Wireless Personal Communications

, Volume 109, Issue 3, pp 1747–1767 | Cite as

Untraceable Analysis of Scalable RFID Security Protocols

  • Xiuqing Chen
  • Kai MaEmail author
  • Deqin Geng
  • Jingxuan Zhai
  • Wei Liu
  • Hongwei Zhang
  • Tingting Zhu
  • Xue Piao


In order to support robust implementation of IoT, many schemes have been done to provide privacy, anonymity, scalability and customizability. Ray et al.’s scheme and Mir et al.’s protocol are analyzed in this paper and suffer from tracing attacks. Ray et al.’s scheme is subjected to malicious impersonation attacks, and does not achieve strong forward untraceability. Then the improved protocol is proposed, which adapts quadratic residue theorem to offer better security, scalability and customizability. Finally, the improved protocol meets forward untraceability, backward untraceability and strong forward untraceability under the untraceability model, and resists reader impersonation attacks, tag impersonation attacks, and tracing attacks. The comparison results show that the improved protocol offers better security and scalability than the existing protocols.


RFID Scalability Tracing attacks Forward untraceability Backward untraceability Strong forward untraceability 



The authors would like to thank the anonymous referee for their valuable discussions and comments. This research was partially supported by Jiangsu Postdoctoral Science Foundation (Grant Nos. 1701061B, 2017107007); Xuzhou Medical University Affiliated Hospital Postdoctoral Science Foundation (Grant Nos. 2016107011, 183822, 53120225, 53120226); Xuzhou Medical University Excellent Persons Scientific Research Foundation (Grant Nos. D2016006, D2016007, 53591506); Practice Inovation Trainng Program Projects for Jiangsu College Students (Grant Nos. 20161031308H, 201610313043Y); Natural Science Foundation of the Jiangsu Higher Education Institutions of China (Grant No. 16KJB180028); Innovation Project of JiangSu Province (Grant No. 2012); Educational Commission of Jiangsu Province of China (Grant No. 2015JSJJG261); 333 Project of Jiangsu Province (Grant No. BRA2017278).

Compliance with Ethical Standards

Conflict of interest

The authors declare no conflict of interest.


