4th International ICST Conference on Security and Privacy in Communication Networks

Research Article

rfidDOT: RFID delegation and ownership transfer made simple

  • @INPROCEEDINGS{10.1145/1460877.1460921,
        author={Tassos   Dimitriou},
        title={rfidDOT: RFID delegation and ownership transfer made simple},
        proceedings={4th International ICST Conference on Security and Privacy in Communication Networks},
        publisher={ACM},
        proceedings_a={SECURECOMM},
        year={2008},
        month={9},
        keywords={RFID Security and Privacy Ownership Transfer Delegation Forward and Backward Security},
        doi={10.1145/1460877.1460921}
    }
    
  • Tassos Dimitriou
    Year: 2008
    rfidDOT: RFID delegation and ownership transfer made simple
    SECURECOMM
    ACM
    DOI: 10.1145/1460877.1460921
Tassos Dimitriou1,*
  • 1: Athens Information Technology, Markopoulo Ave., 19002, Peania, Athens, Greece
*Contact email: tdim@ait.edu.gr

Abstract

In this work we introduce rfidDOT, a protocol for secure access, delegation and ownership transfer of tags along with a model for formally defining privacy in such an environment. As current RFID tags emit constant identifiers that may help in identifying user habits and tracking of people, rfidDOT allows a user to securely own tagged products. Once a person becomes the owner of such an item, no one can have access to the tag nor find any information about it. Thus user privacy is guaranteed. Additionally, the protocol is secure against such attacks as tag cloning, tag/reader spoofing, eavesdropping, desynchronization and so on. Furthermore, since we don't expect a tagged item to stay with same owner forever, we provide the means to achieve ownership transfer and release without compromising the privacy of future or past owners. And in the unlikely case where user privacy is compromised, it can be restored in a simple and intuitive manner. Thus rfidDOT achieves a very strong notion of security that is necessary in RFID ownership transfer: forward and backward privacy.