Open Access
This article is

- freely available
- re-usable

*Sensors*
**2017**,
*17*(1),
53;
https://doi.org/10.3390/s17010053

Article

RFID Ownership Transfer with Positive Secrecy Capacity Channels

^{1}

Escuela Técnica Superior de Ingenieros de Telecomunicación, Universidad de Málaga, Málaga 29071, Spain

^{2}

Department of Computer Science, Florida State University, Tallahassee, FL 32306, USA

^{3}

School of Computer Science and Software Engineering, University of Wollongong, Wollongong, NSW 2522, Australia

^{*}

Author to whom correspondence should be addressed.

Academic Editor:
Leonhard M. Reindl

Received: 9 October 2016 / Accepted: 23 December 2016 / Published: 29 December 2016

## Abstract

**:**

RFID ownership transfer protocols (OTPs) transfer tag ownership rights. Recently, there has been considerable interest in such protocols; however, guaranteeing privacy for symmetric-key settings without trusted third parties (TTPs) is a challenge still unresolved. In this paper, we address this issue and show that it can be solved by using channels with positive secrecy capacity. We implement these channels with noisy tags and provide practical values, thus proving that perfect secrecy is theoretically possible. We then define a communication model that captures spatiotemporal events and describe a first example of symmetric-key based OTP that: (i) is formally secure in the proposed communication model and (ii) achieves privacy with a noisy tag wiretap channel without TTPs.

Keywords:

RFID; ownership transfer; trusted third party; RFID; EPCglobal Gen2## 1. Introduction

Radio frequency identification (RFID) is a widely-deployed technology for supply-chain and inventory management, retail operations and more generally automatic identification. Most of these applications need to be secured.

Ownership transfer protocols (OTPs) allow the secure transfer of tag ownership from a current owner to a new owner. Three different entities are present in an OTP: the tag $\mathcal{T}$ whose rights are being transferred, the current owner who has the initial control of $\mathcal{T}$ and the new owner who will take control of $\mathcal{T}$ when the protocol is completed. OTPs must incorporate security requirements that protect the privacy of both the new and the previous owner of the tag. For RFID applications privacy addresses anonymity that protects the identity of tags and untraceability that prevents interrogations (partial or completed) of a tag being linked. Formal definitions for secure ownership and ownership transfer are provided by van Deursen et al. [1], while several theoretical models have been proposed in the literature that address the privacy of RFID systems [2,3,4,5].

Several OTPs that address security issues have been proposed. However, preventing a previous owner from accessing the key(s) of a tag whose ownership was transferred is still an unsolved problem when symmetric-key techniques are used [6,7]. The current approach for privacy is to either employ a trusted third party (TTP) to break the trust link between a tag and its owner (e.g., [8,9]), or an isolated environment (ISE) (e.g., [10,11]) without any adversarial interference. The first approach is centralized and not appropriate when tags belong to different authorities/companies. In fact, the TTP can be considered as the real holder of the tag’s rights, while the different owners have simply delegated ownership. The second approach assumes a weak threat model and, as claimed in [7]: if such protection is adequate, then there is no need for security. Our main contributions in this paper are to:

- (1)
- Define a communication model for ownership transfer that addresses spatiotemporal connectivity (Section 3). Many OTPs do not specify the communication setup and assume channels that are impractical for RFID settings.
- (2)
- Provide a theoretical analysis of wiretaps with noisy tags (Section 4), show how these could be implemented and prove that perfect secrecy is achievable.
- (3)
- Present an OTP that is provably secure in this communication model and that uses a wiretap channel with noisy tags to achieve privacy (Section 5). This is the first example of symmetric-key-based OTP that does not require TTPs or an ISE. GNYlogic and strand spaces [12,13,14,15] are used in the Appendix A for the security analysis.

## 2. Background

#### 2.1. Definition and Security Requirements

Tag ownership can be defined as the ability to identify and/or access the tag, which in turn usually implies knowledge of private keys stored on the tag. Ownership transfer protocols enable the transfer of ownership rights of a tag $\mathcal{T}$ from the current owner ${\mathit{Own}}_{c}$, or seller, to a new owner ${\mathit{Own}}_{n}$ or buyer. At the beginning of the OTP, the seller is the only entity that can identify and trace $\mathcal{T}$, while when the OTP is completed, $\mathcal{T}$ can only be identified and/or traced by the buyer. A TTP is usually deployed to manage this ownership transfer.

We next list some specific security requirements for OTPs:

Unlinkability or untraceability. An adversary that physically tracks tags can easily determine which executions are linked. This cannot be prevented. Unlinkability is related to the capability of linking interrogations after this physical tracking is temporarily interrupted. Different formal models can be found in the literature (e.g., [2,3,4]). Intuitively, a protocol guarantees unlinkability or privacy if no adversary can decide with advantage better than negligible whether two messages taken from different protocol executions belong to the same tag or not.

Privacy of ${\mathit{Own}}_{n}$ (backward secrecy): The current owner ${\mathit{Own}}_{c}$ cannot identify $\mathcal{T}$ once ownership rights are transferred to the new owner ${\mathit{Own}}_{n}$.

Privacy of ${\mathit{Own}}_{c}$ (forward secrecy): Once ownership rights of $\mathcal{T}$ are transferred to the new owner ${\mathit{Own}}_{\mathit{n}}$, past communications between $\mathcal{T}$ and previous owners cannot be traced by an adversary (or subsequent owners), even if the current private information stored on $\mathcal{T}$ is revealed (e.g., by physical attacks).

#### 2.2. Related Work

We only review the most relevant symmetric-key-based OTPs for RFID. Saito et al. [18] and Molnar et al. [16] presented in 2005 the first OTPs for RFID applications. Saito et al. proposed two protocols: one with and one without TTP. The security of the latter is based on the short range of the backward channel and assumes that it is hard for adversaries to eavesdrop on this channel. Molnar et al. proposed a scheme with TTP to manage tag keys by using a tree structure. Some vulnerabilities of this scheme are discussed in [19]. Soppera and Burbridge [20] modified Molnar et al.’s scheme by replacing the TTP with distributed local devices called RFID acceptor tags. Osaka et al. [21] used a kind of TTP with hash values to protect messages and a keyed encryption function for ownership transfer. Chen et al. [22] and Japinnen and Hamalainen [23] modified Osaka et al.’s scheme to prevent DoS attacks. Yoon and Yoo [24] also modified Osaka et al.’s scheme, by assuming that owners are able to change the tag’s key in an ISE. Their scheme had some vulnerabilities described in [25]. Dimitriou [26] proposed RFIDdot, an ownership transfer scheme based on random nonces and a keyed encryption function, making the assumption that key updates are performed in a private environment. More recently, Song and Mitchell [27,28] also assumed an ISE, but used keyed hash functions and one-time tag identifiers with hash chains. Kapoor and Piramuthu proposed two new schemes [7] based on a TTP and ISE respectively for the transfer of single tags, while a variant of these protocols for multiple tags has also been published [29]. Finally, several schemes have recently been proposed that comply with the EPCGen2 [30] standard for low-cost tags in the UHF band. These again assume TTPs or ISE and combine simple XOR operations, Cyclic Redundancy Codes (CRC16) and/or use the on-board PRNG as the security primitive (e.g., [9,31,32,33]). The security problems of some of these have been described recently [34].

#### Motivation: Comparison with Previous Works

As observed, the ownership transfer protocols proposed in the literature rely either on the use of TTPs or the assumption of an ISE. Typically, TTPs have a centralized management that may not be compatible with the distributed management of RFID systems. For example, the RFID parties (the owners) with possibly conflicting interests must trust the TTP that manages their tags. On the other hand, the assumption of ISEs where no adversary can interfere is an assumption of a weak adversary model: if such an environment were available, then no other security protection would be needed [7]. This paper proposes a key exchange protocol that addresses the new owner’s privacy concerns without resorting to either TTPs or an ISE.

The discussed protocols also use communication models that are sometimes impractical for real-life scenarios. To illustrate this, let us consider the two protocols proposed in [7]: one with TTP, the other without TTP (but with an ISE), whose flows are shown in Figure 1. In the first, Figure 1a, the TTP does not use a reader to communicate with tag $\mathcal{T}$, but communicates directly (Flows 1–2). This begs the question: if such a TTP were installed in the buyer’s or seller’s location, what trust issues would arise if the transferred goods belong to different authorities. In the second protocol, Figure 1b, $\mathcal{T}$ interacts first with the current owner (the seller, Flow 2) and then with the new owner (the buyer, Flows 3–6). However if something goes wrong (Flow 6 is not received correctly), then the process must be repeated from the beginning. This implies that the buyer and the seller must be available during the transaction, which restricts the possible transaction scenarios to one location (e.g., to a shop). In this paper, we define a communication model where tags can only communicate through readers. This leads to designs of protocols with, if deployed, centralized TTP infrastructures and, in contrast to the examples described above, that allow the seller and buyer to be in different physical locations.

## 3. A Communication Model for RFID Ownership Transfer

#### 3.1. Entity Capabilities

High-level entities include RFID readers, servers and TTPs. In general, these are able to perform complex cryptographic operations, such as asymmetric encryption/decryption and digital signatures/verification.

RFID tags: In this paper, we are only concerned with UHF passive tags that operate in the far field [35], which are the most common for supply chain applications. These work at higher distances than tags with inductive coupling, but the delivered power is low; therefore, not too complex (lightweight) cryptographic tools should be used [36]. Low price is also a common requirement, and therefore, tamper-resistant shielding and on-board clocks cannot be usually assumed.

#### 3.2. Communication Model

This is defined in terms of its channels with security features, such as privacy and integrity, and connectivity (availability).

#### 3.2.1. Privacy/Integrity Channels

Between high-level entities (readers, servers or TTPs): These can be considered secure, since fully-fledged cryptographic techniques can be used.

