A Provably Secure RFID Authentication Protocol Based on Elliptic Curve for Healthcare Environments

  • Mohammad Sabzinejad Farash
  • Omer Nawaz
  • Khalid Mahmood
  • Shehzad Ashraf ChaudhryEmail author
  • Muhammad Khurram Khan
Patient Facing Systems
Part of the following topical collections:
  1. Patient Facing Systems


To enhance the quality of healthcare in the management of chronic disease, telecare medical information systems have increasingly been used. Very recently, Zhang and Qi (J. Med. Syst. 38(5):47, 32), and Zhao (J. Med. Syst. 38(5):46, 33) separately proposed two authentication schemes for telecare medical information systems using radio frequency identification (RFID) technology. They claimed that their protocols achieve all security requirements including forward secrecy. However, this paper demonstrates that both Zhang and Qi’s scheme, and Zhao’s scheme could not provide forward secrecy. To augment the security, we propose an efficient RFID authentication scheme using elliptic curves for healthcare environments. The proposed RFID scheme is secure under common random oracle model.


Telecare medical information systems RFID Elliptic curve Authentication Untraceable privacy Random oracle model 



Muhammad Khurram Khan extends his sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding the Prolific Research Group (PRG-1436-16).


  1. 1.
    Burmester, M., Le, T. V., Medeiros, B. D., Tsudik, G., Universally composable RFID identification and authentication protocols. ACM Trans. Inf. Syst. Secur.(TISSEC) 12(4):21, 2009.CrossRefGoogle Scholar
  2. 2.
    Juels, A., and Weis, S.: Defining Strong Privacy for RFID. Cryptology ePrint Archive Report 2006/137 (2006)Google Scholar
  3. 3.
    Cai, S., Li, Y., Li, T., Deng, R. H.: Attacks and improvements to an RIFD mutual authentication protocol and its extensions. In: Proceedings of the second ACM conference on wireless network security, pp 51-58 (2009)Google Scholar
  4. 4.
    Song, B., and Mitchell C. J., Scalable RFID security protocols supporting tag ownership transfer. Comput. Commun. 34(4):556–566, 2011.CrossRefGoogle Scholar
  5. 5.
    Niu, B., Zhu, X., Chi, H., Li, H., Privacy and authentication protocol for mobile RFID systems. Wirel. Pers. Commun., 2014. doi: Scholar
  6. 6.
    Shao-hui, W., Zhijie, H., Sujuan, L., Dan-wei, C., Security analysis of two lightweight RFID authentication protocols. annals of telecommunications-annales des tlcommunications, 2013. doi: 10.1007/s12243-013-0361-z.Google Scholar
  7. 7.
    Dehkordi, M. H., and Farzaneh, Y., Improvement of the hash-based RFID mutual authentication protocol. Wirel. Pers. Commun., 2013. doi: 10.1007/s11277-013-1358-7.Google Scholar
  8. 8.
    Safkhani, M., Peris-Lopez, P., Hernandez-Castro, J. C., Bagheri, N., Cryptanalysis of the Cho others. protocol: A hash-based RFID tag mutual authentication protocol. J. Comput. Appl. Math. 259(1):571–577, 2014.CrossRefGoogle Scholar
  9. 9.
    Alagheband, M. R., and Aref, M. R., Simulation-Based Traceability analysis of RFID authentication protocols. Wirel. Pers. Commun., 2013. doi: 10.1007/s11277-013-1552-7.Google Scholar
  10. 10.
    Chen, C. L., Huang, Y. C., Shih, T. F., A Novel Mutual Authentication Scheme for RFID conforming EPCglobal Class 1 Generation 2 Standards. Information Technology And Control 41(3):220–228, 2012.CrossRefGoogle Scholar
  11. 11.
    Kuo, W. C., Chen, B. L., Wuu, L. C., Secure Indefinite-Index RFID Authentication scheme with Challenge-Response strategy. Information Technology And Control 42(2):124–130, 2013.CrossRefGoogle Scholar
  12. 12.
    Alagheband, M. R., and Aref, M. R., Unified privacy analysis of newfound RFID authentication protocols. Security and Communication Networks 6(8):999–1009, 2013.CrossRefGoogle Scholar
  13. 13.
    Farash M.S., Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography. J. Supercomput. 70(2):987–1001, 2014.CrossRefGoogle Scholar
  14. 14.
    Hein, D., Wolkerstorfer, J., Felber, N.: ECC Is ready for RFID - a proof in silicon. In: Selected areas in cryptography, LNCS 5381, pp 401413 (2009)Google Scholar
  15. 15.
    Lee, Y. K., Sakiyama, K., Batina, L., Verbauwhede, I., Elliptic curve based security processor for RFID. IEEE Trans. Comput. 57(11):1514–1527, 2008.CrossRefGoogle Scholar
  16. 16.
    of Standards, N.N.I.: Technology: Cryptographic Hash Algorithm Competition.
  17. 17.
    Ning, H., Liu, H., Mao, J., Zhang, Y., Scalable and distributed key array authentication protocol in radio frequency identification-based sensor systems. IET Commun. 5(12):1755–1768, 2011.CrossRefGoogle Scholar
  18. 18.
    Alomair, B., Clark, A., Cuellar, J., Poovendran, R., Scalable RFID systems: a privacy-preserving protocol with constant-time identification. IEEE Trans. Parallel Distrib. Syst. 23(8):1536–1550, 2012.CrossRefGoogle Scholar
  19. 19.
    Alomair, B., and Poovendran, R., Privacy versus scalability in radio frequency identification systems. Comput. Commun. 33(18):2155–2163, 2010.CrossRefGoogle Scholar
