Secure Ownership and Ownership Transfer in RFID Systems
We present a formal model for stateful security protocols. This model is used to define ownership and ownership transfer as concepts as well as security properties. These definitions are based on an intuitive notion of ownership related to physical ownership. They are aimed at RFID systems, but should be applicable to any scenario sharing the same intuition of ownership.
We discuss the connection between ownership and the notion of desynchronization resistance and give the first formal definition of the latter. We apply our definitions to existing RFID protocols, exhibiting attacks on desynchronization resistance, secure ownership, and secure ownership transfer.
KeywordsRFID protocols ownership desynchronization resistance ownership transfer formal verification
- 2.Ryan, P., Schneider, S., Goldsmith, M., Lowe, G., Roscoe, B.: Modelling and Analysis of Security Protocols. Addison-Wesley Professional, Reading (2001)Google Scholar
- 5.Yoon, E., Yoo, K.: Two security problems of RFID security method with ownership transfer. In: Proc. IFIP International Conference on Network and Parallel Computing, pp. 68–73. IEEE Computer Society Press, Los Alamitos (2008)Google Scholar
- 7.Song, B.: RFID tag ownership transfer. In: Proc. Workshop on RFID Security (2008)Google Scholar
- 8.van Deursen, T., Radomirović, S.: Attacks on RFID protocols. Cryptology ePrint Archive, Report 2008/310 (2008), http://eprint.iacr.org/
- 12.Lei, H., Cao, T.: RFID protocol enabling ownership transfer to protect against traceability and dos attacks. In: Proc. The First International Symposium on Data, Privacy, and E-Commerce, pp. 508–510. IEEE Computer Society, Los Alamitos (2007)Google Scholar
- 13.Jäppinen, P., Hämäläinen, H.: Enhanced RFID security method with ownership transfer. In: Proc. International Conference on Computational Intelligence and Security, pp. 382–385. IEEE Computer Society Press, Los Alamitos (2008)Google Scholar
- 16.Koralalage, K., Reza, S.M., Miura, J., Goto, Y., Cheng, J.: POP method: an approach to enhance the security and privacy of RFID systems used in product lifecycle with an anonymous ownership transferring mechanism. In: Proc. ACM Symposium on Applied Computing, pp. 270–275. ACM, New York (2007)Google Scholar
- 17.Dimitriou, T.: rfidDOT: RFID delegation and ownership transfer made simple. In: Proc. 4th International Conference on Security and Privacy in Communication Networks, pp. 1–8. ACM Press, New York (2008)Google Scholar