EPC Gen2v2 RFID Standard Authentication and Ownership Management Protocol

Providing security in passive RFID systems has gained significant attention due to their widespread use. Research has focused on providing both location and data privacy through mutual authentication between the readers and tags. In such systems, each party is responsible of verifying the identity of the other party with whom it is communicating. For such a task to succeed, the tags and readers are initialized with shared secret information which is updated after a successful authentication session. Ownership management, which includes transfer and delegation, builds upon mutual authentication. Here, the use of security in RFID is extended to encompass the more practical case where a tagged item is shifted from one owner to another. As such, we propose a new authentication and ownership management protocol that is compliant with the EPC Class-1 Generation-2 Version 2 standard. The protocol is formally analyzed and successfully implemented on hardware. The implementation shows that the use of such protocol adds security with little added overhead in terms of communication and computation.

[1]  N. Bagheri,et al.  Strengthening the Security of EPC C-1 G-2 RFID Standard , 2013, Wirel. Pers. Commun..

[2]  Josep Domingo-Ferrer,et al.  A Scalable RFID Authentication Protocol Supporting Ownership Transfer and Controlled Delegation , 2011, RFIDSec.

[3]  Fuchun Guo,et al.  Cryptanalaysis of an EPCC1G2 Standard Compliant Ownership Transfer Scheme , 2013, Wirel. Pers. Commun..

[4]  Tsuyoshi Takagi,et al.  An Efficient and Secure RFID Security Method with Ownership Transfer , 2006, 2006 International Conference on Computational Intelligence and Security.

[5]  Martin Feldhofer,et al.  A low-resource public-key identification scheme for RFID tags and sensor nodes , 2009, WiSec '09.

[6]  Juan E. Tapiador,et al.  Cryptanalysis of a novel authentication protocol conforming to EPC-C1G2 standard , 2009, Comput. Stand. Interfaces.

[7]  Chin-Ling Chen,et al.  Conformation of EPC Class 1 Generation 2 standards RFID system with mutual authentication and privacy protection , 2009, Eng. Appl. Artif. Intell..

[8]  Yun Tian,et al.  A New Ultralightweight RFID Authentication Protocol with Permutation , 2012, IEEE Communications Letters.

[9]  Joshua D. Guttman,et al.  Strand spaces: why is a security protocol correct? , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[10]  Michael Hutter,et al.  Elliptic Curve Cryptography on the WISP UHF RFID Tag , 2011, RFIDSec.

[11]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[12]  Yongjian Li,et al.  An inductive approach to strand spaces , 2011, Formal Aspects of Computing.

[13]  Peris-LopezPedro,et al.  Cryptanalysis of a novel authentication protocol conforming to EPC-C1G2 standard , 2009 .

[14]  Ted Taekyoung Kwon,et al.  Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer , 2006, ICICS.

[15]  Sarangapani Jagannathan,et al.  A Gen2v2 compliant RFID authentication and ownership management protocol , 2014, 39th Annual IEEE Conference on Local Computer Networks.

[16]  Pang Liaojun,et al.  Mutual Authentication and Ownership Transfer Scheme Conforming to EPC-C1G2 Standard , 2012, 2012 Eighth International Conference on Computational Intelligence and Security.

[17]  Hung-Yu Chien,et al.  Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards , 2007, Comput. Stand. Interfaces.

[18]  David A. Wagner,et al.  A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags , 2005, IACR Cryptol. ePrint Arch..

[19]  Yong Guan,et al.  Lightweight Mutual Authentication and Ownership Transfer for RFID Systems , 2010, 2010 Proceedings IEEE INFOCOM.

[20]  Selwyn Piramuthu,et al.  Single RFID Tag Ownership Transfer Protocols , 2012, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[21]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[22]  Chin-Ling Chen,et al.  An Ownership Transfer Scheme Using Mobile RFIDs , 2013, Wirel. Pers. Commun..

