Abstract In recent years, Radio Frequency Identification (RFID) systems are widely used in many applications. In some applications, the ownership of an RFID tag might change. To provide a solution, researchers have proposed several ownership transfer protocols based on encryption functions for RFID-tagged objects. In this paper, we consider the security of Kapoor and Piramuthu [3] ownership transfer protocol and Kapoor et al. [4] ownership transfer protocol. More precisely, we present de-synchronization attacks against these protocols. The success probability of all attacks is 1 while the complexity is only two runs of protocol. Finally, we present our suggestions to improve the security of these protocols.

References

[1] Chen C., Lai Y., Chen C., Deng Y., and Hwang Y., RFID Ownership Transfer Authorization Systems Conforming Epcglobal Class-1 Generation-2 Standards, International Journal of Network Security, vol. 13, no. 1, pp. 41-48, 2011.

[2] Fouladgar S. and Afifi H., A Simple Privacy Protecting Scheme Snabling Delegation and Ownership Transfer for RFID Tags, Journal of Communications, vol. 2, no. 6, pp. 6-13, 2007.

[3] Kapoor G. and Piramuthu S., Single RFID Tag Ownership Transfer Protocols, IEEE Transactions on Systems, Man, and Cybernetics, Part C, vol. 42, no. 2, pp. 164-173, 2012.

[4] Kapoor G., Zhou W., and Piramuthu S., Multi- Tag and Multi-Owner RFID Ownership Transfer in Supply Chains, Decision Support Systems, vol. 52, no. 1, pp. 258-270, 2011.

[5] Kochar B. and Chhillar R., An Effective Data Warehousing System for RFID Using Novel Data Cleaning, Data Transformation and Loading Techniques, The International Arab Journal of Information Technology, vol. 9, no. 3, pp. 208- 216, 2012.

[6] Kulseng L., Yu Z., Wei Y., and Guan Y., Lightweight Mutual Authentication and Ownership Transfer for RFID Systems, in Proceedings of IEEE INFOCOM, San Diego, pp. 251-255, 2010.

[7] Lo N., Ruan S., and Wu T., Ownership Transfer Protocol for RFID Objects Using lightweight Computing Operators, in Proceedings of International Conference for Internet Technology and Secured Transactions, Abu Dhabi, pp. 484- 489, 2011.

[8] Lopez P., Hernandez-Castro J., Tapiador J., Li T., and Li Y., Vulnerability Analysis of RFID Protocols for Tag Ownership Transfer, 93 On the Security of Two Ownership Transfer Protocols and Their Improvements Computer Networks, vol. 54, no. 9, pp. 1502- 1508, 2010.

[9] Molnar D., Soppera A., and Wagner D., A scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags, in Proceedings of the 12th International Conference on Selected Areas in Cryptography, Kingston, pp. 276-290, 2005.

[10] Munilla J., Peinado A., Yang G., and Susilo W., Enhanced Ownership Transfer Protocol for RFID in an Extended Communication Model, http://eprint.iacr.org/, Last Visited 2014.

[11] Nasir M., Norman A., Fauzi S., and Azmi M., An RFID-based Validation System for Halal Food, The International Arab Journal of Information Technology, vol. 8, no. 2, pp. 204- 211, 2011.

[12] Safkhani M., Bagheri N., Naderi M., and Mahani A., On the Security of Lo et al. s ownership transfer protocol, http://eprint.iacr.org/, Last Visited, 2014.

[13] Saito J., Imamoto K., and Sakurai K., Reassignment Scheme of an RFID Tag's Key for Owner Transfer, in Proceedings of International Conference on Embedded and Ubiquitous Computing, Taiwan, pp. 1303-1312, 2005.

[14] Song B. and Mitchell C., Scalable RFID Security Protocols Supporting Tag Ownership Transfer, Computer Communications, vol. 34, no. 4, pp. 556-566, 2011.

[15] Yang M. and Hu H., Protocol for Ownership Transfer Across Authorities: With the Ability to Assign Transfer Target, Security and Communication Networks, vol. 5, no. 2, pp. 164- 177, 2012.

[16] Yang M., Secure Multiple Group Ownership Transfer Protocol for Mobile RFID, Electronic Commerce Research and Applications, vol. 11, no. 4, pp. 361-373, 2012.

[17] Zuo Y., Changing Hands Together: a Secure Group Ownership Transfer Protocol for RFID Tags, in Proceedings of 43rd Hawaii International Conference on System Sciences, Honolulu, pp. 1-10, 2010. Nasour Bagheri is an assistant professor at Electrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran, Iran. He is the author of over 70 articles in information security and cryptology. Farhad Aghili received his MSc of Electrical Engineering from SRTTU, 2013. His research interest includes RFID security. Masoumeh Safkhani is an assistant professor at Computer Engineering Department, Shahid Rajaee Teacher Training University, Tehran, Iran. She is the author of 30 articles in cryptology. Her current research interest includes RFID security.