RFID Security pp 147-176 | Cite as

An Efficient and Secure RFID Security Method with Ownership Transfer

  • Kyosuke Osaka
  • Tsuyoshi Takagi
  • Kenichi Yamazaki
  • Osamu Takahashi


We are facing privacy and security problems and challenges to RFID systems. Recent papers have reported that RFID systems have to achieve the following requirements (1) indistinguishability, (2) forward security, (3) resistance against replay attack, (4) resistance against tag killing and (5) ownership transferability. We have to design the RFID system that achieves the above requirements. Existing RFID security schemes achieve some of them, but no one has been constructed that achieves all requirements. In this chapter, we analyze previously reported RFID security schemes, and propose an RFID security method that achieves all requirements, based on a hash function and a symmetric key cryptosystem. Our proposed method provides not only high security but also high efficiency.


Hash Function Authentication Protocol Replay Attack Ownership Transfer Forward Security 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Auto-ID Center (2003). 860MHz-930MHz Class 0 Radio Frequency Identification Tag Protocol Specification Candidate Recommendation, Version 1.0.0Google Scholar
  2. 2.
    G. Avoine and P. Oechslin (2005). A Scalable and Provably Secure Hash-Based RFID Protocol. In PerSec 2005, IEEE Computer Society Press, Washington, DC pp. 110–114Google Scholar
  3. 3.
    G. Avoine, E. Dysli, and P. Oechslin (2005). Reducing time Complexity in RFID Systems. In SAC 2005, LNCS 3897, pp. 291–306Google Scholar
  4. 4.
    D.N. Duc, J. Park, H. Lee, and K. Kim (2006). Enhancing Security of EPCglobal Gen-2 RFID Tag against Traceability and Cloning. In SCIS 2006, Proceedings of SCIS 2006, p. 97 5.Google Scholar
  5. 5.
    EPCglobal (2004).EPC Tag Data Standards Version 1.1 Rev. 1.24Google Scholar
  6. 6.
    P. Golle, M. Jakobsson, A. Juels, and P. Syverson (2004). Universal Re-Encryption for Mixnets. In CT-RSA 2004, LNCS 2964, pp.163–178MathSciNetGoogle Scholar
  7. 7.
    D.G. Han, T. Takagi, H.W. Kim, and K.I. Chung (2006). New Security Problem in RFID Systems “Tag Killing”. In ACIS 2006, LNCS 3982, pp. 375–384Google Scholar
  8. 8.
    M.E. Hellman (1980). A cryptanalytic time-memory trade-off. IEEE Transactions on Information Theory, IT-26(4) 401–406CrossRefMathSciNetGoogle Scholar
  9. 9.
    D. Henrici and P. M üller (2004). Hash-Based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers. In PerSec 2004, IEEE Computer Society press, washington, DC, pp. 149–153Google Scholar
  10. 10.
    J. Kang and D. Nyang (2005). RFID Authentication Protocol with Strong Resistance Against Traceability and Denial of Service Attacks. In ESAS 2005, LNCS 3813, pp. 164–175Google Scholar
  11. 11.
    S. Kinoshita, F. Hoshino, T. Komuro, A. Fujimura, and M. Ohkubo (2004). Low-cost RFID privacy protection scheme. IPSJ Journal, 45(8) 2007–2021 (In Japanese)Google Scholar
  12. 12.
    J. Kwak, K. Rhee, S. Oh, S. Kim, and D. Won (2005). RFID System with Fairness within the Framework of Security and Privacy. In ESAS 2005, LNCS 3813, pp. 142–152Google Scholar
  13. 13.
    C.H. Lim and T. Kwon (2006). Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer. In ICICS 2006, LNCS 4307, pp. 1–20MathSciNetGoogle Scholar
  14. 14.
    D. Molnar and D. Wagner (2004). Privacy and Security in Library RFID: Issues, Practices, and Architectures. In ACM CCS, ACM Press, New York, NY, pp. 210–219Google Scholar
  15. 15.
    Y. Nohara, S. Inoue, K. Baba, and H. Yasuura (2005). Quantitative Evaluation of Unlinkable ID Matching Schemes. In WPES 2005, ACM press, New York, NY, pp. 55–60Google Scholar
  16. 16.
    P. Oechslin (2003). Making a Faster Cryptanalytic Time-Memory Trade-Off. Crypto 2003, LNCS 2729, pp. 617–630MathSciNetGoogle Scholar
  17. 17.
    M. Ohkubo, K. Suzuki, and S. Kinoshita (2003). Cryptographic Approach to “Privacy-Friendly” Tags. RFID Privacy WorkshopGoogle Scholar
  18. 18.
    K. Rhee, J. Kwak, S. Kim, and D. Won (2005). Challenge-Response based RFID Authentication Protocol for Distributed Database Environment. In SPC 2005, LNCS 3450, pp. 70–84Google Scholar
  19. 19.
    J. Saito and K. Sakurai (2005). Owner Transferable Privacy Protection Scheme for RFID Tags. In CSS 2005, Proceedings of CSS 2005, vol. 1, pp. 283–288 (in japanese)Google Scholar
  20. 20.
    J. Saito, J.C. Ryou, and K. Sakurai (2004). Enhancing Privacy of Universal Re-encryption Scheme for RFID Tags. In EUC 2004, LNCS 3207, pp. 879–890Google Scholar
  21. 21.
    J. Saito, K. Imamoto, and K. Sakurai (2005). Reassignment Scheme of an RFID Tag's Key for Owner Transfer. In ECU 2005 Workshops, LNCS 3823, pp. 1303–1312Google Scholar
  22. 22.
    S.E. Sarma, S.A. Weis, and D.W. Engels (2003). Radio-frequency identification: Security risks and challenges. Cryptobytes (RSA Laboratories), 6(1) 2–9Google Scholar
  23. 23.
    S.A. Weis (2003). Security and Privacy in Radio-Frequency Identification Devices. Master Thesis, University of California BerkeleyGoogle Scholar
  24. 24.
    S.A. Weis, S.E. Sarma, R.L. Rivest, and D.W. Engels (2003). Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In SPC 2003, LNCS 2802, pp. 201–212Google Scholar
  25. 25.
    S.S. Yeo and S.K. Kim (2005). Scalable and Flexible Privacy Protection Scheme for RFID Systems. In ESA 2005, LNCS 3813, pp. 153–163Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Kyosuke Osaka
    • 1
  • Tsuyoshi Takagi
  • Kenichi Yamazaki
  • Osamu Takahashi
  1. 1.Future University-HakodateHakodateJapan

Personalised recommendations