A novel vector-space-based lightweight privacy-preserving RFID authentication protocol for IoT environment


Internet of Things (IoT) is a novel paradigm that connects several physical devices and the cyber world over the Internet. IoT technology is growing rapidly and soon will have an enormous innovation in our daily lives. With the increasing number of connected IoT devices making our daily lives more convenient, it puts personal data at serious risk too. Radio frequency identification (RFID) contributes to IoT applications in the automatic identification of the connected devices. However, the primary concerns with the RFID tag connected devices are their security and privacy. The communication channel is deemed to be wireless or insecure between the tags and the readers, which makes RFID system vulnerable to the various known attacks. To deal with these security flaws, we have put forward a novel vector-space-based lightweight RFID authentication protocol for IoT environment named VLPRAP. The proposed protocol integrates vector space, linear mapping and basis mechanism that achieves secure authentication and improves security and privacy without increasing the computational cost. The correctness of the proposed VLPRAP protocol has been validated using BAN logic inference rules. The formal and informal security analysis demonstrates that our proposed protocol resists various malicious security threats, providing better security and higher efficiency. Furthermore, the performance analysis of our proposed protocol has been measured in terms of computation operations, storage requirement and communication overhead, which shows that better performance as compared to related existing protocols.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4


  1. 1.

    Fan K, Jiang W, Li H, Yang Y (2018) Lightweight RFID protocol for medical privacy protection in IoT. IEEE Trans Industr Inf 14(4):1656–1665

    Article  Google Scholar 

  2. 2.

    Ma M, He D, Kumar N, Raymond Choo K-K, Chen J (2017) Certificateless searchable public key encryption scheme for industrial internet of things. IEEE Trans Ind Informat. https://doi.org/10.1109/TII.2017.2703922

    Article  Google Scholar 

  3. 3.

    Hu P, Ning H, Qiu T, Zhang Y, Luo X (2017) Fog computing-based face identification and resolution scheme in internet of things. IEEE Trans Ind Informat 13(4):1910–1920

    Article  Google Scholar 

  4. 4.

    Wang KH, Chen CM, Fang W, Wu TY (2018) On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J Supercomput 74(1):65–70

    Article  Google Scholar 

  5. 5.

    Rostampour S, Bagheri N, Hosseinzadeh M, Khademzadeh A (2018) A scalable and lightweight grouping proof protocol for internet of things applications. J Supercomput 74(1):71–86

    Article  Google Scholar 

  6. 6.

    Alamr AA, Kausar F, Kim J, Seo C (2018) A secure ECC-based RFID mutual authentication protocol for internet of things. J Supercomput 74(9):4281–4294

    Article  Google Scholar 

  7. 7.

    Salem FM, Amin R (2020) A privacy-preserving RFID authentication protocol based on El-Gamal cryptosystem for secure TMIS. Inf Sci 527:382–393

    MathSciNet  Article  Google Scholar 

  8. 8.

    Chen X, Geng D, Zhai J, Liu W, Zhang H, Zhu T (2020) Security analysis and enhancement of the most recent RFID protocol for telecare medicine information system. Wireless Person Commun

  9. 9.

    Juels A (2006) RFID security, and privacy: a research survey. IEEE J Sel Areas Commun 24:381–394

    Article  Google Scholar 

  10. 10.

    Miorandi D, Sicari S, Pellegrini FD, Chlamtac I (2012) Internet of things: Vision, applications and research challenges. Ad Hoc Netw 10:1497–1516

    Article  Google Scholar 

  11. 11.

    Doss R, Sundaresan S, Zhou W (2013) A practical quadratic residues based scheme for authentication and privacy in mobile RFID systems. Ad Hoc Netw 11:383–396

    Article  Google Scholar 

  12. 12.

    Aghili SF, Mala H, Kaliyar P, Conti M (2019) SecLAP: Secure and lightweight RFID authentication protocol for Medical IoT. Future Gener Comput Syst 101:621–634

    Article  Google Scholar 

  13. 13.

    Safkhani M, Bendavid Y, Rostampour S, Bagheri (2019) On designing lightweight RFID security protocols for medical IoT. Cryptology ePrint Archive, Report 2019/851, 2019. https://eprint.iacr.org/2019/851

  14. 14.

