Abstract
Nowadays, wireless technology has been widely used in healthcare and communication systems. It makes our life easier in all respects. A radiofrequency identification device (RFID) has been deployed as a wireless and identity communication device. RFID is a low-resource device that requires cryptography with limited energy regarding the minimum key size. Security and authentication between the server and the tags are key challenges for an RFID system to maintain data privacy. This article presents the security vulnerabilities of recent existing RFID authentication schemes. Keeping the focus on stringent security, privacy, and low cost, we have designed a new lightweight group authentication protocol for the robust RFID system. A single server controls multiple tags by using the proposed lightweight protocol in the RFID system. Formal and informal security analysis is performed compared to other lightweight group authentication articles in which only informal security analysis is carried out. The formal security strength of our proposed protocol is analyzed using the AVISPA (Automated Verification of Internet Security Protocol Analysis) tool, confirming that it is safe from different security threats. The newly designed protocol’s performance analysis results are measured in terms of computational cost, storage space, and communication cost. Finally, the combined consequence of security and lightweight of the proposed group authentication protocol is superior and outperforms compared to the existing scheme.
Similar content being viewed by others
References
Juels A (2006) RFID security and privacy: a research survey. IEEE J Sel Areas Commun 24:381–394
Hunt VD, Puglia A, Puglia M (2007) RFID A Guide to Radio Frequency Identification. John Wiley Sons, Inc., Technology Research Corporation
Hung YK (2007) The study of adopting RFID technology in the medical institute with cost-benefit perspectives. In International Medical Informatics Symposium in Taiwan, Taiwan
Leu JG (2010) The benefit analysis of RFID use in the health management center The experience in Shin Kong Wu Ho-Su Memorial Hospital. National Taiwan University
Najera P, Lopez J, Roman R (2011) Real-time location and inpatient care systems based on passive RFID. J Netw Comput Appl 34(3):980–989
Katz JE, Rice RE (2009) Public views of mobile medical devices and services: A US national survey of consumer sentiments towards RFID healthcare technology. Int J Med Inf 78(2):104–114
Yu C, Chen C, Liao P, Lee Y (2008) RFID-based operation room and medicare system for patient safety enhancement-a case study of Keelung branch. J Inf Manag 15:97–122
William S (2006) Cryptography and network security: principles and practice. Upper Saddle River, NJ: Pearson/Prentice Hall, 2006. Print
Diffie W, Hellman M (2006) New directions in cryptography. IEEE Trans Inf Theory 22(6):644–654
Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48(177):203–209
Miller V (1985) Use of elliptic curves in cryptography(1985). in Advances in Cryptology-CRYPTO ’85 Proceedings, vol. 218 of Lecture Notes in Computer Science. Springer, Berlin, Germany, pp 417–426
Juels A (2004) “Yoking-proofs” for RFID tags. In: IEEE Annual conference on pervasive computing and communications workshops, 2004. Proceedings of the Second. IEEE, (pp 138–143)
Wong K, Chan Hui P, A, (2005) Cryptography and authentication on RFID tags for apparel. Comput Ind 57(2005):342349
Chen Y, Chou JS, Sun HM (2008) A novel mutual authentication scheme based on quadratic residues for RFID systems. Comput Netw 52(2008):23732380
Tuyls P, Batina L (2006) RFID-tags for anti-counterfeiting. In: Topics in cryptology CT-RSA 2006, vol. 3860 of Lecture notes in comput. sci. Springer, Berlin, p 115131
Lee Y, Batina L, Verbauwhede I (2008) EC-RAC (ECDLP based randomized access control): provably secure RFID authentication protocol. In: IEEE international conference on RFID. Las Vegas, Nev, USA, p 97104
Bringer J, Chabanne H, Icart T (2008) Cryptanalysis of ECRAC, an RFID identification protocol. In: Cryptology and network security: 7thInternational Conference, CANS 2008, Hong- Kong, China, December 24, 2008.Proceedings, vol. 5339 of Lecture notes in computer science. Springer, Berlin, Germany, p 149161
Deursen T, Radomirovic S (2009) Attacks on RFID protocols (version1.1). Technical Report
Chien HM, Chen CH (2007) Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards. Comput Stand Interfaces 29(2007):254259
Peris-Lopez P, Estevez-Tapiador Hernandez-Castro JC, JM, Ribagorda A, (2009) Cryptanalysis of a novel authentication protocol conforming to the EPC-c1g2 standard. Comput Stand Interfaces 31(2):372380
Lo NW, Yeh KH (2007) An efficient mutual authentication scheme for EPC global class-1 generation-2 RFID system. In: International conference on embedded and ubiquitous computing. Springer, Berlin, Heidelberg, pp 43–56
Yeh TC, Wang YJ, Kuo TC, Wang SS (2010) Securing RFID systems conform to EPC Class 1 Generation 2 standards. Expert Syst Appl 37(2010):76787683
Cho J, Yeo S, Kim S (2011) Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value. Comput Commun 34(3):3