  1. 1.
    Gautam, R., Singh, A., Karthik, K., et al. (2017). Traceability using RFID and its formulation for a kiwifruit supply chain. Computers and Industrial Engineering,103, 46–58.CrossRefGoogle Scholar
  2. 2.
    Omar, H. Q., Khoshnaw, A., & Monnet, W. (2017). Smart patient management, monitoring and tracking system using radio-frequency identification (RFID) technology. In Biomedical engineering and sciences. IEEE.Google Scholar
  3. 3.
    Dusart, P., & Traoré, S. (2013). Lightweight authentication protocol for low-cost RFID tags. In L. Cavallaro & D. Gollmann (Eds.), WISTP 2013, LNCS (Vol. 7886, pp. 129–144). Heidelberg: Springer.Google Scholar
  4. 4.
    Li, C. T., Weng, C. Y., & Lee, C. C. (2015). A Secure RFID tag authentication protocol with privacy preserving in telecare medicine information system. Journal of Medical Systems,39(8), 1–8.CrossRefGoogle Scholar
  5. 5.
    Srivastava, K., Awasthi, A. K., Kaul, S. D., et al. (2015). A hash based mutual RFID tag authentication protocol in telecare medicine information system. Journal of Medical Systems,39(1), 1–5.CrossRefGoogle Scholar
  6. 6.
    Jin, C., Xu, C., Zhang, X., et al. (2015). A secure RFID mutual authentication protocol for healthcare environments using elliptic curve cryptography. Journal of Medical Systems,39(3), 1–8.CrossRefGoogle Scholar
  7. 7.
    Tewari, A., & Gupta, B. B. (2017). Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags. Journal of Supercomputing,73, 1–18.CrossRefGoogle Scholar
  8. 8.
    Gandino, F., Montrucchio, B., & Rebaudengo, M. (2017). A security protocol for RFID traceability. International Journal of Communication Systems,30(6), 1–14.CrossRefGoogle Scholar
  9. 9.
    Sundaresan, S., Doss, R., Piramuthu, S., et al. (2017). A secure search protocol for low cost passive RFID tags. Computer Networks,122, 70–82.CrossRefGoogle Scholar
  10. 10.
    Sundaresan, S., Doss, R., & Zhou, W. (2012). A secure search protocol based on quadratic residues for EPC Class-1 Gen-2 UHF RFID tags (Vol. 2012, pp. 30–35).Google Scholar
  11. 11.
    Gao, L., Zhang, L., & Ma, M. (2017). Low cost RFID security protocol based on rabin symmetric encryption algorithm. Wireless Personal Communications,96, 683–696.CrossRefGoogle Scholar
  12. 12.
    Abdolmaleki, B., Baghery, K., Khazaei, S., et al. (2017). Game-based privacy analysis of RFID security schemes for confident authentication in IoT. Wireless Personal Communications,95, 5057–5080.CrossRefGoogle Scholar
  13. 13.
    Efremov, S., Pilipenko, N., & Voskov, L. (2015). An integrated approach to common problems in the Internet of Things. Procedia Engineering,100(3), 1215–1223.CrossRefGoogle Scholar
  14. 14.
    Cao, T., Chen, X., Doss, R., et al. (2016). RFID ownership transfer protocol based on cloud. Computer Networks,105, 47–59.CrossRefGoogle Scholar
  15. 15.
    Xie, W., Xie, L., Zhang, C., Zhang, Q., & Tang, C. J. (2013). Cloud-based RFID authentication. In Proceedings of IEEE international conference on RFID, Apr 30–May 02, Orlando, FenLan, 2013 (pp. 168–175).Google Scholar
  16. 16.
    Doss, R., Zhou, W. L., & Yu, S. (2012). Secure RFID tag ownership transfer based on quadratic residues. IEEE Transactions on Information Forensics and Security,8(2), 390–401.CrossRefGoogle Scholar
  17. 17.
    Farash, M. S., Nawaz, O., Mahmood, K., et al. (2016). A provably secure RFID authentication protocol based on elliptic curve for healthcare environments. Journal of Medical Systems,40(7), 165.CrossRefGoogle Scholar
  18. 18.
    Shen, J., Tan, H., Moh, S., et al. (2016). An efficient RFID authentication protocol providing strong privacy and security. Journal of Internet Technology,17, 443–455.Google Scholar
  19. 19.
    Wang, X., & Yuan, C. W. (2014). Scalable and resynchronisable radio frequency identification ownership transfer protocol based on a sliding window mechanism. IET Information Security,8(3), 161–170.CrossRefGoogle Scholar
  20. 20.
    Cho, J. S., Jeong, Y. S., & Park, S. O. (2015). Consideration on the brute-force attack cost and retrieval cost. Computers & Mathematics with Applications,69(1), 58–65.CrossRefGoogle Scholar
  21. 21.
    Mir, O., & Nikooghadam, M. (2015). A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health Services. Wireless Personal Communications,83(4), 1–23.CrossRefGoogle Scholar
  22. 22.
    Ray, B. R., Abawajy, J., & Chowdhury, M. (2014). Scalable RFID security framework and protocol supporting Internet of Things. Computer Networks,67, 89–103.CrossRefGoogle Scholar
  23. 23.
    Yan, X., Li, Weiheng, Li, Ping, Wang, J., Hao, X., & Gong, P. (2013). A secure biometrics-based authentication scheme for telecare medicine information systems. Journal of Medical Systems,37, 9972.CrossRefGoogle Scholar
  24. 24.
    Trujillo-Rasua, R., & Solanas, A. (2011). Scalable trajectory-based protocol for RFID tags identification. In Proceedings of the 2011 IEEE international conference on RFID-technologies and applications (RFID-TA) (pp. 279–285). IEEE.Google Scholar
  25. 25.
    Song, B., & Mitchell, C. J. (2011). Scalable RFID security protocols supporting tag ownership transfer. Computer Communications,34(4), 556–566.CrossRefGoogle Scholar
  26. 26.
    Erguler, I., & Anarim, E. (2012). Security flaws in a recent RFID delegation protocol. Personal and Ubiquitous Computing,16(3), 337–349.CrossRefGoogle Scholar
  27. 27.
    Trujillo-Rasua, R., Solanas, A., Pérez-Martínez, P. A., et al. (2012). Predictive protocol for the scalable identification of RFID tags through collaborative readers. Computers in Industry,63(6), 557–573.CrossRefGoogle Scholar
  28. 28.
    Molnar, D., & Wagner, D. (2004). Privacy and security in library RFID: Issues, practices, and architectures. In Proceedings of the 11th ACM conference on computer and communications security (pp. 210–219). New York: ACM.Google Scholar
  29. 29.
    Chen, X., Cao, T., & Zhai, J. (2016). Untraceability analysis of two RFID authentication protocols. Chinese Journal of Electronics,25(5), 912–920.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  • Xiuqing Chen
    • 1
  • Kai Ma
    • 1
    Email author
  • Deqin Geng
    • 1
  • Jingxuan Zhai
    • 2
  • Wei Liu
    • 1
  • Hongwei Zhang
    • 1
  • Tingting Zhu
    • 1
  • Xue Piao
    • 1
  1. 1.School of Medicine InformationXuzhou Medical UniversityXuzhouChina
  2. 2.School of Computer Science and TechnologyChina University of Mining and TechnologyXuzhouChina

Personalised recommendations