  20. 20.
    Song, B., and Mitchell, C. J., Scalable RFID Security protocols supporting tag ownership transfer. Comput. Commun. 34(4):556–566, 2011.CrossRefGoogle Scholar
  21. 21.
    Batina, L., Lee, Y. K., Seys, S., Singele, D., Verbauwhede, I., Extending ECC-based RFID authentication protocols to privacy-preserving multi-party grouping proofs. Pers. Ubiquit. Comput. 16(3):323–335, 2012.CrossRefGoogle Scholar
  22. 22.
    Chou, J., S.,an efficient mutual authentication RFID scheme based on elliptic curve cryptography. J. Supercomput., 2013. doi: 10.1007/s11227-013-1073-x.Google Scholar
  23. 23.
    Tuyls, P., and Batina, L.: RFID-Tags for Anti-Counterfeiting. In: Topics in cryptology (CT-RSA’06), LNCS 3860, pp 115-131 (2006)Google Scholar
  24. 24.
    Schnorr, C. P., Efficient identification and signatures for smart cards. In Advances in Cryptology (CRYPTO’89), 239–252 , 1990.Google Scholar
  25. 25.
    Batina, L, Guajardo, J, Kerins, T, Mentens, N, Tuyls, P, Verbauwhede, I.: Public-key cryptography for RFID-tags. In: Fifth annual IEEE 2007. International Conference on Pervasive Computing and Communications Workshops, (PerCom Workshops’07), pp 217-222 (2007)Google Scholar
  26. 26.
    Okamoto, T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Advances in Cryptology (CRYPTO’92), pp 31-53 (1993)Google Scholar
  27. 27.
    Lee, Y. K., Batina, L., Verbauwhede, I.: EC-RAC (ECDLP Based randomized access control): provably secure RFID authentication protocol. In: IEEE International conference on RFID, pp. 97-104 (2008)Google Scholar
  28. 28.
    O’Neill, M, and Robshaw, M J, Low-cost digital signature architecture suitable for radio frequency identification tags. Comput. Digital Tech. IET 4(1):14–26, 2010.CrossRefGoogle Scholar
  29. 29.
    Godor, G., Giczi, N., Imre, S.: Elliptic curve cryptography based mutual authentication protocol for low computational capacity RFID systems-performance analysis by simulations. In: IEEE International conference on wireless communications, networking and information security (WCNIS), pp 650-657 (2010)Google Scholar
  30. 30.
    Liao, Y., and Hsiao, C., A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol. Ad Hoc Netw., 2013. doi: 10.1016/j.adhoc.2013.02.004.Google Scholar
  31. 31.
    Peeters, R., and Hermans, J.: Attack on Liao and Hsiao’s Secure ECC-based RFID Authentication Scheme integrated with ID-Verifier Transfer Protocol. (2013)
  32. 32.
    Zhang, Z., and Qi, Q., An Efficient RFID Authentication protocol to enhance patient medication safety using elliptic curve cryptography. J. Med. Syst. 38(5):47, 2014. doi: 10.1007/s10916-014-0047-8.CrossRefPubMedGoogle Scholar
  33. 33.
    Zhao, Z., A Secure RFID Authentication protocol for healthcare environments using elliptic curve cryptosystem. J. Med. Syst. 38(5):46, 2014. doi: 10.1007/s10916-014-0046-9.CrossRefPubMedGoogle Scholar
  34. 34.
    Guo, P., Wang, J., Li, B., Lee, S., A variable threshold value authentication architecture for wireless mesh networks. J. Internet Technol. 15(6):929–936, 2014.Google Scholar
  35. 35.
    Shen, J., Tan, H., Wang, J., et al., A novel routing protocol providing good transmission reliability in underwater sensor networks. J. Internet Technol. 16(1):171–178, 2015.Google Scholar
  36. 36.
    He, D., and Wang, D., Robust biometrics-based authentication scheme for multi-server environment. IEEE Syst. J. 9(3):816–823, 2015.CrossRefGoogle Scholar
  37. 37.
    He, D., and Zeadally, S., Authentication protocol for an ambient assisted living system. IEEE Commun. Mag. 53(1):71–77, 2015.CrossRefGoogle Scholar
  38. 38.
    He, D., An efficient remote user authentication and key agreement protocol for mobile clientserver environment from pairings. Ad Hoc Netw. 10(6):1009–1016, 2012.CrossRefGoogle Scholar
  39. 39.
    Farash M.S., Cryptanalysis and improvement of ‘an improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks’. International Journal of Network Management 25(1):31–51, 2015.CrossRefGoogle Scholar
  40. 40.
    Li, C T, Weng, C Y, Lee, C. C., A secure RFID tag authentication protocol with privacy preserving in telecare medicine information system. J. Med. Syst. 39(8):1–8, 2015.CrossRefGoogle Scholar
  41. 41.
    Srivastava, K, Awasthi, A K, Kaul, S D, Mittal, R. C., A hash based mutual RFID tag authentication protocol in telecare medicine information system. J. Med. Syst. 39(1):1–5, 2015.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  • Mohammad Sabzinejad Farash
    • 2
  • Omer Nawaz
    • 3
  • Khalid Mahmood
    • 1
  • Shehzad Ashraf Chaudhry
    • 1
    Email author
  • Muhammad Khurram Khan
    • 4
  1. 1.Department of Computer Science & Software EngineeringInternational Islamic UniversityIslamabadPakistan
  2. 2.Faculty of Mathematics Sciences and ComputerKharazmi UniversityTehranIran
  3. 3.Telecommunication SystemsBlekinge Institute of TechnologyKarlskronaSweden
  4. 4.Center of Excellence in Information AssuranceKing Saud UniversityRiyadhSaudi Arabia

Personalised recommendations