Wireless Pers CommunDOI 10.1007/s11277-013-1011-5

Cryptanalaysis of an EPCC1G2 Standard CompliantOwnership Transfer Scheme

Jorge Munilla · Fuchun Guo · Willy Susilo

© Springer Science+Business Media New York 2013

Abstract Recently, Chen and Chien have proposed a novel ownership transfer scheme withlow implementation costs and conforming to the EPC Class-1 Generation-2 standard. Theauthors claimed that the proposed scheme is able to resist all attacks, and hence it has bettersecurity and performance than its predecessors. However, in this paper we show that theprotocol fails short of its security objectives, and it is even less secure than the previouslyproposed schemes. In fact, we describe several attacks which allow to recover all the secretinformation stored in the tag. Obviously, once this information is known, tags can be easilytraced and impersonated.

Keywords RFID · EPCC1G2 · Ownership transfer · Cryptanalysis

1 Introduction

Radio frequency identification (RFID) is a technology that is widely deployed for supply-chain and inventory managements, retail operations and more generally for automatic iden-tifications. The advantage of RFID over barcode technology is that it is wireless and there isno necessity of direct line-of-sight reading. Furthermore, RFID readers can interrogate tagsat greater distances, faster and concurrently [1].

Typical RFID architecture involves three main components: (i) Tags or transponders,which are electronic data storages that are attached to the objects to be identified; (ii) Readers

J. Munilla (B)E.T.S.I. Telecomunicación, University of Málaga, Málaga, Spaine-mail: munilla@ic.uma.es

F. Guo · W. SusiloSchool of Computer Science and Software Engineering, University of Wollongong, Wollongong, Australiae-mail: fuchun@uow.edu.au

W. Susiloe-mail: wsusilo@uow.edu.au

123

J. Munilla et al.

or interrogators, which manage tag population, read data from and write data to tags; and(iii) A back-end Server, which is a trusted entity that processes private tag data. Tags areinactive till they pass through the electromagnetic field generated by a reader, which is tunedto the same frequency [2]. The reader receives the tag’s signal and transfers data to the Back-end Server, which processes this information according to the specific intended application.

Initial designs of RFID identification protocols focused on performance issues with lesserattention paid to resilience and security. However, this technology has matured and it isused in many secure applications [3]. These applications require implementation of securitymechanisms which: (i) take into account its special characteristics; e.g. vulnerabilities ofthe radio channel, power-constrained devices, low-cost tags with limited functionalities andreply upon request, and (ii) make them resistant to the different risks that they face; such aslack of privacy or confidentiality, malicious traceability and loss of data integrity.

Apart from the aforementioned requirements, key management becomes an issue whenthe owner of a tagged item changes [4]. Thus, some RFID applications could also require asecure tag ownership transfer. An ownership transfer protocol allows transferring the rightsover a tag from the current owner to the new one in a secure and private way. Additionally, theycan provide other properties as Ownership Delegation [5] and Authorization Recovery [6].When designing this kind of protocols the main issue is to prevent that the current owner canaccess the tag once it has been transferred to the new owner. In general, these protocols can becategorized into two types [7–9]: those which assume an external entity (TPP) to coordinatethe transaction, and those which assume a secure (isolated) environment where, after theprivate information have been transferred, the new owner can update the keys without beingeavesdropped by an adversary. Both assumptions make sense depending on the application.The centralized scheme is valid when all tags are identified by readers belonging to the samecompany, but a trust issue arises when this is not the case. On the other hand, the existenceof an insolated environment is often not realistic [10].

To promote the adoption of RFID technology and to support interoperability, EPC-Global [11] and the International Organization for Standards (ISO) [12] have been activelyengaged in defining standards for tags, readers, and the communication protocols. A recentlyratified standard is the EPC Class-1 Generation-2, or simply EPCC1G2. This defines a plat-form for the interoperability of RFID protocols, by supporting efficient tag reading, flexiblebandwidth use, multiple read/write capabilities and basic reliability guarantees, provided byan on-chip 16-bit Pseudo-random Number Generator (PRNG) and a 16-bit Cyclic Redun-dancy Code (CRC). EPCC1G2 is designed to strike a balance between cost and functionality,with little consideration about security issues.

