Vulnerability analysis of RFID protocols for tag ownership transfer

Authors:
Pedro Peris-Lopez;Julio C. Hernandez-Castro;Juan M. E. Tapiador;Tieyan Li;Yingjiu Li
Affiliations:
Information and Communication Theory Group, Delft University of Technology, Netherlands;Computer Science Department, Carlos III University of Madrid, Spain;Computer Science Department, Carlos III University of Madrid, Spain;Institute for Infocomm Research, A*STAR Singapore, Singapore;Singapore Management University (SMU), Singapore
Venue:
Computer Networks: The International Journal of Computer and Telecommunications Networking
Year:
2010

Citing 5
Cited 6

Defining Strong Privacy for RFID

PERCOMW '07 Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications Workshops
RFID authentication protocol for low-cost tags

WiSec '08 Proceedings of the first ACM conference on Wireless network security
An Efficient and Secure RFID Security Method with Ownership Transfer

Computational Intelligence and Security
Security analysis of the Song-Mitchell authentication protocol for low-cost RFID tags

IEEE Communications Letters
A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags

SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography

Review: Efficient vehicle ownership identification scheme based on triple-trapdoor chameleon hash function

Journal of Network and Computer Applications
Attacks on a lightweight mutual authentication protocol under EPC C-1 G-2 standard

WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Addressing flaws in RFID authentication protocols

INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
A new framework for privacy of RFID path authentication

ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
An Ownership Transfer Scheme Using Mobile RFIDs

Wireless Personal Communications: An International Journal
Security and Privacy Analysis of Song---Mitchell RFID Authentication Protocol

Wireless Personal Communications: An International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

In RFIDSec'08, Song proposed an ownership transfer scheme, which consists of an ownership transfer protocol and a secret update protocol [7]. The ownership transfer protocol is completely based on a mutual authentication protocol proposed in WiSec'08 [8]. In Rizomiliotis et al. (2009) [6], van Deursen and Radomirovic (2008), the first weaknesses to be identified (tag and server impersonation) were addressed and this paper completes the consideration of them all. We find that the mutual authentication protocol, and therefore the ownership transfer protocol, possesses certain weaknesses related to most of the security properties initially required in protocol design: tag information leakage, tag location tracking, and forward traceability. Moreover, the secret update protocol is not immune to de-synchronization attacks.