RFID tags travel between partner sites in a supply chain. For privacy reasons, each partner owns the tags present at his site, i.e., the owner is the only entity able to authenticate his tags. However, when passing tags on to the next partner in the supply chain, ownership of the old partner is transferred to the new partner. In this paper, we propose ROTIV, a protocol that allows for secure ownership transfer against some malicious owners. Furthermore, ROTIV offers issuer verification to prevent malicious partners from injecting fake tags not originally issued by some trusted party. As part of ownership, ROTIV provides a constant-time, privacy-preserving authentication. ROTIV's main idea is to combine an HMAC-based authentication with tag key and state updates during ownership transfer. To assure privacy, ROTIV implements tag state re-encryption techniques and key update techniques, performed on the reader. ROTIV is designed for lightweight tags tags are only required to evaluate a hash function.
ROTIV: RFID ownership transfer with issuer verification
RFIDSec 2011, 7th International Workshop on Radio Frequency Identification: Security and Privacy Issues, 26-28 June 2011, Amherst, MA, USA / Also in Lecture Notes in Computer Science, vol 7055
Type:
Conference
Date:
2011-06-26
Department:
Digital Security
Eurecom Ref:
3309
Copyright:
© Springer. Personal use of this material is permitted. The definitive version of this paper was published in RFIDSec 2011, 7th International Workshop on Radio Frequency Identification: Security and Privacy Issues, 26-28 June 2011, Amherst, MA, USA / Also in Lecture Notes in Computer Science, vol 7055 and is available at : https://doi.org/10.1007/978-3-642-25286-0_11
See also:
PERMALINK : https://www.eurecom.fr/publication/3309
