Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

access icon free Efficient serverless radio-frequency identification mutual authentication and secure tag search protocols with untrusted readers

© The Institution of Engineering and Technology
Received 23/09/2015, Accepted 08/12/2015, Revised 23/11/2015, Published 15/03/2016

Radio-frequency identification (RFID) technology's potential relies on advances made by researchers for addressing the technology's security and privacy vulnerabilities, and making data collection and storage in an RFID system safe. Privacy and security are key concerns, as paramount as efficiency and reliability, in raising the confidence of end users towards RFID technologies. This study proposes two complementary lightweight and efficient serverless security protocols in the presence of untrusted RFID readers. The first one is used for mass authentication of RFID tags and supports mutual authentication with key establishment. The second one is an RFID tag search protocol that helps interacting with one specific tag surrounded by a huge number of other tags. The originality of both protocols holds that no shared parameters are required between tags and readers for mutual authentication support, they refer to the same basic material, and they have low resource demands in storage, bandwidth, energy and computation for both RFID readers and tags. Finally, the authors’ protocols have been formally verified under the computational model using CryptoVerif tool.

Inspec keywords: radiofrequency identification; cryptographic protocols

Other keywords: serverless radiofrequency identification; CryptoVerif tool; untrusted reader; mutual authentication; secure tag search protocol; privacy vulnerability; serverless security protocol; key establishment; RFID technology; data collection

Subjects: Protocols; RFID systems; Cryptography

References

    1. 1)
      • 8. Abughazalah, S., Markantonakis, K., Mayes, K.: ‘A mutual authentication protocol for low-cost RFID tags formally verified using CasperFDR and AVISPA’. Int. Conf. on Information Science and Technology (ICIST 2013), 2013, pp. 4451.
    2. 2)
      • 9. Ndibanje, B., Lee, H-J., Lee, S-G.: ‘Security analysis and improvements of authentication and access control in the internet of things’, Sensors, 2014, 14, (8), pp. 1478614805.
    3. 3)
      • 1. Chatmon, C., van Le, T., Burmester, M.: ‘Secure anonymous RFID authentication protocols’. Technical Report, Department of Computer Science, Florida State University, 2006.
    4. 4)
      • 3. Tan, C.C., Sheng, B., Li, Q.: ‘Severless search and authentication protocols for RFID’. Fifth Annual IEEE Int. Conf. on Pervasive Computing and Communications, 2007. PerCom'07, 2007, pp. 312.
    5. 5)
      • 16. Deng, M., Yang, W., Zhu, W.: ‘Weakness in a serverless authentication protocol for radio frequency identification’. Mechatronics and Automatic Control Systems, 2014, pp. 10551061.
    6. 6)
      • 4. Srivastava, K., Awasthi, A.K., Kaul, S.D., et al: ‘A hash based mutual RFID tag authentication protocol in telecare medicine information system’, J. Med. Syst., 2015, 39, (1), pp. 15.
    7. 7)
      • 2. McCoy, T., Bullock, R.J., Brennan, P.V.: ‘RFID for airport security and efficiency’. The IEE Seminar on Signal Processing Solutions for Homeland Security, 2005.(Ref. No. 2005/11108), October 2005, p. 9.
    8. 8)
      • 12. Safkhani, M., Peris-Lopez, P., Bagheri, N.: ‘On the security of Tan et al. serverless RFID authentication and search protocols’. Radio Frequency Identification. Security and Privacy Issues, 2013, pp. 119.
    9. 9)
      • 15. Hoque, Md.E., Rahman, F., Ahamed, S.I., et al: ‘Enhancing privacy and security of RFID system with serverless authentication and search protocols in pervasive environments’, Wirel. Pers. Commun., 2010, 55, (1), pp. 6579.
    10. 10)
      • 5. Borgohain, T., Kumar, U., Sanyal, S.: ‘Survey of security and privacy issues of internet of things’, arXiv preprint arXiv:1501.02211, 2015.
    11. 11)
      • 22. Chun, J.Y., Hwang, J.Y., Lee, D.H.: ‘RFID tag search protocol preserving privacy of mobile reader holders’, IEICE Electron. Express, 2011, 8, (2), pp. 5056.
    12. 12)
      • 21. Tsudik, G.: ‘Ya-trap: yet another trivial RFID authentication protocol’. Fourth Annual IEEE Int. Conf. on Pervasive Computing and Communications Workshops, 2006. PerCom Workshops 2006, 2006, p. 4.
    13. 13)
      • 13. Lin, L.-C., Tsaur, S.-C., Chang, K.-P.: ‘Lightweight and serverless RFID authentication and search protocol’. Second Int. Conf. on Computer and Electrical Engineering 2009, 2009, vol. 2, pp. 9599.
    14. 14)
      • 19. Mahalle, P.N., Anggorojati, B., Prasad, N.R., et al: ‘Identity establishment and capability based access control (IECAC) scheme for Internet of things’. Fifteenth Int. Symp. on Wireless Personal Multimedia Communications (WPMC), 2012, 2012, pp. 187191.
    15. 15)
      • 11. Weis, S.A.: ‘RFID (radio frequency identification): principles and applications’, Retrived from http://www.eecs.harvard.edu/rfid-article.pdf on, 1, 2011.
    16. 16)
      • 20. Tang, C., Wu, D.O.: ‘An efficient mobile authentication scheme for wireless networks’, IEEE Trans. Wirel. Commun., 2008, 7, (4), pp. 14081416.
    17. 17)
      • 14. Lee, C.-F., Chien, H.-Y., Laih, C.-S.: ‘Server-less RFID authentication and searching protocol with enhanced security’, Int. J. Commun. Syst., 2012, 25, (3), pp. 376385.
    18. 18)
      • 7. Wang, Z., Chen, H., Huang, X.: ‘Research for threats and security in RFID information system’. China-Ireland Int. Conf. on Information and Communications Technologies (CIICT 2008), 2008, pp. 288291.
    19. 19)
      • 18. Ahamed, S.I., Rahman, F., Hoque, E.: ‘ERAP: ECC based RFID authentication protocol’. Twelfth IEEE Int. Workshop on Future Trends of Distributed Computing Systems, 2008. FTDCS'08, 2008, pp. 219225.
    20. 20)
      • 6. Spruit, M., Wester, W.: ‘RFID security and privacy: threats and countermeasures’, (Department of Information and Computing Sciences, Utrecht University, Utrecht, The Netherlands, 2013).
    21. 21)
      • 10. Qi, S., Lu, L., Li, Z., et al: ‘Best: a bidirectional efficiency–privacy transferable authentication protocol for RFID–enabled supply chain’, Int. J. Ad Hoc Ubiquit. Comput., 2015, 18, (4), pp. 234244.
    22. 22)
      • 25. Blanchet, B.: ‘Mechanizing game-based proofs of security protocols’, Softw. Saf. Secur.-Tools Anal. Verif., 2011, 33, pp. 125.
    23. 23)
      • 23. Jialiang, H., Youjun, X., Zhiqiang, X.: ‘Secure and private protocols for server-less RFID systems’, Int. J. Control Autom., 2014, 7, (2), pp. 131142.
    24. 24)
      • 24. Blanchet, B., Cadé, D.: ‘CryptoVerif: cryptographic protocol verifier in the computational model’, 2011.
    25. 25)
      • 17. Pourpouneh, M., Ramezanian, R., Salahi, F.: ‘An improvement over a server-less RFID authentication protocol’, Int. J. Comput. Netw. Inf. Secur. (IJCNIS), 2014, 7, (1), p. 31.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2015.0428
Loading

Related content

content/journals/10.1049/iet-ifs.2015.0428
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address