Cryptanalaysis of an EPCC1G2 Standard Compliant Ownership Transfer Scheme

Recently, Chen and Chien have proposed a novel ownership transfer scheme with low implementation costs and conforming to the EPC Class-1 Generation-2 standard. The authors claimed that the proposed scheme is able to resist all attacks, and hence it has better security and performance than its predecessors. However, in this paper we show that the protocol fails short of its security objectives, and it is even less secure than the previously proposed schemes. In fact, we describe several attacks which allow to recover all the secret information stored in the tag. Obviously, once this information is known, tags can be easily traced and impersonated.

[1]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, PerCom Workshops.

[2]  Dominique Paret RFID and contactless smart card applications , 2005 .

[3]  Klaus Finkenzeller,et al.  Book Reviews: RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification, 2nd ed. , 2004, ACM Queue.

[4]  Reihaneh Safavi-Naini,et al.  Practical RFID ownership transfer scheme , 2011, J. Comput. Secur..

[5]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[6]  Gildas Avoine Adversarial Model for Radio Frequency Identification , 2005, IACR Cryptol. ePrint Arch..

[7]  B. Song RFID Tag Ownership Transfer , 2008 .

[8]  Dominique Paret,et al.  RFID and Contactless Smart Card Applications: Paret/RFID , 2005 .

[9]  Chin-Ling Chen,et al.  An Ownership Transfer Scheme Using Mobile RFIDs , 2013, Wirel. Pers. Commun..

[10]  David A. Wagner,et al.  A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags , 2005, IACR Cryptol. ePrint Arch..

[11]  Selwyn Piramuthu,et al.  Single RFID Tag Ownership Transfer Protocols , 2012, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[12]  Tsuyoshi Takagi,et al.  An Efficient and Secure RFID Security Method with Ownership Transfer , 2006, 2006 International Conference on Computational Intelligence and Security.

[13]  Selwyn Piramuthu,et al.  Multi-tag and multi-owner RFID ownership transfer in supply chains , 2011, Decis. Support Syst..

[14]  Josep Domingo-Ferrer,et al.  A Scalable RFID Authentication Protocol Supporting Ownership Transfer and Controlled Delegation , 2011, RFIDSec.

[15]  Mike Burmester,et al.  Lightweight RFID authentication with forward and backward security , 2011, TSEC.

[16]  Serge Vaudenay,et al.  On Privacy Models for RFID , 2007, ASIACRYPT.

[17]  Yan Zhang,et al.  Security in RFID and Sensor Networks , 2009 .