Between readers and tags: By contrast, these are particularly vulnerable; they are wireless (the adversary can eavesdrop and block/modify/inject messages), and tags can only implement lightweight cryptographic mechanisms. Passive tags can only communicate with active entities that are physically close and provide them with energy: i.e., RFID readers.

#### 3.2.2. Connectivity

Connectivity is a function of space and time. As far as we know, OTPs proposed in the literature do not discuss spatiotemporal connectivity issues, though several ( e.g., [7,9,17]) assume channels that allow high-level parties, including a TTP (e.g., [7]), to communicate with a tag $\mathcal{T}$ in real time during the execution of the OTP: for example, to restart the protocol if it fails. This implies that $\mathcal{T}$ must be physically close to the corresponding high-level parties during the execution of the protocol, which in many practical scenarios may not be the case. Suppose for example that a client purchases RFID-tagged items for tracking and counterfeit prevention via the Internet. The seller dispatches the items, and when these reach the destination, the client requests the transfer of ownership rights. In this case, ownership transfer takes place in a different location from the seller’s location, and a different connectivity model is needed, where the seller cannot communicate with the tags at this stage (likewise, buyers cannot communicate with tags at the beginning of the transaction). We also need a spatiotemporal TTP network infrastructure in which TTPs may have to communicate in real time (as in [7]). Figure 2 illustrates the differences between the traditional and the extended communication model.

Let $\mathcal{R}1$, $\mathcal{R}2$, TTP be the readers of ${\mathit{Own}}_{c}$, ${\mathit{Own}}_{n}$, TTP, $\mathcal{T}$ a tag, $a,b$ be OTP parties and $\exists \phantom{\rule{0.166667em}{0ex}}\left(a\stackrel{\phantom{\rule{-1.99168pt}{0ex}}t}{\leftrightarrow}b\right)$, $\exists \phantom{\rule{0.166667em}{0ex}}\left(a\stackrel{\phantom{\rule{-0.56905pt}{0ex}}t}{\iff}b\right)$ stand for “there exists a channel at time t between $a,b$”, “there exists a secure channel at time t between $a,b$”, respectively. When t is not indicated, continuous connectivity is assumed. We formally define the connectivity requirements of the OTP model by the relations:

- $\exists \phantom{\rule{0.166667em}{0ex}}(\mathcal{R}1\phantom{\rule{0.166667em}{0ex}}\iff \mathcal{R}2)\phantom{\rule{3.33333pt}{0ex}}\wedge \phantom{\rule{3.33333pt}{0ex}}\exists \phantom{\rule{0.166667em}{0ex}}(\mathcal{R}1\phantom{\rule{0.166667em}{0ex}}\iff \mathit{TTP})\phantom{\rule{3.33333pt}{0ex}}\wedge \phantom{\rule{3.33333pt}{0ex}}\exists \phantom{\rule{0.166667em}{0ex}}(\mathcal{R}2\phantom{\rule{0.166667em}{0ex}}\iff \mathit{TTP})$,
- $\left.\begin{array}{c}\exists \phantom{\rule{0.166667em}{0ex}}\left(\mathcal{R}1\stackrel{t}{\leftrightarrow}\mathcal{T}\right)\phantom{\rule{3.33333pt}{0ex}}\phantom{\rule{3.33333pt}{0ex}}\mathrm{for}\phantom{\rule{3.33333pt}{0ex}}{t}_{0}\le t<{t}_{1}\\ \exists \phantom{\rule{0.166667em}{0ex}}\left(\mathcal{R}2\stackrel{t}{\leftrightarrow}\mathcal{T}\right)\phantom{\rule{3.33333pt}{0ex}}\phantom{\rule{3.33333pt}{0ex}}\mathrm{for}\phantom{\rule{3.33333pt}{0ex}}{t}_{2}\le t<{t}_{3}\end{array}\right\}\phantom{\rule{3.33333pt}{0ex}}\phantom{\rule{3.33333pt}{0ex}}\mathrm{with}\phantom{\rule{3.33333pt}{0ex}}{\mathrm{t}}_{1}\le {\mathrm{t}}_{2}$.

Thus, a TTP, if deployed, can only communicate with tags $\mathcal{T}$ via readers $\mathcal{R}1$, $\mathcal{R}2$.

## 4. A Wiretap Channel with Positive Secrecy Capacity

To guarantee the privacy of a new owner ${\mathit{Own}}_{n}$ of a tag $\mathcal{T}$ and prevent the previous owner ${\mathit{Own}}_{c}$ from accessing $\mathcal{T}$, ${\mathit{Own}}_{n}$ and $\mathcal{T}$ must agree on a fresh key in the presence of ${\mathit{Own}}_{c}$: that is, with ${\mathit{Own}}_{c}$ a potential eavesdropper. Note that ${\mathit{Own}}_{c}$ has full knowledge of the private keys of $\mathcal{T}$. We shall show that by using Wyner’s wiretap channel [37] with noisy tags, we can achieve positive secrecy.

The fundamental property of the superposition of the wireless medium can be pitted against eavesdropping by using interference at the physical layer to degrade communication. Degrading is implemented via reader-controlled interferers called noisy tags. Noisy tags were first used by Juels et al. [38] to protect consumers from unwanted RFID scanning. Later, Castellucia and Avoine [39] used noisy tags for sharing secret keys, which however only addresses passive adversaries since authentication is not ensured. We shall assume that noisy tags do not present any special features, so any tag can become a noisy tag. If more sophisticated noisy tags are available, then implementations with better performance can obviously be achieved.

We use the following notation: $X,Y,N$ are random variables taking values $x,y,n$ in the alphabets $\mathcal{X},\mathcal{Y},\mathcal{N}$, respectively. Figure 3 depicts our model of a wiretap channel with input alphabets $\mathcal{X},{\mathcal{N}}_{1},\dots ,{\mathcal{N}}_{{n}_{T}}$, output alphabet $\mathcal{Y}$ and transition probabilities $p\left(y\right|x,{n}_{1},\dots ,{n}_{{n}_{T}})$.

Tag $\mathcal{T}$ transmits the message S (coded as X) to the new owner ${\mathit{Own}}_{n}$ (the intended receiver) with the help of ${n}_{T}$ noisy tags, in the presence of the current owner ${\mathit{Own}}_{c}$, who acts as a passive eavesdropper. The wiretap channel can be seen as a stochastic encoder of X with output alphabet $\mathcal{Y}$. The variable Y is input to the maximum a posteriori probability (MAP) estimators of ${\mathit{Own}}_{n}$ and ${\mathit{Own}}_{c}$, but while ${\mathit{Own}}_{c}$ only knows the value of Y, ${\mathit{Own}}_{n}$ also knows the values of the inputs ${N}_{1},\dots ,{N}_{{n}_{T}}$. Thus, if we assume the wireless medium is noiseless, then the estimate $S=s$ of ${\mathit{Own}}_{n}$ is correct, while the estimate $\overline{S}=\overline{s}$ of ${\mathit{Own}}_{c}$ is degraded by the stochastic encoder. This degradation can be quantified by the conditional entropy $H\left(X\right|Y)$.

$$H\left(X\right|Y)=\sum _{j=0}^{\left|\mathcal{X}\right|-1}\sum _{k=0}^{\left|\mathcal{Y}\right|-1}-p({x}_{j},{y}_{k})\xb7{log}_{2}p\left({x}_{j}\right|{y}_{k})$$

The capacity of the eavesdropper channel (${\mathit{Own}}_{c}$’s) is defined as ${C}_{eav}=H\left(X\right)-H\left(X\right|Y)$. The secrecy capacity for the wiretap model is ${C}_{s}={C}_{\mathit{main}}-{C}_{eav}$, where ${C}_{\mathit{main}}$ is the capacity of the main channel (${\mathit{Own}}_{n}$’s). In the noiseless case, we have ${C}_{\mathit{main}}=H\left(X\right)$, and therefore, the secrecy capacity coincides with the conditional entropy of the eavesdropper ${C}_{s}=H\left(X\right|Y)$, while the analysis of secrecy reduces to the eavesdropper’s channel. In general, the more degraded the wiretap channel, the higher the secrecy capacity. We assume for this analysis that the adversary cannot identify the source of each message via signal characteristics (fingerprints, level power, phase shifts, etc.). This implies that tags should be close and implement the same modulation alphabet; i.e., ${\mathcal{N}}_{j}=\mathcal{X}$, $1\le j\le {n}_{T}$. Possible implementation imperfections, such as delays, signal levels, frequency deviations, etc., should not reveal their origin; i.e., be insignificant or have sufficient randomness. Note that this assumption is implicit in the RFID literature in protocols that address privacy issues: traceability cannot be prevented if tags are physically identified. In this particular case, to prevent an adversary from identifying the target tag, we should guarantee that the tag is close enough to the noisy tags and that it does not present distinguishable imperfections; i.e., insignificant or significant, but changing in every execution. In practice, fortunately, although it is true that no two tags have identical signals, the differences are typically insignificant, making it hard to disambiguate them. As a consequence of the superposition property of the wireless channel, from a theoretical point of view, any modulation can be used (with initial calibration if required), but in practice, some modulations have better features than others. Figure 4 shows a simplified example that uses PPM (pulse position modulation). A bit is encoded by transmitting a pulse in one of two possible time slots. Synchronization between tags is helped by the fact that they share the same reference (reader’s) signal. Perfect synchronization is not necessary: tags may have different delays provided there is no pattern that can be exploited to identify a tag.

