Paper 2014/968

Attacks on Secure Ownership Transfer for Multi-Tag Multi-Owner Passive RFID Environments

Jorge Munilla, Mike Burmester, and Albert Peinado

Abstract

Sundaresan et al proposed recently a novel ownership transfer protocol for multi-tag multi-owner RFID environments that complies with the EPC Class1 Generation2 standard. The authors claim that this provides individual-owner privacy and prevents tracking attacks. In this paper we show that this protocol falls short of its security objectives. We describe attacks that allow: a) an eavesdropper to trace a tag, b) the previous owner to obtain the private information that the tag shares with the new owner, and c) an adversary that has access to the data stored on a tag to link this tag to previous interrogations (forward-secrecy). We then analyze the security proof and show that while the first two cases can be solved with a more careful design, for lightweight RFID applications strong privacy remains an open problem.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
cryptanalysisanonymityRFID
Contact author(s)
burmester @ cs fsu edu
History
2014-11-28: received
Short URL
https://ia.cr/2014/968
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/968,
      author = {Jorge Munilla and Mike Burmester and Albert Peinado},
      title = {Attacks on Secure Ownership Transfer for Multi-Tag Multi-Owner Passive RFID Environments},
      howpublished = {Cryptology ePrint Archive, Paper 2014/968},
      year = {2014},
      note = {\url{https://eprint.iacr.org/2014/968}},
      url = {https://eprint.iacr.org/2014/968}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.