Abstract
One of the challenging issues in RFID systems is the issue of group ownership transfer and ownership duration. To answer this need recently one protocol which combines group ownership transfer and time bound delegation was proposed by Lee et al. which we call it TBGODP stands for time bound group ownership delegation protocol. A secure time bound group ownership delegation protocol can be used to transfer ownership of a group of tagged devices for a certain period of time, such as renting a smart home. In this paper, we applied different attacks such as traceability and secret disclosure attacks against TBGODP which show this protocol is not a secure one. All attacks presented in this paper, only need one run of protocol eavesdropping and succeed with the probability of one. We also address the vulnerabilities of TBGODP which lead to propose a new secure improved one called \(TBGODP^+\). We formally prove the security of \(TBGODP^+\) in Real or Random (RoR) model and also verify its security using BAN logic. We also evaluate the security of \(TBGODP^+\) with well-known security analysis tools, namely AVISPA and Scyther. The results of these evaluations indicate \(TBGODP^+\) can safely transfer ownership of a group of tags to another owner for a specified period of time, and that the new owner’s ownership expires upon time expiration. Comparative analysis of \(TBGODP^+\) with other related schemes shows that the proposed protocol in terms of computational and communication costs, and execution time is more than other related schemes and this is a cost that should be paid to provide complete security against various attacks.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abdalla M, Fouque P, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. In: Vaudenay S (ed) Public key cryptography—PKC 2005, 8th international workshop on theory and practice in public key cryptography, Les Diablerets, Switzerland, 23–26 January 2005, Proceedings, Lecture notes in computer science, vol 3386. Springer, pp 65–84
Adeli M, Bagheri N, Meimani HR (2021) On the designing a secure biometric-based remote patient authentication scheme for mobile healthcare environments. J Ambient Intell Human Comput 12:3075–3089
Armando A, Basin D, Boichut Y, Chevalier Y, Compagna L, Cuéllar J, Drielsma PH, Héam PC, Kouchnarenko O, Mantovani J et al (2005) The AVISPA tool for the automated validation of internet security protocols and applications. In: International conference on computer aided verification. Springer, pp 281–285
Bagheri N, Aghili F, Safkhani M (2018) On the security of two ownership transfer protocols and their improvements. Int Arab J Inf Technol 15(1):87–93
Bansal G, Naren N, Chamola V, Sikdar B, Kumar N, Guizani M (2020) Lightweight mutual authentication protocol for V2G using physical unclonable function. IEEE Trans Veh Technol 69(7):7234–7246
Bera B, Chattaraj D, Das AK (2020) Designing secure blockchain-based access control scheme in iot-enabled internet of drones deployment. Comput Commun 153:229–249
Bojjagani S, Sastry V (2017) A secure end-to-end SMS-based mobile banking protocol. Int J Commun Syst 30(15):e3302
Bojjagani S, Sastry V (2019) A secure end-to-end proximity nfc-based mobile payment protocol. Comput Stand Interfaces 66:103348
Burrows M, Abadi M, Needham RM (1989) A logic of authentication. Proc R Soc Lond A Math Phys Sci 426(1871):233–271
Cao T, Chen X, Doss R, Zhai J, Wise LJ, Zhao Q (2016) RFID ownership transfer protocol based on cloud. Comput Netw 105:47–59
Chevalier Y, Compagna L, Cuellar J, Drielsma PH, Mantovani J, Mödersheim S, Vigneron L (2004) A high level protocol specification language for industrial security-sensitive protocols. In: Workshop on specification and automated processing of security requirements-SAPS’2004. Austrian Computer Society, p 13
Cremers CJF (2008) The Scyther tool: verification, falsification, and analysis of security protocols. In: Gupta A, Malik S (eds) Computer aided verification. Springer, Berlin, pp 414–418
Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208
Doss R, Zhou W, Yu S (2012) Secure RFID tag ownership transfer based on quadratic residues. IEEE Trans Inf Forensics Secur 8(2):390–401
Fan K, Luo Q, Zhang K, Yang Y (2020) Cloud-based lightweight secure RFID mutual authentication protocol in iot. Inf Sci 527:329–340
Gan Y, Zhuang Y, He L (2019) RFID tag ownership transfer protocol using blockchain. Int J Perform Eng 15(9):2544–2552
Jangirala S, Das AK, Vasilakos AV (2019) Designing secure lightweight blockchain-enabled RFID-based authentication protocol for supply chains in 5G mobile edge computing environment. IEEE Trans Ind Inf 16(11):7081–7093
