RFID tags travel between partner sites in a supply chain. For privacy reasons, each partner owns the tags present at his site, i.e., the owner is the only entity able to authenticate his tags. When passing tags on to the next partner in the supply chain, ownership of the old partner is transferred to the new partner. In this paper, we propose ROTIV, a protocol that allows secure ownership transfer against malicious owners. ROTIV offers as well issuer verification to prevent malicious partners from injecting fake tags not originally issued by some trusted party. As part of ownership transfer, ROTIV provides a constant-time, privacy-preserving authentication. ROTIV's main idea is to combine an HMAC-based authentication with public key encryption to achieve constant time authentication and issuer verification. To assure privacy, ROTIV implements key update techniques and tag state re-encryption techniques, performed on the reader. ROTIV is especially designed for lightweight tags which are only required to evaluate a hash function.