If noise and imperfection implementations are not considered, the security of the system relies exclusively on the stochastic encoder. For r-ary input alphabets $\mathcal{X}\text{}=\text{}\{{x}_{0},{x}_{1},...,{x}_{r-1}\}$, with $p\left({x}_{i}\right)\text{}=\text{}1/r$, $0\text{}\le \text{}i\text{}\le \text{}r\text{}-\text{}1$, the output alphabet is $\mathcal{Y}\text{}=\text{}{\left\{{y}_{i}\right\}}_{i=0}^{\left|\mathcal{Y}\right|-1}$, and the cardinality of $\mathcal{Y}$ (combinations with repetition of r elements taken ${n}_{T}+1$ at a time) and the transition probabilities can be computed as follows:
where ${y}_{{m}_{0}{m}_{1}...{m}_{r-1}}$ is the output symbol resulting from the combination of ${m}_{0}$ symbols ${x}_{0}$, ${m}_{1}$ symbols ${x}_{1}$, and so on, until ${m}_{r-1}$ symbols ${x}_{r-1}$, with ${m}_{0}\text{}+\text{}{m}_{1}\text{}+\text{}...\text{}+\text{}{m}_{r-1}\text{}=\text{}{n}_{T}$.

$$\left|\mathcal{Y}\right|=\left(\begin{array}{c}{n}_{T}+r\\ r-1\end{array}\right)=\left(\begin{array}{c}{n}_{T}+r\\ {n}_{T}+1\end{array}\right),$$

$$p\left({y}_{{m}_{0}{m}_{1}...{m}_{r-1}}\right|{x}_{i})=\frac{1}{{r}^{{n}_{T}}}\left(\begin{array}{c}{n}_{T}\\ {m}_{0}\phantom{\rule{0.166667em}{0ex}}\phantom{\rule{0.166667em}{0ex}}{m}_{1}\phantom{\rule{0.166667em}{0ex}}...\phantom{\rule{0.166667em}{0ex}}{m}_{r-1}\end{array}\right)$$

Particularizing for binary input alphabets ($r\text{}=\text{}2$), $\mathcal{X}\text{}=\text{}\{{x}_{0},{x}_{1}\}$, with $p\left({x}_{0}\right)\text{}=\text{}p\left({x}_{1}\right)\text{}=\text{}0.5$ ($H\left(X\right)=1$), the output alphabet is $\mathcal{Y}\text{}=\text{}{\left\{{y}_{i}\right\}}_{i=0}^{{n}_{T}+1}$, where ${y}_{i}$ is the combination of i symbols ${x}_{0}$ and $({n}_{T}\text{}+\text{}1\text{}-\text{}i)$ symbols ${x}_{1}$. The transition probabilities $p\left({y}_{i}\right|{x}_{j})$ are given by:

$$p\left({y}_{i}\right|{x}_{0})=p\left({y}_{N+1-i}\right|{x}_{1})={2}^{-{n}_{T}}\phantom{\rule{0.166667em}{0ex}}\left(\genfrac{}{}{0pt}{}{{n}_{T}}{i}\right),i=0,\dots ,{n}_{T}+1\phantom{\rule{0.166667em}{0ex}}.$$

${\mathit{Own}}_{c}$’s detector receives ${y}_{i}$ and applies the decoding specified by:
with g the mapping function $g\phantom{\rule{0.166667em}{0ex}}:X\text{}\to \text{}S$.

$$\begin{array}{cc}\phantom{\rule{-2.84526pt}{0ex}}{n}_{T}\text{}\mathrm{even},\overline{s}=\hfill & \left\{\begin{array}{c}\text{}g\left({x}_{0}\right)\text{}\mathrm{if}\text{}i{\displaystyle \frac{{n}_{T}+1}{2}}\hfill \\ \text{}g\left({x}_{1}\right)\text{}\mathrm{otherwise}\hfill \end{array}\right.\hfill \\ {n}_{T}\text{}\mathrm{odd},\overline{s}=\hfill & \left\{\begin{array}{c}\text{}g\left({x}_{0}\right)\text{}\mathrm{if}\text{}i{\displaystyle \frac{{n}_{T}+1}{2}}\hfill \\ \text{}g\left({x}_{1}\right)\text{}\mathrm{if}\text{}i{\displaystyle \frac{{n}_{T}+1}{2}}\hfill \\ \text{}\mathrm{otherwise},\text{}\mathrm{choose\; at\; random}\text{}g\left({x}_{0}\right)\text{}\mathrm{or}\text{}g\left({x}_{1}\right)\hfill \end{array}\right.\hfill \end{array}$$

The error probability, defined as ${p}_{e}\text{}=\text{}Pr\phantom{\rule{0.166667em}{0ex}}[\overline{s}\text{}\ne \text{}s]$, is computed as:
where the last summand is zero when ${n}_{T}$ is even. Figure 5 plots the secrecy capacity ${C}_{s}$ of the wiretap channel, the error probability and Fano’s bound, against the number of noisy tags. Secrecy increases sharply until ${n}_{T}\text{}\approx \text{}5$; as ${n}_{T}\text{}\to \text{}\infty $, the equivocation of the eavesdropper approaches the unconditional source entropy, and we get perfect secrecy: ${lim}_{{n}_{T}\to \infty}H\left(X\right|{Y}^{\left({n}_{T}\right)})\text{}=\text{}H\left(X\right)\text{}=\text{}1$. For ${n}_{T}\text{}=\text{}3$, the secrecy capacity ${C}_{s}\text{}=\text{}H\left(X\right|Y)\text{}=\text{}0.78$ offers a good compromise between features and ease of implementation. The capacity of ${\mathit{Own}}_{c}$’s channel is just ${C}_{eav}\text{}=\text{}0.22$ bits.

$${p}_{e}={2}^{-{n}_{T}}\phantom{\rule{0.166667em}{0ex}}\left(\sum _{i=0}^{\u230a\frac{{n}_{T}}{2}-1\u230b}\left(\genfrac{}{}{0pt}{}{{n}_{T}}{i}\right)\phantom{\rule{0.166667em}{0ex}}+\phantom{\rule{0.166667em}{0ex}}\phantom{\rule{0.166667em}{0ex}}\frac{1}{2}\phantom{\rule{0.166667em}{0ex}}\left(\genfrac{}{}{0pt}{}{{n}_{T}}{\frac{{n}_{T}+1}{2}}\right)\right)\phantom{\rule{0.166667em}{0ex}},$$

## 5. An Ownership Transfer Protocol

We next present an example of an OTP that: (i) works according to the communication model defined in Section 3.2 and (ii) uses a channel with positive secrecy capacity, implemented with noisy tags, to guarantee the privacy of the new owner.

The protocol addresses practical design features, such as (secure) singulation of tags and the interrogator-talks-first requirement (communication must be initiated by the reader), and guarantees that the information stored on the tag coincides with that provided to the new owner (tag assurance [17]). Note also that it complies with the restrictions in Section 3.1 regarding entities’ capabilities. That is, while RFID readers can implement fully-fledged cryptographic tools, RFID tags are restricted to a pseudorandom number generator (PRNG) and a cryptographic (one-way, collision-resistant) hash function $F\text{}:\text{}{\{0,1\}}^{\ast}\text{}\to \text{}{\{0,1\}}^{n}$. The number of inputs is, however, designed to be intentionally low so that it can be more easily adapted to other possible primitives. We assume that identifiers, random numbers and keys all have the same (bit) length n, which is the security parameter of the protocol. We introduce our notation.

$$\begin{array}{cc}\mathit{ID}\hfill & \text{identifying information of}\mathcal{T}.\hfill \\ {\mathit{Info}}_{\mathit{ID}}\hfill & \mathrm{hash\; of\; the\; manufacturer\; information}.\hfill \\ \mathcal{R}1,\text{}\mathcal{R}2\hfill & \text{readers of}{\mathit{Own}}_{c}\mathrm{and}{\mathit{Own}}_{n}\mathrm{respectively}.\hfill \\ \mathit{IDR}1,\mathit{IDR}2\hfill & \mathrm{identifiers\; for}\mathcal{R}1\mathrm{and}\mathcal{R}2\mathrm{respectively}.\hfill \\ {s}_{1}\hfill & \mathrm{key\; that}\mathcal{T}\mathrm{shares\; with}\mathcal{R}1.\hfill \\ {s}_{2}\hfill & \mathrm{key\; that}\mathcal{T}\mathrm{shares\; with}\mathcal{R}2.\hfill \\ \overline{{s}_{2}}\hfill & \mathrm{key\; that}\mathcal{T}\mathrm{eventually\; shares\; with}\mathcal{R}2.\hfill \\ {N}_{\mathcal{T}},\text{}{N}_{\mathcal{T}}^{\prime}\hfill & \mathrm{random\; numbers\; generated\; by}\mathcal{T}.\hfill \\ {N}_{\mathcal{R}1}\hfill & \mathrm{random\; number\; generated\; by}\mathcal{R}1.\hfill \\ {N}_{\mathcal{R}2},\text{}{N}_{\mathcal{R}2}^{\prime}\hfill & \mathrm{random\; numbers\; generated\; by}\mathcal{R}2.\hfill \\ {\mathcal{T}}_{t}^{\ast}\hfill & \mathrm{the}t\mathrm{noisy\; tag},\mathrm{with}1\text{}\le \text{}t\text{}\le \text{}{n}_{T}.\hfill \\ {s}_{t}^{\ast}\hfill & \mathrm{the\; key\; that\; the}{\mathcal{T}}_{t}^{\ast}\mathrm{shares\; with}\mathcal{R}2.\hfill \end{array}$$

#### 5.1. The Ownership Transfer Protocol, Figure 6

Initialization

- 1.
- Initially, each owner knows for each tag $\mathit{ID}$ its information and private key ${s}_{1}$. Likewise, each tag stores, along with its identifier $\mathit{ID}$ and ${\mathit{Info}}_{\mathit{ID}}$, the identifier of its owner $\mathit{IDR}1$ and the private key. $\mathcal{R}1,\text{}\mathcal{R}2$ agree to transfer ownership of tag $\mathcal{T}$ with identifier $\mathit{ID}$. $\mathcal{R}1$ sends (secure channel) $\mathcal{R}2$ manufacturer information about the tag (${\mathit{Info}}_{\mathit{ID}}$ when hashed).$$\mathcal{R}1\text{}\Rightarrow \text{}\mathcal{R}2\text{}:\text{}\mathit{ID},\text{}\mathrm{manufacturer\; information}$$

