rfidDOT: RFID delegation and ownership transfer made simple

T Dimitriou - Proceedings of the 4th international conference on …, 2008 - dl.acm.org
T Dimitriou
Proceedings of the 4th international conference on Security and privacy in …, 2008dl.acm.org
In this work we introduce rfidDOT, a protocol for secure access, delegation and ownership
transfer of tags along with a model for formally defining privacy in such an environment. As
current RFID tags emit constant identifiers that may help in identifying user habits and
tracking of people, rfidDOT allows a user to securely own tagged products. Once a person
becomes the owner of such an item, no one can have access to the tag nor find any
information about it. Thus user privacy is guaranteed. Additionally, the protocol is secure …
In this work we introduce rfidDOT, a protocol for secure access, delegation and ownership transfer of tags along with a model for formally defining privacy in such an environment. As current RFID tags emit constant identifiers that may help in identifying user habits and tracking of people, rfidDOT allows a user to securely own tagged products. Once a person becomes the owner of such an item, no one can have access to the tag nor find any information about it. Thus user privacy is guaranteed. Additionally, the protocol is secure against such attacks as tag cloning, tag/reader spoofing, eavesdropping, desynchronization and so on. Furthermore, since we don't expect a tagged item to stay with same owner forever, we provide the means to achieve ownership transfer and release without compromising the privacy of future or past owners. And in the unlikely case where user privacy is compromised, it can be restored in a simple and intuitive manner. Thus rfidDOT achieves a very strong notion of security that is necessary in RFID ownership transfer: forward and backward privacy.
ACM Digital Library