Abstract
RFID reader equipment is widely used in hand-held devices; thus, the security of the connection between mobile readers and RFID servers is an important issue. In this paper, we propose a novel scheme with low implementation costs and conforming to EPC C1G2 standards. The benefits include reducing the manpower required for market management, market members using the mobile readers to query product information, as well as ensuring secure and efficient cash transactions. The membership can also access after-sales service or make ownership transfers with other users. Moreover, in order to achieve mutual authentication, our proposed scheme integrates fingerprint biometrics, related cryptology and a hash function mechanism to ensure the security of the transmitted messages.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ayoade J. (2006) Security implications in RFID and authentication processing framework. Computers & Security 25(3): 207–212
Chen C. L., Den Y. Y. (2009) Conformation of EPC class 1 generation 2 standards RFID system with mutual authentication and privacy protection. Engineering Applications of Artificial Intelligence 22(8): 1284–1291
Chien H. Y., Chen C. H. (2007) Mutual authentication protocol for RFID conforming to EPC class 1 generation 2 standards. Computer Standards and Interfaces 29(2): 254–259
EPCglobal, Inc. URL: http://www.epcglobalinc.org/. Accessed November 17, 2011.
Fouladgar, S., & Afifi, H. (2007). An efficient delegation and transfer of ownership protocol for RFID tags. In The first international EURASIP workshop on RFID technology (RFID 2007), September 24–25, Vienna, Austria.
Garfinkel S. L., Juels A., Pappu R. (2005) RFID privacy: An overview of problems and proposed solutions. IEEE Security & Privacy Magazine 3: 34–43
GIGA-TMS Inc. URL: http://www.gigatms.com.tw/upload/product/catalog/catalog126.pdf. Accessed November 17, 2011.
Gilbert H., Robshaw M., Sibert H. (2005) An active attack against HB+—a provably secure lightweight authentication protocol. IEE Electronic Letters 41(21): 1169–1170
Huang, H. P., Chen, C. S., & Chen, T. Y. (2006). Mobile diagnosis based on RFID for food safety. In Proceeding of the 2006 IEEE international conference on automation science and engineering (pp. 357–362).
Kapoor G., Piramuthu S. (2010) Vulnerabilities in some recently proposed RFID ownership transfer protocols. IEEE Communications Letters 14(3): 260–262
Karthikeyan, S., & Nesterenko, M. (2005). RFID security without extensive cryptography. In Proceedings of the 3rd ACM workshop on security of ad hoc and sensor networks (pp. 63–67).
Kim, J., & Kim, H. (2006). A wireless service for product authentication in mobile RFID environment. In 1st international symposium on wireless pervasive computing (5 p.).
Kulseng, L. (2009). Lightweight mutual authentication, owner transfer, and secure search protocols for RFID systems. Master of Science thesis, Electrical & Computer Engineering Department, Iowa State University.
Lim, C., & Kwon, T. (2006). Strong and robust RFID authentication enabling perfect ownership transfer. In Conference on information and communications security—ICICS ’06, lecture notes in computer science (Vol. 4307, pp. 1–20).
Molnar D., Soppera A., Wagner D. (2006) A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. Lecture Notes in Computer Science 3897: 276–290
Osaka, K., Takagi, T., Yamazaki, K., & Takahashi, O. (2006). An efficient and secure RFID security method with ownership transfer. In Proceedings of the 2006 international conference on computational intelligence and security, Guangzhou (pp. 1090–1095).
Park N., Kwak J., Kim S., Won D., Kim H. (2006) WIPI mobile platform with secure service for mobile RFID network environment. Lecture Notes in Computer Science 3842: 741–748
Pedro P. L., Julio Cesar H. C., Juan E. T., Arturo M. R. (2009) Cryptanalysis of a novel authentication protocol conforming to EPC C1G2 standard. Computer Standards & Interfaces 31(2): 372–380
Pedro P. L., Julio Cesar H. C., Juan E. T., Li M. T., Li Y. (2010) Vulnerability analysis of RFID protocols for tag ownership transfer. Computer Networks 54(9): 1502–1508
Rizomiliotis P., Rekleitis E., Gritzalis S. (2009) Security analysis of the Song-Mitchell authentication protocol for low-cost RFID tags. IEEE Communications Letters 13(4): 274–276
Saito, J., & Sakurai, K. (2005) Owner transferable privacy protection scheme for RFID tags. In CSS 2005, volume 2005 of IPSJ symposium series (pp. 283–288).
Song, B. (2008). RFID tag ownership transfer. In Proceedings of workshop on RFID security.
Toiruul B., Lee K. (2006) An advanced mutual-authentication algorithm using AES for RFID systems. International Journal of Computer Science and Network Security 6: 156–162
van Deursen, T., & Radomirovic, S. (2008). Attacks on RFID protocols, Cryptology ePrint archive report. URL: http://eprint.iacr.org/2008/310.pdf. Accessed November 17, 2011).
Weinstein R. (2005) RFID: A technical overview and its application to the enterprise. IT Professional 7(3): 27–33
Wireless Dynamics Inc. URL: http://www.wdi.ca/. Accessed November 17, 2011.
Zhu, W., Wang, D., & Sheng, H. (2005). Mobile RFID technology for improving m-commerce. In IEEE international conference on e-business engineering, Beijing (pp. 118–125).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Chen, CL., Chien, CF. An Ownership Transfer Scheme Using Mobile RFIDs. Wireless Pers Commun 68, 1093–1119 (2013). https://doi.org/10.1007/s11277-012-0500-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-012-0500-2