On Group Ownership Delegate Protocol for RFID Systems

As RFID tags identify objects at the item level, proper authentication of these tags is of paramount importance in RFID-based systems. While RFID tag authentication in systems where these tags are assigned to be read by a single reader is challenging enough due to resource constraints related to memory and processing power at the tag's side, it is not uncommon for RFID tags to be read by multiple readers. Even more, when an item moves between owners, ownership of the RFID tagged item needs to be updated to reflect reality. As authentication protocols play a critical role in RFID-based systems, it is necessary to ensure that any developed protocol is free from vulnerabilities that can be taken advantage by an adversary to mount attacks on the system. Lee et al. (Information Systems Frontiers, 21, 1153-1166, 2019) develop group ownership authentication protocols for a group of RFID-tagged items that simultaneously switch ownership. We evaluate the protocols in Lee et al. (Information Systems Frontiers, 21, 1153-1166, 2019) and identify several critical vulnerabilities. We then discuss the sources of these vulnerabilities and common precautions that should be taken to avoid such vulnerabilities.