Recently, Chen and Chien [13] proposed a novel ownership transfer scheme with lowimplementation costs and conforming to EPCC1G2. More specifically, they proposed asecure system framework based on the mobile RFID technology, where smart phones orpersonal digital assistants (PDA) equipped with RFID modules can exchange informa-tion with RFID tags. The authors reviewed some previous ownership transfer protocols[6,14] pointing out their weaknesses and claimed that their scheme is the only schemethat is resistant against all attacks. Furthermore, this is accomplished with less compu-tational cost. However, in this paper we show several attacks on this scheme, whichallow to impersonate, trace and eventually recover all the secret information stored in thetag.

The rest of the paper is organized as follows. Section 2 presents Chen and Chien’s scheme,describing its different phases, and highlighting the set of flows that are used for authenti-cation between the reader and the tag. Then, in Sect. 3 we analyze the security of this

123

EPCC1G2 Standard Compliant Ownership Transfer Scheme

protocol and show that it is subject to several attacks. And finally, Sect. 4 concludes thepaper.

2 Chen and Chien’s Protocol

In Chen and Chien’s scheme, there are six entities defined as follows:

Server (S): Stores all the necessary information, such as a mobile reader’s ID, privacyinformation, tag EPC codes and unique secret keys.Cash Register (CR): A device placed in the market, so that when users want to purchaseproducts, they use their mobile readers to communicate with the server through the cashregister to complete the transactions.Mobile Reader (MR): A device which can query tag information and interact with thecash registers and server to complete transactions.Tag (T): Attached to products so that users can query the related information. All tagsare required to conform to the EPCC1G2 standard.User (U): A member of a market who can derive service from the market and make anownership transfer with another user.Authorized Agent (AA): If the user’s product requires after-sale service, the authorizedagent forwards the related product information to the server for authentication, to verifywhether or not the product is legal.

Chen and Chien’s scheme consists of the following five phases. (1) Registration Phase,(2) Query and Authentication Phase, (3) Purchase Phase, (4) Product Authentica-tion Phase, and (5) Ownership Transfer Phase. The three phases (2)(3)(4) require a tagauthentication protocol, which we claim that it is subject to different attacks, and thus theyare insecure.

We revisit the second phase to clearly present the authentication protocol. In this phase,users apply their mobile readers to query product information, while the tags and the serverperform mutual authentication to verify whether or not a specific user is legal. This phaseis illustrated in Fig. 1 and Table 1 introduces the notation used thorough the paper. Beforethis Query and Authentication Phase, all involved parties store the secret state in theRegistration phase, using the notations in Table 1 as follows:

User (Pw, Fj )

MobileReader (I DM R j , SY M j )

C1 = h(I DM R j ||h(SK )) ⊕ h(Pw||Fj )

V1 = hh(I DM R j ||h(SK ))( f j )

Tag. (E PCi , Ki , M)

Server. (SK , SY M j )

Query and authentication phase

Step 1: When a user wants to query product information via his or her mobile reader, he orshe must be authenticated by the mobile reader. The user inputs his or her password,Pw, and fingerprint template, Fj , into the mobile reader, and the mobile readercomputes

h(I DM R j ||h(SK )) = C1 ⊕ (Pw||Fj )

123

J. Munilla et al.

Fig. 1 Overview of the query and authentication phase

and verifies V1 as

V1?= hh(I DM R j ||h(SK ))( f j ).

If the equality holds, it means that the user is legal. When the user wants to use themobile reader to query the tag information, first he or she uses the mobile readerto generate a random number, R1, and encrypts the mobile reader identity, I DM R j ,and R1 by the server’s public key, P K , as follows:

C2 = EP K (I DM R j , R1).

The user then uses his or her mobile reader to send the message, C2, to the server.Step 2: After receiving message C2, the server uses its secret key, SK , to decrypt message

C2 by

(I DM R j , R1) = DSK (C2)

and gets the mobile reader’s identity, I DM R j . The server uses the mobile reader’sidentity, I DM R j to search the corresponding symmetric key, SY M j , and generatesa random number, R2. After that, the server uses the mobile reader’s symmetric key,SY M j , to encrypt the value as follows:

C3 = ESY M j [R2 ⊕ M]

123

EPCC1G2 Standard Compliant Ownership Transfer Scheme

Table 1 Notations

I DM R j The j th mobile reader’s unique identity

Pw The user’s password

Fj The j th user’s fingerprint template

h(·) One-way hash function

fi The hash value of the user’s fingerprint template, where fi = h(Fi )

Ki The i th tag’s unique secret key

P K The server’s public key

SK The server’s secret key

SY M j The j th user’s mobile reader symmetric key

M The hash value of the market trademark, where M = h(T − mark) is

known by the server and all tags

Info. Detailed information of product (including specifications, price,

transaction serial number, etc.)

