Journal of Medical Systems

, 38:116 | Cite as

Lightweight ECC Based RFID Authentication Integrated with an ID Verifier Transfer Protocol

  • Debiao He
  • Neeraj Kumar
  • Naveen Chilamkurti
  • Jong-Hyouk Lee
Systems-Level Quality Improvement
Part of the following topical collections:
  1. Topical Collection on Systems-Level Quality Improvement


The radio frequency identification (RFID) technology has been widely adopted and being deployed as a dominant identification technology in a health care domain such as medical information authentication, patient tracking, blood transfusion medicine, etc. With more and more stringent security and privacy requirements to RFID based authentication schemes, elliptic curve cryptography (ECC) based RFID authentication schemes have been proposed to meet the requirements. However, many recently published ECC based RFID authentication schemes have serious security weaknesses. In this paper, we propose a new ECC based RFID authentication integrated with an ID verifier transfer protocol that overcomes the weaknesses of the existing schemes. A comprehensive security analysis has been conducted to show strong security properties that are provided from the proposed authentication scheme. Moreover, the performance of the proposed authentication scheme is analyzed in terms of computational cost, communicational cost, and storage requirement.


Radio frequency identification Authentication Anonymity Elliptic curve cryptography 



The work of J.-H. Lee was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT & Future Planning (NRF-2014R1A1A1006770).


