Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer

  • Chae Hoon Lim
  • Taekyoung Kwon
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4307)


RFID technology arouses great interests from both its advocates and opponents because of the promising but privacy-threatening nature of low-cost RFID tags. A main privacy concern in RFID systems results from clandestine scanning through which an adversary could conduct silent tracking and inventorying of persons carrying tagged objects. Thus, the most important security requirement in designing RFID protocols is to ensure untraceability of RFID tags by unauthorized parties (even with knowledge of a tag secret due to no physical security of low-cost RFID tags). Previous work in this direction mainly focuses on backward untraceability, requiring that compromise of a tag secret should not help identify the tag from past communication transcripts. However, in this paper, we argue that forward untraceability, i.e., untraceability of future events even with knowledge of a current tag secret, should be considered as an equally or even more important security property in RFID protocol designs. Furthermore, RFID tags may often change hands during their lifetime and thus the problem of tag ownership transfer should be dealt with as another key issue in RFID privacy problems; once ownership of a tag is transferred to another party, the old owner should not be able to read the tag any more. It is rather obvious that complete transfer of tag ownership is possible only if some degree of forward untraceability is provided. We propose a strong and robust RFID authentication protocol satisfying both forward and backward untraceability and enabling complete transfer of tag ownership.


Block Cipher Ownership Transfer Lightweight Block Cipher Legitimate Reader 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, R.: Two remarks on public key cryptology. Technical Reports, UCAM-CL-TR-549. Univ. of Cambridge (2002),
  2. 2.
    Avoine, G.: Adversarial model for radio frequency identification. Cryptology ePrint Archive, Report 2005/049 (2005)Google Scholar
  3. 3.
    Avoine, G.: Security and privacy in RFID systems (A complete list of related papers) (last access, May 2006),
  4. 4.
    Avoine, G., Dysli, E., Oechslin, P.: Reducing time complexity in RFID systems. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 291–306. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Avoine, G., Oechslin, P.: RFID traceability: A multilayer problem. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Avoine, G., Oechslin, P.: A scalable and provably secure hash based RFID protocol. In: The 2nd IEEE International Workshop on Pervasive Computing and Communication Security - PerSec 2005, pp. 110–114. IEEE Computer Society Press, Los Alamitos (2005)CrossRefGoogle Scholar
  7. 7.
    Boycott Benetton Home Page (2003),
  8. 8.
    Dimitriou, T.: A lightweight RFID protocol to protect against traceability and cloning attacks. In: IEEE SecureComm., pp. 59–66 (2005)Google Scholar
  9. 9.
    EPCglobal Web site (2005),
  10. 10.
    Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Finkenzeller, K.: RFID Handbook. John Wiley & Sons, Chichester (1999)Google Scholar
  12. 12.
    Henrici, D., Müller, P.: Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: Workshop on Pervasive Computing and Communications Security - PerSec 2004, pp. 149–153. IEEE Computer Society Press, Los Alamitos (2004)CrossRefGoogle Scholar
  13. 13.
    Juels, A.: Minimalist cryptography for low-cost RFID tags. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 149–164. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Juels, A.: RFID security and privacy: a research survey. IEEE Journal on Selected Areas in Communications (2006)Google Scholar
  15. 15.
    Juels, A., Garfinkel, S., Pappu, R.: RFID privacy: An overview of problems and proposed solutions. IEEE Security and Privacy 3(3), 34–43 (2005)CrossRefGoogle Scholar
  16. 16.
    Juels, A., Molnar, D., Wagner, D.: Security and privacy issues in e-passports. In: IEEE SecureComm 2005. IEEE, Los Alamitos (2005), referenced 2005 at: Google Scholar
  17. 17.
    Juels, A., Rivest, R.L., Szydlo, M.: The blocker tag: Selective blocking of RFID tags for consumer privacy. In: 8th ACM Conference on Computer and Communications Security, pp. 103–111. ACM Press, New York (2003)CrossRefGoogle Scholar
  18. 18.
    Juels, A., Syverson, P., Bailey, D.: High-power proxies for enhancing RFID privacy and utility. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 210–226. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Juels, A., Weis, S.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)Google Scholar
  20. 20.
    Lim, C.H., Korkishko, T.: mCrypton-A lightweight block cipher for security of low-cost RFID tags and sensors. In: Song, J.-S., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 243–258. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  21. 21.
    Lee, S., Hwang, Y., Lee, D., Lim, J.: Efficient authentication for low-cost RFID systems. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3480, pp. 619–627. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  22. 22.
    Malkin, T., Obana, S., Yung, M.: The hierarchy of key evolving Signatures and a characterization of proxy signatures. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 306–322. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  23. 23.
    Molnar, D., Soppera, A., Wagner, D.: A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 276–290. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  24. 24.
    Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practices, and architectures. In: ACM Conference on Communications and Computer Security, pp. 210–219. ACM Press, New York (2004)Google Scholar
  25. 25.
    Ohkubo, M., Suzuko, K., Kinoshita, S.: Cryptographic approach to “privacy-friendly” tags. In: RFID Privacy Workshop (2003)Google Scholar
  26. 26.
    Rieback, M., Crispo, B., Tanenbaum, A.: RFID guardian: A battery-powered mobile device for RFID privacy management. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 184–194. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  27. 27.
    Sarma, S., Weis, S., Engels, D.: RFID systems and security and privacy implications. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 454–469. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  28. 28.
    Shirey, R.: Internet Security Glossary. IETF RFC 2828 (May 2000), at:
  29. 29.
  30. 30.
    Weis, S., Sarma, S., Rivest, R., Engels, D.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 454–469. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Chae Hoon Lim
    • 1
  • Taekyoung Kwon
    • 1
  1. 1.Dept. of Computer EngineeringSejong UniversitySeoulKorea

Personalised recommendations