen 2 Class 1 specification has only minimal security, including only 2 basic security features: • A static 32-bit “password” that would accompany the “kill” command. With the “kill” command, the tag would self-destruct. • An optional static 32-bit “password” for access-controlled memory in EPC tags. An EPC reader would need to furnish this “password” to read and write to certain memory locations. This leaves EPC Gen 2 Class 1 tags open to a number of security vulnerabilities if used in an application with sensitive information. • EPC tags release their identifiers and product information to any compatible reader, with no ability to authorize that the reader is allowed to acces
