Skip to main content
SpringerLink
Log in

Cryptanalaysis of an EPCC1G2 Standard Compliant Ownership Transfer Scheme

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Recently, Chen and Chien have proposed a novel ownership transfer scheme with low implementation costs and conforming to the EPC Class-1 Generation-2 standard. The authors claimed that the proposed scheme is able to resist all attacks, and hence it has better security and performance than its predecessors. However, in this paper we show that the protocol fails short of its security objectives, and it is even less secure than the previously proposed schemes. In fact, we describe several attacks which allow to recover all the secret information stored in the tag. Obviously, once this information is known, tags can be easily traced and impersonated.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Finkenzeller, K. (2003). RFID Handbook: Fundamentals and applications in contactless smart cards and identification (2nd ed.). London: Wiley.

    Google Scholar 

  2. Paret, D. (2005). RFID and contactless smart card applications. London: Wiley.

    Book  Google Scholar 

  3. Zhang, Y., & Kitsos, P. (2009). Security in RFID and sensor networks. Boston, MA: Auerbach Publications.

    Book  Google Scholar 

  4. Menezes, A. J., Vanstone, S. A., & Van Oorschot, P. C. (1996). Handbook of applied cryptography. Boca Raton, FL: CRC Press.

    Book  Google Scholar 

  5. Molnar, D., Soppera, A., & Wagner, D. (2005). A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In B. Preneel & S. Tavares (Eds.), 12th international workshop on selected areas in cryptography—SAC, Lecture Notes in Computer Science (Vol. 3897, pp. 276–290), Kingston, ON, Canada. Berlin: Springer.

  6. Song. B. (2008). RFID tag ownership transfer. In Proceedings of RFIDSec, 2008.

  7. Ng, C. Y., Susilo, W., Mu, Y., & Safavi-Naini, R. (2011). Practical RFID ownership transfer scheme. Journal of Computer Security, 19(2), 319–341.

    Google Scholar 

  8. Fernàndez-Mir, A., Trujillo-Rasua, R., Castellà-Roca, J., & Domingo-Ferrer, J. (2011). A scalable RFID authentication protocol supporting ownership transfer and controlled delegation. RFIDSec-11 (pp. 146–162).

  9. Kapoor, G., & Piramuthu, S. (2012). Single RFID tag ownership transfer protocols. IEEE Transaction on System, Man, and Cybernetics, Part C, 42(2), 164–173.

    Article  Google Scholar 

  10. Kapoor, G., Zho, W., & Piramuthu, S. (2011). Multi-tag and multi-owner RFID ownership transfer in supply chains. Decision Support Systems, 52, 258–270.

    Article  Google Scholar 

  11. EPC Global. EPC tag data standards. http://www.epcglobalinc.orgblock.

  12. ISO/IEC. Standard # 18000—RFID Air Interface Standard. http://www.hightechaid.com/standards/18000.htm.

  13. Chen, C. L., & Chien, C. F. (2012). An ownership transfer scheme using mobile RFIDs. Wireless Personal Communications, 1–27. doi:10.1007/s11277-012-0500-2.

  14. Osaka, K., Takagi, T., Yamazaki, K., & Takahashi, O. (2006). An efficient and secure RFID security method with ownership transfer. In Proceedings of the 2006 international conference on computational intelligence and security (pp. 1090–1095), Guangzhou.

  15. Avoine, G. (2005). Adversary Model for Radio Frequency Identification. Swiss Federal Institute of Technology (EPFL), Security and Cryptography Laboratory (LASEC), Lausanne, Switzerland: Technical Report LASEC-REPORT.

    Google Scholar 

  16. Juels, A., & Weis, S. (2007). Defining strong privacy for RFID. International conference on pervasive computing and communications PerCom 2007 (pp. 342–347), New York City, NY, USA.

  17. Vaudenay, S. (2007). On privacy models for RFID. In Advances in cryptology. InASIACRYPT 2007, Vol. 4833 of Lecture Notes in Computer Science (p. 6887), Kuching, Malaysia.

  18. Burmester, M., & Munilla, J. (2011). Lightweight RFID authentication with forward and backward security. ACM Transactions on Information and System Security, 14(1).

Download references

Acknowledgments

This work has been partially supported by Ministerio de Ciencia e Innovación (Spain) and the European FEDER Fund under project TIN2011-25452.

Author information

Authors and Affiliations

  1. E.T.S.I. Telecomunicación, University of Málaga, Málaga, Spain

    Jorge Munilla

  2. School of Computer Science and Software Engineering, University of Wollongong, Wollongong, Australia

    Fuchun Guo & Willy Susilo

Authors
  1. Jorge Munilla
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fuchun Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Willy Susilo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jorge Munilla.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Munilla, J., Guo, F. & Susilo, W. Cryptanalaysis of an EPCC1G2 Standard Compliant Ownership Transfer Scheme. Wireless Pers Commun 72, 245–258 (2013). https://doi.org/10.1007/s11277-013-1011-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-013-1011-5

Keywords

Search

Navigation