An Efficient and Private RFID Authentication Protocol Supporting Ownership Transfer

Radio Frequency IDentification (RFID) systems are getting pervasively deployed in many daily life applications. But this increased usage of RFID systems brings some serious problems together, security and privacy. In some applications, ownership transfer of RFID labels is sine qua non need. Specifically, the owner of RFID tag might be required to change several times during its lifetime. Besides, after ownership transfer, the authentication protocol should also prevent the old owner to trace the tags and disallow the new owner to trace old transactions of the tags. On the other hand, while achieving privacy and security concerns, the computation complexity should be considered. In order to resolve these issues, numerous authentication protocols have been proposed in the literature. Many of them failed and their computation load on the server side is very high. Motivated by this need, we propose an RFID mutual authentication protocol to provide ownership transfer. In our protocol, the server needs only a constant-time complexity for identification when the tag and server are synchronized. In case of ownership transfer, our protocol preserves both old and new owners’ privacy. Our protocol is backward untraceable against a strong adversary who compromise tag, and also forward untraceable under an assumption.

[1]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[2]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[3]  Simson L. Garfinkel,et al.  RFID: Applications, Security, and Privacy , 2005 .

[4]  Emin Anarim,et al.  Practical attacks and improvements to an efficient radio frequency identification authentication protocol , 2012, Concurr. Comput. Pract. Exp..

[5]  Gildas Avoine Cryptography in radio frequency identification and fair exchange protocols , 2005 .

[6]  Josep Domingo-Ferrer,et al.  A Scalable RFID Authentication Protocol Supporting Ownership Transfer and Controlled Delegation , 2011, RFIDSec.

[7]  Albert Levi,et al.  Providing Resistance against Server Information Leakage in RFID Systems , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.

[8]  Mike Burmester,et al.  Universally composable and forward-secure RFID authentication and authenticated key exchange , 2007, ASIACCS '07.

[9]  Ted Taekyoung Kwon,et al.  Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer , 2006, ICICS.

[10]  Basel Alomair,et al.  Scalable RFID Systems: A Privacy-Preserving Protocol with Constant-Time Identification , 2012, IEEE Trans. Parallel Distributed Syst..

[11]  Mike Burmester,et al.  Anonymous RFID authentication supporting constant-cost key-lookup against active adversaries , 2008, Int. J. Appl. Cryptogr..

[12]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[13]  JaeCheol Ha,et al.  Low-Cost and Strong-Security RFID Authentication Protocol , 2007, EUC Workshops.

[14]  Chris J. Mitchell,et al.  Scalable RFID security protocols supporting tag ownership transfer , 2011, Comput. Commun..

[15]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[16]  Gildas Avoine,et al.  Time Measurement Threatens Privacy-Friendly RFID Authentication Protocols , 2010, RFIDSec.

[17]  István Vajda,et al.  Lightweight Authentication Protocols for Low-Cost RFID Tags , 2003 .

[18]  Chris J. Mitchell,et al.  RFID authentication protocol for low-cost tags , 2008, WiSec '08.