E PCi 96-bits EPC (Electronic Product Code) of the i th tag

R2, R3 The random numbers generated by server and tag respectively

⊕ XOR operation

+ Addition operation

C RC(·) A Cyclic Redundancy Check function

H D(·) Hamming Distance

Pr [H ] Probability of the event H

A( j) The j th bit of the binary vector A, with A(1) being the LSB

A The complement of the binary vector A

∨ OR logical operation

∧ AND logical operation

and then uses ciphertext C3 and random number R1 to compute S1,

S1 = C RC(C3 ⊕ R1).

Finally, the server sends the messages (C3, S1) to the mobile reader.Step 3: When the mobile reader receives the messages (C3, S1) from the server, the user

uses ciphertext C3 and random number R1 to verify S1 as follows:

S1?= C RC(C3 ⊕ R1)

If the equality holds, the user uses the mobile reader’s symmetric key to decryptciphertext C3,

S2 = DSY M S j (C3) = R2 ⊕ M

and sends the query messages, (Query, S2) to the specific tag.Step 4: Once the messages (Query, S2) are received from the mobile reader, the tag uses

the hash values M = h(T − mark), to obtain the random number R′2 generated by

the server by the following calculation:

R′2 = S2 ⊕ M

123

J. Munilla et al.

The tag then generates a random number, R3, and uses R3 and the hash value M =h(T − mark), to compute T1 as follows:

T1 = R3 ⊕ M

Finally, the tag uses its Electric Product Code, E PCi , secret key Ki and randomnumbers R′

2 and R3 to calculate T2 and T3 as follows,

T2 = (R′2 ⊕ E PCi ) + R3, T3 = C RC(R′

2 ∧ Ki ∧ R3)

and sends the messages (T1, T2, T3) to the mobile reader.Step 5: After receiving the messages (T1, T2, T3) from the tag, the user uses his or her mobile

reader to encrypt the mobile reader identity, I DM R j , and the messages (T1, T2, T3)

by the server’s public key, P K , as follows:

C4 = EP K (I DM R j , T1, T2, T3)

The user then uses the mobile reader to send ciphertext C4 to the server.Step 6: Upon receiving message C4, the server uses its secret key, SK , to decrypt message

C4 as follows:

(I DM R j , T1, T2, T3) = DSK (C4)

The server uses message T1 and the hash value, M = h(T − mark), to compute:

R′3 = T1 ⊕ M

and gets random number R′3. The server then uses message T2 and random numbers

R2 and R′3 to compute the tag’s EPC code, E PCi , as follows:

E PC ′i = (T2 − R′

3) ⊕ R2

The server uses the tag’s EPC code, E PC ′i , to find the tag’s corresponding secret

key, K ′i , in the database, and uses random numbers R2 and R′

3 and the retrieved tag’ssecret key, K ′

i , to verify T3 as follows:

T3?= C RC(R2 ∧ K ′

i ∧ R′3)

If the equality holds, it means that the tag is legal. The server then uses the mobilereader’s symmetric key, SY M j , to encrypt the tag information, I n f o., as follows:

C5 = ESY M j [I n f o.]and uses ciphertext C5 and random number R1 to compute S3 as follows:

S3 = C RC(C5 ⊕ R1)

Finally, the server sends the messages (C5, S3) to the mobile reader.Step 7: After receiving the messages (C5, S3), the mobile user uses ciphertext C5 and random

number R1 to compute S3 as follows:

S3?= C RC(C5 ⊕ R1)

If the equality holds, it means that the server is legal and ciphertext C5 was not tam-pered with during the transaction. The user then uses the mobile reader’s symmetrickey, SY M j , to decrypt ciphertext C5 and gets the tag information as follows:

I n f o. = DSY M j [C5]

123

EPCC1G2 Standard Compliant Ownership Transfer Scheme

We have completed the description of the Query and Authentication Phase. This phaserequires tag authentication (Step 4 to Step 6). We notice that the same authentication protocolis also adopted in the Purchase Phase and Product Authentication Phase. In the nextsection, we show that this tag authentication is not secure, which we mark with gray color inFig. 1.

3 Attacks on Tag Authentication

This section analyzes the most relevant weaknesses of Chen and Chien’s Protocol. We focuson the tag authentication process pointed out in the previous section.

