Security Enhanced RFID Authentication Protocols for Healthcare Environment


RFID technology, which is concerned as one of the core technologies of Internet of Things, has been widely deployed in healthcare environment and brings a lot of convenience for people’s daily life. However, the security and privacy challenges of RFID authentication protocols are receiving more and more attention. One of the problems is that the current RFID protocols usually use a backend server to store the detailed information of tagged objects, which may lead to the issue of information leakage if the server is hacked or attacked by the adversary. To address this challenge, in this paper, we propose a security enhanced RFID authentication protocol for healthcare environment using the technique of indistinguishability obfuscation, which prevents the leakage of sensitive data from the backend server. Meanwhile, we extend the protocol to fit for the scenario of cloud environment where the tags’ information is stored in the cloud server. To our knowledge, our protocols are the first applications of indistinguishability obfuscation in the field of RFID authentication system. Moreover, our protocols are scalable and practical, and they are analyzed to achieve most of the security properties of the RFID system.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6


  1. 1.

    Finkenzeller, K. (2010). RFID handbook: Fundamentals and applications in contactless smart cards, radio frequency identification and near-field communication. Hoboken: Wiley.

    Google Scholar 

  2. 2.

    Anandhi, S., Anitha, R., & Sureshkumar, V. (2019). IoT enabled RFID authentication and secure object tracking system for smart logistics. Wireless Personal Communications, 104(2), 543–560.

    Article  Google Scholar 

  3. 3.

    Lee, Y. K., Batina, L., & Verbauwhede, I. (2008). EC-RAC (ECDLP based randomized access control): Provably secure RFID authentication protocol. In 2008 IEEE international conference on RFID (pp. 97–104). IEEE.

  4. 4.

    Want, R. (2006). An introduction to RFID technology. IEEE Pervasive Computing, 5(1), 25–33.

    Article  Google Scholar 

  5. 5.

    Lin, X., Lu, R., Kwan, D., & Shen, X. S. (2010). REACT: An RFID-based privacy-preserving children tracking scheme for large amusement parks. Computer Networks, 54(15), 2744–2755.

    Article  Google Scholar 

  6. 6.

    Wyld, D. (2010). Preventing the worst case scenario: An analysis of rfid technology and infant protection in hospitals. The Internet Journal of Healthcare Administration, 7(1), 6.

    Google Scholar 

  7. 7.

    Wang, S. W., Chen, W. H., Ong, C. S., Liu, L., & Chuang, Y. W. (2006). RFID application in hospitals: A case study on a demonstration RFID project in a Taiwan hospital. In Proceedings of the 39th annual Hawaii international conference on system sciences (HICSS’06) (Vol. 8, pp. 184a–184a). IEEE.

  8. 8.

    Katz, J. E., & Rice, R. E. (2009). Public views of mobile medical devices and services: A US national survey of consumer sentiments towards RFID healthcare technology. International Journal of Medical Informatics, 78(2), 104–114.

    Article  Google Scholar 

  9. 9.

    Pérez, M. M., Cabrero-Canosa, M., Hermida, J. V., García, L. C., Gómez, D. L., González, G. V., et al. (2012). Application of RFID technology in patient tracking and medication traceability in emergency care. Journal of Medical Systems, 36(6), 3983–3993.

    Article  Google Scholar 

  10. 10.

    Ohsaga, A., & Kondoh, K. (2013). Bedside medication safety management system using a PDA and RFID tags. In 2013 7th international symposium on medical information and communication technology (ISMICT) (pp. 85–89). IEEE.

  11. 11.

    Sandler, S. G., Langeberg, A., DeBandi, L., Gibble, J., Wilson, C., & Feldman, C. L. (2007). Radiofrequency identification technology can standardize and document blood collections and transfusions. Transfusion, 47(5), 763–770.

    Article  Google Scholar 

  12. 12.

    Liao, Y. T., Chen, T. L., Chen, T. S., Zhong, Z. H., & Hwang, J. H. (2016). The application of RFID to healthcare management of nursing house. Wireless Personal Communications, 91(3), 1237–1257.

    Article  Google Scholar 

  13. 13.

    Fan, K., Jiang, W., Li, H., & Yang, Y. (2018). Lightweight RFID protocol for medical privacy protection in IoT. IEEE Transactions on Industrial Informatics, 14(4), 1656–1665.

    Article  Google Scholar 

  14. 14.

    Feldhofer, M., Dominikus, S., & Wolkerstorfer, J. (2004). Strong authentication for RFID systems using the AES algorithm. In International workshop on cryptographic hardware and embedded systems (pp. 357–370). Springer, Berlin, Heidelberg.

