Abstract
Data security is crucial for a RFID system. Since the existing RFID mutual authentication protocols encounter the challenges such as security risks, poor performance, an ultra-lightweight authentication protocol named Succinct and Lightweight Authentication Protocol (SLAP) is proposed. SLAP is only composed of bitwise operations like XOR, left rotation and conversion which is easy to implement on a passive tag. The proposed conversion operation as the main security component guarantees the security of RFID system with the properties such as irreversibility, sensibility, full confusion and low complexity, which better performed or even absent in other previous protocols. Security analysis shows that SLAP guarantees the functionalities of mutual authentication as well as resistance to various attacks such as de-synchronization attack, replay attack and traceability attack, etc. Furthermore, performance evaluation also indicates that the proposed scheme outperforms the existing protocols in terms of less computation requirement and fewer communication messages during authentication process.
Similar content being viewed by others
References
Collotta, M., Pau, G., & Tirrito, S. (2015). A preliminary study to increase baggage tracking by using a RFID solution. In Proceedings of the international conference on numerical analysis and applied mathematics 2014 (ICNAAM-2014) (Vol. 1648). AIP Publishing.
Chung, C., Hsieh, Y., Wang, Y., & Chang, C. (2016). Aware and smart member card: RFID and license plate recognition systems integrated applications at parking guidance in shopping mall. In 2016 Eighth international conference on advanced computational intelligence (ICACI), Chiang Mai, Thailand (pp. 253–256).
Shen, J., et al. (2016). A practical RFID grouping authentication protocol in multiple-tag arrangement with adequate security assurance. In 2016 18th international conference on advanced communication technology (ICACT). IEEE.
Chien, H.-Y. (2007). SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing, 4(4), 337–340.
Juels, A., Molnar, D., & Wagner, D. (2005). Security and privacy issues in E-passports. In SecureComm 2005. First international conference on security and privacy for emerging areas in communications networks, 2005. IEEE.
Chien, H.-Y. (2006). Secure access control schemes for RFID systems with anonymity. In Proceedings of 2006 international workshop future mobile and ubiquitous information technologies (FMUIT’06).
Bringer, J., Chabanne, H., & Dottax, E. (2006). HB++: A lightweight authentication protocol secure against some attacks. In Proceedings of IEEE international conference pervasive service, workshop security, privacy and trust in pervasive and ubiquitous computing.
Peris-Lopez, P., Hernandez-Castro, J. C., Estévez-Tapiador, J. M., et al. (2006). LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. In Workshop on RFID security (pp. 12–14).
Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). M2AP: A minimalist mutual-authentication protocol for low-cost RFID tags. In J. Ma, H. Jin, L. T. Yang & J. J.-P. Tsai (Eds.), Ubiquitous intelligence and computing (pp. 912–923). Berlin: Springer.
Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., et al. (2006). EMAP: An efficient mutual-authentication protocol for low-cost RFID tags. In On the move to meaningful internet systems 2006: Otm 2006 workshops (pp. 352–361). Berlin: Springer.
Li, T., & Wang, G. (2007). Security analysis of two ultra-lightweight RFID authentication protocols. In H. Venter, M. Eloff, L. Labuschagne, J. Eloff & R. von Solms (Eds.), New approaches for security, privacy and trust in complex environments (pp. 109–120). Berlin: Springer.
Li, T., & Deng, R. (2007). Vulnerability analysis of EMAP—An efficient RFID mutual authentication protocol. In ARES 2007. The second international conference on availability, reliability and security, 2007 (pp. 238–245). IEEE.
Phan, R. C. W. (2009). Cryptanalysis of a new ultralightweight RFID authentication protocol—SASI. IEEE Transactions on Dependable and Secure Computing, 6(4), 316–320.
Avoine, G., Carpent, X., & Martin, B. (2010). Strong authentication and strong integrity (SASI) is not that strong. In S. B. O. Yalcin (Ed.), Radio frequency identification: Security and privacy issues (pp. 50–64). Berlin: Springer.
Avoine, G., Carpent, X., & Martin, B. (2012). Privacy-friendly synchronized ultralightweight authentication protocols in the storm. Journal of Network and Computer Applications, 35(2), 826–843.
Sun, H.-M., Ting, W.-C., & Wang, K.-H. (2009). On the security of Chien’s ultralightweight RFID authentication protocol. IEEE Transactions on Dependable and Secure Computing, 2, 315–317.