Setup for Ownership Transfer

- 2.
- $\mathcal{R}1$ regularly broadcasts $Query$ messages to detect the presence of tags.$$\mathcal{R}1\text{}\to \text{}\mathrm{tags}:Query$$
- 3.
- When $\mathcal{T}$ receives a $Query$ (presumably because it is within the range of $\mathcal{R}1$), it selects a random nonce ${N}_{\mathcal{T}}$ and sends:$$\mathcal{T}\text{}\to \text{}\mathcal{R}1\text{}:\text{}F({N}_{\mathcal{T}},{s}_{1}),\text{}{N}_{\mathcal{T}}$$
- 4.
- $\mathcal{R}1$ searches for a pair $(ID,s)$ in its database to get a match. If there is no match, then the process is repeated from Step 2. Otherwise, $\mathcal{T}$ is singulated: $\mathcal{R}1$ selects a random nonce ${N}_{\mathcal{R}1}$ and a request OTR and sends:$$\mathcal{R}1\text{}\to \text{}\mathcal{T}\text{}:\text{}\mathit{OTR},\mathit{IDR}1,\mathit{IDR}2,F({s}_{1},{N}_{\mathcal{T}}),{N}_{\mathcal{R}1}$$
- 5.
- $\mathcal{T}$ checks $F({s}_{1},{N}_{\mathcal{T}})$ to authenticate $\mathcal{R}1$. $\mathcal{T}$ does not reply if there is no match. Otherwise, it computes ${s}^{\prime}\text{}=\text{}F({N}_{\mathcal{T}},{N}_{\mathcal{R}1},{s}_{1})$, saves $[\mathit{IDR}2$, ${s}^{\prime}]$, until the protocol completes or a new command from $\mathcal{R}1$ is received and replies with:$$\mathcal{T}\text{}\to \text{}\mathcal{R}1\text{}:\text{}F({N}_{\mathcal{R}1},{s}_{1})$$
- 6.
- If this message is not received correctly by $\mathcal{R}1$ after a period of time, the protocol is repeated from Step 2 ($\mathcal{T}$ will replace the stored values $\mathit{IDR}2,{s}^{\prime}$). Otherwise, $\mathcal{R}1$ computes ${s}^{\prime}\text{}=\text{}F({N}_{\mathcal{T}},{N}_{\mathcal{R}1},{s}_{1})$ and confirms (secure channel) to $\mathcal{R}2$ that $\mathcal{T}$ is ready to be transferred:$$\mathcal{R}1\text{}\Rightarrow \text{}\mathcal{R}2\text{}:\text{}\mathit{ID}\phantom{\rule{4.pt}{0ex}}\mathrm{is}\phantom{\rule{4.pt}{0ex}}\mathrm{ready},{s}^{\prime}$$

Ownership Transfer

- 7.
- If $\mathcal{R}2$ receives $\mathcal{R}1$’s confirmation, then it is ready to take ownership of $\mathcal{T}$. $\mathcal{R}2$ computes ${s}_{2}\text{}=\text{}F({s}^{\prime},{\mathit{Info}}_{\mathit{ID}})$ and broadcasts regularly $Query$ messages.$$\mathcal{R}2\text{}\to \text{}\mathrm{tags}:Query$$
- 8.
- When $\mathcal{T}$ receives a $Query$, it selects a random nonce ${N}_{\mathcal{T}}^{\prime}$ and sends:$$\mathcal{T}\text{}\to \text{}\mathcal{R}2\text{}:\text{}F({N}_{\mathcal{T}}^{\prime},{s}_{2}),{N}_{\mathcal{T}}^{\prime}$$
- 9.
- If $\mathcal{T}$ is singulated, then $\mathcal{R}2$ selects a fresh random number ${N}_{\mathcal{R}2}$ and sends:$$\mathcal{R}2\text{}\to \text{}\mathcal{T}\phantom{\rule{-0.166667em}{0ex}}:F({s}_{2},{N}_{\mathcal{T}}^{\prime}),{N}_{\mathcal{R}2}$$
- 10.
- $\mathcal{T}$ checks this message for ${s}_{2}$, and if not correct, for ${s}_{1}$ (and waits for new commands). It does not reply if this is not correct. If $\mathcal{R}2$ is authenticated, $\mathcal{T}$ updates the stored values $(\mathit{IDR}1,{s}_{1})$ to $(\mathit{IDR}2,{s}_{2})$. These values determine tag ownership. $\mathcal{T}$ acknowledges this by sending:$$\mathcal{T}\text{}\to \text{}\mathcal{R}2:F({N}_{\mathcal{R}2},{s}_{2})$$
- 11.
- If the received message is not correct, the protocol is repeated from Step 7. Otherwise, $\mathcal{R}2$ executes the key update protocol in Section 5.2 to prevent $\mathcal{R}1$ from accessing $\mathcal{T}$.

#### 5.1.1. Analysis

In the Appendix A, we shall use GNY logic [12], which extends the Burrows–Abadi–Needham (BAN) logic (overcoming some of its problems [13,14]), to show the consistency of the assumptions with respect to the source message, as well as the beliefs of the sender and receiver of messages. Principals can only advance their beliefs and increase their possessions based on the physical content of the messages they receive. We use strand spaces [15] to show correctness by excluding vulnerabilities based on the structure of the protocol. Strand spaces use free encryption algebra to detect faults that exploit relations in this algebra. Below, we discuss the most important security properties informally.

- 1
- Untraceable singulation: Replies to $Query$’s (Step 2, Step 7) have the same format and include a nonce selected by the tag. This prevents tag tracing, since messages look random to anyone who does not know the secret key.
- 2
- The privacy of ${\mathit{Own}}_{c}$ is guaranteed because the key ${s}_{1}$ remains unknown to the new owner ${\mathit{Own}}_{n}$. Indeed, if ${\mathit{Own}}_{n}$ can compute ${s}_{1}$ given the values: ${s}^{\prime}$, ${N}_{\mathcal{T}}$ and ${N}_{\mathcal{R}1}$, then ${\mathit{Own}}_{n}$ can also find the F-preimage of ${s}^{\prime}$, which contradicts the assumption that F is one-way.
- 3
- Forward secrecy: Suppose the adversary succeeds in getting the new key ${s}_{2}$ of a tag. The privacy of the prior communications is guaranteed, as in the previous case, because to get ${s}_{1}$ from ${s}_{2}$, one has to invert F.
- 4
- The privacy of ${\mathit{Own}}_{n}$ is achieved by using the key update protocol in Section 5.2.
- 5
- Tag assurance: ${\mathit{Info}}_{\mathit{ID}}$ is the hash of manufacturer information about the tag. The collision resistance of hash functions prevents the adversary from finding another message (pre-image) ${\mathit{Info}}_{\mathit{ID}}^{\prime}$ with the same hash to forge the information given by the manufacturer. The use of ${\mathit{Info}}_{\mathit{ID}}$ to compute ${s}_{2}$ guarantees that the information provided by ${\mathit{Own}}_{c}$ to ${\mathit{Own}}_{n}$ matches with the information stored by $\mathcal{T}$. Note, however, that cloned tags and corruptible memories are beyond this security feature (cf. [17]).

#### 5.2. A Key Update Protocol, Figure 7

The parties are: the reader $\mathcal{R}2$, tag $\mathcal{T}$ and ${n}_{T}$ noisy tags ${\mathcal{T}}_{t}^{\ast}$, $1\text{}\le \text{}t\le {n}_{T}$. $\mathcal{R}2$ shares with $\mathcal{T}$ a private key ${s}_{2}$ and with each ${\mathcal{T}}_{t}^{\ast}$ a private key ${s}_{t}^{\ast}$. In this protocol, $\mathcal{T}$ updates privately the key ${s}_{2}$ with a fresh key ${\overline{s}}_{2}$.

- 1
- $\mathcal{R}2$ broadcasts a key change request (KCR) with a random nonce ${N}_{\mathcal{R}2}^{\prime}$.$$\mathcal{R}2\phantom{\rule{0.166667em}{0ex}}\to \phantom{\rule{0.166667em}{0ex}}\mathcal{T},\phantom{\rule{0.166667em}{0ex}}{\left\{{\mathcal{T}}_{t}^{\ast}\right\}}_{t=1}^{{n}_{T}}:\phantom{\rule{0.166667em}{0ex}}\mathit{KCR},{N}_{\mathcal{R}2}^{\prime}$$
- 2
- Upon receiving this, $\mathcal{T}$ and ${\mathcal{T}}_{t}^{\ast}$ generate bitstrings S and ${S}_{t}^{\ast}$ of length $n/{C}_{s}$ and broadcast these simultaneously (as specified in Section 4): S is a random number, and ${S}_{t}^{\ast}={F}^{\ast}({N}_{\mathcal{R}2}^{\prime},{s}_{t}^{\ast})$, where ${F}^{\ast}$ is a cryptographic hash function of length $n/{C}_{s}$. Note that ${F}^{\ast}$ could be built from F; for example, for ${C}_{s}=0.5$, ${F}^{\ast}(A,B)=F(A,B)\left|\right|F(A+1,B)$, where $\left|\right|$ denotes concatenation.$$\mathcal{T},\phantom{\rule{0.166667em}{0ex}}{\left\{{\mathcal{T}}_{t}^{\ast}\right\}}_{t=1}^{{n}_{T}}\phantom{\rule{0.166667em}{0ex}}\to \phantom{\rule{0.166667em}{0ex}}\mathcal{R}2:\phantom{\rule{0.166667em}{0ex}}S\phantom{\rule{4.pt}{0ex}}\mathrm{and}\phantom{\rule{4.pt}{0ex}}{\left\{{S}_{t}^{\ast}\right\}}_{t=1}^{{n}_{T}}$$
- 3
- $\mathcal{R}2$ receives the added signals of S and ${\left\{{S}_{t}^{\ast}\right\}}_{t=1}^{{n}_{T}}$, extracts S, computes ${\overline{s}}_{2}=F({N}_{\mathcal{R}2}^{\prime},S,{s}_{2})$ and broadcasts $F(S,{\overline{s}}_{2})$.$$\mathcal{R}2\phantom{\rule{0.166667em}{0ex}}\to \phantom{\rule{0.166667em}{0ex}}\mathcal{T},\phantom{\rule{0.166667em}{0ex}}{\left\{{\mathcal{T}}_{t}^{\ast}\right\}}_{t=1}^{{n}_{T}}:\phantom{\rule{0.166667em}{0ex}}F(S,{\overline{s}}_{2})$$
- 4
- $\mathcal{T}$ computes ${\overline{s}}_{2}=F({N}_{\mathcal{R}2}^{\prime},S,{s}_{2})$ and checks that the message from $\mathcal{R}2$ is correct. If so, $\mathcal{T}$ updates its private key ${s}_{2}$ to ${\overline{s}}_{2}$.$$\mathcal{T}\to \mathcal{R}2:F({N}_{\mathcal{R}2}^{\prime},{\overline{s}}_{2})$$
- 5
- $\mathcal{R}2$ checks the received message. If correct, the key update protocol (KUP) is completed, and $\mathcal{R}2$ informs $\mathcal{R}1$. Otherwise, $\mathcal{R}2$ sends a new $Query$ and checks if $\mathcal{T}$ has updated its key. If not, the KUP is repeated.$$\mathcal{R}2\Rightarrow \mathcal{R}1:\mathrm{Ownership}\phantom{\rule{4.pt}{0ex}}\mathrm{is}\phantom{\rule{4.pt}{0ex}}\mathrm{transferred}.$$

