Springer Nature is making SARS-CoV-2 and COVID-19 research free. View research | View latest news | Sign up for updates

Privacy and Authentication Protocol for Mobile RFID Systems

  • 769 Accesses

  • 17 Citations


Security and privacy issues in RFID technology gain tremendous popularity recently. However, existing work on RFID authentication problems always make assumptions such as (1) hash function can be fully employed in designing RFID protocols; (2) channels between readers and server are always secure. The first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be directly adopted in mobile RFID applications where wireless channels between readers and server are always insecure. To solve these problems, in this paper, we propose a novel ultralightweight and privacy-preserving authentication protocol for mobile RFID systems. We only use bitwise XOR, and several special constructed pseudo-random number generators to achieve our aims in the insecure mobile RFID environment. We use GNY logic to prove the security correctness of our proposed protocol. The security and privacy analysis show that our protocol can provide several privacy properties and avoid suffering from a number of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare several parameters with existing work, the evaluation results indicate us that our protocol significantly improves the system performance.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5


  1. 1.



  1. 1.

    Juels, A. (2006). Rfid security and privacy: A research survey. IEEE Journal on Selected Areas in Communications, 24(2), 381–394.

  2. 2.

    Berbain, C., Billet, O., Etrog, J., & Gilbert, H. (2009). An efficient forward private rfid protocol, in: Proceedings of the 16th ACM conference on Computer and communications security, CCS ’09, ACM, New York, NY, USA, pp. 43–53.

  3. 3.

    Das, R. (2008). Rfid market projections 2008–2018, IDTechEx.

  4. 4.

    Thornton, F., Haines, B., Das, A. M., & Bhargava, H., Campbell, A. (2006). RFID Security, Syngress.

  5. 5.

    Epcglobal, class-1 generation-2 uhf rfid protocol for communications at 860mhz-960mhz version 1.2.0, EPC Radio Frequency Identity Protocols, 2008.

  6. 6.

    Chen, Y., Chou, J.-S., & Sun, H.-M. (2008). A novel mutual authentication scheme based on quadratic residues for rfid systems. Computer Networks, 52(12), 2373–2380.

  7. 7.

    Juels, A., & Weis, S. A. (2005). Authenticating pervasive devices with human protocols. In Proceedings of the 25th annual international conference on Advances in Cryptology, CRYPTO’05, Springer, Berlin, pp. 293–308.

  8. 8.

    Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., Verbauwhede, I. (2006). An elliptic curve processor suitable for rfid-tags, jorge.Guajardo@philips.com 13333 received 4 Jul 2006.

  9. 9.

    Avoine, G., Coisel, I., & Martin, T. (2012). A privacy-restoring mechanism for offline rfid systems. In Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks, WISEC ’12, ACM, New York, NY, USA, pp. 63–74.

  10. 10.

    Blum, M. (2001). Secure human identification protocols, in: In Asiacrypt: Springer. (pp. 52–66).

  11. 11.

    Juels, A., & Weis, S. (2005). Authenticating pervasive devices with human protocols. In V. Shoup (Ed.), Advances in Cryptology C CRYPTO 2005 (Vol. 3621, pp. 293–308)., Lecture Notes in Computer Science Berlin / Heidelberg, RSA Laboratories, Bedford, MA, USA: Springer.

  12. 12.

    Bringer, J., Chabanne, H., & Emmanuelle, D. (2006). HB\(^{++}\): a Lightweight Authentication Protocol Secure against Some Attacks, in: IEEE International Conference on Pervasive Services, Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing - SecPerU 2006, IEEE, IEEE Computer Society, Lyon, France.

  13. 13.

    Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). LMAP: A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags, in: Workshop on RFID Security - RFIDSec’06, Ecrypt, Graz, Austria.

  14. 14.

    Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). EMAP: An Efficient Mutual Authentication Protocol for Low-Cost RFID Tags, in: OTM Federated Conferences and Workshop: IS Workshop - IS’06, Vol. 4277 of Lecture Notes in Computer Science, Springer, Montpellier, France, pp. 352–361.

  15. 15.

    Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). M2AP: A Minimalist Mutual-Authentication Protocol for Low-cost RFID Tags. In J. Ma, H. Jin, L. T. Yang, & J. J. P. Tsai (Eds.), International Conference on Ubiquitous Intelligence and Computing - UIC’06 (Vol. 4159, pp. 912–923)., Lecture Notes in Computer Science Wuhan and Three Gorges, China: Springer.

  16. 16.

    Piramuthu, S. (2006). Hb and related lightweight authentication protocols for secure rfid tag/reader authentication. In In CollECTeR 2006.

  17. 17.

    Batina, L., Lee, Y., Seys, S., Singele, D., & Verbauwhede, I. (2012). Extending ecc-based rfid authentication protocols to privacy-preserving multi-party grouping proofs. Personal and Ubiquitous Computing, 16(3), 323–335.

  18. 18.

    Dimitriou, T. ( 2005). A lightweight rfid protocol to protect against traceability and cloning attacks, in: Security and Privacy for Emerging Areas in Communications Networks, 2005. SecureComm 2005. First International Conference on, pp. 59–66.

  19. 19.

    Tsudik, G. (2007). A family of dunces: trivial rfid identification and authentication protocols, in: Proceedings of the 7th international conference on Privacy enhancing technologies, PET’07, ( pp. 45–61) Berlin: Springer.

