Abstract
Radio Frequency IDentification (RFID) systems are getting pervasively deployed in many daily life applications. But this increased usage of RFID systems brings some serious problems together, security and privacy. In some applications, ownership transfer of RFID labels is sine qua non need. Specifically, the owner of RFID tag might be required to change several times during its lifetime. Besides, after ownership transfer, the authentication protocol should also prevent the old owner to trace the tags and disallow the new owner to trace old transactions of the tags. On the other hand, while achieving privacy and security concerns, the computation complexity should be considered. In order to resolve these issues, numerous authentication protocols have been proposed in the literature. Many of them failed and their computation load on the server side is very high. Motivated by this need, we propose an RFID mutual authentication protocol to provide ownership transfer. In our protocol, the server needs only a constant-time complexity for identification when the tag and server are synchronized. In case of ownership transfer, our protocol preserves both old and new owners’ privacy. Our protocol is backward untraceable against a strong adversary who compromise tag, and also forward untraceable under an assumption.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alomair, B., Clark, A., Cuellar, J., Poovendran, R.: Scalable RFID systems: a privacy-preserving protocol with constant-time identification. In: International Conference on Dependable Systems and Networks, pp. 1–10 (2010)
Avoine, G.: Cryptography in Radio Frequency Identification and Fair Exchange Protocols. PhD thesis, EPFL, Lausanne, Switzerland (December 2005)
Avoine, G., Coisel, I., Martin, T.: Time Measurement Threatens Privacy-Friendly RFID Authentication Protocols. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 138–157. Springer, Heidelberg (2010)
Burmester, M., de Medeiros, B., Motta, R.: Anonymous RFID authentication supporting constant-cost key-lookup against active adversaries. IJACT 1(2), 79–90 (2008)
Dimitriou, T.: A Lightweight RFID Protocol to protect against Traceability and Cloning attacks. In: SECURECOMM 2005: Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks, pp. 59–66. IEEE Computer Society, Washington, DC (2005)
Dolev, D., Yao, A.C.: On the security of public key protocols. In: Proceedings of the 22nd Annual Symposium on Foundations of Computer Science, pp. 350–357. IEEE Computer Society, Washington, DC (1981)
Erguler, I., Anarim, E.: Practical attacks and improvements to an efficient radio frequency identification authentication protocol. Concurrency and Computation: Practice and Experience (October 2011)
Fernàndez-Mir, A., Trujillo-Rasua, R., Castellà-Roca, J., Domingo-Ferrer, J.: Scalable RFID Authentication Protocol Supporting Ownership Transfer and Controlled Delegation. In: Juels, A., Paar, C. (eds.) RFIDSec 2011. LNCS, vol. 7055, pp. 147–162. Springer, Heidelberg (2012)
Finkenzeller, K.: RFID Handbook. John Wiley and Sons (2003)
Garfinkel, S., Rosenberg, B.: RFID: Applications, Security, and Privacy. Addison-Wesley (2005)
Ha, J., Moon, S.-J., Nieto, J.M.G., Boyd, C.: Low-Cost and Strong-Security RFID Authentication Protocol. In: EUC Workshops, pp. 795–807 (2007)
Kardaş, S., Levi, A., Murat, E.: Providing Resistance against Server Information Leakage in RFID Systems. In: New Technologies, Mobility and Security – NTMS 2011, Paris, France, pp. 1–7. IEEE Computer Society (February 2011)
Lim, C.H., Kwon, T.: Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 1–20. Springer, Heidelberg (2006)
Molnar, D., Wagner, D.: Privacy and security in library RFID: issues, practices, and architectures. In: CCS 2004: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 210–219. ACM (2004)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to ‘privacy-friendly’ tags. In: RFID Privacy Workshop. MIT, Massachusetts (2003)
Song, B., Mitchell, C.J.: RFID authentication protocol for low-cost tags. In: WiSec 2008: Proceedings of the First ACM Conference on Wireless Network Security, pp. 140–147. ACM (2008)
Song, B., Mitchell, C.J.: Scalable RFID Security Protocols supporting Tag Ownership Transfer. Computer Communication (March 2010)
Vajda, I., Buttyán, L.: Lightweight Authentication Protocols for Low-Cost RFID Tags. In: Second Workshop on Security in Ubiquitous Computing – Ubicomp 2003 (2003)
Van Le, T., Burmester, M., de Medeiros, B.: Universally Composable and Forward-secure RFID Authentication and Authenticated Key Exchange. In: Bao, F., Miller, S. (eds.) ACM Symposium on Information, Computer and Communications Security – ASIACCS 2007, Singapore, Republic of Singapore, pp. 242–252. ACM Press (March 2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kardaş, S., Çelik, S., Arslan, A., Levi, A. (2013). An Efficient and Private RFID Authentication Protocol Supporting Ownership Transfer. In: Avoine, G., Kara, O. (eds) Lightweight Cryptography for Security and Privacy. LightSec 2013. Lecture Notes in Computer Science, vol 8162. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40392-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-40392-7_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40391-0
Online ISBN: 978-3-642-40392-7
eBook Packages: Computer ScienceComputer Science (R0)