3.1 Server/Reader Impersonation

According to the authors, the scheme achieves mutual authentication. Unfortunately, this isnot entirely correct. The mobile reader authenticates the server, and the server authenticatestags, but tags do not authenticate the server. Each tag shares private information with theserver: M = h(T − mark), which is known by the server and all tags; E PCi , the 96-bitsEPC code of the i th tag; and Ki the i th tag’s unique secret key. As these data are combined inbit-wise operations, we can assume that all of them have the same bitlength n. It must be alsonoted that reader is a naive element, which simply relays the messages between server andtag, and therefore we can identify server and reader as a unique entity from the cryptographicpoint of view.

Lemma 1 In Chen and Chien’s Protocol, an attacker is able to supplant a legitimate serverand get new messages T1, T2 and T3 computed by a tag.

Proof

Step 1: The attacker sends any value Sa2 to a tag.

Step 2: The tag then computes Ra2 = Sa

2 ⊕ M , generates a new random number R3, andcomputes and sends the corresponding messages T1 = R3 ⊕ M , T2 = (Ra

2 ⊕E PCi ) + R3 and T3 = C RC(Ra

2 ∧ Ki ∧ R3).Step 3: The attacker receives these values computed by using Ra

2 and R3. ��3.2 Recovering the Secret System Parameter M

Lemma 2 Given � = A − B and X = A ⊕ B, for two unknown binary numbers (A, B) ∈{0, 1}n with A > B, it is possible to compute A( j) and B( j) with 1 ≤ j ≤ n for those jwhere X ( j) = 1.

Proof The substraction of two binary numbers A, B with A > B can be written as: � =A − B = A ⊕ B ⊕ C = X ⊕ C , where C is the carry vector.

The carry vector, C = � ⊕ X , can be also computed as:

C( j + 1) ={

1 if (X ( j) ∧ B( j)) ∨ (X ( j) ∧ C( j))0 otherwise

(1)

where the least significant bit C(1) = 0. Note also that the most significant bit C(n + 1) = 0provided that A > B.

123

J. Munilla et al.

Thus, one can compute the value of B( j) (and A( j)) for all those positions j th whereX ( j) = 1. In fact, if X ( j) = 1:

B( j) = A( j) ={

1 if C( j + 1) = 10 if C( j + 1) = 0

(2)

��As a result, H D(X) bits of B( j) (and A( j)) are disambiguated.

A simple example: Let’s assume two numbers A = A(8) . . . A(1) = 10001011 and B =B(8) . . . B(1) = 01101101, with A > B, and the corresponding vectors � = 00011110and X = 11100110. According to Lemma 2, given � and X we can know the values of thepositions j th of A and B where X ( j) = 1.

We compute the vector C = C(8) . . . C(1) = � ⊕ X = 11111000 and we also includeC(9) = 0 as A > B. Now, we apply Eq.(11) for the positions j th where X ( j) = 1:

X (2) = 1 and C(3) = 0, then: A(2) = 1 and B(2) = 0

X (3) = 1 and C(4) = 1, then: A(3) = 0 and B(3) = 1

X (6) = 1 and C(7) = 1, then: A(6) = 0 and B(6) = 1

X (7) = 1 and C(8) = 1, then: A(7) = 0 and B(7) = 1

X (8) = 1 and C(9) = 0, then: A(8) = 1 and B(8) = 0

This way, 5 (= H D(X)) positions of A = 100xx01x and B = 011xx10x are determined.

Lemma 3 In Chen and Chien’s Protocol, an active attacker can know every bit of M withprobability Pbit M = 1 − ( 1

2 )p, where (p + 1) is the number of interactions with a tag.

Proof

Step 1: The attacker queries a tag with any value Sa2 , and receives the messages T 0

1 , T 02 and

T 03 computed by the tag for a generated value R0

3 (cf. Lemma 1).Step 2: The attacker queries again the tag with the same value Sa

2 , and receives the messagesT 1

1 , T 12 and T 1

3 computed by the tag for a newly generated value R13 (cf. Lemma 1).

Step 3: The attacker checks T 02 and T 1

2 to subtract the lower value from the higher one.If we assume, without lost of generality, that T 1

2 > T 02 , then the adversary computes

the vectors:

� = T 12 − T 0

2 (= R13 − R0

3) (3)

X = T 11 ⊕ T 0

1 (= R13 ⊕ R0

3) (4)

C = � ⊕ X (5)

Step 4: The attacker uses Lemma 2 to disambiguate H D(X) bits of R13 (when X ( j) = 1).

