Abstract
Recently, Chen and Chien have proposed a novel ownership transfer scheme with low implementation costs and conforming to the EPC Class-1 Generation-2 standard. The authors claimed that the proposed scheme is able to resist all attacks, and hence it has better security and performance than its predecessors. However, in this paper we show that the protocol fails short of its security objectives, and it is even less secure than the previously proposed schemes. In fact, we describe several attacks which allow to recover all the secret information stored in the tag. Obviously, once this information is known, tags can be easily traced and impersonated.
Similar content being viewed by others
References
Finkenzeller, K. (2003). RFID Handbook: Fundamentals and applications in contactless smart cards and identification (2nd ed.). London: Wiley.
Paret, D. (2005). RFID and contactless smart card applications. London: Wiley.
Zhang, Y., & Kitsos, P. (2009). Security in RFID and sensor networks. Boston, MA: Auerbach Publications.
Menezes, A. J., Vanstone, S. A., & Van Oorschot, P. C. (1996). Handbook of applied cryptography. Boca Raton, FL: CRC Press.
Molnar, D., Soppera, A., & Wagner, D. (2005). A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In B. Preneel & S. Tavares (Eds.), 12th international workshop on selected areas in cryptography—SAC, Lecture Notes in Computer Science (Vol. 3897, pp. 276–290), Kingston, ON, Canada. Berlin: Springer.
Song. B. (2008). RFID tag ownership transfer. In Proceedings of RFIDSec, 2008.
Ng, C. Y., Susilo, W., Mu, Y., & Safavi-Naini, R. (2011). Practical RFID ownership transfer scheme. Journal of Computer Security, 19(2), 319–341.
Fernàndez-Mir, A., Trujillo-Rasua, R., Castellà-Roca, J., & Domingo-Ferrer, J. (2011). A scalable RFID authentication protocol supporting ownership transfer and controlled delegation. RFIDSec-11 (pp. 146–162).
Kapoor, G., & Piramuthu, S. (2012). Single RFID tag ownership transfer protocols. IEEE Transaction on System, Man, and Cybernetics, Part C, 42(2), 164–173.
Kapoor, G., Zho, W., & Piramuthu, S. (2011). Multi-tag and multi-owner RFID ownership transfer in supply chains. Decision Support Systems, 52, 258–270.
EPC Global. EPC tag data standards. http://www.epcglobalinc.orgblock.
ISO/IEC. Standard # 18000—RFID Air Interface Standard. http://www.hightechaid.com/standards/18000.htm.
Chen, C. L., & Chien, C. F. (2012). An ownership transfer scheme using mobile RFIDs. Wireless Personal Communications, 1–27. doi:10.1007/s11277-012-0500-2.
Osaka, K., Takagi, T., Yamazaki, K., & Takahashi, O. (2006). An efficient and secure RFID security method with ownership transfer. In Proceedings of the 2006 international conference on computational intelligence and security (pp. 1090–1095), Guangzhou.
Avoine, G. (2005). Adversary Model for Radio Frequency Identification. Swiss Federal Institute of Technology (EPFL), Security and Cryptography Laboratory (LASEC), Lausanne, Switzerland: Technical Report LASEC-REPORT.
Juels, A., & Weis, S. (2007). Defining strong privacy for RFID. International conference on pervasive computing and communications PerCom 2007 (pp. 342–347), New York City, NY, USA.
Vaudenay, S. (2007). On privacy models for RFID. In Advances in cryptology. InASIACRYPT 2007, Vol. 4833 of Lecture Notes in Computer Science (p. 6887), Kuching, Malaysia.
Burmester, M., & Munilla, J. (2011). Lightweight RFID authentication with forward and backward security. ACM Transactions on Information and System Security, 14(1).
Acknowledgments
This work has been partially supported by Ministerio de Ciencia e Innovación (Spain) and the European FEDER Fund under project TIN2011-25452.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Munilla, J., Guo, F. & Susilo, W. Cryptanalaysis of an EPCC1G2 Standard Compliant Ownership Transfer Scheme. Wireless Pers Commun 72, 245–258 (2013). https://doi.org/10.1007/s11277-013-1011-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-013-1011-5