Cryptanalysis and Enhancement of Two Recent RFID Authentication Protocols for EPC C1 G2 Standard

Radio Frequency Identification (RFID) technology plays a critical role in the Internet of Things (IoT), yet it faces significant security and privacy challenges, especially for resource-constrained passive tags compliant with the EPC Class-1 Generation-2 (EPC C1 G2) standard. This paper presents a comprehensive cryptanalysis of two recently proposed RFID authentication protocols: Cheng et al.'s (2019) and Caballero et al.'s (2022). Using the formal Ouafi-Phan privacy model and practical Python-based simulations, we identify and demonstrate critical vulnerabilities in both schemes. Our analysis reveals that Cheng's protocol is susceptible to EPC disclosure attacks with O(2¹⁶) complexity and tracking attacks with 100% success rate. Similarly, Caballero's protocol, despite its privacy claims, is vulnerable to tracking attacks with O(1) complexity. Experimental results show that the EPC disclosure attack can be executed in under 0.1 seconds in a standard test environment. To address these flaws, we propose structural enhancements based on lightweight hash functions and dynamic key updates, effectively mitigating the identified vulnerabilities while maintaining compliance with EPC C1 G2 constraints. This study underscores the need for more rigorous security designs in lightweight authentication protocols and provides validated countermeasures for practical deployment.