Step 5: Then the attacker computes M( j) = T 11 ( j)⊕ R1

3( j) for the positions j th of R13 that

were disambiguated in the previous step.Step 6: The attacker repeat (p − 1) times the Step 2 to Step 5 for different values of Rk

3 with2 ≤ k ≤ p until she determines every bit of M . The probability that the adversaryknows the j th bit of M after p + 1 interactions (the first one in Step 1 with R0

3 andthe following p interactions in Step 2) is the probability that the same bit value isnot repeated for these (p + 1) interactions; Pr [R0

3( j) = Rk3( j) for any k ∈ [1, p]].

If we assume that bits drawn by tags are uniformly distributed, then this happenswith probability Pbit M = 1 − ( 1

2 )p . ��

123

EPCC1G2 Standard Compliant Ownership Transfer Scheme

It is straightforward from this Lemma to compute the probability that an attacker knowsall the bits n of M after (p + 1) interactions:

PM = (Pbit M )n =(

1 −(

1

2

)p)n

(6)

Theorem 1 In Chen and Chien’s Protocol, to know the n bits of the secret M, an activeattacker needs in average (1 + E[p]) interactions with the tag, where E[p] = ∑∞

p=1 p ·((1 − 1

2p )n − (1 − 12p−1 )n

).

Proof Given p + 1 random numbers Rk3 with 0 ≤ k ≤ p, where each of them consists of n

bits: Rk3 = bk(1)bk(2)bk(3) . . . bk(n). We can define the function F( j, p) as follows:

F( j, p) = F(b0( j), b1( j), . . . , bp( j)) ={

1 if b0( j) ⊕ bk( j) = 1 for any k ∈ [1, p]0 if b0( j) ⊕ bk( j) = 0 for all k ∈ [1, p] (7)

According to Lemma 3, the attacker to compute all the bits of M , requires that F( j, p) = 1for all j ∈ [1, n] and for some p. If she requires (p + 1) interactions, it means that theremust exist at least one index I ∈ [1, n] in R p

3 such that,

b0(I ) ⊕ b j (I ) = 0 for all j ∈ [1, p − 1], and b0(I ) ⊕ bp(I ) = 1.

This further means that: F(I, p) = 1 and F(I, p − 1) = 0, which happens with probability1/2p .

On the other hand, the probability that F( j, p−1) = 1 can be computed as (cf. Lemma 3):Pr [F( j, p − 1) = 1] = 1 − 1/2p−1.

Now, we can compute the probability that the attacker requires (p +1) queries as the sumof the probabilities that there are from 1 to n indexes I in the last interaction. That is:

Pr [(p + 1) queries required] =(

n

1

)· 1

2p·(

1 − 1

2p−1

)n−1

+(

n

2

)·(

1

2p

)2

·(

1 − 1

2p−1

)n−2

+ · · · +(

n

n

)·(

1

2p

)n

=(

1

2p+ 1 − 1

2p−1

)n

−(

n

0

) (1 − 1

2p−1

)n

=(

1 − 1

2p

)n

−(

1 − 1

2p−1

)n

(8)

And from Eq. (8), we can compute the expected average value for p as follows:

E[p] =p=∞∑p=1

p · ((1 − 1

2p)n − (1 − 1

2p−1 )n)(9)

Figure 2 compares the values E[p] for different bitlenghts n when computed by usingEq. (9) and by simulation (10,000 cases).

Thus, it is shown that for n = 96, an attacker, in average, only needs to query any tagless than 9 times (E[p] = 7.9) to recover the value M . It must be highlighted here that theparameter M is not a private secret of a specific tag, but shared by every tag and the server,which means that this attack compromises all the tags belonging to the system.

123

J. Munilla et al.

0 20 40 60 80 100 1204.5

5

5.5

6

6.5

7

7.5

8

8.5

n: bitlength of the key

E[p

]: ex

pect

ed v

alue

of p Computed

Simulated

Fig. 2 Computed and simulated values for E[p]

3.3 Traceability

Although there are many different RFID privacy models for RFID (e.g. [15–17]), most ofthese are based on a game with two phases, which take place in two different intervals of time,and a final guess. During the first phase (learning phase), an adversary interacts with—oreavesdrops on—tags belonging to the system and records these communications. Later, inthe second phase (challenge phase), the adversary interacts again with tags and she musttry to link these messages with the messages exchanged during the first phase. A protocolguarantees untraceability—or privacy—if the adversary has negligible advantage to decideif two messages taken from the two different intervals were sent by the same tag or not [18].The election of these intervals—chosen or given, the set of tags that the adversary can interactwith—every tag or only a group of them, and the number and kind of operations that she canexecute—e.g. corrupt a tag or not—are the main differences between the models. Here weanalyze two cases: a very simple case where the adversary interrogates the tag only once,and therefore she does not know M ; and the general case where the adversary can query tagsenough times to determine the value of M .

