17-10-2012, 04:34 PM
Single RFID Tag Ownership Transfer Protocols
Single RFID Tag Ownership Transfer Protocols.pdf (Size: 1.01 MB / Downloads: 38)
Abstract
privacy issues are of paramount importance
for widespread acceptance and use of radio-frequency identification
(RFID) tags. Over the last few years, researchers have addressed
this issue through lightweight cryptographicmeans.While
a majority of existing RFID security/privacy protocols address authentication
issues, the ability to change as well as share ownership
of these tagged objects is equally important. We consider a few
RFID ownership transfer variations and propose protocols that are
lightweight and secure. We consider ownership transfer scenarios
for single tag–single owner with and without a trusted third party
(TTP).We provide security analysis to evaluate the accuracy, confidentiality,
and forward security of the proposed protocols from a
cryptography perspective.
Index Terms—Authentication, lightweight cryptography, ownership
transfer (OT), radio-frequency identification (RFID).
INTRODUCTION
RADIO FREQUENCY IDENTIFICATION (RFID) tags
are extremely resource-constrained devices. Given their
limited memory and processing power, lightweight cryptography
has been extensively utilized for communication in RFIDtagged
systems. Protocols that address security/privacy issues
have been extensively studied and reported in the literature
(see [12]).
RFID tags are increasingly being used in disparate domains to
identify, track, and sense ambient conditions of tagged objects.
A majority of these applications dictate that these RFID-tagged
objects be owned by different entities at different points in time.
This necessitates the existence of a mechanism for seamless
ownership transfer (OT) of tagged objects. For example, in a
supply chain, change in ownership of a tagged object may occur
when a distributor physically delivers it to a retailer. While
OT can be temporary or permanent, the underlying dynamic is
similar from a cryptographic perspective.
We propose lightweight protocols that meet the security requirements
of RFID devices and use them for OT and tag authentication.
Extant protocols either lack the ability to do both
or have inherent flaws in their construction. We consider scenarios
with and without a trusted third party (TTP). The latter
rely on previous owners being nonmalicious to avoid becoming
an ownership sharing protocol.
Manuscript received September 15, 2010; accepted October 6, 2010. Date
of publication December 20, 2010; date of current version February 17, 2012.
This paper was recommended by Associate Editor V. Marik.
G. Kapoor is with the Institute of Management and Computer Studies, University
of Mumbai, Mumbai, India (e-mail: gkapoorumkc[at]gmail.com).
S. Piramuthu is with the Information Systems and Operations Management,
University of Florida, Gainesville, FL 32611-7169 USA (e-mail:
selwyn[at]ufl.edu).
Digital Object Identifier 10.1109/TSMCC.2010.2091501
This paper is organized as follows. The following section provides
a brief overview of some related protocols. The proposed
OT protocol for single tag and single owner case with a TTP is
presented in Section III. This is extended to the case without a
TTP in Section IV. Section V concludes this paper with a brief
discussion.
RELATED WORK
OT, as the name implies, is the change in ownership (and
therefore control) of a particular tag. The main issue here is the
fact that unless some measures are taken, the previous owner
continues to maintain RF access to the tag. In cryptographic
terms, if Alice gives a tag (and therefore its access) to Bob,
how does Bob prevent Alice from accessing it at a later point
in time? Several extant protocols (see [2], [8], [11], and [14])
have addressed this issue, most using an external entity (TTP)
to coordinate the transaction. There have been relatively few
attempts without using a TTP (see [7] and [13]), and there are
fundamental problems with these protocols.
We begin by providing an overview of a selected few related
protocols and identify their vulnerabilities. We omit a few others
(see, [9] and [10]) due to space limitations. The protocol
proposed in [10] has been found to be vulnerable since several
tags share common bits of information which is a liability when
one of the tags is compromised. The last step for the tag in [9]
does nothing when ci > m. An adversary can use this to track
the tag. A few recent OT protocols are analyzed in [6].We consider
symmetric cryptographic hash functions. An adversary is
assumed unrestricted and can be either passive or active.