Secure Ownership and Ownership Transfer in RFID Systems

  • Ton van Deursen
  • Sjouke Mauw
  • Saša Radomirović
  • Pim Vullers
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5789)


We present a formal model for stateful security protocols. This model is used to define ownership and ownership transfer as concepts as well as security properties. These definitions are based on an intuitive notion of ownership related to physical ownership. They are aimed at RFID systems, but should be applicable to any scenario sharing the same intuition of ownership.

We discuss the connection between ownership and the notion of desynchronization resistance and give the first formal definition of the latter. We apply our definitions to existing RFID protocols, exhibiting attacks on desynchronization resistance, secure ownership, and secure ownership transfer.


RFID protocols ownership desynchronization resistance ownership transfer formal verification 


  1. 1.
    Cremers, C., Mauw, S.: Operational semantics of security protocols. In: Leue, S., Systä, T.J. (eds.) Scenarios: Models, Transformations and Tools. LNCS, vol. 3466, pp. 66–89. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Ryan, P., Schneider, S., Goldsmith, M., Lowe, G., Roscoe, B.: Modelling and Analysis of Security Protocols. Addison-Wesley Professional, Reading (2001)Google Scholar
  3. 3.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory IT-29(2), 198–208 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Rudolph, E., Graubmann, P., Grabowski, J.: Tutorial on message sequence charts. Computer Networks and ISDN Systems 28(12), 1629–1641 (1996)CrossRefGoogle Scholar
  5. 5.
    Yoon, E., Yoo, K.: Two security problems of RFID security method with ownership transfer. In: Proc. IFIP International Conference on Network and Parallel Computing, pp. 68–73. IEEE Computer Society Press, Los Alamitos (2008)Google Scholar
  6. 6.
    Song, B., Mitchell, C.: RFID authentication protocol for low-cost tags. In: Proc. First ACM Conference on Wireless Network Security, pp. 140–147. ACM, New York (2008)CrossRefGoogle Scholar
  7. 7.
    Song, B.: RFID tag ownership transfer. In: Proc. Workshop on RFID Security (2008)Google Scholar
  8. 8.
    van Deursen, T., Radomirović, S.: Attacks on RFID protocols. Cryptology ePrint Archive, Report 2008/310 (2008),
  9. 9.
    Molnar, D., Soppera, A., Wagner, D.: A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 276–290. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Saito, J., Imamoto, K., Sakurai, K.: Reassignment scheme of an RFID tag’s key for owner transfer. In: Enokido, T., Yan, L., Xiao, B., Kim, D.Y., Dai, Y.-S., Yang, L.T. (eds.) EUC-WS 2005. LNCS, vol. 3823, pp. 1303–1312. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Osaka, K., Takagi, T., Yamazaki, K., Takahashi, O.: An efficient and secure RFID security method with ownership transfer. In: Wang, Y., Cheung, Y.-m., Liu, H. (eds.) CIS 2006. LNCS (LNAI), vol. 4456, pp. 778–787. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Lei, H., Cao, T.: RFID protocol enabling ownership transfer to protect against traceability and dos attacks. In: Proc. The First International Symposium on Data, Privacy, and E-Commerce, pp. 508–510. IEEE Computer Society, Los Alamitos (2007)Google Scholar
  13. 13.
    Jäppinen, P., Hämäläinen, H.: Enhanced RFID security method with ownership transfer. In: Proc. International Conference on Computational Intelligence and Security, pp. 382–385. IEEE Computer Society Press, Los Alamitos (2008)Google Scholar
  14. 14.
    Lim, C.H., Kwon, T.: Strong and robust RFID authentication enabling perfect ownership transfer. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 1–20. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Fouladgar, S., Afifi, H.: A simple privacy protecting scheme enabling delegation and ownership transfer for RFID tags. Journal of Communications 2, 6–13 (2007)CrossRefGoogle Scholar
  16. 16.
    Koralalage, K., Reza, S.M., Miura, J., Goto, Y., Cheng, J.: POP method: an approach to enhance the security and privacy of RFID systems used in product lifecycle with an anonymous ownership transferring mechanism. In: Proc. ACM Symposium on Applied Computing, pp. 270–275. ACM, New York (2007)Google Scholar
  17. 17.
    Dimitriou, T.: rfidDOT: RFID delegation and ownership transfer made simple. In: Proc. 4th International Conference on Security and Privacy in Communication Networks, pp. 1–8. ACM Press, New York (2008)Google Scholar
  18. 18.
    Fokkink, W.: Introduction to Process Algebra. Texts in Theoretical Computer Science. An EATCS Series. Springer, Heidelberg (2000)CrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Ton van Deursen
    • 1
  • Sjouke Mauw
    • 1
  • Saša Radomirović
    • 1
  • Pim Vullers
    • 1
    • 2
  1. 1.University of LuxembourgLuxembourg
  2. 2.Radboud University NijmegenThe Netherlands

Personalised recommendations