Cryptanalysis and Improvement of RFID Ownership Transfer Protocol

The widespread use of Radio Frequency Identification (RFID) technologies help to trace a large number of commodity and share the tag information in the supply chain system. However, many ownership transfer protocols are subject to various attacks. We analyze the security of two protocols. Even if the designers claim that their protocols are security, we find that their schemes suffer from forward traceability attacks and tracing attacks. In addition, we show that a weak attacker can retrieve the secrets of the tag with a probability 1 in Kardaş et al.’s protocol. To resist against these attacks, we present an improved scheme based on Kardaş et al.’s protocol by adopting the new key-update mechanism. In the end, we show the enhanced versions provides the forward and backward untraceable security properties.

[1]  Yu Guo,et al.  A New Scalable RFID Delegation Protocol , 2014 .

[2]  Albert Levi,et al.  An Efficient and Private RFID Authentication Protocol Supporting Ownership Transfer , 2013, LightSec.

[3]  Samuel Fosso Wamba,et al.  RFID-Enabled Healthcare Applications, Issues and Benefits: An Archival Analysis (1997–2011) , 2011, Journal of medical systems.

[4]  Eric W.T. Ngai,et al.  RFID value in aircraft parts supply chains: A case study , 2014 .

[5]  Mohammad Reza Aref,et al.  Simulation-Based Traceability Analysis of RFID Authentication Protocols , 2014, Wirel. Pers. Commun..

[6]  Josep Domingo-Ferrer,et al.  A Scalable RFID Authentication Protocol Supporting Ownership Transfer and Controlled Delegation , 2011, RFIDSec.

[7]  Hyeong-Chan Lee,et al.  Secure and Lightweight Authentication Protocol for Mobile RFID Privacy , 2013 .

[8]  Yunhao Liu,et al.  OTrack: Order tracking for luggage in mobile RFID systems , 2013, 2013 Proceedings IEEE INFOCOM.

[9]  Mohammad Reza Aref,et al.  Analysis and Improvement of the securing RFID systems conforming to EPC Class 1 Generation 2 standard , 2013, IACR Cryptol. ePrint Arch..

[10]  Serge Vaudenay,et al.  On Privacy Models for RFID , 2007, ASIACRYPT.

[11]  Wanlei Zhou,et al.  A practical quadratic residues based scheme for authentication and privacy in mobile RFID systems , 2013, Ad Hoc Networks.

[12]  Subhasish Dhal,et al.  Handling Authentication and Detection Probability in Multi-tag RFID Environment , 2013, IACR Cryptol. ePrint Arch..

[13]  Eun-Jun Yoon Improvement of the securing RFID systems conforming to EPC Class 1 Generation 2 standard , 2012, Expert Syst. Appl..

[14]  Azman Samsudin,et al.  Provably Lightweight RFID Mutual Authentication Protocol , 2013 .