  20. 20.

    Yeh, T.-C., Wu, C.-H., & Tseng, Y.-M. (2011). Improvement of the rfid authentication scheme based on quadratic residues. Computer Communications, 34(3), 337–341.

  21. 21.

    Doss, R., Sundaresan, S., & Zhou, W. (2013). A practical quadratic residues based scheme for authentication and privacy in mobile rfid systems. Ad Hoc Network, 11(1), 383–396.

  22. 22.

    Tian, Y., Chen, G., & Li, J. (2012). A new ultralightweight rfid authentication protocol with permutation. Communications Letters, IEEE, 16(5), 702–705.

  23. 23.

    Avoine, G., Carpent, X. Yet another ultralightweight authentication protocol that is broken, IACR Cryptology ePrint Archive (2011) 691.

  24. 24.

    Shaohui, W., Zhijie, H., Sujuan, L., Dan-wei, C. Security analysis of rapp an rfid authentication protocol based on permutation, IACR Cryptology ePrint Archive (2012) 327.

  25. 25.

    Ahmadian, Z., Salmasizadeh, M., Aref, M. R. Desynchronization attack on rapp ultralightweight authentication protocol, IACR Cryptology ePrint Archive (2012) 490.

  26. 26.

    Avoine, G., Bingol, M., Carpent, X., & Yalcin, S. (2013). Privacy-friendly authentication in rfid systems: On sublinear protocols based on symmetric-key cryptography. IEEE Transactions on Mobile Computing, 12(10), 2037–2049.

  27. 27.

    Moriyama, D., Ohkubo, M., Matsuo, S. (2013). A forward privacy model for rfid authentication protocols, in: Information Security Theory and Practice. Security of Mobile and Cyber-Physical Systems, Vol. 7886 of Lecture Notes in Computer Science (pp. 98–111) Berlin: Springer .

  28. 28.

    Yang, A., Zhuang, Y., Wong, D., Yang, G. (2013). A new unpredictability-based rfid privacy model. In: Network and System Security, Vol. 7873 of Lecture Notes in Computer Science (pp. 479–492) Berlin: Springer.

  29. 29.

    Goldreich, O., Goldwasser, S., & Micali, S. (1986). How to construct pseudorandom functions. Journal of the ACM, 33(4), 792–807.

  30. 30.

    Niu, B., Zhu, X., Li, H. (2013). An ultralightweight and privacy-preserving authentication protocol for mobile rfid systems. In IEEE WCNC.

  31. 31.

    Gong, L., Needham, R., Yahalom, R. (1990). Reasoning about belief in cryptographic protocols, in: Research in Security and Privacy, 1990. Proceedings., 1990 IEEE Computer Society Symposium on, pp. 234–248.

  32. 32.

    Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.

  33. 33.

    Liu, A. X., & Bailey, L. A. (2009). Pap: A privacy and authentication protocol for passive rfid tags. Computer Communications, 32(7–10), 1194–1199.

  34. 34.

    Yeh, T.-C., Wang, Y.-J., Kuo, T.-C., & Wang, S.-S. (2010). Securing rfid systems conforming to epc class 1 generation 2 standard. Expert Systems with Applications, 37(12), 7678–7683.

  35. 35.

    Kulseng, L., yu, Z., Wei, Y., Guan, Y. (2010). Lightweight mutual authentication and ownership transfer for rfid systems. In INFOCOM, 2010 Proceedings IEEE, pp. 1–5.

  36. 36.

    Cho, J.-S., Yeo, S.-S., & Kim, S. K. (2011). Securing against brute-force attack: A hash-based rfid mutual authentication protocol using a secret value. Computer Communications, 34(3), 391–397.

  37. 37.

    An-Ta, L., Chang, H. K.-C., Yuan-Shiang, L., Shen-Yi, W. The increase of rfid privacy and security with mutual authentication mechanism in supply chain management, International Journal of Electronic, Business Management 10 (1).

  38. 38.

    Morshed, M., Atkins, A., Yu, H. (2011). An efficient and secure authentication protocol for rfid systems, in: Automation and Computing (ICAC), Conference on 2011 17th International, pp. 51–56.

  39. 39.

    Chang, Y.-F., Lin, S.-C., Chang, P.-Y. (2011). A location-privacy-protected rfid authentication scheme, in: Communications (ICC), 2011 IEEE International Conference on, pp. 1–4.

  40. 40.

    Hell, M., Johansson, T., Meier, W. (2005). Grain - a stream cipher for constrained environments. estream, ecrypt stream cipher, Tech. rep., 2005/010, ECRYPT (European Network of Excellence for Cryptology.

Download references


This work was supported by National Natural Science Foundation of China under Grant 61003300, Fundamental Research Funds for the Central Universities under Grant K5051201041, and China 111 Project under Grant B08038. The work of Dr. Hui Li was supported by the National Project 2012ZX03002003-002, 863 Project 2012AA013102, IRT1078 and NSFC 61170251.

Author information

Correspondence to Ben Niu.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Niu, B., Zhu, X., Chi, H. et al. Privacy and Authentication Protocol for Mobile RFID Systems. Wireless Pers Commun 77, 1713–1731 (2014). https://doi.org/10.1007/s11277-014-1605-6

Download citation


  • Mobile RFID systems
  • Authentication
  • Ultralightweight
  • Privacy-preserving