[23]  Alfredo De Santis,et al.  On Ultralightweight RFID Authentication Protocols , 2011, IEEE Transactions on Dependable and Secure Computing.

[24]  Jingde Cheng,et al.  POP method: an approach to enhance the security and privacy of RFID systems used in product lifecycle with an anonymous ownership transferring mechanism , 2007, SAC '07.

[25]  Kwangjo Kim,et al.  A Lightweight Protocol Enabling Ownership Transfer and Granular Data Access of RFID Tags , 2007 .

[26]  Wei-Bin Lee,et al.  Enhancement of the RFID security method with ownership transfer , 2009, ICUIMC '09.

[27]  Hossam Afifi,et al.  A Simple Privacy Protecting Scheme Enabling Delegation and Ownership Transfer for RFID Tags , 2007, J. Commun..

[28]  Minghui Wang,et al.  An effective RFID authentication protocol , 2012, 2012 2nd International Conference on Consumer Electronics, Communications and Networks (CECNet).

[29]  Tassos Dimitriou rfidDOT: RFID delegation and ownership transfer made simple , 2008, SecureComm.

[30]  Wanlei Zhou,et al.  Secure RFID Tag Ownership Transfer Based on Quadratic Residues , 2013, IEEE Transactions on Information Forensics and Security.

[31]  Fangjun Wu,et al.  A Structural Complexity Metric for Software Components , 2007, The First International Symposium on Data, Privacy, and E-Commerce (ISDPE 2007).

[32]  Kevin Fu,et al.  Maximalist Cryptography and Computation on the WISP UHF RFID Tag , 2013 .

[33]  Juan E. Tapiador,et al.  Cryptanalysis of an EPC Class-1 Generation-2 standard compliant authentication protocol , 2011, Eng. Appl. Artif. Intell..

[34]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[35]  Neeli R. Prasad,et al.  Providing Strong Security and High Privacy in Low-Cost RFID Networks , 2009, MobiSec.

[36]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[37]  Juan E. Tapiador,et al.  Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protocol , 2009, WISA.

[38]  Martin Feldhofer,et al.  A Case Against Currently Used Hash Functions in RFID Protocols , 2006, OTM Workshops.

[39]  Daesung Kwon,et al.  Vulnerability of an RFID authentication protocol conforming to EPC Class 1 Generation 2 Standards , 2009, Comput. Stand. Interfaces.

[40]  S. Jagannathan,et al.  High memory passive RFID tags with multimodal sensor design and application to asset monitoring in-transit , 2013, 2013 IEEE International Instrumentation and Measurement Technology Conference (I2MTC).

[41]  Alanson P. Sample,et al.  Design of an RFID-Based Battery-Free Programmable Sensing Platform , 2008, IEEE Transactions on Instrumentation and Measurement.

[42]  Erwin Hess,et al.  Using Elliptic Curves on RFID Tags , 2008 .

[43]  Kouichi Sakurai,et al.  Reassignment Scheme of an RFID Tag's Key for Owner Transfer , 2005, EUC Workshops.

[44]  Young-Sil Lee,et al.  Mutual Authentication Protocol for Enhanced RFID Security and Anti-counterfeiting , 2012, 2012 26th International Conference on Advanced Information Networking and Applications Workshops.

[45]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[46]  Jehn-Ruey Jiang,et al.  A secure ownership transfer protocol using EPCglobal Gen-2 RFID , 2013, Telecommun. Syst..

[47]  Hongnian Yu,et al.  Privacy and security protection of RFID data in e-passport , 2011, 2011 5th International Conference on Software, Knowledge Information, Industrial Management and Applications (SKIMA) Proceedings.

[48]  Xiaotong Fu,et al.  A Lightweight RFID Mutual Authentication Protocol with Ownership Transfer , 2012, CWSN.

[49]  Tianjie Cao,et al.  RFID Protocol Enabling Ownership Transfer to Protect against Traceability and DoS Attacks , 2007, The First International Symposium on Data, Privacy, and E-Commerce (ISDPE 2007).