    Fan K, Zhu S, Zhang K, Li H, Yang Y (2019) A lightweight authentication scheme for cloud-based RFID healthcare systems. IEEE Netws 33(2):44–49

    Article  Google Scholar 

  15. 15.

    Safkhani M, Rostampour S, Bendavid Y, Bagheri N (2020) IoT in medical & pharmaceutical: designing lightweight RFID security protocols for ensuring supply chain integrity. Comput Netw 181:107558

    Article  Google Scholar 

  16. 16.

    Fan K, Wang W, Jiang W, Li H, Yang Y (2018) Secure ultra-lightweight RFID mutual authentication protocol based on transparent computing for IoV. Peer-to-Peer Netw Appl 11(4):723–734

    Article  Google Scholar 

  17. 17.

    Fan K, Jiang W, Luo Q, Li H, Yang Y (2019) Cloud-based RFID mutual authentication scheme for efficient privacy preserving in IoV. J Franklin Inst

  18. 18.

    Fan K, Kang J, Zhu S, Li H, Yang Y (2019) Permutation matrix encryption based ultralightweight secure RFID scheme in internet of vehicles. Sensors 19(1):152

    Article  Google Scholar 

  19. 19.

    Kumar V, Ahmad M, Mishra D, Kumari S, Khan MK (2020) RSEAP: RFID based secure and efficient authentication protocol for vehicular cloud computing. Vehicul Commun 22:100213

    Article  Google Scholar 

  20. 20.

    Safkhani M, Camara C, Peris-Lopez P, Bagheri N (2020) RSEAP2: An enhanced version of RSEAP, an RFID based authentication protocol for vehicular cloud computing. Vehicul Commun, 100311

  21. 21.

    Lee C-C, Li C-T, Cheng C-L, Lai Y-M (2019) A novel group ownership transfer protocol for RFID systems. Ad Hoc Netw 91:101873

    Article  Google Scholar 

  22. 22.

    Karmakar NC (2011) Handbook of smart antennas for RFID systems. Wiley

  23. 23.

    He D, Zeadally S (2015) An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet Things J 2:72–83

    Article  Google Scholar 

  24. 24.

    Gope P, Hwang T (2015) A realistic lightweight authentication protocol preserving strong anonymity for securing RFID system. Comput Secur 55:271–280

    Article  Google Scholar 

  25. 25.

    Gope P, Amin R, Islam SH, Kumar N, Bhalla VK (2018) Lightweight and privacy-preserving RFID authentication scheme for distributed IoT infrastructure with secure localization services for smart city environment. Future Gener Comput Syst 83:629–637

    Article  Google Scholar 

  26. 26.

    Weis SA, Sarma SE, Rivest RL, Engels DW (2004) Security and privacy aspects of low-cost radio frequency identification systems, security in pervasive computing lecture notes in computer science, pp 201–212

  27. 27.

    Yang J, Park J, Lee H, Ren K, Kim K (2005) Mutual authentication protocol for low-cost RFID. WRLC, In Workshop on RFID and Lightweight Crypto, pp 17–24

    Google Scholar 

  28. 28.

    Piramuthu S (2011) RFID mutual authentication protocols. Decis Support Syst 50(2):387–393

    Article  Google Scholar 

  29. 29.

    Peris-Lopez P, Hernandez-Castro JC, Estevez-Tapiador JM, Ribagorda A (2006) LMAP: a real lightweight mutual authentication protocol for low-cost RFID tags. In:Proceedings of 2nd Workshop on RFID Security

  30. 30.

    Peris-Lopez P, Hernandez-Castro JC, Estevez-TapiadorJM, Ribagorda A (2006) M2AP: a minimalist mutual-authentication protocol for low-cost RFID Tags, ubiquitous intelligence and computing lecture notes in computer science, pp 912–923

  31. 31.

    Peris-Lopez P, Hernandez-Castro JC, Estevez-Tapiador JM, Ribagorda A (2006) EMAP: an efficient mutual-authentication protocol for low-cost RFID tags, on the move to meaningful internet systems 2006: OTM 2006 snce, pp 352–361

  32. 32.

    Li T, Wang G (2007)Security analysis of two ultra-lightweight RFID authentication protocols, new approaches for security, privacy and trust in complex environments IFIP International federation for information processing, pp 109–120

  33. 33.

    Chien H-Y (2007) SASI: a new ultralightweight rfid authentication protocol providing strong authentication and strong integrity. IEEE Trans Dependable Secure Comput 4:337–340

    Article  Google Scholar 

  34. 34.

