An Improved RFID Ownership Transfer Protocol Based on Cloud

doi:10.3969/j.issn.1671-1122.2017.08.009

Abstract

Abstract:

Aiming at the deficiency of CROP protocol, an improved ownership transfer protocol is proposed in this paper. In order to resist the inner reader impersonation attack, the improved scheme adds new storage information to the cloud, which introduces the current reader’s shared key for Hash encryption to ensure the key confidentiality. In the tag authentication information, the random numbers generated by the current and new reader are added to perform the pseudo random function and the quadratic residue encryption to resist tag impersonation and reader tracing attacks. To solve the de-synchronization attack, the reader simultaneously stores the updated and un-updated key to ensure synchronization between the reader and the tag. Using the quadratic residue theorem to encrypt the index to ensure the current reader can use the index quickly retrieve the legal tag and improve the authentication efficiency. Based on the Vaudenay privacy model, this paper proves the improved scheme satisfies the privacy performance of strong forward as well as backward un-traceability and can resist inner reader impersonation, de-synchronization, tag impersonation attacks and other security risks. The experimental results show that the improved scheme effectively reduces the reader’s authentication time. Compared with the existing protocols, this paper improves the scalability of the protocol while satisfying the secure ownership transfer.

Key words: RFID, ownership transfer protocol, quadratic residue theorem, Vaudenay privacy model

CLC Number:

TP393

Ping WANG, Zhiping ZHOU. An Improved RFID Ownership Transfer Protocol Based on Cloud[J]. Netinfo Security, 2017, 17(8): 60-68.

Figures/Tables 5

References 21

[1]	XIN Wei, GUAN Zhi, YANG Tao, et al.An Efficient Privacy-preserving RFID Ownership Transfer Protocol[C]//Springer. The 15th International Asia-Pacific Web Conference, April 4-6, 2013, Sydney, Australia. Heidelberg: Springer, 2013: 538-549.
[2]	LI Qingshan, XU Xiaolin, CHEN Zhong.PUF-Based RFID Ownership Transfer Protocol in an Open Environment[C]//IEEE. 15th International Conference on Parallel and Distributed Computing, Applications and Technologies, December 9-11, 2014, Hong Kong, China. New Jersey: IEEE, 2014: 131-137.
[3]	VAUDENAY S.On Privacy Models for RFID[C]//Springer. 13th International Conference on the Theory and Application of Cryptology and Information Security, December 2-6, 2007, Kuching, Malaysia. Heidelberg: Springer, 2007: 68-87.
[4]	OSAKA K, TAKAGI T, YAMAZAKI K, et al.An Efficient and Secure RFID Security Method with Ownership Transfer[C]//IEEE. 2006 International Conference on Computational Intelligence and Security, November 3-6, 2006, Guangzhou, China. New Jersey: IEEE, 2006, 1090-1095.
[5]	YOON E J, YOO K Y.Two Security Problems of RFID Security Method with Ownership Transfer[C]//IEEE. IFIP International Conference on Network and Parallel Computing, October 18-21, 2008, Shanghai, China. New Jersey: IEEE, 2008: 68-73.
[6]	KAPOOR G, PIRAMUTHU S.Single RFID Tag Ownership Transfer Protocols[J]. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 2012, 42(2): 164-173.
[7]	CHEN C L, HUANG Y C, JIANG J R.A Secure Ownership Transfer Protocol Using EPCglobal Gen-2 RFID[J]. Telecommunication Systems, 2013, 53(4): 387-399.
[8]	YANG M H, HU H Y.Protocol for Ownership Transfer Across Authorities: with the Ability to Assign Transfer Target[J]. Security and Communication Networks, 2012, 5(2): 164-177.
[9]	SUNDARESAN S, DOSS R, ZHOU Wanlei, et al.Secure Ownership Transfer for Multi-tag Multi-owner Passive RFID Environment with Individual-owner-privacy[J]. Computer Communications, 2015(55): 112-124.
[10]	MUNILLA J, BURMESTER M, PEINADO A.Attacks on Ownership Transfer Scheme for Multi-tag Multi-owner Passive RFID Environments[J]. Computer Communications, 2016(88): 84-88.
[11]	CHEN C L, CHIEN C F.An Ownership Transfer Scheme using Mobile RFIDs[J]. Wireless Personal Communications, 2013, 68(3): 1093-1119.
[12]	XIE W, XIE L, ZHANG C, et al.Cloud-based RFID Authentication[C]//IEEE. 2013 IEEE International Conference on RFID, April 30-May 2, 2013. New Jersey: IEEE, 2013: 168-175.
[13]	CHEN Shuaimin, WU Muen, SUN H M, et al.CRFID: An RFID System with a Cloud Database as a Back-end Server[J]. Future Generation Computer Systems, 2014, 30(1): 155-161.
[14]	DOSS R, ZHOU Wanlei, YU Shui.Secure RFID Tag Ownership Transfer Based on Quadratic Residues[J]. IEEE Transactions on Information Forensics and Security, 2013, 8(2): 390-401.
[15]	YEH T C, WU C H, TSENG Y M.Improvement of the RFID Authentication Scheme Based on Quadratic Residues[J]. Computer Communications, 2011, 34(3): 337-341.
[16]	CAO Tianjie, CHEN Xiuqing, DOSS R, et al.RFID Ownership Transfer Protocol Based on Cloud[J]. Computer Networks, 2016, 105(C): 47-59.
[17]	马庆,郭亚军,曾庆江,等. 一种新的超轻量级RFID双向认证协议[J]. 信息网络安全,2016(5):44-50.
[18]	陈秀清,曹天杰,翟靖轩. 可证明安全的轻量级RFID所有权转移协议[J]. 电子与信息学报,2016,38(8):2091-2098.
[19]	张玉婷,严承华. 一种基于双向认证协议的RFID标签认证技术研究[J]. 信息网络安全,2016(1):64-69.
[20]	沈金伟,凌捷. 一种改进的超轻量级RFID所有权转移协议[J]. 计算机科学,2014,41(12):125-128.
[21]	吴潇,常成,覃文杰,等. 基于RFID和数字水印技术的标签防伪验证方法[J]. 信息网络安全,2015(8):26-34.