TBGODP^+ : improvement of TBGODP , a time bound group ownership delegation protocol

One of the challenging issues in RFID systems is the issue of group ownership transfer and ownership duration. To answer this need recently one protocol which combines group ownership transfer and time bound delegation was proposed by Lee et al. which we call it TBGODP stands for time bound group ownership delegation protocol. A secure time bound group ownership delegation protocol can be used to transfer ownership of a group of tagged devices for a certain period of time, such as renting a smart home. In this paper, we applied different attacks such as traceability and secret disclosure attacks against TBGODP which show this protocol is not a secure one. All attacks presented in this paper, only need one run of protocol eavesdropping and succeed with the probability of one. We also address the vulnerabilities of TBGODP which lead to propose a new secure improved one called TBGODP^+ . We formally prove the security of TBGODP^+ in Real or Random (RoR) model and also verify its security using BAN logic. We also evaluate the security of TBGODP^+ with well-known security analysis tools, namely AVISPA and Scyther. The results of these evaluations indicate TBGODP^+ can safely transfer ownership of a group of tags to another owner for a specified period of time, and that the new owner’s ownership expires upon time expiration. Comparative analysis of TBGODP^+ with other related schemes shows that the proposed protocol in terms of computational and communication costs, and execution time is more than other related schemes and this is a cost that should be paid to provide complete security against various attacks.