Abstract
Sundaresan et al. proposed recently a novel ownership transfer protocol for multi-tag multi-owner RFID environments that complies with the EPC Class1 Generation2 standard. The authors claim that this provides individual-owner privacy and prevents tracking attacks. We show that this protocol falls short of its security objectives, and describe attacks that allow: (a) an eavesdropper to trace a tag, (b) the previous owner to obtain the private information that the tag shares with the new owner, and (c) an adversary that has access to the data stored on a tag to link this tag to previous interrogations (violating forward-secrecy). We analyze the security proof and show that while the first two cases can be addressed with a more careful design, strong privacy remains an open problem for lightweight RFID applications.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
