eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

Paper 2014/968

Attacks on Secure Ownership Transfer for Multi-Tag Multi-Owner Passive RFID Environments

Jorge Munilla, Mike Burmester, and Albert Peinado

Abstract

Sundaresan et al proposed recently a novel ownership transfer protocol for multi-tag multi-owner RFID environments that complies with the EPC Class1 Generation2 standard. The authors claim that this provides individual-owner privacy and prevents tracking attacks. In this paper we show that this protocol falls short of its security objectives. We describe attacks that allow: a) an eavesdropper to trace a tag, b) the previous owner to obtain the private information that the tag shares with the new owner, and c) an adversary that has access to the data stored on a tag to link this tag to previous interrogations (forward-secrecy). We then analyze the security proof and show that while the first two cases can be solved with a more careful design, for lightweight RFID applications strong privacy remains an open problem.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
cryptanalysisanonymityRFID
Contact author(s)
burmester @ cs fsu edu
History
2014-11-28: received
Short URL
https://ia.cr/2014/968
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2014/968,
      author = {Jorge Munilla and Mike Burmester and Albert Peinado},
      title = {Attacks on Secure Ownership Transfer for Multi-Tag Multi-Owner Passive RFID Environments},
      howpublished = {Cryptology ePrint Archive, Paper 2014/968},
      year = {2014},
      note = {\url{https://eprint.iacr.org/2014/968}},
      url = {https://eprint.iacr.org/2014/968}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.