Wireless Personal Communications

, Volume 72, Issue 1, pp 245–258 | Cite as

Cryptanalaysis of an EPCC1G2 Standard Compliant Ownership Transfer Scheme

  • Jorge MunillaEmail author
  • Fuchun Guo
  • Willy Susilo


Recently, Chen and Chien have proposed a novel ownership transfer scheme with low implementation costs and conforming to the EPC Class-1 Generation-2 standard. The authors claimed that the proposed scheme is able to resist all attacks, and hence it has better security and performance than its predecessors. However, in this paper we show that the protocol fails short of its security objectives, and it is even less secure than the previously proposed schemes. In fact, we describe several attacks which allow to recover all the secret information stored in the tag. Obviously, once this information is known, tags can be easily traced and impersonated.


RFID EPCC1G2 Ownership transfer Cryptanalysis 



This work has been partially supported by Ministerio de Ciencia e Innovación (Spain) and the European FEDER Fund under project TIN2011-25452.


  1. 1.
    Finkenzeller, K. (2003). RFID Handbook: Fundamentals and applications in contactless smart cards and identification (2nd ed.). London: Wiley.Google Scholar
  2. 2.
    Paret, D. (2005). RFID and contactless smart card applications. London: Wiley.CrossRefGoogle Scholar
  3. 3.
    Zhang, Y., & Kitsos, P. (2009). Security in RFID and sensor networks. Boston, MA: Auerbach Publications.CrossRefGoogle Scholar
  4. 4.
    Menezes, A. J., Vanstone, S. A., & Van Oorschot, P. C. (1996). Handbook of applied cryptography. Boca Raton, FL: CRC Press.CrossRefGoogle Scholar
  5. 5.
    Molnar, D., Soppera, A., & Wagner, D. (2005). A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In B. Preneel & S. Tavares (Eds.), 12th international workshop on selected areas in cryptography—SAC, Lecture Notes in Computer Science (Vol. 3897, pp. 276–290), Kingston, ON, Canada. Berlin: Springer.Google Scholar
  6. 6.
    Song. B. (2008). RFID tag ownership transfer. In Proceedings of RFIDSec, 2008.Google Scholar
  7. 7.
    Ng, C. Y., Susilo, W., Mu, Y., & Safavi-Naini, R. (2011). Practical RFID ownership transfer scheme. Journal of Computer Security, 19(2), 319–341.Google Scholar
  8. 8.
    Fernàndez-Mir, A., Trujillo-Rasua, R., Castellà-Roca, J., & Domingo-Ferrer, J. (2011). A scalable RFID authentication protocol supporting ownership transfer and controlled delegation. RFIDSec-11 (pp. 146–162).Google Scholar
  9. 9.
    Kapoor, G., & Piramuthu, S. (2012). Single RFID tag ownership transfer protocols. IEEE Transaction on System, Man, and Cybernetics, Part C, 42(2), 164–173.CrossRefGoogle Scholar
  10. 10.
    Kapoor, G., Zho, W., & Piramuthu, S. (2011). Multi-tag and multi-owner RFID ownership transfer in supply chains. Decision Support Systems, 52, 258–270.CrossRefGoogle Scholar
  11. 11.
    EPC Global. EPC tag data standards. http://www.epcglobalinc.orgblock.
  12. 12.
    ISO/IEC. Standard # 18000—RFID Air Interface Standard.
  13. 13.
    Chen, C. L., & Chien, C. F. (2012). An ownership transfer scheme using mobile RFIDs. Wireless Personal Communications, 1–27. doi: 10.1007/s11277-012-0500-2.
  14. 14.
    Osaka, K., Takagi, T., Yamazaki, K., & Takahashi, O. (2006). An efficient and secure RFID security method with ownership transfer. In Proceedings of the 2006 international conference on computational intelligence and security (pp. 1090–1095), Guangzhou.Google Scholar
  15. 15.
    Avoine, G. (2005). Adversary Model for Radio Frequency Identification. Swiss Federal Institute of Technology (EPFL), Security and Cryptography Laboratory (LASEC), Lausanne, Switzerland: Technical Report LASEC-REPORT.Google Scholar
  16. 16.
    Juels, A., & Weis, S. (2007). Defining strong privacy for RFID. International conference on pervasive computing and communications PerCom 2007 (pp. 342–347), New York City, NY, USA.Google Scholar
  17. 17.
    Vaudenay, S. (2007). On privacy models for RFID. In Advances in cryptology. InASIACRYPT 2007, Vol. 4833 of Lecture Notes in Computer Science (p. 6887), Kuching, Malaysia.Google Scholar
  18. 18.
    Burmester, M., & Munilla, J. (2011). Lightweight RFID authentication with forward and backward security. ACM Transactions on Information and System Security, 14(1).Google Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  1. 1.E.T.S.I. TelecomunicaciónUniversity of MálagaMálagaSpain
  2. 2.School of Computer Science and Software EngineeringUniversity of WollongongWollongongAustralia

Personalised recommendations