Radio Frequency Identification (RFID) is a wireless communication technology nowadays widely used in almost every aspect of our lives including healthcare, logistics and supply chain management, inventory tracking, race timing, access control, toll collection, and a lot more. In RFID systems, a tag usually stores private or sensitive information, and so it needs an access control mechanism. When a tag's owner is changed, the read permission of the tag needs to be transferred from the old owner to the new owner, and this is when ownership transfer schemes come into play. In fact, not only do RFID ownership transfer schemes do ownership transfer, but they have to make sure that the ownership transfer procedure is executed under proper security protection. Besides, in some particular environments, the ownership transfer would be far more efficiently done if the tags could be treated as a group instead of individual tags. Therefore, in this paper, we propose a novel group ownership transfer protocol that satisfies all important security requirements including mutual authentication, data and location privacy, forward/backward secrecy, ownership privacy, and group ownership integrity. In addition, due to the use of cloud computing, our new protocol provides ubiquitous authentication. Based on homomorphic encryption and quadratic residues, our novel RFID group ownership transfer protocol can have encrypted data efficiently processed, and the communication cost is very low. The results of our BAN logic correctness check, security analysis, and performance evaluation confirm that the new protocol is logically correct and is capable of providing high level security/privacy protection on the basis of high cost-effective performance.
Read full abstract