Skip to main content
SpringerLink
Log in

An efficient mutual authentication RFID scheme based on elliptic curve cryptography

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Radio frequency identification (RFID) tags have been widely deployed in many applications, such as supply chain management, inventory control, and traffic card payment. However, these applications can suffer from security issues or privacy violations when the underlying data-protection techniques are not properly designed. Hence, many secure RFID authentication protocols have been proposed. According to the resource usage of the tags, secure RFID protocols are classified into four types: full-fledged, simple, lightweight, and ultra-lightweight. In general, non-full-fledged protocols are vulnerable to desynchronization, impersonation, and tracking attacks, and they also lack scalability. If the tag resources allow more flexibility, full-fledged protocols seem to be an attractive solution. In this study, we examine full-fledged RFID authentication protocols and discuss their security issues. We then design a novel RFID authentication protocol based on elliptic curve cryptography, to avoid these issues. In addition, we present a detailed security analysis and a comparison with related studies; the results show that our scheme is more resistant to a variety of attacks and that it has the best scalability, while maintaining competitive levels of efficiency.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Liu AX, Bailey LA (2009) PAP: a privacy and authentication protocol for passive RFID tags. Comput Commun 32(7):1194–1199

    Article  Google Scholar 

  2. EasyCard. http://www.easycard.com.tw/

  3. Lin X, Lu R, Kwan D, Shen XS (2010) REACT: an RFID-based privacy-preserving children tracking scheme for large amusement parks. Comput Netw 54(15):2744–2755

    Article  Google Scholar 

  4. Kaya SV, Sava E, Levi A, Erçetin Ö (2009) Public key cryptography based privacy preserving multi-context RFID infrastructure. Ad Hoc Netw 7(1):136–152

    Article  Google Scholar 

  5. Ryu EK, Takagi T (2009) A hybrid approach for privacy-preserving RFID tags. Comput Stand Interfaces 31(4):812–815

    Article  Google Scholar 

  6. Cho JS, Yeo SS, Kim SK (2011) Securing against brute-force attack: a hash-based RFID mutual authentication protocol using a secret value. Comput Commun 34(3):391–397

    Article  Google Scholar 

  7. Devadas S, Suh E, Paral S, Sowell R, Ziola T, Khandelwal V (2008) Design and implementation of PUF-based. In: 2008 IEEE international conference on RFID. IEEE, pp 58–64

  8. Ohkubo M, Suzuki K, Kinoshita S (2003) Cryptographic approach to “privacy-friendly” tags. In: RFID privacy workshop, vol 82. MIT, Cambridge

  9. Weis SA, Sarma SE, Rivest RL, Engels DW (2004) Security and privacy aspects of low-cost radio frequency identification systems. In: Security in pervasive computing. Springer, Berlin, pp 201–212

  10. Yeh TC, Wu CH, Tseng YM (2011) Improvement of the RFID authentication scheme based on quadratic residues. Comput Commun 34(3):337–341

    Article  Google Scholar 

  11. Lee YK, Batina L, Singelee D, Preneel B, Verbauwhede I (2010) Anti-counterfeiting, untraceability and other security challenges for RFID systems: public-key-based protocols and hardware. In: Towards hardware-intrinsic security. Springer, Berlin, pp 237–257

  12. Lee YK, Batina L, Verbauwhede I (2009) Untraceable RFID authentication protocols: revision of EC-RAC. In: 2009 IEEE international conference on RFID. IEEE, pp 178–185

  13. Juels A, Weis SA (2009) Defining strong privacy for RFID. ACM Trans Inf Syst Secur (TISSEC) 13(1):7

    Article  Google Scholar 

  14. Yamada I, Shiotsu S, Itasaki A, Inano S, Yasaki K, Takenaka M (2005) Secure active RFID tag system. In: Proceedings of Ubicomp 2005 workshop

  15. Kinoshita S, Ohkubo M, Hoshino F, Morohashi G, Shionoiri O, Kanai A (2005) Privacy enhanced active RFID tag. Cognit Sci Res Paper Univ Sussex CSRP 577:100

    Google Scholar 

  16. Kim HW, Lim SY, Lee HJ (2006) Symmetric encryption in RFID authentication protocol for strong location privacy and forward-security. In: Hybrid information technology. International conference on ICHIT’06, IEEE, vol 2, pp 718–723

  17. Oyarhossein S, Mohammadi S (2009) Cryptography and authentication processing framework on RFID active tags for carpet products. In: IEEE international conference on communications technology and applications, 2009. ICCTA’09. IEEE, pp 26–31

  18. Ning H, Liu H, Mao J, Zhang Y (2011) Scalable and distributed key array authentication protocol in radio frequency identification-based sensor systems. IET Commun 5(12):1755–1768

    Article  MathSciNet  Google Scholar 

  19. Batina L, Guajardo J, Kerins T, Mentens N, Tuyls P, Verbauwhede I (2007) Public-key cryptography for RFID-tags. In: Pervasive computing and communications workshops, 2007. Fifth annual IEEE international conference on PerCom workshops’ 07. IEEE, pp 217–222