Theorem 2 In Chen and Chien’s Protocol, an attacker who obtains two set of messagesfor tag and t̂ag: [S2, T1, T2, T3] and [S2, T̂1, T̂2, T̂3] respectively; is able to determine withadvantage non-negligible if tag = t̂ag. In particular, the adversary can know if m bits ofE PCi and ̂E PCi coincide, for m � 1.

Proof

Step 1: The attacker eavesdrops on an authentication session of tag and stores the messages:[S2, T1, T2, T3]; computed by using R2 and R3.

Step 2: Later, the attacker queries t̂ag with the value S2.Step 3: t̂ag computes R2 = S2 ⊕ M , picks a new value R̂3 and replies with T̂1, T̂2 and T̂3,

computed by using R2 and R̂3.

123

EPCC1G2 Standard Compliant Ownership Transfer Scheme

Step 4: The attacker computes X̂ = T1 ⊕ T̂1(= R3 ⊕ R̂3), and then decides if E PCi (1) =̂E PCi (1) as follows:

If X̂(1) = 1

{E PCi (1) = ̂E PCi (1) if T2(1) = T̂2(1)

E PCi (1) = ̂E PCi (1) if T2(1) = T̂2(1)( i.e. tag = t̂ag)(10)

If X̂(1) = 0

{E PCi (1) = ̂E PCi (1) if T2(1) = T̂2(1); repeat for E PCi (2)

E PCi (1) = ̂E PCi (1) if T2(1) = T̂2(1) (i.e. tag = t̂ag)(11)

��While X̂( j) = 0 (and T2( j) = T̂2( j)), the adversary can increase her advantage by

repeating the process for the next bit.If the adversary is allowed to challenge t̂ag once more, she can also use the follow-

ing strategy. After querying again with S2, the adversary will get a new set of messages[T̂ ′

1, T̂ ′2, T̂ ′

3], computed by using R2 and a new generated value R̂′3. The adversary assumes

that E PCi = ̂E PCi and combines the messages to have [�̂ = R3 − R̂3(= T2 − T̂2),X̂ = R3 ⊕ R̂3(= T1 ⊕ T̂1)] and [�̂′ = R3 − R̂′

3(= T2 − T̂ ′2), X̂ ′ = R3 ⊕ R̂′

3(= T1 ⊕ T̂ ′1)]. The

attacker then uses these two sets of values to disambiguate bits of R3 (Lemma 2). If the disam-biguated bits do not coincide in both cases, then tag = t̂ag (the assumption E PCi = ̂E PCi

was incorrect); otherwise, if they do, the probability that tag = t̂ag is higher.In the general case, if the adversary can challenge t̂ag (or any other tag) enough times to

compute M , the traceability is complete since, as proved next, she can compute the valuesof E PCi and ̂E PCi and check if they match.

Theorem 3 In Chen and Chien’s Protocol, an attacker who knows M can compute the E PCcode of any tag and thus trace it.

Proof

Step 1: The attacker sends any value Sa2 to the target tag.

Step 2: The tag computes Ra2 = Sa

2 ⊕ M , picks a new value R3 and replies with T1, T2 andT3 computed by using Ra

2 and R3.Step 3: The attacker, who already knows M , computes the value of E PCi as follows:

E PCi = (T2 − R3) ⊕ Ra2 = (T2 − (T1 ⊕ M)) ⊕ (Sa

2 ⊕ M). (12)

��3.4 Tag Impersonation

In this section we show two different but related attacks. Firstly, we show how an attackercan also recover the secret key Ki of a tag. From this point on the attacker knows all theinformation stored in the tag and therefore, from a cryptographic point of view the server willno longer be able to distinguish the attacker from the genuine tag. However, the attacker doesnot need to know Ki to impersonate a tag. We show that the way to check the authenticity ofa tag is not adequate (Step 6 of the Query and Authentication Phase).

Theorem 4 In Chen and Chien’s Protocol, an active attacker who knows M can determinea bit of Ki with probability Pbit K = 1 − ( 1

2 )p, where p is the number of interactions withthe tag.

123

J. Munilla et al.

Proof

Step 1: The attacker, to determine the j th bit of Ki , chooses a number Ra2 such that Ra

2 ( j) = 1and Ra

2 (z) = 0 for all z = j ∈ [1, n]; i.e. H D(Ra2 ) = 1. Then, the attacker computes

Sa2 = Ra

2 ⊕ M and sends it to the tag.Step 2: The tag recovers Ra

2 , draws a random number R13, and computes and sends T 1

1 , T 12

and T 13 .

