Paper 2010/634

ROTIV: RFID Ownership Transfer with Issuer Verification

Kaoutar Elkhiyaoui, Erik-Oliver Blass, and Refik Molva

Abstract

RFID tags travel between partner sites in a supply chain. For privacy reasons, each partner “owns” the tags present at his site, i.e., the owner is the only entity able to authenticate his tags. However, when passing tags on to the next partner in the supply chain, ownership of the old partner is “transferred” to the new partner. In this paper, we propose ROTIV, a protocol that allows for secure ownership transfer against some malicious owners. Furthermore, ROTIV offers issuer verification to prevent malicious partners from injecting fake tags not originally issued by some trusted party. As part of ownership, ROTIV provides a constant-time, privacy-preserving authentication. ROTIV’s main idea is to combine an HMAC-based authentication with tag key and state updates during ownership transfer. To assure privacy, ROTIV implements tag state re-encryption techniques and key update techniques, performed on the reader. ROTIV is designed for lightweight tags – tags are only required to evaluate a hash function.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
RFIDownership transferissuer verification.
Contact author(s)
kaoutar elkhiyaoui @ eurecom fr
History
2011-06-09: last of 2 revisions
2010-12-13: received
See all versions
Short URL
https://ia.cr/2010/634
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2010/634,
      author = {Kaoutar Elkhiyaoui and Erik-Oliver Blass and Refik Molva},
      title = {{ROTIV}: {RFID} Ownership Transfer with Issuer Verification},
      howpublished = {Cryptology {ePrint} Archive, Paper 2010/634},
      year = {2010},
      url = {https://eprint.iacr.org/2010/634}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.