  15. 15.

    Pham, T. A., Hasan, M. S., & Yu, H. (2012). A RFID mutual authentication protocol based on AES algorithm. In Proceedings of 2012 UKACC international conference on control (pp. 997–1002). IEEE.

  16. 16.

    Rahman, F., Hoque, M. E., & Ahamed, S. I. (2017). Anonpri: A secure anonymous private authentication protocol for RFID systems. Information Sciences, 379, 195–210.

    Article  Google Scholar 

  17. 17.

    Rahman, F., Bhuiyan, M. Z. A., & Ahamed, S. I. (2017). A privacy preserving framework for RFID based healthcare systems. Future Generation Computer Systems, 72, 339–352.

    Article  Google Scholar 

  18. 18.

    Tsudik, G. (2007). A family of dunces: Trivial RFID identification and authentication protocols. In International workshop on privacy enhancing technologies (pp. 45–61). Springer, Berlin, Heidelberg.

  19. 19.

    Shamir, A. (2008). SQUASH-A new MAC with provable security properties for highly constrained devices such as RFID tags. In International workshop on fast software encryption (pp. 144–157). Springer, Berlin, Heidelberg.

  20. 20.

    Bogdanov, A., Leander, G., Paar, C., Poschmann, A., Robshaw, M. J., & Seurin, Y. (2008). Hash functions and RFID tags: Mind the gap. In International workshop on cryptographic hardware and embedded systems (pp. 283–299). Springer, Berlin, Heidelberg.

  21. 21.

    Cho, J. S., Yeo, S. S., & Kim, S. K. (2011). Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value. Computer Cmmunications, 34(3), 391–397.

    Google Scholar 

  22. 22.

    Benssalah, M., Djeddou, M., & Drouiche, K. (2017). Security analysis and enhancement of the most recent RFID authentication protocol for telecare medicine information system. Wireless Personal Communications, 96(4), 6221–6238.

    Article  Google Scholar 

  23. 23.

    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., & Waters, B. (2016). Candidate indistinguishability obfuscation and functional encryption for all circuits. SIAM Journal on Computing, 45(3), 882–929.

    MathSciNet  Article  Google Scholar 

  24. 24.

    Bitansky, N., & Vaikuntanathan, V. (2018). Indistinguishability obfuscation from functional encryption. Journal of the ACM (JACM), 65(6), 39.

    MathSciNet  Article  Google Scholar 

  25. 25.

    Ramchen, K., & Waters, B. (2014). Fully secure and fast signing from obfuscation. In Proceedings of the 2014 ACM SIGSAC conference on computer and communications security (pp. 659–673). ACM.

  26. 26.

    Sahai, A., & Waters, B. (2014). How to use indistinguishability obfuscation: Deniable encryption, and more. In Proceedings of the forty-sixth annual ACM symposium on Theory of computing (pp. 475–484). ACM.

  27. 27.

    Hohenberger, S., Koppula, V., & Waters, B. (2015). Universal signature aggregators. In Annual international conference on the theory and applications of cryptographic techniques (pp. 3–34). Springer, Berlin, Heidelberg.

  28. 28.

    Boneh, D., Gupta, D., Mironov, I., & Sahai, A. (2015). Hosting services on an untrusted cloud. In Annual international conference on the theory and applications of cryptographic techniques (pp. 404–436). Springer, Berlin, Heidelberg.

  29. 29.

    Cheng, R., Yan, J., Guan, C., Zhang, F., & Ren, K. (2015). Verifiable searchable symmetric encryption from indistinguishability obfuscation. In Proceedings of the 10th ACM symposium on information, computer and communications security (pp. 621–626). ACM.

  30. 30.

    He, D., & Zeadally, S. (2014). An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet of Things Journal, 2(1), 72–83.

    Article  Google Scholar 

  31. 31.

    Weis, S. A., Sarma, S. E., Rivest, R. L., & Engels, D. W. (2004). Security and privacy aspects of low-cost radio frequency identification systems. In Security in pervasive computing (pp. 201–212). Springer, Berlin, Heidelberg.

  32. 32.

    Molnar, D., & Wagner, D. (2004). Privacy and security in library RFID: Issues, practices, and architectures. In Proceedings of the 11th ACM conference on computer and communications security (pp. 210–219). ACM.

  33. 33.

    Perrin, R. A., & Simpson, N. (2004). RFID and bar codes-critical importance in enhancing safe patient care. Journal of Healthcare Information Management: JHIM, 18(4), 33–39.

