Abstract
Radio frequency identification (RFID) tags have been widely deployed in many applications, such as supply chain management, inventory control, and traffic card payment. However, these applications can suffer from security issues or privacy violations when the underlying data-protection techniques are not properly designed. Hence, many secure RFID authentication protocols have been proposed. According to the resource usage of the tags, secure RFID protocols are classified into four types: full-fledged, simple, lightweight, and ultra-lightweight. In general, non-full-fledged protocols are vulnerable to desynchronization, impersonation, and tracking attacks, and they also lack scalability. If the tag resources allow more flexibility, full-fledged protocols seem to be an attractive solution. In this study, we examine full-fledged RFID authentication protocols and discuss their security issues. We then design a novel RFID authentication protocol based on elliptic curve cryptography, to avoid these issues. In addition, we present a detailed security analysis and a comparison with related studies; the results show that our scheme is more resistant to a variety of attacks and that it has the best scalability, while maintaining competitive levels of efficiency.
Similar content being viewed by others
References
Liu AX, Bailey LA (2009) PAP: a privacy and authentication protocol for passive RFID tags. Comput Commun 32(7):1194–1199
EasyCard. http://www.easycard.com.tw/
Lin X, Lu R, Kwan D, Shen XS (2010) REACT: an RFID-based privacy-preserving children tracking scheme for large amusement parks. Comput Netw 54(15):2744–2755
Kaya SV, Sava E, Levi A, Erçetin Ö (2009) Public key cryptography based privacy preserving multi-context RFID infrastructure. Ad Hoc Netw 7(1):136–152
Ryu EK, Takagi T (2009) A hybrid approach for privacy-preserving RFID tags. Comput Stand Interfaces 31(4):812–815
Cho JS, Yeo SS, Kim SK (2011) Securing against brute-force attack: a hash-based RFID mutual authentication protocol using a secret value. Comput Commun 34(3):391–397
Devadas S, Suh E, Paral S, Sowell R, Ziola T, Khandelwal V (2008) Design and implementation of PUF-based. In: 2008 IEEE international conference on RFID. IEEE, pp 58–64
Ohkubo M, Suzuki K, Kinoshita S (2003) Cryptographic approach to “privacy-friendly” tags. In: RFID privacy workshop, vol 82. MIT, Cambridge
Weis SA, Sarma SE, Rivest RL, Engels DW (2004) Security and privacy aspects of low-cost radio frequency identification systems. In: Security in pervasive computing. Springer, Berlin, pp 201–212
Yeh TC, Wu CH, Tseng YM (2011) Improvement of the RFID authentication scheme based on quadratic residues. Comput Commun 34(3):337–341
Lee YK, Batina L, Singelee D, Preneel B, Verbauwhede I (2010) Anti-counterfeiting, untraceability and other security challenges for RFID systems: public-key-based protocols and hardware. In: Towards hardware-intrinsic security. Springer, Berlin, pp 237–257
Lee YK, Batina L, Verbauwhede I (2009) Untraceable RFID authentication protocols: revision of EC-RAC. In: 2009 IEEE international conference on RFID. IEEE, pp 178–185
Juels A, Weis SA (2009) Defining strong privacy for RFID. ACM Trans Inf Syst Secur (TISSEC) 13(1):7
Yamada I, Shiotsu S, Itasaki A, Inano S, Yasaki K, Takenaka M (2005) Secure active RFID tag system. In: Proceedings of Ubicomp 2005 workshop
Kinoshita S, Ohkubo M, Hoshino F, Morohashi G, Shionoiri O, Kanai A (2005) Privacy enhanced active RFID tag. Cognit Sci Res Paper Univ Sussex CSRP 577:100
Kim HW, Lim SY, Lee HJ (2006) Symmetric encryption in RFID authentication protocol for strong location privacy and forward-security. In: Hybrid information technology. International conference on ICHIT’06, IEEE, vol 2, pp 718–723
Oyarhossein S, Mohammadi S (2009) Cryptography and authentication processing framework on RFID active tags for carpet products. In: IEEE international conference on communications technology and applications, 2009. ICCTA’09. IEEE, pp 26–31
Ning H, Liu H, Mao J, Zhang Y (2011) Scalable and distributed key array authentication protocol in radio frequency identification-based sensor systems. IET Commun 5(12):1755–1768