  20. Kumar S, Paar C (2006) Are standards compliant elliptic curve cryptosystems feasible on RFID. In: Workshop on RFID security, pp 12–14

  21. Fürbass F (2006) ECC signature generation device for RFID tags

  22. Furbass F, Wolkerstorfer J (2007) ECC processor with low die size for RFID applications. In: IEEE international symposium on circuits and systems, 2007. ISCAS 2007. IEEE, pp 1835–1838

  23. Ahamed SI, Rahman F, Hoque E (2008) ERAP: ECC based RFID authentication protocol. In: 12th IEEE international workshop on future trends of distributed computing systems, 2008. FTDCS’08. IEEE, pp 219–225

  24. Luo P, Wang X, Feng J, Xu Y (2008) Low-power hardware implementation of ECC processor suitable for low-cost RFID tags. In: 9th international conference on solid-state and integrated-circuit technology, 2008. ICSICT 2008. IEEE, pp 1681–1684

  25. Fan J, Batina L, Verbauwhede I (2009) Light-weight implementation options for curve-based cryptography: HECC is also ready for RFID. In: International conference for internet technology and secured transactions, 2009. ICITST 2009. IEEE, pp 1–6

  26. Godor G, Giczi N, Imre S (2010) Elliptic curve cryptography based mutual authentication protocol for low computational capacity RFID systems-performance analysis by simulations. In: IEEE international conference on wireless communications, networking and information security (WCNIS), 2010. IEEE, pp 650–657

  27. O’Neill M, Robshaw MJ (2010) Low-cost digital signature architecture suitable for radio frequency identification tags. Comput Digital Tech IET 4(1):14–26

    Article  Google Scholar 

  28. Ko WT, Chiou SY, Lu EH, Chang HC (2011) An improvement of privacy-preserving ECC-based grouping proof for RFID. In: Cross strait quad-regional radio science and wireless technology conference (CSQRWC), 2011, vol 2. IEEE, pp 1062–1064

  29. Nathan BT, Meenakumari R, Usha S (2011) Formation of elliptic curve using finger print for network security. In: International conference on process automation, control and computing (PACC), 2011. IEEE, pp 1–5

  30. Liu H, Ning H (2011) Zero-knowledge authentication protocol based on alternative mode in RFID systems. IEEE Sensors J 11(12):3235–3245

    Article  MathSciNet  Google Scholar 

  31. Pendl C, Pelnar M, Hutter M (2012) Elliptic curve cryptography on the WISP UHF RFID tag. In: RFID. Security and privacy. Springer, Berlin, pp 32–47

  32. Liu H, Ning H, Zhang Y, He D, Xiong Q, Yang LT (2012) Grouping-proofs based authentication protocol for distributed RFID systems. IEEE Trans Parallel Distrib Syst 24(7):1321–1330

    Article  Google Scholar 

  33. Peeters R, Singelee D, Preneel B (2012) Toward More Secure and reliable access control. IEEE Pervasive Comput 11(3):76–83

    Article  Google Scholar 

  34. Juels A, Molnar D, Wagner D (2005) Security and privacy ussues in e-passports. In: First international conference on security and privacy for emerging areas in communications networks, 2005. SecureComm 2005. IEEE, pp 74–88

  35. Jeng AB, Chen LY (2009) How to enhance the security of e-passport. In: 2009 international conference on machine learning and cybernetics, vol 5. IEEE, pp 2922–2926

  36. Vaudenay S (2007) E-passport threats. IEEE Secur Privacy 5(6):61–64

    Article  Google Scholar 

  37. Abid M, Afifi H (2008) Secure e-passport protocol using elliptic curve Diffie-Hellman key agreement protocol. In: Fourth international conference on information assurance and security, 2008. ISIAS’08. IEEE, pp 99–102

  38. Abid M, Kanade S, Petrovska-Delacrétaz D, Dorizzi B, Afifi H (2010) Iris based authentication mechanism for e-passports. In: 2nd international workshop on security and communication networks (IWSCN), 2010. IEEE, pp 1–5

  39. Kang SY, Lee DG, Lee IY (2008) A study on secure RFID mutual authentication scheme in pervasive computing environment. Comput Commun 31(18):4248–4254

    Article  Google Scholar 

  40. Alomair B, Clark A, Cuellar J, Poovendran R (2012) Scalable RFID systems: a privacy-preserving protocol with constant-time identification. IEEE Trans Parallel Distrib Syst 23(8):1536–1550

    Article  Google Scholar 

  41. Alomair B, Poovendran R (2010) Privacy versus scalability in radio frequency identification systems. Comput Commun 33(18):2155–2163

    Article  Google Scholar 

  42. Song B, Mitchell CJ (2011) Scalable RFID security protocols supporting tag ownership transfer. Comput Commun 34(4):556–566

    Article  Google Scholar 

  43. Doss R, Sundaresan S, Zhou W (2012) A practical quadratic residues based scheme for authentication and privacy in mobile RFID systems. Ad Hoc Netw 1(1):383–396

