Crypto Suite

Crypto Suite

A RFID cryptographic algorithm set." data-category="Security">Crypto Suite is a defined set of cryptographic algorithms and protocols used for secure communication between RFID readers and tags. The ISO/IEC 29167 standard specifies multiple crypto suites for EPC Gen2 RFID, enabling mutual authentication, data encryption, and tag authentication. Crypto suites transform RFID from a simple identification technology into a secure platform capable of resisting cloning, eavesdropping, and replay attacks.

ISO 29167 Crypto Suites

The ISO 29167 series defines several crypto suite options:

AES-128 (CS-1) is the most widely implemented suite because it provides strong security with well-understood cryptographic properties. NXP UCODE DNA and Impinj's authentication-capable ICs typically implement AES-128 in hardware.

Authentication Flow

A typical crypto suite authentication follows a challenge-response pattern:

1. The reader sends an Authenticate command to the tag, including a random challenge (nonce).
2. The tag encrypts the challenge using its on-chip secret key and the specified crypto suite algorithm.
3. The tag returns the encrypted response to the reader.
4. The reader (or a backend authentication service) decrypts the response using the same key and verifies it matches the original challenge.

For mutual authentication, the process is bidirectional — the tag also challenges the reader, ensuring both parties are legitimate. This prevents rogue readers from extracting data from tags.

Hardware Requirements

Implementing a crypto suite on a tag IC requires dedicated silicon for the cryptographic engine. This increases die size and cost — a tag with AES-128 costs significantly more than a basic EPC-only tag. The trade-off is justified in high-value applications:

• Pharmaceutical anti-counterfeiting: Verifying drug authenticity at each supply chain handoff
• Luxury goods: Proving brand authenticity for high-value consumer items
• Aviation parts: Ensuring safety-critical components are genuine

Key Management

Crypto suite security depends entirely on proper key management. Each tag must be provisioned with a unique secret key during manufacturing. The corresponding keys must be securely distributed to authorised readers or authentication services. Key compromise — whether through physical side-channel attacks on the tag IC or database breaches — invalidates the entire security model. Organisations deploying crypto suites should implement hardware security modules (HSMs) for key storage and role-based access controls for key distribution.