Batina L, Guajardo J, Kerins T, Mentens N, Tuyls P, Verbauwhede I (2007) Public-key cryptography for RFID-tags. In: Pervasive computing and communications workshops, 2007. Fifth annual IEEE international conference on PerCom workshops’ 07. IEEE, pp 217–222
Kumar S, Paar C (2006) Are standards compliant elliptic curve cryptosystems feasible on RFID. In: Workshop on RFID security, pp 12–14
Fürbass F (2006) ECC signature generation device for RFID tags
Furbass F, Wolkerstorfer J (2007) ECC processor with low die size for RFID applications. In: IEEE international symposium on circuits and systems, 2007. ISCAS 2007. IEEE, pp 1835–1838
Ahamed SI, Rahman F, Hoque E (2008) ERAP: ECC based RFID authentication protocol. In: 12th IEEE international workshop on future trends of distributed computing systems, 2008. FTDCS’08. IEEE, pp 219–225
Luo P, Wang X, Feng J, Xu Y (2008) Low-power hardware implementation of ECC processor suitable for low-cost RFID tags. In: 9th international conference on solid-state and integrated-circuit technology, 2008. ICSICT 2008. IEEE, pp 1681–1684
Fan J, Batina L, Verbauwhede I (2009) Light-weight implementation options for curve-based cryptography: HECC is also ready for RFID. In: International conference for internet technology and secured transactions, 2009. ICITST 2009. IEEE, pp 1–6
Godor G, Giczi N, Imre S (2010) Elliptic curve cryptography based mutual authentication protocol for low computational capacity RFID systems-performance analysis by simulations. In: IEEE international conference on wireless communications, networking and information security (WCNIS), 2010. IEEE, pp 650–657
O’Neill M, Robshaw MJ (2010) Low-cost digital signature architecture suitable for radio frequency identification tags. Comput Digital Tech IET 4(1):14–26
Ko WT, Chiou SY, Lu EH, Chang HC (2011) An improvement of privacy-preserving ECC-based grouping proof for RFID. In: Cross strait quad-regional radio science and wireless technology conference (CSQRWC), 2011, vol 2. IEEE, pp 1062–1064
Nathan BT, Meenakumari R, Usha S (2011) Formation of elliptic curve using finger print for network security. In: International conference on process automation, control and computing (PACC), 2011. IEEE, pp 1–5
Liu H, Ning H (2011) Zero-knowledge authentication protocol based on alternative mode in RFID systems. IEEE Sensors J 11(12):3235–3245
Pendl C, Pelnar M, Hutter M (2012) Elliptic curve cryptography on the WISP UHF RFID tag. In: RFID. Security and privacy. Springer, Berlin, pp 32–47
Liu H, Ning H, Zhang Y, He D, Xiong Q, Yang LT (2012) Grouping-proofs based authentication protocol for distributed RFID systems. IEEE Trans Parallel Distrib Syst 24(7):1321–1330
Peeters R, Singelee D, Preneel B (2012) Toward More Secure and reliable access control. IEEE Pervasive Comput 11(3):76–83
Juels A, Molnar D, Wagner D (2005) Security and privacy ussues in e-passports. In: First international conference on security and privacy for emerging areas in communications networks, 2005. SecureComm 2005. IEEE, pp 74–88
Jeng AB, Chen LY (2009) How to enhance the security of e-passport. In: 2009 international conference on machine learning and cybernetics, vol 5. IEEE, pp 2922–2926
Vaudenay S (2007) E-passport threats. IEEE Secur Privacy 5(6):61–64
Abid M, Afifi H (2008) Secure e-passport protocol using elliptic curve Diffie-Hellman key agreement protocol. In: Fourth international conference on information assurance and security, 2008. ISIAS’08. IEEE, pp 99–102
Abid M, Kanade S, Petrovska-Delacrétaz D, Dorizzi B, Afifi H (2010) Iris based authentication mechanism for e-passports. In: 2nd international workshop on security and communication networks (IWSCN), 2010. IEEE, pp 1–5
Kang SY, Lee DG, Lee IY (2008) A study on secure RFID mutual authentication scheme in pervasive computing environment. Comput Commun 31(18):4248–4254
Alomair B, Clark A, Cuellar J, Poovendran R (2012) Scalable RFID systems: a privacy-preserving protocol with constant-time identification. IEEE Trans Parallel Distrib Syst 23(8):1536–1550
Alomair B, Poovendran R (2010) Privacy versus scalability in radio frequency identification systems. Comput Commun 33(18):2155–2163