Safkhani M, Peris-Lopez P, Hernandez-Castro JC, Bagheri N, Naderi M (2011) Cryptanalysis of Choet al.’s Protocol, A Hash-Based Mutual Authentication Protocol for RFID Systems. Cryptology ePrint Archive
Cao T, Shen P (2008) Cryptanalysis of some RFID authentication protocols. J Commun 3(7):2027
Yeh T-C, Wu C-H, Tseng Y-M (2011) Improvement of the RFID authentication scheme based on quadratic residues. Comput Commun (34)337341
Doss R, Sundaresan S, Zhou W (2013) A practical quadratic residues-based scheme for authentication and privacy in mobile RFID systems. Ad Hoc Netw 11(1):383–396
Lee Y, Batina I, Verbauwhede I (2009) Untraceable RFID authentication protocols: revision of EC-RAC. In: IEEE international conference on RFID 2009. IEEE, Orlando, FL, USA, pp 178-185
Van Deursen T (2009) Radomirović S (2009) Untraceable RFID protocols are not trivially composable: Attacks on the revision of EC-RAC. Cryptol ePrint Archive 332:1–8
Lee Y, Batina L, Verbauwhede I (2010) Privacy challenges in RFID systems. In: Giusto D, Lera A, Morabito G, Atzori L (eds) The internet of things. Springer, New York, pp 397–407
Lv C, Li H, Ma J, Zhang Y (2012) Vulnerability analysis of elliptic curve cryptography-based RFID authentication protocols. Trans Emerg Telecommun Technol 23(7):618–624
Liao YP, Hsiao CM (2014) A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol. Ad Hoc Netw 18:133–146
Peeters R, Hermans J (2013) Attack on Liao and Hsiao’s Secure ECC- based RFID Authentication Scheme integrated with ID-Verifier Transfer Protocol. Cryptology ePrint Archive, Report 2013/399
He D, Kumar N, Chilamkurti N, Lee JH (2014) Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol. J Med Syst 38:116
Lee CI, Chien HY (2015) An Elliptic Curve Cryptography-Based RFID Authentication Securing E-Health System. Int J Distrib
Zhao Z (2014) A secure RFID authentication protocol for healthcare environments using elliptic curve cryptosystem. J Med Syst 38(5):1–7
Chou JS (2014) An efficient mutual authentication RFID scheme based on elliptic curve cryptography. J Supercomput 70(1):75–94
Zhang Z, Qi Q (2014) An efficient RFID authentication protocol to enhance patient medication safety using elliptic curve cryptography. J Med Syst 38(5):1–7
Jin C, Xu C, Zhang X, Zhao J (2015) A secure RFID mutual authentication protocol for healthcare environments using elliptic curve cryptography. J Med Syst 39(3):1–8
Farash MS, Nawaz O, Mahmood K, Chaudhry SA, Khan MK (2016) A provably secure RFID authentication protocol based on elliptic curve for healthcare environments. J Med Syst 40(7):165
Benssalah M, Djeddou M, Drouiche K (2017) a provably secure RFID authentication protocol based on elliptic curve signature with message recovery suitable in m-health environments. Trans Emerg Telecommun Technol 28(11):e3166
Liu Y, Sun Q, Wang Y, Lei Zhu, Ji W (2019) Efficient group authentication in RFID using a secret sharing scheme. Clust Comput 22(4):8605–8611
Pakniat N, Eslami Z (2020) Cryptanalysis and improvement of a group RFID authentication protocol. Wireless Netw (2020):1–10
AVISPA v1.1 user manual (2006) Automated Validation of Internet Security Protocols and Applications
Gódor G, Giczi N, Imre S (2010) Elliptic curve cryptography-based mutual authentication protocol for low computational capacity RFID systems-performance analysis by simulations. In: 2010 IEEE international conference on wireless communications, networking and information security. IEEE, pp 650–657
Dinarvand N, Barati H (2019) An efficient and secure RFID authentication protocol using elliptic curve cryptography. Wireless Netw 25(1):415–42
Kumar S, Banka H, Kaushik B, Sharma S (2021) A review and analysis of secure and lightweight ECC-based RFID authentication protocol for Internet of Vehicles. Trans Emerging Tel Tech 2021:e4354
Jangirala S, Das AK, Vasilakos AV (2019) Designing secure, lightweight blockchain-enabled RFID-based authentication protocol for supply chains in 5G mobile edge computing environment. IEEE Trans Ind Inf 16(11):7081–7093
Kumar S, Banka H, Kaushik B (2023) Ultra-lightweight blockchain-enabled RFID authentication protocol for supply chain in the domain of 5G mobile edge computing. Wireless Netw 1–22
Maurya PK, Bagchi S (2023) Quadratic residue-based unilateral authentication protocol for RFID system. Multimedia Tools Appl 82(11):16533–16554
Khorasgani AA, Sajadieh M, Yazdani MR (2022) Novel lightweight RFID authentication protocols for inexpensive tags. J Inf Secur Appl 67:103191
Khedr WI (2013) SRFID: A hash-based security scheme for lowcost RFID systems. Egypt Inf J 14(1):89–98
Funding
No funds, grants, or other support was received.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of Interest
The authors have no relevant financial or non-financial interests to disclose.
Competing interests
Not applicable
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Kumar, S., Banka, H. & Kaushik, B. Lightweight group authentication protocol for secure RFID system. Multimed Tools Appl (2024). https://doi.org/10.1007/s11042-024-19013-1
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11042-024-19013-1