Peris-Lopez, P., Hernandez-Castro, J. C., Tapiador, J. M. E., & Ribagorda, A. (2009). Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol. In K.-I. Chung, K. Sohn & M. Yung (Eds.), Information security applications (pp. 56–68). Berlin: Springer.
Bilal, Z., Masood, A., & Kausar, F. (2009). Security analysis of ultra-lightweight cryptographic protocol for low-cost RFID tags: Gossamer protocol. In NBIS’09. International conference on network-based information systems, 2009. IEEE.
Tagra, D., Rahman, M., & Sampalli, S. (2010). Technique for preventing DoS attacks on RFID systems. In 2010 International conference on software, telecommunications and computer networks (SoftCOM). IEEE.
Qingling, C., Yiju, Z., & Yonghua, W. (2008). A minimalist mutual authentication protocol for RFID system & BAN logic analysis. In CCCM’08. ISECS international colloquium on computing, communication, control, and management, 2008 (Vol. 2). IEEE.
Li, T. (2008). Employing lightweight primitives on low-cost rfid tags for authentication. In Vehicular technology conference, 2008. VTC 2008-Fall. IEEE 68th. IEEE.
Peris-Lopez, P., Hernandez-Castro, J. C., Tapiador, J. M. E., Li, T., & van der Lubbe, J. C. A. (2010). Weaknesses in two recent lightweight RFID authentication protocols. In F. Bao, M. Yung, D. Lin & J. Jing (Eds.), Information security and cryptology (pp. 383–392). Berlin: Springer.
Safkhani, M., et al. (2011). Security analysis of LMAP++, an RFID authentication protocol. In 2011 International conference for internet technology and secured transactions (ICITST). IEEE.
Fernando, H., & Abawajy, J. (2011). Mutual authentication protocol for networked RFID systems. In 2011 IEEE 10th international conference on trust, security and privacy in computing and communications (TrustCom). IEEE.
Fan, X., et al. (2011). A lightweight privacy-preserving mutual authentication protocol for RFID systems. In GLOBECOM workshops (GC Wkshps), 2011 IEEE. IEEE.
Lee, Y.-C. (2012). Two ultralightweight authentication protocols for low-cost RFID tags. Applied Mathematics and Information Sciences, 6(2S), 425–431.
Tian, Y., Chen, G., & Li, J. (2012). A new ultralightweight RFID authentication protocol with permutation. Communications Letters, IEEE, 16(5), 702–705.
Avoine, G., & Carpent, X. (2013). Yet another ultralightweight authentication protocol that is broken. In J.-H. Hoepman & I. Verbauwhede (Eds.), Radio frequency identification. Security and privacy issues (pp. 20–30). Berlin: Springer.
Zhuang, X., et al. (2013). Security analysis of a new ultra-lightweight RFID protocol and its improvement. Journal of Information Hiding and Multimedia Signal Processing, 4(3), 166–177.
Ahmadian, Z., Salmasizadeh, M., & Aref, M. R. (2013). Desynchronization attack on RAPP ultralightweight authentication protocol. Information Processing Letters, 113(7), 205–209.
Shao-hui, W., Zhijie, H., Sujuan, L., & Dan-wei, C. (2012). Security analysis of RAPP an RFID authentication protocol based on permutation. Cryptology ePrint Archive, Report 2012/327.
Zhuang, X., Zhu, Y., & Chang, C.-C. (2014). A new ultralightweight RFID protocol for low-cost tags: RRAP. Wireless Personal Communications, 79(3), 1787–1802.
Mujahid, U., Najam-ul-Islam, M., & Ali Shami, M. (2015). RCIA: A new ultralightweight RFID authentication protocol using recursive hash. International Journal of Distributed Sensor Networks. doi:10.1155/2015/642180.
Avoine, G., Carpent, X., & Hernandez-Castro, J. (2015). Pitfalls in ultralightweight authentication protocol designs. IEEE Transactions on Mobile Computing. doi:10.1109/TMC.2015.2492553.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Luo, H., Wen, G., Su, J. et al. SLAP: Succinct and Lightweight Authentication Protocol for low-cost RFID system. Wireless Netw 24, 69–78 (2018). https://doi.org/10.1007/s11276-016-1323-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11276-016-1323-y