Song B, Mitchell CJ (2011) Scalable RFID security protocols supporting tag ownership transfer. Comput Commun 34(4):556–566
Doss R, Sundaresan S, Zhou W (2012) A practical quadratic residues based scheme for authentication and privacy in mobile RFID systems. Ad Hoc Netw 1(1):383–396
Moessner M, Khan GN (2012) Secure authentication scheme for passive C1G2 RFID tags. Comput Netw 56(1):273–286
Doss R, Zhou W, Sundaresan S, Yu S, Gao L (2012) A minimum disclosure approach to authentication and privacy in RFID systems. Comput Netw 56(15):3401–3416
Duc DN, Kim K (2011) Defending RFID authentication protocols against DoS attacks. Comput Commun 34(3):384–390
EPCglobal. http://www.epcglobalinc.org
Van Le T, Burmester M, De Medeiros B (2007) Universally composable and forward-secure RFID authentication and authenticated key exchange. In: Proceedings of the 2nd ACM symposium on information, computer and communications security. ACM, pp 242–252
Burmester M, Van Le T, De Medeiros B, Tsudik G (2009) Universally composable RFID identification and authentication protocols. ACM Trans Inf Syst Secur (TISSEC) 12(4):21
Yeh TC, Wang YJ, Kuo TC, Wang SS (2010) Securing RFID systems conforming to EPC class 1 generation 2 standard. Expert Syst Appl 37(12):7678–7683
Yoon EJ (2012) Improvement of the securing RFID systems conforming to EPC class 1 generation 2 standard. Expert Syst Appl 39(1):1589–1594
Chien HY (2007) SASI: a new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans Depend Secure Comput 4(4):337–340
Phan RW (2009) Cryptanalysis of a new ultralightweight RFID authentication protocol—SASI. IEEE Trans Depend Secure Comput 6(4):316–320
Cao T, Bertino E, Lei H (2009) Security analysis of the SASI protocol. IEEE Trans Depend Secure Comput 6(1):73–77
Sun HM, Ting WC, Wang KH (2011) On the security of Chien’s ultralightweight RFID authentication protocol. IEEE Trans Depend Secure Comput 8(2):315–317
D’Arco P, De Santis A (2011) On ultralightweight RFID authentication protocols. IEEE Trans Depend Secure Comput 8(4):548–563
Tian Y, Chen G, Li J (2012) A new ultralightweight RFID authentication protocol with permutation. IEEE Commun Lett 16(5):702–705
Lee YK, Sakiyama K, Batina L, Verbauwhede I (2008) Elliptic-curve-based security processor for RFID. IEEE Trans Comput 57(11):1514–1527
Gaubatz G, Kaps JP, Ozturk E, Sunar B (2005) State of the art in ultra-low power public key cryptography for wireless sensor networks. In: Pervasive computing and communications workshops, 2005. Third IEEE international conference on PerCom 2005 workshops. IEEE, pp 146–150
Tuyls P, Batina L (2006) RFID-tags for Anti-Counterfeiting. In: Topics in cryptology-CT-RSA 2006. Springer, Berlin, pp 115–131
Lee YK, Batina L, Verbauwhede I (2008) EC-RAC (ECDLP based randomized access control): provably secure RFID authentication protocol. In: 2008 IEEE international conference on RFID. IEEE, pp 97–104
Mao W (2003) Modern cryptography—theory And practice. Prentice Hall, New Jersey, pp 196–203
Chen Y, Chou JS, Sun HM (2008) A novel mutual authentication scheme based on quadratic residues for RFID systems. Comput Netw 52(12):2373–2380
Cao T, Shen P, Bertino E (2008) Cryptanalysis of some RFID authentication protocols. J Commun 3(7):20–27
Stinson DR (1995) Cryptography—theory and practice, CRC Press Inc., Boca Raton
Ouafi K, Phan RCW (2008) Traceable privacy of recent provably-secure RFID protocols. In: Applied cryptography and network security. Springer, Berlin, pp 479–489
Habibi MH, Aref MR, Ma D (2011) Addressing flaws in RFID authentication protocols. In: Progress in cryptology-INDOCRYPT 2011. Springer, Berlin, pp 216–235
Lim CH, Kwon T (2006) Strong and robust RFID authentication enabling perfect ownership transfer. In: Information and communications security. Springer, Berlin, pp 1–20
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Chou, JS. An efficient mutual authentication RFID scheme based on elliptic curve cryptography. J Supercomput 70, 75–94 (2014). https://doi.org/10.1007/s11227-013-1073-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-013-1073-x