Wireless Personal Communications

, Volume 95, Issue 4, pp 5057–5080 | Cite as

Game-Based Privacy Analysis of RFID Security Schemes for Confident Authentication in IoT

  • Behzad Abdolmaleki
  • Karim Baghery
  • Shahram Khazaei
  • Mohammad Reza Aref


Recently, Radio Frequency Identification (RFID) and Near Field Communication systems are found in various user-friendly services that all of us deal with in our daily lives. As these systems are ubiquitously deployed in different authentication and identification applications, inferring information about our behavior will be possible by monitoring our use of them. In order to provide privacy and security requirements of RFID users in novel authentication applications, lots of security schemes have been proposed which have tried to provide secure and untraceable communication for end-users. In this paper, we investigate the privacy of three RFID security schemes which have been proposed recently. For privacy analysis, we use the well-known RFID formal privacy model proposed by Ouafi and Phan. We show that all the studied protocols have some privacy drawbacks, making them vulnerable to various traceability attacks. Moreover, in order to overcome all the reported weaknesses and prevent the presented attacks, we apply some modifications in the structures of the studied protocols and propose an improved version of each one. Our analyses show that the modified protocols are more efficient than their previous versions and new modifications can omit all the existing weaknesses on the analyzed protocols. Finally, we compare the modified protocols with some new-found RFID authentication protocols in the terms of security and privacy.


RFID authentication protocols Traceability attacks Internet of things EPC C1 G2 standard Hash functions 



The third author has been supported by Iranian National Science Foundation (INSF) under contract No. 92027548 and Sharif Industrial Relation Office (SIRO) under Grant No. G931223.