#### 5.3. Analysis

Attacks by external adversaries on the KUP can target privacy (traceability) or availability (de-synchronization). These are prevented by the wiretap channel with positive secrecy and a cryptographic hash function that authenticates messages. More specifically:

Traceability: $\mathcal{T}$ remains untraceable because the exchanged messages look random to anyone who does not know ${s}_{2}$.

De-synchronization: The adversary cannot compute $F({N}_{\mathcal{R}2}^{\prime},{\overline{s}}_{s})$ or $F(S,{\overline{s}}_{2})$, that are required by parties to update their keys, without knowing ${s}_{2}$.

The protection extends to threats from past and future owners of $\mathcal{T}$. For example, even if $\mathcal{R}1$ knows ${s}_{1}$ and can get ${s}_{2}$, $\mathcal{R}1$ does not know the keys ${s}_{t}^{\ast}$ of the noisy tags and, therefore, cannot filter out ${S}_{t}^{\ast}$ to get S and compute ${\overline{s}}_{2}$. In particular, $\mathcal{R}1$ knows ${C}_{eav}\xb7n/{C}_{s}=(1-{C}_{s})\xb7n/{C}_{s}$ bits of S, but the remaining n bits remain unknown. Thus, once the KUP is completed, $\mathcal{R}1$ has no control over the tag $\mathcal{T}$ and cannot trace it.

## 6. Conclusions

Cryptographic protection is usually handled at the application layer and cannot exploit signal features at the physical layer, which restricts its scope. We have shown in this paper that backward privacy of an OTP can be guaranteed with the use of channels with positive secrecy capacity. The implementation of such channels with noisy tags has been analyzed and the value ${n}_{T}=3$, for which the capacity of the eavesdropper’s channel is only ${C}_{eav}=0.22$ bits, provides a good compromise between performances and the ease of implementation. We also defined a communication model for RFID ownership transfer that captures spatiotemporal requirements. Protocols defined in this model can be applied to a wider range of practical scenarios. Finally, we have presented the first example of a symmetric-key OTP that does not require a TTP or ISE and formally proved that it is correct and secure in this model.

## Acknowledgments

This material is based in part upon work supported by: (a) the National Science Foundation under Grant Numbers CNS 1347113, DGE 1538850, 1565215 and DUE 1241525, and (b) the Spanish MINECO and FEDER under project TEC2014-54110-R. Funds for covering the costs to publish in open access come from these grants.

## Author Contributions

All authors contributed equally to this work.

## Conflicts of Interest

The authors declare no conflict of interest.

## Appendix A. Protocol Analysis

Because of space limitations, we only show here the consistency and correctness of the ownership transfer (OT) subprotocol in Section 5.1 (Flow 7–Flow 10). The analysis for the first part is similar.

#### Appendix A.1. GNY Logic

In Figure A1, we present the notation we shall use: $P,Q,\dots $ are protocol parties (principals); $X,Y,\dots $ are formulae; and s is a key. The conjunction $(X,Y)$ is also a formula.

Initial assumptions: At the beginning of each run of the OT subprotocol, we assume that parties $\mathcal{T}$ and $\mathcal{R}2$: (i) believe (trust) each other: $\mathcal{T}\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \mathcal{R}2\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \mathcal{T}$; (ii) believe that the secret ${s}_{2}$ to be shared between them is suitable: $\mathcal{T}\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \left(\mathcal{T}\stackrel{{s}_{2}}{\leftrightarrow}\mathcal{R}2\right)$ and $\mathcal{R}2\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \left(\mathcal{T}\stackrel{{s}_{2}}{\leftrightarrow}\mathcal{R}2\right)$; and (iii) believe in the jurisdiction of $\mathcal{R}1$ over the secret ${s}_{2}$: $\mathcal{T}\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \mathcal{R}1\mid \phantom{\rule{-0.28453pt}{0ex}}\Rightarrow \left(\mathcal{T}\stackrel{{s}_{2}}{\leftrightarrow}\mathcal{R}2\right)\text{}\mathrm{and}\text{}\mathcal{R}2\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \mathcal{R}1\mid \phantom{\rule{-0.28453pt}{0ex}}\Rightarrow \left(\mathcal{T}\stackrel{{s}_{2}}{\leftrightarrow}\mathcal{R}2\right).$ In addition, each party possesses the secret key ${s}_{2}$ and a fresh nonce: $\mathcal{T}\ni {s}_{2},\phantom{\rule{0.166667em}{0ex}}\mathcal{T}\ni {N}_{\mathcal{T}}^{\prime},\phantom{\rule{0.166667em}{0ex}}\mathcal{T}\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \u266f{N}_{\mathcal{T}}^{\prime},\phantom{\rule{0.166667em}{0ex}}\mathcal{R}2\ni {s}_{2}$ $\mathrm{and}\mathcal{R}2\ni {N}_{\mathcal{R}2}$, $\mathcal{R}2\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \u266f{N}_{\mathcal{R}2}\phantom{\rule{0.166667em}{0ex}}.$ Finally, $\mathcal{T}$ believes that $({s}_{2},{N}_{\mathcal{T}}^{\prime})$ is recognizable, and $\mathcal{R}2$ believes that $({N}_{\mathcal{T}}^{\prime},{s}_{2})$ and $({N}_{\mathcal{R}2},{s}_{2})$ are recognizable: $\mathcal{T}\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \varphi ({s}_{2},{N}_{\mathcal{T}}^{\prime}),\phantom{\rule{0.166667em}{0ex}}\mathcal{R}2\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \varphi ({N}_{\mathcal{T}}^{\prime},{s}_{2})\phantom{\rule{0.166667em}{0ex}}and\phantom{\rule{0.166667em}{0ex}}\mathcal{R}2\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \varphi ({N}_{\mathcal{R}2},{s}_{2}).$

The goal of the OT subprotocol is for $\mathcal{R}2$ and $\mathcal{T}$ to exchange the key ${s}_{2}$. The GNY logic parses the description of protocols for formal reasoning. A formalized description of the OT subprotocol is presented in Figure A2.

In this, Flows 8, 9 and 10 include message extensions ($\cdots \u21ddX$) that are assumed assumptions. To prove consistency, we must show that on completion of the subprotocol, the following formulae can be deduced: $\mathcal{T}\ni {s}_{2}$, $\mathcal{T}\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \left(\mathcal{T}\stackrel{{s}_{2}}{\leftrightarrow}\mathcal{R}2\right)$, $\mathcal{T}\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \mathcal{R}2\ni {s}_{2}$, $\mathcal{R}2\ni {s}_{2}$, $\mathcal{R}2\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \left(\mathcal{T}\stackrel{{s}_{2}}{\leftrightarrow}\mathcal{R}2\right)$, $\mathcal{R}2\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \mathcal{T}\ni {s}_{2}$.

Four of these are initial assumptions. Therefore, we only need to show the formulae:

$$\mathcal{T}\phantom{\rule{0.166667em}{0ex}}\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \phantom{\rule{0.166667em}{0ex}}\mathcal{R}2\phantom{\rule{0.166667em}{0ex}}\ni \phantom{\rule{0.166667em}{0ex}}{s}_{2}\phantom{\rule{0.56905pt}{0ex}},\phantom{\rule{2.84544pt}{0ex}}\phantom{\rule{0.166667em}{0ex}}\mathrm{and}$$

$$\mathcal{R}2\phantom{\rule{0.166667em}{0ex}}\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \phantom{\rule{0.166667em}{0ex}}\mathcal{T}\phantom{\rule{0.166667em}{0ex}}\ni \phantom{\rule{0.166667em}{0ex}}{s}_{2}.$$

For this purpose, we use the deduction rules of GNY logic. A deduction rule consists of a set of premises ${P}_{1},\dots ,{P}_{n}$ and a conclusion C, written: $\frac{{P}_{1},\phantom{\rule{0.166667em}{0ex}}\dots \phantom{\rule{0.166667em}{0ex}},{P}_{n}}{C}$. In Figure A3, we list the rules that we shall use to deduce formulae: $f\left(X\right)$ and $h\left(X\right)$ are computationally feasible functions of X, with $h\left(X\right)$ a one-way function.

To show that Formulas (A1) and (A2) can be deduced from protocol assumptions and transmitted messages, we analyze below the parsed OT subprotocol in Figure A2.

