Why is using an RFID's unique ID in generating a MAC insecure?

Question

Came across a 2012 post Prevent copying nfc chip signal that advises:

"Recommend against using the tag's unique ID as a security feature."

Why, other than the reasons stated below, is it a security problem to use the unique ID as part of the message that generates a Message Authentication Code (MAC)?

---

My application is to use an RFID transponder's 8-byte fixed unique ID, a portion of the RFID's 100s of data bytes and some random data* to derive a MAC. This MAC will be used to authenticate the tag's message.

The primary reason for incorporating the unique ID into the MAC is that it prevents a simple copy of the tag's message and MAC to another tag does not yield a legitimate MAC.

The MAC needs to be of sufficient size, with/without the ID. MAC size target: 512 bits (32 bytes).

Known issues:

1. One known attack is to make a direct copy of the entire tag's data and ID and then port this to a tag simulator which can recreate the ID on a different tag. So using the ID does not help.

2. MAC variation that depends solely on the ID variation (the other data is the same), may help break the MAC. To secure against this vulnerability, the MAC must also depend on additional random data.

---

• 4 bytes of random data to ensure, should the data content be repeated, the variation of the MAC depends on more than the unique ID - in essence, extending the ID.

Answer 1

In this case you would not use the ID as a security feature, I would say. It would just be part of the input of the MAC generation. Using the ID as a security feature could for example be relying on the fact that the ID is unique. That is a dangerous assumption, because it can in fact be spoofed.