Skip to main content

Vulnerability analysis of RFID protocols for tag ownership transfer

Peris-Lopez, Pedro, Hernandez-Castro, Julio C., Tapiador, Juan E., Li, Tieyan, Li, Yingjiu (2010) Vulnerability analysis of RFID protocols for tag ownership transfer. Computer Networks, 54 (9). pp. 1502-1508. ISSN 1389-1286. (doi:10.1016/j.comnet.2009.11.007) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided) (KAR id:31945)

Language: English

Restricted to Repository staff only
[thumbnail of Vulnerability analysis of RFID protocols for tag ownership transfer.pdf]
Official URL


n RFIDSec'08, Song proposed an ownership transfer scheme, which consists of an ownership transfer protocol and a secret update protocol [7]. The ownership transfer protocol is completely based on a mutual authentication protocol proposed in WiSec'08 [8]. In Rizomiliotis et al. (2009) [6], van Deursen and Radomirovic (2008), the first weaknesses to be identified (tag and server impersonation) were addressed and this paper completes the consideration of them all. We find that the mutual authentication protocol, and therefore the ownership transfer protocol, possesses certain weaknesses related to most of the security properties initially required in protocol design: tag information leakage, tag location tracking, and forward traceability. Moreover, the secret update protocol is not immune to de-synchronization attacks.

Item Type: Article
DOI/Identification number: 10.1016/j.comnet.2009.11.007
Uncontrolled keywords: Authentication; Ownership transfer; RFID; Security protocols
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Julio Hernandez Castro
Date Deposited: 24 Oct 2012 12:53 UTC
Last Modified: 16 Nov 2021 10:09 UTC
Resource URI: (The current URI for this page, for reference purposes)
Hernandez-Castro, Julio C.:
  • Depositors only (login required):