    Phan R-W (2009) cryptanalysis of a new ultralightweight RFID sol—SASI. IEEE Trans Dependable Secure Comput 6:316–320

    Article  Google Scholar 

  35. 35.

    Peris-Lopez P, Hernandez-Castro JC, Tapiador JME, Ribagorda A (2009) Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protocol, Information Security Applications Lecture Notes in Computer Science, pp 56–68

  36. 36.

    Bilal Z, Masood A, Kausar F (2009) Security Analysis of Ultra-lightweight Cryptographic Protocol for Low-cost RFID Tags: Gossamer Protocol, International Conference on Network-Based Information Systems, pp 260–267

  37. 37.

    Zuo Y (2009) Secure and private search protocols for RFID systems. Inform Syst Front 12:507–519

    Article  Google Scholar 

  38. 38.

    Piramuthu S (2012) Vulnerabilities of RFID protocols proposed in ISF. Information Systems Frontiers 14(3):647–651

    Article  Google Scholar 

  39. 39.

    Tian Y, Chen G, Li J (2012) A New Ultralightweight RFID Authentication Protocol with Permutation. IEEE Commun Lett 16:702–705

    Article  Google Scholar 

  40. 40.

    Ahmadian Z, Salmasizadeh M, Aref MR (2013) Desynchronization attack on RAPP ultralightweight authentication protocol. Inform Process Lett 113:205–209

    MathSciNet  Article  Google Scholar 

  41. 41.

    Gao L, Ma M, Shu Y, Wei Y (2014) An ultralightweight RFID authentication protocol with CRC and permutation. J Netw Comput Appl 41:37–46

    Article  Google Scholar 

  42. 42.

    Akgün M, Ҫaǧlayan MU (2013) On the security of recently proposed RFID protocols. IACR Cryptol ePrint Arch, 820

  43. 43.

    Khan GN, Moessner M (2014) Low-cost authentication protocol for passive, computation capable RFID tags. Wireless Netw 21:565–580

    Article  Google Scholar 

  44. 44.

    Fan K, Ge N, Gong Y, Li H, Su R, Yang Y (2016) An ultra-lightweight RFID authentication scheme for mobile commerce. Peer-to-Peer Netw Appl 10:368–376

    Article  Google Scholar 

  45. 45.

    Aghili SF, Mala H (2019) Security analysis of an ultra-lightweight RFID authentication protocol for m-commerce. Int J Commun Syst 32(3):e3837

    Article  Google Scholar 

  46. 46.

    Safkhani M, Bagheri N, Shariat M (2018) On the security of rotation operation based ultra-lightweight authentication protocols for RFID systems. Future Internet 10(9):82

    Article  Google Scholar 

  47. 47.

    Lipschutz S, Lipson M (2009) Schaum's outline of theory and problems of linear algebra. Erlangga

  48. 48.

    Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29:198–208

    MathSciNet  Article  Google Scholar 

  49. 49.

    Avoine G (2005) Adversarial model for radio frequency identification. Technical Report, Swiss Federal Institute of Technology (EPFL), Security and Cryptography Laboratory (LASEC)

    Google Scholar 

  50. 50.

    Alomair B, Clark A, Cuellar J, Poovendran R (2012) Scalable RFID systems: a privacy-preserving protocol with constant-time identification. IEEE Trans Parallel Distrib Syst 23:1536–1550

    Article  Google Scholar 

  51. 51.

    Burrows M, AbadiM, Needham R (1989) A logic of authentication. In: Proceedings of the twelfth ACM symposium on operating systems principles–SOSP 89

Download references


This work was carried out in Secure and Computing laboratory, SC&SS, JNU, New Delhi, India, and sponsored by the project entitled “Development of Intelligent Device for Security Enhancement (iEYE)” with sanction order: DST/TDT/DDP12/2017-G.

Author information



Corresponding author

Correspondence to Mohd Shariq.

Ethics declarations

Conflict of interest

The authors declare that they have no competing interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Shariq, M., Singh, K. A novel vector-space-based lightweight privacy-preserving RFID authentication protocol for IoT environment. J Supercomput (2021). https://doi.org/10.1007/s11227-020-03550-1

Download citation


  • Vector space
  • Basis
  • Linear mapping
  • Authentication
  • RFID
  • Lightweight