- 7.
- No belief or possession can be derived from this message.
- 8.
- Apply the being-told rule T1 and the possession rule P1 to $\mathcal{R}2\phantom{\rule{0.166667em}{0ex}}\u25c3\phantom{\rule{0.166667em}{0ex}}\ast {N}_{\mathcal{T}}^{\prime}$ to get $\mathcal{R}2\ni {N}_{\mathcal{T}}^{\prime}$. Apply the recognizability rule R5 to the initial assumptions $\mathcal{R}2\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \varphi \left({\mathit{N}}_{\mathcal{T}}^{\prime},{\mathit{s}}_{2}\right)$ to get that $\mathcal{R}2$ recognizes $\mathcal{T}$. No postulate enables us to further derive new beliefs or possessions from this message. In particular, we cannot derive the freshness of the message.
- 9.
- Apply rules T1 and P1 to $\mathcal{T}\u25c3\ast {N}_{\mathcal{R}2}$ to get $\mathcal{T}\ni {N}_{\mathcal{R}2}$. Apply the freshness rule F1 to the initial assumptions $\mathcal{T}\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \u266f{N}_{\mathcal{T}}^{\prime}$, $\varphi ({s}_{2},{N}_{\mathcal{T}}^{\prime})$ to get $\mathcal{T}\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \u266f({s}_{2},{N}_{\mathcal{T}}^{\prime})$. Apply the interpretation rule I3 to: the previous result, $\mathcal{T}\u25c3\ast \phantom{\rule{0.166667em}{0ex}}F({s}_{2},{N}_{\mathcal{T}}^{\prime})$ and the initial assumptions $\mathcal{T}\ni ({s}_{2},{N}_{\mathcal{T}}^{\prime})$ and $\mathcal{T}\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \left(\mathcal{T}\stackrel{{s}_{2}}{\leftrightarrow}\mathcal{R}2\right)$, to get $\mathcal{T}\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \mathcal{R}2\mid \phantom{\rule{-0.28453pt}{0ex}}\sim {s}_{2}$. Now, apply rule I6 to get Formula (A1): $\mathcal{T}\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \mathcal{R}2\ni {s}_{2}$.
- 10.
- Apply the freshness rule F1 to the initial assumptions $\mathcal{R}2\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \u266f{N}_{\mathcal{R}2}^{\prime}$, $\varphi ({N}_{\mathcal{R}2}^{\prime},{s}_{2})$ to get $\mathcal{R}2\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \u266f({N}_{\mathcal{R}2}^{\prime},{s}_{2})$. Apply rule I3 to: the previous result, $\mathcal{R}2\u25c3\ast \phantom{\rule{0.166667em}{0ex}}F({N}_{\mathcal{R}2}^{\prime},{s}_{2})$ and the initial assumptions $\mathcal{R}2\ni ({N}_{\mathcal{R}},{s}_{2})$ and $\mathcal{R}2\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \left(\mathcal{T}\stackrel{{s}_{2}}{\leftrightarrow}\mathcal{R}2\right)$, to get $\mathcal{R}2\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \mathcal{T}\mid \phantom{\rule{-0.28453pt}{0ex}}\sim {s}_{2}$. Now, apply rule I6 to get Formula (A2): $\mathcal{R}2\mid \phantom{\rule{-0.28453pt}{0ex}}\equiv \mathcal{T}\ni {s}_{2}$.

It follows that the OT subprotocol is consistent. In particular,

- (a)
- Possession consistency: transmitted messages only include formulae that the sender possesses;
- (b)
- Belief consistency: message extensions include only beliefs held by the sender at the time he/she sends the message.

Strand spaces: We next show the correctness of the OT subprotocol using strand spaces [12,15]. To simplify the analysis, we remove Flow 7, which does not provide any cryptographic information.

A strand space Σ is a collection of strands and a graph generated by a causality relation. A strand s is a sequence of events that represent either a protocol execution by a legitimate party (principal) or a sequence of actions by a penetrator. We refer to the messages that can be exchanged between the principals as terms of the strand. In a protocol, principals can either send or receive terms, and this is represented with a positive or a negative sign, respectively. We write $a\u228fb$ if a is a subterm of b. The trace $\mathrm{tr}\left(s\right)$ of a strand is the sequence of its signed terms. A node of Σ is a pair $n=\langle s,i\rangle $, with $s\in \mathsf{\Sigma}$, $1\le i\le \mathrm{length}\left(\mathrm{tr}\right(s\left)\right)$. The set of nodes is denoted by $\mathcal{N}$. We say that node $n=\langle s,i\rangle $ belongs to strand s. $\mathrm{term}\left(n\right)$ is the i-th signed term $\mathrm{tr}{\left(s\right)}_{i}$ of s.

We write ${n}_{1}\prec {n}_{2}$ to indicate that ${n}_{1}$ precedes ${n}_{2}$ in a strand (not necessarily immediately). An unsigned term t occurs in n iff $t\u228f\mathrm{term}\left(n\right)$; n is an entry point for a set of terms $I\subset T$ iff (if and only if) term $\left(n\right)=+t$ for some $t\in I$, and whenever ${n}^{\prime}\prec n$, then term $\left({n}^{\prime}\right)\notin I$. An unsigned term t originates on n iff n is an entry point for $I=\{{t}^{\prime}:t\u228f{t}^{\prime}\}$. t is uniquely originating iff t originates at a unique $n\in \mathcal{N}$. A bundle is a portion of a strand space that consists of strands of a protocol session that are hooked together, where one strand sends a message and the other receives the same message. For a protocol to be correct, each such bundle must contain one strand for each one of the legitimate principals participating in a session, with all parties agreeing on nonces and session keys. The penetrator (adversary) has a set of keys ${\mathsf{K}}_{\mathcal{P}}$ (shared with accomplices or “lost”) and a set of penetrator traces $\mathcal{P}$ that model her/his capabilities. Penetration traces typically require hooking several atomic traces. In Figure A4, we list the atomic penetrator traces we shall consider [12]. A protocol attack is captured by combining penetrator traces with protocol strands.

**Definition**

**A1.**

$(\mathsf{\Sigma},\mathcal{P})$ is an infiltrated strand space if Σ is a strand space and $\mathcal{P}\subset \mathsf{\Sigma}$ is such that tr(p) is a penetrator trace for all $p\in \mathcal{P}$

**Definition**

**A2.**

An infiltrated strand space $(\mathsf{\Sigma},\mathcal{P})$ is an OTP space if Σ has three kinds of strands:

- Step 1.
- Penetrator strands $s\in \mathcal{P}$
- Step 2.
- Initiator strands $s\in Init[\mathcal{T},\mathcal{R}2,{N}_{\mathcal{T}}^{\prime},{N}_{\mathcal{R}2}^{\prime}]$ defined by:$$\langle +(F({N}_{\mathcal{T}}^{\prime},{s}_{2}),{N}_{\mathcal{T}}^{\prime}),-(F({s}_{2},{N}_{\mathcal{T}}^{\prime}),{N}_{\mathcal{R}2}^{\prime}),+F({N}_{\mathcal{R}2}^{\prime},{s}_{2})\rangle ,$$
- Step 3.
- Responder strands $s\in Resp[\mathcal{T},\mathcal{R}2,{N}_{\mathcal{T}}^{\prime},{N}_{\mathcal{R}2}^{\prime}]$, defined by:$$\langle -(F({N}_{\mathcal{T}}^{\prime},{s}_{2}),{N}_{\mathcal{T}}^{\prime}),+(F({s}_{2},{N}_{\mathcal{T}}^{\prime}),{N}_{\mathcal{R}2}^{\prime}),-F({N}_{\mathcal{R}2}^{\prime},{s}_{2})\rangle ,$$

(A) Agreement: the responder’s guarantee:

**Proposition**

**A1.**

Suppose that: $(\mathsf{\Sigma},\mathcal{P})$ is an OTP space, $\mathcal{C}$ a bundle of Σ, $s\in Resp[\mathcal{T},\mathcal{R}2,{N}_{\mathcal{T}}^{\prime},{N}_{\mathcal{R}2}^{\prime}]$, ${s}_{2}\notin {\mathsf{K}}_{\mathcal{P}}$ and ${N}_{\mathcal{T}}^{\prime}\ne {N}_{\mathcal{R}2}$ with ${N}_{\mathcal{R}2}$ uniquely originating in Σ. Then, $\mathcal{C}$ contains an initiator strand $t\in Init[\mathcal{T},\mathcal{R}2,{N}_{\mathcal{T}}^{\prime},{N}_{\mathcal{R}2}]$.

**Proof.**

We prove this using four lemmas. Let ${n}_{0}$ be the node $\langle s,2\rangle $ (the second node of the reader) that outputs the term ${v}_{0}=(F({s}_{2},{N}_{\mathcal{T}}^{\prime}),\phantom{\rule{0.166667em}{0ex}}{N}_{\mathcal{R}2})$ and ${n}_{3}$ the node $\langle s,3\rangle $ that receives the term ${v}_{3}=F({N}_{\mathcal{R}2},{s}_{2})$. Two additional nodes ${n}_{1},{n}_{2}$ such that ${n}_{0}\prec {n}_{1}\prec {n}_{2}\prec {n}_{3}$ will be identified.

**Lemma**

**A1.**

${N}_{\mathcal{R}2}$ originates at node ${n}_{0}$.

**Proof.**

We know that ${N}_{\mathcal{R}2}\u228f{v}_{0}$, and the sign of ${n}_{0}$ is positive. We just need to show that ${N}_{\mathcal{R}2}\phantom{\rule{0.28453pt}{0ex}}\u228f\phantom{\rule{-10.81204pt}{0ex}}/\phantom{\rule{5.12149pt}{0ex}}\langle s,1\rangle $. Since term ($\langle s,1\rangle )=(F({N}_{\mathcal{T}}^{\prime},{s}_{2}),{N}_{\mathcal{T}}^{\prime}$), we only need to check that ${N}_{\mathcal{T}}^{\prime}\ne {N}_{\mathcal{R}2}$, which is a hypothesis, and that ${s}_{2}\ne {N}_{\mathcal{R}2}$, which follows from the stipulation ${N}_{\mathcal{R}2}\notin K$. ☐

The next lemma establishes that the crucial step is taken by a regular strand and not a penetrator strand.