Step 3: The attacker receives T 11 , T 1

2 and T 13 and computes the j th bit of R1

3 as follows:R1

3( j) = T 11 ( j) ⊕ M( j). If this bit is zero, R1

3( j) = 0, then the attacker repeats theattack from the Step 1 for different values of Rk

3 with k = 2, 3, . . . until R p3 ( j) = 1.

When R p3 ( j) = 1, the adversary checks T p

3 , which will have one out of two possiblevalues: T p

3 = C RC(0), which means that Ki ( j) = 0, or T p3 = C RC(Ra

2 ), meaningthat Ki ( j) = 1. Thus, after p interaction the probability to know the j th bit of Ki isthe probability to get Rk

3( j) = 1 for any k ∈ [1, p]: Pbit K = 1 − ( 12 )p . ��

Since the average number of attempts to guess a bit of the key is 2 (E[p] = 11/2 ), an

attacker needs in average 2n interactions with the tag to recover the n bits of the key.However, as mentioned earlier, an attacker does not need to know Ki to impersonate a

tag.

Theorem 5 In Chen and Chien’s Protocol, an active attacker who knows M (Theorem 1)and E PCi (Theorem 3) can impersonate the i th tag of the system without knowing Ki .

Proof

Step 1: The reader queries the adversary (impersonating the tag) with a value S2.Step 2: The adversary computes R2 = S2 ⊕ M , and chooses a random number Ra

3 such that(R2∧Ra

3 ) = 0. Then, the attacker computes T1 = Ra3 ⊕M , T2 = (R2⊕E PCi )+Ra

3 )

and T3 = C RC(0) and sends them to the reader.Step 3: Upon receiving these values, the reader computes Ra

3 and E PCi , and retrieves thecorresponding Ki from the database. As (R2∧Ra

3 ) = 0, it means that C RC(0∧Ki ) =C RC(0) = T3 and therefore the reader will accept the tag as valid. ��

If the attacker knows some bits of the key, then she can modify the attack by choosing avalue for Ra

3 such that (R2 ∧ Ra3 ) = 0 for all or some of those positions where she knows

the values of Ki , and reply to the reader with a correctly computed T3.

4 Conclusions

EPCC1G2 has become the de facto standard for low-cost RFID tags, and many authors haveproposed schemes to improve its weak security. Apart from security and privacy issues,the ability to change or share ownership of these tags is also relevant. Therefore, in 2012,a new ownership transfer scheme using mobile RFIDs and conforming EPCC1G2 has beenproposed by Chen and Chien. In this paper, the security of this scheme was scrutinizedand we showed how an attacker is able to trace, impersonate and eventually recover all theinformation stored in tags with very few interactions with them.

For n = 96 bits, an attacker only needs 9 queries, in average, to recover the value M . Thevalue M is shared by every tag in the system and therefore after only nine interactions withany tag, all the system is compromised. By knowing M , the adversary is able to trace anytag of the system since she can recover its E PCi code with a simple query. Finally, once

123

EPCC1G2 Standard Compliant Ownership Transfer Scheme

M and E PCi of a tag i are known, the adversary is able to impersonate it without resortto recover Ki . However, the attacker can also recover Ki by querying the tag 2n times inaverage.

In view of the not very high security levels reached, we refrain to propose an improvedversion of this protocol, and we suggest to look for alternative solutions, whose security havebeen not questioned yet, in the quite extensive research literature for RFID security. Morespecifically, we can refer the reader to a EPCGen2 compliant authentication protocol [18]which could be used to authenticate the tag in a secure way, and to the references [7–9] wherecomplete Ownership Transfer Schemes are described.

Acknowledgments This work has been partially supported by Ministerio de Ciencia e Innovación (Spain)and the European FEDER Fund under project TIN2011-25452.

References

1. Finkenzeller, K. (2003). RFID Handbook: Fundamentals and applications in contactless smart cards andidentification (2nd ed.). London: Wiley.