    Google Scholar 

  34. 34.

    Sun, P. R., Wang, B. H., & Wu, F. (2008). A new method to guard inpatient medication safety by the implementation of RFID. Journal of Medical Systems, 32(4), 327–332.

    Article  Google Scholar 

  35. 35.

    Yao, W., Chu, C. H., & Li, Z. (2012). The adoption and implementation of RFID technologies in healthcare: A literature review. Journal of Medical Systems, 36(6), 3507–3525.

    Article  Google Scholar 

  36. 36.

    Rosenbaum, B. P. (2014). Radio frequency identification (RFID) in health care: Privacy and security concerns limiting adoption. Journal of Medical Systems, 38(3), 19.

    Article  Google Scholar 

  37. 37.

    Srivastava, K., Awasthi, A. K., Kaul, S. D., & Mittal, R. C. (2015). A hash based mutual RFID tag authentication protocol in telecare medicine information system. Journal of Medical Systems, 39(1), 153.

    Article  Google Scholar 

  38. 38.

    Li, C. T., Weng, C. Y., & Lee, C. C. (2015). A secure RFID tag authentication protocol with privacy preserving in telecare medicine information system. Journal of MedicalSystems, 39(8), 77.

    Google Scholar 

  39. 39.

    Maurya, P. K., & Bagchi, S. (2018). A secure PUF-based unilateral authentication scheme for RFID system. Wireless Personal Communications, 103(2), 1699–1712.

    Article  Google Scholar 

  40. 40.

    Xie, W., Xie, L., Zhang, C., Zhang, Q., & Tang, C. (2013). Cloud-based RFID authentication. In 2013 IEEE international conference on RFID (RFID) (pp. 168–175). IEEE.

  41. 41.

    Kardas, S., Çelik, S., Bingöl, M. A., & Levi, A. (2013). A new security and privacy framework for RFID in cloud computing. In 2013 IEEE 5th international conference on cloud computing technology and science (Vol. 1, pp. 171–176). IEEE.

  42. 42.

    Chen, S. M., Wu, M. E., Sun, H. M., & Wang, K. H. (2014). CRFID: An RFID system with a cloud database as a back-end server. Future Generation Computer Systems, 30, 155–161.

    Article  Google Scholar 

  43. 43.

    Lin, I. C., Hsu, H. H., & Cheng, C. Y. (2015). A cloud-based authentication protocol for RFID supply chain systems. Journal of Network and Systems Management, 23(4), 978–997.

    Article  Google Scholar 

  44. 44.

    Wu, F., Xu, L., Kumari, S., Li, X., Das, A. K., & Shen, J. (2018). A lightweight and anonymous RFID tag authentication protocol with cloud assistance for e-healthcare applications. Journal of Ambient Intelligence and Humanized Computing, 9(4), 919–930.

    Article  Google Scholar 

  45. 45.

    Fan, K., Jiang, W., Luo, Q., Li, H., & Yang, Y. (2019). Cloud-based RFID mutual authentication scheme for efficient privacy preserving in IoV. Journal of the Franklin Institute

    Article  Google Scholar 

  46. 46.

    Boneh, D., & Waters, B. (2013). Constrained pseudorandom functions and their applications. In International conference on the theory and application of cryptology and information security (pp. 280–300). Springer, Berlin, Heidelberg.

  47. 47.

    Boyle, E., Goldwasser, S., & Ivan, I. (2014). Functional signatures and pseudorandom functions. In International workshop on public key cryptography (pp. 501–519). Springer, Berlin, Heidelberg.

  48. 48.

    Hohenberger, S., Koppula, V., & Waters, B. (2015). Adaptively secure puncturable pseudorandom functions in the standard model. In International conference on the theory and application of cryptology and information security (pp. 79–102). Springer, Berlin, Heidelberg.

Download references


We are especially grateful to the editors and anonymous referees for their insightful and valuable comments. Moreover, this work is supported by the National Key R&D Program of China (2017YFB0802500), the National Natural Science Foundation of China (No. 61672550, No. 61972429), the Major Program of Guangdong Basic and Applied Research (2019B030302008), and the Natural Science Foundation of Guangdong Province (No. 2016A030310027).

Author information



Corresponding author

Correspondence to Fangguo Zhang.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Ethical Approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Xie, S., Zhang, F. & Cheng, R. Security Enhanced RFID Authentication Protocols for Healthcare Environment. Wireless Pers Commun 117, 71–86 (2021).

Download citation


  • Healthcare
  • RFID
  • Privacy
  • Security
  • Authentication
  • Indistinguishability obfuscation