**Lemma**

**A2.**

The set $S=\{n\in \mathcal{C}\phantom{\rule{-4.2679pt}{0ex}}:{v}_{3}\phantom{\rule{-0.166667em}{0ex}}\u228f\phantom{\rule{-0.166667em}{0ex}}term\left(n\right)\phantom{\rule{0.166667em}{0ex}}\phantom{\rule{0.166667em}{0ex}}\wedge \phantom{\rule{0.166667em}{0ex}}\phantom{\rule{0.166667em}{0ex}}\phantom{\rule{0.166667em}{0ex}}{v}_{0}\phantom{\rule{-0.166667em}{0ex}}\u228f\phantom{\rule{-10.81204pt}{0ex}}/\phantom{\rule{5.12149pt}{0ex}}term\left(n\right)\}$ has a $\u2aaf\phantom{\rule{-3.41418pt}{0ex}}-minimal$ node ${n}_{2}$, which is regular and has a positive sign.

**Proof.**

S is non-empty because ${n}_{3}\in \mathcal{C}$; and ${n}_{3}$ contains ${v}_{3}$, but not ${v}_{0}$. Since S is a partially-ordered set (because $\mathcal{C}$ is), it has at least one $\u2aaf\phantom{\rule{-3.41418pt}{0ex}}-minimal$ node ${n}_{2}$, and its sign must be positive. Therefore, we just need to check that ${n}_{2}$ does not lie on a penetrator strand p. For this purpose, we shall examine all of the atomic penetrator traces tr$\left(p\right)$ listed in Figure A4.

- M.
- tr$\left(p\right)=\langle +t\rangle $: Then, ${N}_{\mathcal{R}2}\u228ft$ and ${N}_{\mathcal{R}2}$ originates on t, which is not possible because ${N}_{\mathcal{R}2}$ originates on the regular node ${n}_{0}$ (Lemma A1).
- F.
- tr$\left(p\right)=\langle -g\rangle $: This has no positive nodes.
- T,C
- tr$\left(p\right)=\langle -g,+g,+g\rangle $ or $\langle -g,-h,+gh\rangle $: then, the positive nodes are not minimal occurrences.
- K.
- tr$\left(p\right)=\langle +{K}_{0}\rangle $ with ${K}_{0}\in {K}_{P}$: Since ${v}_{3}\u228f\phantom{\rule{-9.95845pt}{0ex}}/\phantom{\rule{0.56905pt}{0ex}}{K}_{0}$, this case does not apply.
- E.
- tr$\left(p\right)=\langle -{K}_{0},-h,+{\left\{h\right\}}_{{K}_{0}}\rangle $: Suppose ${v}_{3}\u228f{\left\{h\right\}}_{{K}_{0}}$. Then, $h={N}_{\mathcal{R}2}$, ${K}_{0}={s}_{2}$. Thus, there is a node m (the first of this strand) with term ($m)={s}_{2}$. However, ${s}_{2}\notin {\mathsf{K}}_{\mathcal{P}}$, so that this node is regular, but no regular node originates ${s}_{2}$. This contradicts the initial assumption.
- D.
- tr$\left(p\right)=\langle -{K}_{0}^{-1},-{\left\{h\right\}}_{{K}_{0}},+h\rangle $: If the positive node is minimal in S, then ${v}_{0}\u228f\phantom{\rule{-11.38109pt}{0ex}}/\phantom{\rule{6.25958pt}{0ex}}h$ and ${v}_{0}\u228f{\left\{h\right\}}_{{K}_{0}}$. However, because ${v}_{0}\ne {\left\{h\right\}}_{{K}_{0}}$, if ${v}_{0}\u228f{\left\{h\right\}}_{{K}_{0}}$, then ${v}_{0}\u228fh$, which is a contradiction.
- S.
- tr$\left(p\right)=\langle -gh,+g,+h\rangle $: Assume term $\left({n}_{2}\right)=h$ (there is a symmetric case with term $\left({n}_{2}\right)=g$). By the minimality of ${n}_{2}$, ${v}_{0}\u228fgh$. Hence, $g=F({N}_{\mathcal{T}}^{\prime},{s}_{2})$ and $h={N}_{\mathcal{R}2}$. However, then ${v}_{3}\u228f\phantom{\rule{-10.81204pt}{0ex}}/\phantom{\rule{5.12149pt}{0ex}}h$ and ${n}_{2}\notin S$, contradicting the initial assumption.

Therefore, ${n}_{2}$ does not lie on a penetrator strand. ☐

**Lemma**

**A3.**

Node ${n}_{2}$ follows ${n}_{1}$ on the same regular strand t, and term $\left({n}_{1}\right)=(F({s}_{2},{N}_{\mathcal{T}}^{\prime}),{N}_{\mathcal{R}2})$.

**Proof.**

From Lemma A1, we know that ${N}_{\mathcal{R}2}$ originates at ${n}_{0}$, and by assumption, it is unique in Σ. Furthermore, ${n}_{2}\ne {n}_{0}$ since ${v}_{0}\u228f$ term $\left({n}_{0}\right)$ and ${v}_{0}\u228f/$−1.5 mm term $\left({n}_{2}\right)$. Therefore, ${N}_{\mathcal{R}2}$ does not originate at ${n}_{2}$, and there is a node ${n}_{1}$ preceding ${n}_{2}$ on the same strand, such that ${N}_{\mathcal{R}2}\u228f$ term $\left({n}_{1}\right)$. By the minimal property of ${n}_{2}$, ${v}_{0}\u228f$ term $\left({n}_{1}\right)$. However, as no regular node contains a combination as a proper subterm, $\mathrm{term}\left({n}_{1}\right)=(F({s}_{2},{N}_{\mathcal{T}}^{\prime}),{N}_{\mathcal{R}2})$. ☐

**Lemma**

**A4.**

The regular strand t containing ${n}_{1}$ and ${n}_{2}$ is an initiator strand contained in $\mathcal{C}$.

**Proof.**

${n}_{1}$ precedes ${n}_{2}$ in the same strand. Node ${n}_{2}$ is a positive regular node and comes after a node with the form $(F({s}_{2},{N}_{\mathcal{T}}^{\prime}),{N}_{\mathcal{R}2})$. Hence, t is an initiator strand, since a responder strand would only contain a negative node after one of that form. Thus, ${n}_{1}$ and ${n}_{2}$ are the second and the third nodes of t, respectively. ☐

Lemmas A3 and A4 complete the proof of Proposition A1. ☐

**Proposition**

**A2.**

If $(\mathsf{\Sigma},\mathcal{P})$ is an OTP space and ${N}_{\mathcal{T}}^{\prime}$ is uniquely originating in Σ, then there is at most one strand $t\in Init[\mathcal{T},\mathcal{R}2,{N}_{\mathcal{T}}^{\prime},{N}_{\mathcal{R}2}^{\prime}]$ for any $\mathcal{T}$, $\mathcal{R}2$ and ${N}_{\mathcal{R}2}$.

**Proof.**

Let $t\in \mathrm{Init}[\mathcal{T},\mathcal{R}2,{N}_{\mathcal{T}}^{\prime},{N}_{\mathcal{R}2}]$ for $\mathcal{T}$, $\mathcal{R}2$ and ${N}_{\mathcal{R}2}$. Then, $\langle t,1\rangle $ is positive, ${N}_{\mathcal{T}}^{\prime}\u228f\mathrm{term}\langle t,1\rangle $, and ${N}_{\mathcal{T}}^{\prime}$ cannot possibly occur earlier on t. Therefore, ${N}_{\mathcal{T}}^{\prime}$ originates at node $\langle t,1\rangle $. Since ${N}_{\mathcal{T}}^{\prime}$ originates uniquely in Σ, there can be at most one such t. ☐

(B) Agreement: the initiator’s guarantee:

**Proposition**

**A3.**

Suppose that: $({\Sigma},\mathcal{P})$ is an OTP space, $\mathcal{C}$ is a bundle of Σ, $s\in Init[\mathcal{T},\mathcal{R}2,{N}_{\mathcal{T}}^{\prime},{N}_{\mathcal{R}2}]$, ${s}_{2}\notin {\mathsf{K}}_{\mathcal{P}}$ and ${N}_{\mathcal{T}}^{\prime}$ is uniquely originating in Σ. Then, there exists a responder strand $t\in Resp[\mathcal{T},\mathcal{R}2,{N}_{\mathcal{T}}^{\prime},{N}_{\mathcal{R}2}]$.

