Abstract
We present a formal model for stateful security protocols. This model is used to define ownership and ownership transfer as concepts as well as security properties. These definitions are based on an intuitive notion of ownership related to physical ownership. They are aimed at RFID systems, but should be applicable to any scenario sharing the same intuition of ownership.
We discuss the connection between ownership and the notion of desynchronization resistance and give the first formal definition of the latter. We apply our definitions to existing RFID protocols, exhibiting attacks on desynchronization resistance, secure ownership, and secure ownership transfer.
Chapter PDF
Similar content being viewed by others
References
Cremers, C., Mauw, S.: Operational semantics of security protocols. In: Leue, S., Systä, T.J. (eds.) Scenarios: Models, Transformations and Tools. LNCS, vol. 3466, pp. 66–89. Springer, Heidelberg (2005)
Ryan, P., Schneider, S., Goldsmith, M., Lowe, G., Roscoe, B.: Modelling and Analysis of Security Protocols. Addison-Wesley Professional, Reading (2001)
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory IT-29(2), 198–208 (1983)
Rudolph, E., Graubmann, P., Grabowski, J.: Tutorial on message sequence charts. Computer Networks and ISDN Systems 28(12), 1629–1641 (1996)
Yoon, E., Yoo, K.: Two security problems of RFID security method with ownership transfer. In: Proc. IFIP International Conference on Network and Parallel Computing, pp. 68–73. IEEE Computer Society Press, Los Alamitos (2008)
Song, B., Mitchell, C.: RFID authentication protocol for low-cost tags. In: Proc. First ACM Conference on Wireless Network Security, pp. 140–147. ACM, New York (2008)
Song, B.: RFID tag ownership transfer. In: Proc. Workshop on RFID Security (2008)
van Deursen, T., Radomirović, S.: Attacks on RFID protocols. Cryptology ePrint Archive, Report 2008/310 (2008), http://eprint.iacr.org/
Molnar, D., Soppera, A., Wagner, D.: A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 276–290. Springer, Heidelberg (2006)
Saito, J., Imamoto, K., Sakurai, K.: Reassignment scheme of an RFID tag’s key for owner transfer. In: Enokido, T., Yan, L., Xiao, B., Kim, D.Y., Dai, Y.-S., Yang, L.T. (eds.) EUC-WS 2005. LNCS, vol. 3823, pp. 1303–1312. Springer, Heidelberg (2005)
Osaka, K., Takagi, T., Yamazaki, K., Takahashi, O.: An efficient and secure RFID security method with ownership transfer. In: Wang, Y., Cheung, Y.-m., Liu, H. (eds.) CIS 2006. LNCS (LNAI), vol. 4456, pp. 778–787. Springer, Heidelberg (2007)
Lei, H., Cao, T.: RFID protocol enabling ownership transfer to protect against traceability and dos attacks. In: Proc. The First International Symposium on Data, Privacy, and E-Commerce, pp. 508–510. IEEE Computer Society, Los Alamitos (2007)
Jäppinen, P., Hämäläinen, H.: Enhanced RFID security method with ownership transfer. In: Proc. International Conference on Computational Intelligence and Security, pp. 382–385. IEEE Computer Society Press, Los Alamitos (2008)
Lim, C.H., Kwon, T.: Strong and robust RFID authentication enabling perfect ownership transfer. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 1–20. Springer, Heidelberg (2006)
Fouladgar, S., Afifi, H.: A simple privacy protecting scheme enabling delegation and ownership transfer for RFID tags. Journal of Communications 2, 6–13 (2007)
Koralalage, K., Reza, S.M., Miura, J., Goto, Y., Cheng, J.: POP method: an approach to enhance the security and privacy of RFID systems used in product lifecycle with an anonymous ownership transferring mechanism. In: Proc. ACM Symposium on Applied Computing, pp. 270–275. ACM, New York (2007)
Dimitriou, T.: rfidDOT: RFID delegation and ownership transfer made simple. In: Proc. 4th International Conference on Security and Privacy in Communication Networks, pp. 1–8. ACM Press, New York (2008)
Fokkink, W.: Introduction to Process Algebra. Texts in Theoretical Computer Science. An EATCS Series. Springer, Heidelberg (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
van Deursen, T., Mauw, S., Radomirović, S., Vullers, P. (2009). Secure Ownership and Ownership Transfer in RFID Systems. In: Backes, M., Ning, P. (eds) Computer Security – ESORICS 2009. ESORICS 2009. Lecture Notes in Computer Science, vol 5789. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04444-1_39
Download citation
DOI: https://doi.org/10.1007/978-3-642-04444-1_39
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04443-4
Online ISBN: 978-3-642-04444-1
eBook Packages: Computer ScienceComputer Science (R0)