Cryptanalysis of Dimitriou's Key Evolving RFID Systems

In the last decade, the technology of Radio Frequency Identification (RFID) has boomed in the wireless communication environment. Applications of RFID have matured and reached far into various fields such as smart building, healthcare, supply chain management, etc. However, along with the rapid advancement of RFID systems have come many security issues, among which stands the transfer of ownership. Generally speaking, RFID tags can be reused multiple times, and the identity of the owner of a tag can vary in different scenarios. Recently, Tassos Dimitriou published a study that presented several key evolving schemes and discussed the issue of how the ownership of RFID tags could be properly transferred with some security requirements met. Unfortunately, Dimitriou's systems have some security vulnerabilities. In this paper, the authors shall point out some weak-nesses of Dimitriou's RFID systems including the mutual authentication part of the basic authentication scheme, the backward privacy problem of the key update scheme, as well as backward privacy for controlled delegation and authorization recovery.