• MITM attack;
  • mobile RFID;
  • ownership transfer;
  • replay attack


Radio Frequency Identification (RFID) has been widely deployed for its high capabilities in simple computation, storage, long scan distance, and simultaneous reading. With the combination of mobile devices and readers in recent years, it has been transformed to mobile RFID providing wider services for its users and mobility for its readers. E-commerce, for instance, has applied many of mobile RFID's deriving services, one of which is the transfer of a tagged item's ownership. To secure such transfer in a mobile RFID environment, we propose a new approach for ownership transfer across different authorities and prove it able to stand most threats for RFID and to prevent Denial of Service (DoS) attacks that derive from asynchrony. Another contribution in this paper is that we can assign transfer targets, which, except our scheme, can only be achieved by Yang et al.'s Cross Authority Ownership Transfer (CAOT) protocol. That scheme, however, involves heavy computation and is not suitable for lightweight tags, whereas this scheme is designed for lightweight tags and has been proved viable on low-cost passive tags and has better performance than any known ownership transfer schemes. Copyright © 2011 John Wiley & Sons, Ltd.