    Google Scholar 

  44. Moessner M, Khan GN (2012) Secure authentication scheme for passive C1G2 RFID tags. Comput Netw 56(1):273–286

    Article  Google Scholar 

  45. Doss R, Zhou W, Sundaresan S, Yu S, Gao L (2012) A minimum disclosure approach to authentication and privacy in RFID systems. Comput Netw 56(15):3401–3416

    Article  Google Scholar 

  46. Duc DN, Kim K (2011) Defending RFID authentication protocols against DoS attacks. Comput Commun 34(3):384–390

    Article  Google Scholar 

  47. EPCglobal. http://www.epcglobalinc.org

  48. Van Le T, Burmester M, De Medeiros B (2007) Universally composable and forward-secure RFID authentication and authenticated key exchange. In: Proceedings of the 2nd ACM symposium on information, computer and communications security. ACM, pp 242–252

  49. Burmester M, Van Le T, De Medeiros B, Tsudik G (2009) Universally composable RFID identification and authentication protocols. ACM Trans Inf Syst Secur (TISSEC) 12(4):21

    Article  Google Scholar 

  50. Yeh TC, Wang YJ, Kuo TC, Wang SS (2010) Securing RFID systems conforming to EPC class 1 generation 2 standard. Expert Syst Appl 37(12):7678–7683

    Article  Google Scholar 

  51. Yoon EJ (2012) Improvement of the securing RFID systems conforming to EPC class 1 generation 2 standard. Expert Syst Appl 39(1):1589–1594

    Article  Google Scholar 

  52. Chien HY (2007) SASI: a new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans Depend Secure Comput 4(4):337–340

    Article  MathSciNet  Google Scholar 

  53. Phan RW (2009) Cryptanalysis of a new ultralightweight RFID authentication protocol—SASI. IEEE Trans Depend Secure Comput 6(4):316–320

    Article  Google Scholar 

  54. Cao T, Bertino E, Lei H (2009) Security analysis of the SASI protocol. IEEE Trans Depend Secure Comput 6(1):73–77

    Article  Google Scholar 

  55. Sun HM, Ting WC, Wang KH (2011) On the security of Chien’s ultralightweight RFID authentication protocol. IEEE Trans Depend Secure Comput 8(2):315–317

    Article  Google Scholar 

  56. D’Arco P, De Santis A (2011) On ultralightweight RFID authentication protocols. IEEE Trans Depend Secure Comput 8(4):548–563

    Article  Google Scholar 

  57. Tian Y, Chen G, Li J (2012) A new ultralightweight RFID authentication protocol with permutation. IEEE Commun Lett 16(5):702–705

    Article  Google Scholar 

  58. Lee YK, Sakiyama K, Batina L, Verbauwhede I (2008) Elliptic-curve-based security processor for RFID. IEEE Trans Comput 57(11):1514–1527

    Article  MathSciNet  Google Scholar 

  59. Gaubatz G, Kaps JP, Ozturk E, Sunar B (2005) State of the art in ultra-low power public key cryptography for wireless sensor networks. In: Pervasive computing and communications workshops, 2005. Third IEEE international conference on PerCom 2005 workshops. IEEE, pp 146–150

  60. Tuyls P, Batina L (2006) RFID-tags for Anti-Counterfeiting. In: Topics in cryptology-CT-RSA 2006. Springer, Berlin, pp 115–131

  61. Lee YK, Batina L, Verbauwhede I (2008) EC-RAC (ECDLP based randomized access control): provably secure RFID authentication protocol. In: 2008 IEEE international conference on RFID. IEEE, pp 97–104

  62. Mao W (2003) Modern cryptography—theory And practice. Prentice Hall, New Jersey, pp 196–203

  63. Chen Y, Chou JS, Sun HM (2008) A novel mutual authentication scheme based on quadratic residues for RFID systems. Comput Netw 52(12):2373–2380

    Article  MATH  Google Scholar 

  64. Cao T, Shen P, Bertino E (2008) Cryptanalysis of some RFID authentication protocols. J Commun 3(7):20–27

    Article  Google Scholar 

  65. Stinson DR (1995) Cryptography—theory and practice, CRC Press Inc., Boca Raton

  66. Ouafi K, Phan RCW (2008) Traceable privacy of recent provably-secure RFID protocols. In: Applied cryptography and network security. Springer, Berlin, pp 479–489

  67. Habibi MH, Aref MR, Ma D (2011) Addressing flaws in RFID authentication protocols. In: Progress in cryptology-INDOCRYPT 2011. Springer, Berlin, pp 216–235

  68. Lim CH, Kwon T (2006) Strong and robust RFID authentication enabling perfect ownership transfer. In: Information and communications security. Springer, Berlin, pp 1–20

Download references

Author information

Authors and Affiliations

  1. Department of Information Management, Nanhua University, Chiayi, Taiwan, ROC

    Jue-Sam Chou

Authors
  1. Jue-Sam Chou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jue-Sam Chou.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Chou, JS. An efficient mutual authentication RFID scheme based on elliptic curve cryptography. J Supercomput 70, 75–94 (2014). https://doi.org/10.1007/s11227-013-1073-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-013-1073-x

Keywords

Search

Navigation