2. Paret, D. (2005). RFID and contactless smart card applications. London: Wiley.3. Zhang, Y., & Kitsos, P. (2009). Security in RFID and sensor networks. Boston, MA: Auerbach Publica-

tions.4. Menezes, A. J., Vanstone, S. A., & Van Oorschot, P. C. (1996). Handbook of applied cryptography. Boca

Raton, FL: CRC Press.5. Molnar, D., Soppera, A., & Wagner, D. (2005). A scalable, delegatable pseudonym protocol enabling

ownership transfer of RFID tags. In B. Preneel & S. Tavares (Eds.), 12th international workshop onselected areas in cryptography—SAC, Lecture Notes in Computer Science (Vol. 3897, pp. 276–290),Kingston, ON, Canada. Berlin: Springer.

6. Song. B. (2008). RFID tag ownership transfer. In Proceedings of RFIDSec, 2008.7. Ng, C. Y., Susilo, W., Mu, Y., & Safavi-Naini, R. (2011). Practical RFID ownership transfer scheme.

Journal of Computer Security, 19(2), 319–341.8. Fernàndez-Mir, A., Trujillo-Rasua, R., Castellà-Roca, J., & Domingo-Ferrer, J. (2011). A scalable

RFID authentication protocol supporting ownership transfer and controlled delegation. RFIDSec-11(pp. 146–162).

9. Kapoor, G., & Piramuthu, S. (2012). Single RFID tag ownership transfer protocols. IEEE Transaction onSystem, Man, and Cybernetics, Part C, 42(2), 164–173.

10. Kapoor, G., Zho, W., & Piramuthu, S. (2011). Multi-tag and multi-owner RFID ownership transfer insupply chains. Decision Support Systems, 52, 258–270.

11. EPC Global. EPC tag data standards. http://www.epcglobalinc.orgblock.12. ISO/IEC. Standard # 18000—RFID Air Interface Standard. http://www.hightechaid.com/standards/

18000.htm.13. Chen, C. L., & Chien, C. F. (2012). An ownership transfer scheme using mobile RFIDs. Wireless Personal

Communications, 1–27. doi:10.1007/s11277-012-0500-2.14. Osaka, K., Takagi, T., Yamazaki, K., & Takahashi, O. (2006). An efficient and secure RFID security

method with ownership transfer. In Proceedings of the 2006 international conference on computationalintelligence and security (pp. 1090–1095), Guangzhou.

15. Avoine, G. (2005). Adversary Model for Radio Frequency Identification. Swiss Federal Institute of Tech-nology (EPFL), Security and Cryptography Laboratory (LASEC), Lausanne, Switzerland: TechnicalReport LASEC-REPORT.

16. Juels, A., & Weis, S. (2007). Defining strong privacy for RFID. International conference on pervasivecomputing and communications PerCom 2007 (pp. 342–347), New York City, NY, USA.

17. Vaudenay, S. (2007). On privacy models for RFID. In Advances in cryptology. InASIACRYPT 2007, Vol.4833 of Lecture Notes in Computer Science (p. 6887), Kuching, Malaysia.

18. Burmester, M., & Munilla, J. (2011). Lightweight RFID authentication with forward and backwardsecurity. ACM Transactions on Information and System Security, 14(1).

123

J. Munilla et al.

Author Biographies

Jorge Munilla was born in Málaga (Spain). He is a Telecommunica-tion Engineer and he has worked in the IT industry in roles includinganalysis, design and technical support. Now, he works as an AssociateProfessor for the Communication Engineering Department of the Uni-versity of Málaga. His research interests include cryptography, securityin RFID, security in VANETs and mobile communications. He com-pleted his Ph. D. at the University of Málaga in December of 2010 withhis thesis “Advances in RFID Authentication Protocols”. For the timebeing, he collaborates with a project which involves the investigationof the security of NFC (Near Field Communication) technology, andthe potential problems which arise with its convergence with the mobilephone technology.

Fuchun Guo received his B.S. and M.S. degrees from Fujian NormalUniversity in 2005 and 2008, respectively. Now, he is a doctoral studentat the School of Computer Science and Software Enginnering, Univer-sity of Wollongong. His research interests include public-key cryptog-raphy and network security, in particular, cryptographic protocols andapplications.

Willy Susilo received a Ph.D in Computer Science from Universityof Wollongong, Australia. He is a Professor at the School of Com-puter Science and Software Enginnering and the director of Centre forComputer and Information Security Research (CCISR) at the Univer-sity of Wollongong. He is currently holding the prestigious ARC FutureFellow awarded by the Australian Research Council (ARC). His mainresearch interests include cryptography and information security. Hismain contribution is in the area of digital signature schemes, in partic-ular fail-stop signature schemes and short signature schemes. He hasserved as a program commitee member in dozens of international con-ferences. He has published numerous publications in the area of digitalsignature schemes and encryption schemes.

123