Date Added: Feb 2012
Recently Lo et al. have proposed an ownership transfer protocol for RFID objects using lightweight computing operators and claim their protocol provides stronger security robustness and higher performance efficiency in comparison with existing solutions. However, in this paper the authors show that their claim unfortunately does not hold. More precisely, they present tag's secret disclosure attack, new owner's secret disclosure and fraud attack against the Lo et al.'s ownership transfer protocol. The success probability of all attacks is "1" while the complexity is only one run of protocol. Their observation shows that this protocol compromise the privacy of the tag and the new owner.