Jannati H, Falahati A (2011) Cryptanalysis and enhancement of a secure group ownership transfer protocol for RFID tags. In: Global security, safety and sustainability and e-democracy. Springer, pp 186–193
Kapoor G, Zhou W, Piramuthu S (2011) Multi-tag and multi-owner RFID ownership transfer in supply chains. Decis Support Syst 52(1):258–270
Kumar V, Ahmad M, Mishra D, Kumari S, Khan MK (2020) RSEAP: RFID based secure and efficient authentication protocol for vehicular cloud computing. Veh Commun 22:100213
Lee CC, Li CT, Cheng CL, Lai YM (2019) Vasilakos AV (2018) A novel group ownership delegate protocol for RFID systems. Front Infor Syst Front 21:1153–1166
Lee CC, Chen SD, Li CT, Cheng CL, Lai YM (2019a) Security enhancement on an RFID ownership transfer protocol based on cloud. Future Gener Comput Syst 93:266–277
Lee CC, Li CT, Cheng CL, Lai YM (2019b) A novel group ownership transfer protocol for RFID systems. Ad Hoc Netw 91:1–12
Li N, Mu Y, Susilo W, Varadharajan V (2015) Shared RFID ownership transfer protocols. Comput Stand Interfaces 42:95–104. https://doi.org/10.1016/j.csi.2015.05.003
Luo JN, Yang MH (2020) A secure partial RFID ownership transfer protocol with multi-owners. Sensors 20(1):22
Moazami F, Safkhani M (2020) SEOTP: a new secure and efficient ownership transfer protocol based on quadric residue and homomorphic encryption. Wireless Netw 26:5285–5306. https://doi.org/10.1007/s11276-020-02397-x
Moazami F, Safkhani M (2021) AVISPA and Scyther code of TBGODP+. https://www.gist.github.com/Masouemh-Safkhani/6b0bb47d7b69e647fa96be492d30f5fa
Munilla J, Burmester M, Peinado A (2016) Attacks on ownership transfer scheme for multi-tag multi-owner passive RFID environments. Comput Commun 88:84–88
Odelu V, Saha S, Prasath R, Sadineni L, Conti M, Jo M (2019) Efficient privacy preserving device authentication in WBANs for industrial e-health applications. Comput Secu 83:300–312
Reddy AG, Suresh D, Phaneendra K, Shin JS, Odelu V (2018) Provably secure pseudo-identity based device authentication for smart cities environment. Sustain Cities Soc 41:878–885
Safkhani M, Camara C, Peris-Lopez P, Bagheri N (2021) RSEAP2: an enhanced version of RSEAP, an RFID based authentication protocol for vehicular cloud computing. Veh Commun 28:100311
Sundaresan S, Doss R, Zhou W, Piramuthu S (2015) Secure ownership transfer for multi-tag multi-owner passive RFID environment with individual-owner-privacy. Comput Commun 55:112–124
Tsai KY, Yang MH, Luo JN, Liew WT (2019) Novel designated ownership transfer with grouping proof. Appl Sci 9(4):724
Vivekanandan M, Sastry V, Reddy US (2019a) Biometric based user authentication protocol for mobile cloud environment. In: 2019 IEEE 5th international conference on identity, security, and behavior analysis (ISBA). IEEE, pp 1–6
Vivekanandan M, Sastry V, Reddy US (2019b) Efficient user authentication protocol for distributed multimedia mobile cloud environment. J Ambient Intell Humaniz Comput 174–178
Vivekanandan M, Sastry V et al (2021) BIDAPSCA5G: blockchain based internet of things (IoT) device to device authentication protocol for smart city applications using 5g technology. Peer-to-Peer Netw Appl 14(1):403–419
Von Oheimb D (2005) The high-level protocol specification language HLPSL developed in the EU project AVISPA. In: Proceedings of APPSEM 2005 workshop, pp 1–17
Wang D, Wang P, Wang C (2020) Efficient multi-factor user authentication protocol with forward secrecy for real-time data access in WSNs. ACM Trans Cyber-Phys Syst 4(3):1–26
Wu F, Xu L, Kumari S, Li X, Das AK, Shen J (2018) A lightweight and anonymous RFID tag authentication protocol with cloud assistance for e-healthcare applications. J Ambient Intell Humaniz Comput 9(4):919–930
Yang MH (2012) Secure multiple group ownership transfer protocol for mobile RFID. Electron Commer Res Appl 11(4):361–373
Zhou Z, Wang P, Li Z (2019) A quadratic residue-based RFID authentication protocol with enhanced security for TMIS. J Ambient Intell Humaniz Comput 10(9):3603–3615
Zuo Y (2010) Changing hands together: A secure group ownership transfer protocol for RFID tags. 43rd Hawaii International international conference on systems science (HICSS-43 2010), Proceedings, 5–8 January 2010. Kauai, HI, USA. IEEE Computer Society, Koloa, pp 1–10
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Moazami, F., Safkhani, M. \(TBGODP^+\): improvement of TBGODP, a time bound group ownership delegation protocol. J Ambient Intell Human Comput 13, 3283–3302 (2022). https://doi.org/10.1007/s12652-021-03571-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-021-03571-5