  1. 1.
    A. Juels, RFID security and privacy: a research survey, IEEE Journal on Selected Areas in Communication 24 (2006) 381-394.CrossRefGoogle Scholar
  2. 2.
    T. Phillips, T. Karygiannis, R. Kuhn, Security standards for the RFID market, IEEE Security & Privacy 3 (6) (2005) 85-89.CrossRefGoogle Scholar
  3. 3.
    C.M. Robert, Radio frequency identification, Computers and Security 25 (2006) 18-26.CrossRefGoogle Scholar
  4. 4.
    P. Peris-Lopez, A. Orfila, A. Mitrokots, J. van der Lubbe, A comprehensive RFID solution to enhance inpatient medication safety, International Journal of Medical Informatics 80 (2011) 13-24.CrossRefGoogle Scholar
  5. 5.
    S. L. Ting, S. K. Kwok, Albert H. C. Tsang, W. B. Lee, Critical Elements and Lessons Learnt from the Implementation of an RFID-enabled Healthcare Management System in a Medical Organization, Journal of Medical Systems 35 (4) (2011) 657-669.CrossRefGoogle Scholar
  6. 6.
    Y. Yen, N. Lo, T. Wu, Two RFID-based solutions for secure inpatient medication administration, Journal of Medical Systems 36(5) (2012) 2769-2778.CrossRefGoogle Scholar
  7. 7.
    A. Juels, Yoking-proofs for RFID tags, in: First International Workshop on Pervasive Computing and Communication Security, 2004.Google Scholar
  8. 8.
    K. Wong, P. Hui, A. Chan, Cryptography and authentication on RFID tags for apparels, Computer in Industry 57 (2005) 342–349.CrossRefGoogle Scholar
  9. 9.
    Y. Chen, J.-S. Chou, H.-M. Sun, A novel mutual authentication scheme based on quadratic residues for RFID systems, Computer Networks 52 (2008) 2373–2380.CrossRefMATHGoogle Scholar
  10. 10.
    H.-Y. Chien, C.-H. Chen, Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards, Computer Standards and Interfaces 29 (2007) 254–259.CrossRefGoogle Scholar
  11. 11.
    P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, A. Ribagorda, Cryptanalysis of a novel authentication protocol conforming to epc-c1g2 standard, Computer Standards and Interfaces 31 (2) (2009) 372–380.CrossRefGoogle Scholar
  12. 12.
    N. Lo, K. Yeh, An efficient mutual authentication scheme for EPCglobal Class-1 Generation-2 RFID systems, in: Intenational Conference on Embedded and Ubiquitous Computing, 2007.Google Scholar
  13. 13.
    T.-C. Yeh, Y.-J. Wang, T.-C. Kuo, S.-S. Wang, Securing RFID systems conforming to EPC Class 1 Generation 2 standards, Expert Systems and Applications 37 (2010) 7678–7683.CrossRefGoogle Scholar
  14. 14.
    J. Cho, S. Yeo, S. Kim, Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value, Computer Communications 34(3) (2011) 391-397.CrossRefGoogle Scholar
  15. 15.
    M. Safkhani, P. Peris-Lopez, J.C. Hernandez-Castro, N. Bagheri, M. Naderi, Cryptanalysis of Cho et al.’s protocol, a hash-based mutual authentication protocol for RFID systems, Cryptology ePrint Archive, Report 2011/311, 2011. <>.
  16. 16.
    T. Cao, P. Shen, Cryptanalysis of some RFID authentication protocols, Journal of Communications 3 (7) (2008) 20–27.CrossRefGoogle Scholar
  17. 17.
    T.-C. Yeh, C.-H. Wu, Y.-M. Tseng, Improvement of the RFID authentication scheme based on quadratic residues, Computer Communications (34) (2011) 337–341.Google Scholar
  18. 18.
    R. Doss, S. Sundaresan, W. Zhou, A practical quadratic residues based scheme for authentication and privacy in mobile RFID systems, Ad Hoc Networks 11(1) (2013) 383-396.CrossRefGoogle Scholar
  19. 19.
    Y. Lee, L. Batina, I. Verbauwhede, EC-RAC (ECDLP based randomized access control): provably secure RFID authentication protocol. In IEEE International Conference on RFID 2008. IEEE, 97–104, 2008.Google Scholar
  20. 20.
    J. Bringer, H. Chabanne, T. Icart, Cryptanalysis of EC-RAC, a RFID identification protocol. In 7th International Conference on Cryptology And Network Security – CANS’08, Springer, New York 149–161, 2008.Google Scholar
  21. 21.
    T. Deursen, S. Radomirovic, Attacks on RFID protocols (version 1.1). Technical Report, August 2009.Google Scholar
  22. 22.
    Y. Lee, I. Batina, I. Verbauwhede, Untraceable RFID authentication protocols: revision of EC-RAC. In IEEE International Conference on RFID 2009. IEEE: Orlando,FL,USA, 178–185, 2009.Google Scholar
  23. 23.
    T. Deursen, S. Radomirovic, Untraceable RFID rotocols are not trivially composable: attacks on the evision of EC-RAC. Technical Report, University of uxembourg, July 2009.Google Scholar
  24. 24.
    Y. Lee, L. Batina, I. Verbauwhede, Privacy challenges in RFID systems. In The Internet of Things, Giusto D, Lera A, Morabito G, Atzori L (eds): Springer New York, 397–407, 2010.CrossRefGoogle Scholar
  25. 25.
    C. Lv, H. Li, J. Ma, Y. Zhang, Vulnerability analysis of elliptic curve cryptography–based RFID authentication protocols, Transactions on Emerging Telecommunications Technologies 23(7) (2012) 618-624.CrossRefGoogle Scholar
  26. 26.
    Y. Liao, C. Hsiao, A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol, Ad Hoc Networks, 2013, doi:  10.1016/j.adhoc.2013.02.004.
  27. 27.
    R. Peeters, J. Hermans, Attack on Liao and Hsiao’s Secure ECC-based RFID Authentication Scheme integrated with ID-Verifier Transfer Protocol. Cryptology ePrint Archive, Report 2013/399, 2013.Google Scholar
  28. 28.
    G. Godor, N. Giczi, S. Imre, Elliptic curve cryptography based mutual authentication protocol for low computational capacity RFID systems-performance analysis by simulations. In: IEEE international conference on wireless communications, networking and information security (WCNIS), IEEE, pp 650–657, 2010.Google Scholar
  29. 29.
    X. Cao, W. Kou, A Pairing-free Identity-based Authenticated Key Agreement Protocol with Minimal Message Exchanges, Information Sciences, 180 (15), 2895–2903, 2010.MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Debiao He
    • 1
  • Neeraj Kumar
    • 2
  • Naveen Chilamkurti
    • 3
  • Jong-Hyouk Lee
    • 4
  1. 1.School of Mathematics and StatisticsWuhan UniversityWuhanChina
  2. 2.Department of Computer ScienceEngineering, Thapar UniversityPatialaIndia
  3. 3.Department of Computer Science and Computer EngineeringLaTrobe UniversityMelbourneAustralia
  4. 4.Department of Computer Software EngineeringSangmyung UniversityCheonan-siRepublic of Korea

Personalised recommendations