**Proof.**

Consider the set $\{m\in \mathcal{C}\phantom{\rule{-0.166667em}{0ex}}:F({s}_{2},{N}_{\mathcal{T}}^{\prime})\phantom{\rule{-0.166667em}{0ex}}\u228f\phantom{\rule{-0.166667em}{0ex}}\mathrm{term}\left(m\right)\}$. This is not empty, because it contains $\langle s,2\rangle $, and so, it contains a minimal node ${m}_{0}$. If ${m}_{0}$ lies on a regular strand t, then we can show that $t\in \mathrm{Resp}[\mathcal{T},\mathcal{R}2,{N}_{\mathcal{T}}^{\prime},{N}_{\mathcal{R}2}]$. If instead, ${m}_{0}$ lies on a penetrator strand p, then p should be an E-strand with trace: $\langle -{s}_{2},-{N}_{\mathcal{T}}^{\prime},+F({s}_{2},{N}_{\mathcal{T}}^{\prime})\rangle $, but this contradicts the assumption ${s}_{2}\notin {\mathsf{K}}_{\mathcal{P}}$. ☐

## References

- Van Deursen, T.; Mauw, S.; Radomirovic, S.; Vullers, P. Secure Ownership and Ownership Transfer in RFID Systems; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2009; Volume 5789, pp. 637–654. [Google Scholar]
- Avoine, G. Adversarial Model for Radio Frequency Identification; Technical Report; Swiss Federal Institute of Technology (EPFL); Security and Cryptography Laboratory (LASEC): Lausanne, Switzerland, 2005. [Google Scholar]
- Juels, A.; Weis, S.A. Defining strong privacy for RFID. ACM Trans. Inf. Syst. Secur.
**2009**, 13, 7:1–7:23. [Google Scholar] [CrossRef] - Vaudenay, S. On privacy models for RFID. In ASIACRYPT; Kurosawa, K., Ed.; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2007; Volume 4833, pp. 68–87. [Google Scholar]
- Ng, C.Y.; Susilo, W.; Mu, Y.; Safavi-Naini, R. RFID privacy models revisited. In ESORICS; Jajodia, S., Lpez, J., Eds.; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2008; Volume 5283, pp. 251–266. [Google Scholar]
- Vullers, P. Secure Ownership and Ownership Transfer in RFID Systems. Master’s Thesis, Eindhoven University, Eindhoven, The Netherlands, 2009. [Google Scholar]
- Kapoor, G.; Piramuthu, S. Single RFID Tag Ownership Transfer Protocols. IEEE Trans. Syst. Man Cybern. Part C
**2012**, 42, 164–173. [Google Scholar] [CrossRef] - Osaka, K.; Takagi, T.; Yamazaki, K.; Takahashi, O. An efficient and secure RFID security method with ownership transfer. In Computational Intelligence and Security; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2007; Volume 4456, pp. 778–787. [Google Scholar]
- Sundaresan, S.; Doss, R.; Zhou, W.; Piramuthu, S. Secure ownership transfer for multi-tag multi-owner passive RFID environment with individual-owner privacy. Comput. Commun.
**2015**, 55, 112–124. [Google Scholar] [CrossRef] - Song, B. RFID Tag Ownership Transfer. In Proceedings of the Workshop on RFID Security—RFIDSec’08, Budapest, Hungary, 9–11 July 2008.
- Lei, H.; Cao, T. RFID Protocol Enabling Ownership Transfer to Protect against Traceability and DoS Attacks. In Proceedings of the First International Symposium on Data, Privacy, and E-Commerce, ISDPE ’07, Chengdu, China, 1–3 November 2007; IEEE Computer Society Press: Washington, DC, USA, 2007; pp. 508–510. [Google Scholar]
- Gong, L.; Needham, R.; Yahalom, R. Reasoning about belief in cryptographic protocols. In Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy, Oakland, CA, USA, 7–9 May 1990; IEEE Computer Society Press: Washington, DC, USA, 1990; pp. 234–248. [Google Scholar]
- Boyd, C.; Mao, W. On a limitation of BAN logic. In Advances in Cryptology EUROCRYPT 93; Helleseth, T., Ed.; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 1994; Volume 765, pp. 240–247. [Google Scholar]
- Nessett, D. A critique of the Burrows, Abadi, and Needham logic. Oper. Syst. Rev.
**1990**, 24, 35–38. [Google Scholar] [CrossRef] - Thayer, F.; Herzog, J.; Guttman, J. Strand Spaces: Proving Security Protocols Correct. J. Comput. Secur.
**1999**, 7, 191–230. [Google Scholar] [CrossRef] - Molnar, D.; Soppera, A.; Wagner, D. A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags. In Proceedings of the Workshop on Selected Areas in Cryptography (SAC 2005), Kingston, ON, Canada, 11–12 August 2005.
- Ng, C.Y.; Susilo, W.; Mu, Y.; Safavi-Naini, R. Practical RFID Ownership Transfer Scheme. J. Comput. Secur.
**2011**, 19, 319–341. [Google Scholar] [CrossRef] - Saito, J.; Imamoto, K.; Sakurai, K. Reassignment Scheme of an RFID Tag’s Key for Owner Transfer. In EUC Workshops; Enokido, T., Yan, L., Xiao, B., Kim, D., Dai, Y.-S., Yang, L.T., Eds.; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2005; Volume 3823, pp. 1303–1312. [Google Scholar]
- Avoine, G.; Dysli, E.; Oechslin, P. Reducing time complexity in RFID systems. In Proceedings of the 12th International Conference on Selected Areas in Cryptography (SAC 2005), Kingston, ON, Canada, 11–12 August 2005.
- Soppera, A.; Burbridge, T. Secure by default: The RFID acceptor tag (RAT). In Proceedings of the Workshop on RFID Security—RFIDSec’06, Graz, Austria, 12–14 July 2006.
- Osaka, K.; Takagi, T.; Yamazaki, K.; Takahashi, O. An efficient and secure RFID security method with ownership transfer. In Proceedings of the 2006 International Conference on Computational Intelligence and Security, Guangzhou, China, 3–6 November 2006; pp. 1090–1095.
- Chen, H.-B.; Lee, W.-B.; Zhao, Y.-H.; Chen, Y.-L. Enhancement of the RFID security method with ownership transfer. In Proceedings of the 3rd International Conference on Ubiquitous Information Management and Communication, ICUIMC ’09, Suwon, Korea, 15–16 January 2009.
- Jappinen, P.; Hamalainen, H. Enhanced RFID security method with ownership transfer. In Proceedings of the 2008 International Conference on Computational Intelligence and Security, CIS ’08, Suzhou, China, 13–17 December 2008; pp. 382–385.
- Yoon, E.-J.; Yoo, K.-Y. Two security problems of RFID security method with ownership transfer. In Proceedings of the 2008 IFIP International Conference on Network and Parallel Computing, NPC 2008, Shanghai, China, 18–21 October 2008; pp. 68–73.
- Kapoor, G.; Piramuthu, S. Vulnerabilities in some recently proposed RFID ownership transfer protocols. IEEE Commun. Lett.
**2010**, 14, 260–262. [Google Scholar] [CrossRef] - Dimitriou, T. RFIDdot: RFID delegation and ownership transfer made simple. In Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, Istanbul, Turkey, 22–25 September 2008; pp. 1–8.
- Elkhiyaoui, K.; Blass, E.-O.; Molva, R. Rotiv: RFID ownership transfer with issuer verification. In Proceedings of the 7th International Conference on RFID Security and Privacy, RFIDSec’11, Amherst, MA, USA, 26–28 June 2011.
- Song, B.; Mitchell, C.J. Scalable {RFID} security protocols supporting tag ownership transfer. Comput. Commun.
**2011**, 34, 556–566. [Google Scholar] [CrossRef] - Kapoor, G.; Zhou, W.; Piramuthu, S. Multi-tag and Multi-owner RFID Ownership Transfer in Supply Chains. Decis. Support Syst.
**2011**, 52, 258–270. [Google Scholar] [CrossRef] - EPC Global. EPC Tag Data Standards, vs. 1.3. Available online: http://www.epcglobalinc.org/standards/EPCglobal_Tag_Data_Standard_TDS_Version_1.3.pdf (accessed on 27 December 2016).
- Chen, C.-L.; Lai, Y.-L.; Chen, C.-C.; Deng, Y.-Y.; Hwang, Y.-C. RFID ownership transfer authorization systems conforming epcglobal class-1 generation-2 standards. Int. J. Netw. Secur.
**2011**, 13, 41–48. [Google Scholar] - Koralalage, K.H.S.S.; Reza, S.M.; Miura, J.; Goto, Y.; Cheng, J. POP method: An approach to enhance the security and privacy of RFID systems used in product lifecycle with an anonymous ownership transferring mechanism. In Proceedings of the 2007 ACM Symposium on Applied Computing, SAC ’07, Seoul, Korea, 11–15 March 2007.
- Chen, C.-L.; Huang, Y.-C.; Jiang, J.-R. A secure ownership transfer protocol using epcglobal gen-2 RFID. Telecommun. Syst.
**2013**, 53, 387–399. [Google Scholar] [CrossRef] - Munilla, J.; Burmester, M.; Peinado, A. Attacks on Ownership Transfer Scheme for Multi-tag Multi-owner Passive RFID Environments. Comput. Commun.
**2016**, 88, 84–88. [Google Scholar] - Paret, D. RFID and Contactless Smart Card Applications; John Wiley & Sons: Hoboken, NJ, USA, 2005. [Google Scholar]
- International Organization for Standardization. ISO/IEC 29192-1: Information Technology—Security Techniques—Lightweight Cryptography—Part 1: General; ISO: Geneva, Switzerland, 2012. [Google Scholar]
- Wyner, A. The Wire-Tap Channel. Bell Syst. Tech. J.
**1975**, 54, 1355–1387. [Google Scholar] [CrossRef] - Juels, A.; Rivest, R.; Szydlo, M. The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy. In Proceedings of the Conference on Computer and Communications Security, Washington, DC, USA, 27 30 October 2003; Atluri, V., Ed.; ACM Press: New York, NY, USA, 2003; pp. 103–111. [Google Scholar]
- Castelluccia, C.; Avoine, G. Noisy Tags: A Pretty Good Key Exchange Protocol for RFID Tags. In Proceedings of the International Conference on Smart Card Research and Advanced Applications—CARDIS, Tarragona, Spain, 19–21 April 2006; Domingo-Ferrer, J., Posegga, J., Schreckling, D., Eds.; Lecture Notes in Computer Science; Springer: Tarragona, Spain, 2006; Volume 3928, pp. 289–299. [Google Scholar]

**Figure 1.**Example sketches of ownership transfer protocols (OTPs) with trusted third parties (TTPs) (

**a**) and without TTPs (isolated environment) (

**b**) [7].

**Figure 4.**Alphabet $\mathcal{Y}=\{{y}_{0},{y}_{1},{y}_{2},{y}_{3}\}$ for tag $\mathcal{T}$ and two noisy tags using pulse position modulation (PPM).

**Figure 7.**Key update protocol (KUP) with noisy tags ${\mathcal{T}}_{t}^{\ast}$, $1\le t\le {n}_{T}$.

© 2016 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC-BY) license (http://creativecommons.org/licenses/by/4.0/).