Mutual Authentication

Mutual Authentication in RFID

RFID identity verification." data-category="Security">Mutual authentication is a security protocol where both the RFID reader and the tag independently verify each other's identity using cryptographic challenge-response exchanges. In a mutual authentication scheme, the reader proves it is authorised to access the tag, and the tag proves it is genuine — not a clone or counterfeit. This bidirectional verification is the gold standard for RFID security, defined in the EPC Gen2 version 2 specification and implemented using crypto suite algorithms.

Authentication Flow

A typical mutual authentication session involves six steps:

1. Reader challenges tag: The reader generates a random nonce (R_n) and sends it to the tag via the Authenticate command.
2. Tag responds: The tag encrypts R_n using its on-chip secret key and the agreed crypto suite algorithm (e.g., AES-128). It also generates its own nonce (T_n) and includes it in the response.
3. Reader verifies tag: The reader (or its backend key server) decrypts the tag's response. If the decrypted value matches R_n, the tag is authenticated — it possesses the correct secret key.
4. Reader responds to tag challenge: The reader encrypts T_n with the shared key and sends the result back to the tag.
5. Tag verifies reader: The tag decrypts the reader's response. If it matches T_n, the reader is authenticated.
6. Secure session established: Both parties have verified each other. Subsequent commands (Read, Write) can be encrypted using a session key derived from the authentication exchange.

Why Mutual Authentication Matters

Prevents cloning: A cloned tag has a copied EPC but lacks the secret key embedded in the authentic tag's tag IC silicon. It will fail the authentication challenge.

Prevents rogue readers: Without mutual authentication, any reader can interrogate any tag. A rogue reader could extract sensitive data from tags (product information, patient records, access credentials). Mutual authentication ensures the tag only responds to authorised readers.

Defeats replay attacks: Because each authentication session uses fresh random nonces, captured authentication transcripts are useless for future sessions.

Implementation Requirements

Mutual authentication requires tag ICs with built-in cryptographic engines — significantly more complex (and more expensive) than basic EPC-only chips. ICs supporting mutual authentication include NXP UCODE DNA (AES-128), and select Impinj chips with authentication extensions.

The reader side requires a key management infrastructure. Each tag's secret key must be provisioned during manufacturing and securely stored in a key server. The reader queries the key server during authentication, or carries a local key cache for offline operation.

Deployment Scenarios

Pharmaceutical anti-counterfeiting: Hospital pharmacies verify drug authenticity by performing mutual authentication at the point of dispensing. The verification result is logged as an EPCIS event.

Luxury brand protection: High-value goods (watches, handbags, spirits) carry authentication-capable tags. Consumers can verify authenticity via NFC-enabled smartphones, and the brand's backend confirms the tag is genuine.

Aviation parts verification: Before installing a tagged aircraft component, maintenance crews authenticate the tag to confirm the part is a genuine OEM unit, not a counterfeit with a cloned EPC.