  1. 1.
    Vaudenay, S. (2007). E-passport threats. IEEE Security and Privacy, 5(6), 61–64.CrossRefGoogle Scholar
  2. 2.
    Ebrahimi-Asl, S., Ghasr, M.T.A., & Zawodniok, M. (2016). Application of low scattering antennas to RFID networks. In IEEE International Conference on RFID (RFID) (pp. 1–7).Google Scholar
  3. 3.
    Ok, M.H., & Uiwang, G. (2009). A location tracking by RFID to assist the transportation vulnerable in subway stations. In 11th WSEAS International Conference on Mathematical Methods and Computational Techniques in Electrical Engineering.Google Scholar
  4. 4.
    Ruiz-Garcia, L., & Lunadei, L. (2011). The role of RFID in agriculture: Applications, limitations and challenges. Computers and Electronics in Agriculture, 79(1), 42–50.CrossRefGoogle Scholar
  5. 5.
    Ng, M. L., Leong, K. S., Hall, D. M., & Cole, P. H. (2005). A small passive UHF RFID tag for livestock identification. In IEEE International Symposium on Microwave, Antenna, Propagation and EMC Technologies for Wireless Communications. Google Scholar
  6. 6.
    Mishra, D., Das, A. K., Mukhopadhyay, S., & Wazid, M. (2016). A secure and robust smartcard-based authentication scheme for session initiation protocol using elliptic curve cryptography. Wireless Personal Communications, 91(3), 1361–1391.CrossRefGoogle Scholar
  7. 7.
    Avoine, G. (2005). Cryptography in radio frequency identification and fair exchange protocols. Ph.D. thesis, Lausanne, University of EPFL.Google Scholar
  8. 8.
    Juels, A. (2006). RFID security and privacy: A research survey. IEEE Journal on Selected Areas in Communications, 24(2), 381–394.MathSciNetCrossRefGoogle Scholar
  9. 9.
    Gross, H., Wenger, E., Martín, H., & Hutter, M. (2014). PIONEER: A prototype for the internet of things based on an extendable EPC Gen2 RFID tag. Radio Frequency Identification: Security and Privacy Issues, 54–73.Google Scholar
  10. 10.
    Hada, H., & Mitsugi, J. (2011). EPC based internet of things architecture. In IEEE International Conference on RFID-Technologies and Applications (RFID-TA).Google Scholar
  11. 11.
    Baghery, K., Abdolmaleki, B., Akhbari, B., & Aref, M. R. (2015). Enhancing privacy of recent authentication schemes for low-cost RFID systems. The ISC International Journal of Information Security, 7(2), 135–149.Google Scholar
  12. 12.
    Alavi, S. M., Baghery, K., Abdolmaleki, B., & Aref, M. R. (2015). Traceability analysis of recent RFID authentication protocols. Wireless Personal Communications, 83(3), 1663–1682.CrossRefGoogle Scholar
  13. 13.
    Wang, S., Liu, S., & Chen, D. (2014). Security analysis and improvement on two RFID authentication protocols. Wireless Personal Communications, 82(1), 21–33.CrossRefGoogle Scholar
  14. 14.
    Farash, M. S. (2014). Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography. The Journal of Supercomputing, 70(2), 987–1001.MathSciNetCrossRefGoogle Scholar
  15. 15.
    Mishra, D. (2016). Design and analysis of a provably secure multi-server authentication scheme. Wireless Personal Communications, 86(3), 1095–1119.CrossRefGoogle Scholar
  16. 16.
    Yeh, T. C., Wanga, Y. J., Kuo, T. C., & Wanga, S. S. (2010). Securing RFID systems conforming to EPC class 1 generation 2 standard. Expert Systems with Applications, 37, 7678–7683.CrossRefGoogle Scholar
  17. 17.
    Pang, L., He, L., Pei, Q., & Wang, Y. (2013). Secure and efficient mutual authentication protocol for RFID conforming to the EPC C-1 G-2 Standard. IEEE Wireless Communications and Networking Conference (WCNC), 1870–1875.Google Scholar
  18. 18.
    EPCglobal Inc. Available:
  19. 19.
    Amendola, S., Lodato, R., Manzari, S., Occhiuzzi, C., & Marrocco, G. (2014). RFID technology for IoT-based personal healthcare in smart spaces. IEEE Internet of Things Journal, 1(2), 144–152.CrossRefGoogle Scholar
  20. 20.
    Chen, Y. Y., Huang, D. C., Tsai, M. L., & Jan, J. K. (2012). A design of tamper resistant prescription RFID access control system. Journal of Medical Systems, 36(5), 2795–2801.CrossRefGoogle Scholar
  21. 21.
    Safkhani, M., Bagheri, N., & Naderi, M. (2012). On the designing of a tamper resistant prescription rfid access control system. Journal of Medical Systems, 36(6), 3995–4004.CrossRefGoogle Scholar
  22. 22.
    Ha, J., Moon, S., Zhou, J., & Ha, J. (2008). A new formal proof model for RFID location privacy. Computer Security-ESORICS.Google Scholar
  23. 23.
    Sun, D. Z., & Zhong, J. D. (2012). A hash-based RFID security protocol for strong privacy protection. IEEE Transactions on Consumer Electronics, 58(4), 1246–1252.CrossRefGoogle Scholar
  24. 24.
    Coisel, I., & Martin, T. (2013). Untangling RFID privacy models. Journal of Computer Networks and Communications. doi: 10.1155/2013/710275.Google Scholar
  25. 25.
    Avoine, G. (2005). Adversarial model for radio frequency identification. Cryptology ePrint archive, report 2005/049.
  26. 26.
    Juels, A., & Weis, S. (2007). Defining strong privacy for RFID. In 5th Annual IEEE International Conference on Pervasive Computing and Communications Workshops.Google Scholar
  27. 27.
    Vaudenay, S. (2007). On privacy models for RFID. ASIACRYPT 2007, LNCS 4833.Google Scholar
  28. 28.
    Ouafi, K., & Phan, R. C. W. (2008). Privacy of recent RFID authentication protocols. In 4th International Conference on Information Security Practice and Experience (ISPEC).Google Scholar
  29. 29.
    Habibi, M. H., & Gardeshi, M. (2011). Cryptanalysis and improvement on a new RFID mutual authentication protocol compatible with EPC standard. In 8th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC).Google Scholar
  30. 30.
    Abdolmaleki, B., Baghery, K., Akhbari, B. & Aref, M. R. (2015). Cryptanalysis of two EPC-based RFID security schemes. In 12th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC) (pp. 116–121).Google Scholar

Copyright information

© Springer Science+Business Media New York 2017

Authors and Affiliations

  • Behzad Abdolmaleki
    • 1
  • Karim Baghery
    • 2
  • Shahram Khazaei
    • 3
  • Mohammad Reza Aref
    • 4
  1. 1.Information Systems and Security Lab (ISSL)Sharif University of TechnologyTehranIran
  2. 2.ISSL LabSharif University of TechnologyTehranIran
  3. 3.Department of Mathematical SciencesSharif University of TechnologyTehranIran
  4. 4.ISSL Lab, Electrical Engineering DepartmentSharif University of TechnologyTehranIran

Personalised recommendations