RFID technology, which is concerned as one of the core technologies of Internet of Things, has been widely deployed in healthcare environment and brings a lot of convenience for people’s daily life. However, the security and privacy challenges of RFID authentication protocols are receiving more and more attention. One of the problems is that the current RFID protocols usually use a backend server to store the detailed information of tagged objects, which may lead to the issue of information leakage if the server is hacked or attacked by the adversary. To address this challenge, in this paper, we propose a security enhanced RFID authentication protocol for healthcare environment using the technique of indistinguishability obfuscation, which prevents the leakage of sensitive data from the backend server. Meanwhile, we extend the protocol to fit for the scenario of cloud environment where the tags’ information is stored in the cloud server. To our knowledge, our protocols are the first applications of indistinguishability obfuscation in the field of RFID authentication system. Moreover, our protocols are scalable and practical, and they are analyzed to achieve most of the security properties of the RFID system.
This is a preview of subscription content, access via your institution.
Buy single article
Instant access to the full article PDF.
Tax calculation will be finalised during checkout.
Subscribe to journal
Immediate online access to all issues from 2019. Subscription will auto renew annually.
Tax calculation will be finalised during checkout.
Finkenzeller, K. (2010). RFID handbook: Fundamentals and applications in contactless smart cards, radio frequency identification and near-field communication. Hoboken: Wiley.
Anandhi, S., Anitha, R., & Sureshkumar, V. (2019). IoT enabled RFID authentication and secure object tracking system for smart logistics. Wireless Personal Communications, 104(2), 543–560.
Lee, Y. K., Batina, L., & Verbauwhede, I. (2008). EC-RAC (ECDLP based randomized access control): Provably secure RFID authentication protocol. In 2008 IEEE international conference on RFID (pp. 97–104). IEEE.
Want, R. (2006). An introduction to RFID technology. IEEE Pervasive Computing, 5(1), 25–33.
Lin, X., Lu, R., Kwan, D., & Shen, X. S. (2010). REACT: An RFID-based privacy-preserving children tracking scheme for large amusement parks. Computer Networks, 54(15), 2744–2755.
Wyld, D. (2010). Preventing the worst case scenario: An analysis of rfid technology and infant protection in hospitals. The Internet Journal of Healthcare Administration, 7(1), 6.
Wang, S. W., Chen, W. H., Ong, C. S., Liu, L., & Chuang, Y. W. (2006). RFID application in hospitals: A case study on a demonstration RFID project in a Taiwan hospital. In Proceedings of the 39th annual Hawaii international conference on system sciences (HICSS’06) (Vol. 8, pp. 184a–184a). IEEE.
Katz, J. E., & Rice, R. E. (2009). Public views of mobile medical devices and services: A US national survey of consumer sentiments towards RFID healthcare technology. International Journal of Medical Informatics, 78(2), 104–114.
Pérez, M. M., Cabrero-Canosa, M., Hermida, J. V., García, L. C., Gómez, D. L., González, G. V., et al. (2012). Application of RFID technology in patient tracking and medication traceability in emergency care. Journal of Medical Systems, 36(6), 3983–3993.
Ohsaga, A., & Kondoh, K. (2013). Bedside medication safety management system using a PDA and RFID tags. In 2013 7th international symposium on medical information and communication technology (ISMICT) (pp. 85–89). IEEE.
Sandler, S. G., Langeberg, A., DeBandi, L., Gibble, J., Wilson, C., & Feldman, C. L. (2007). Radiofrequency identification technology can standardize and document blood collections and transfusions. Transfusion, 47(5), 763–770.
Liao, Y. T., Chen, T. L., Chen, T. S., Zhong, Z. H., & Hwang, J. H. (2016). The application of RFID to healthcare management of nursing house. Wireless Personal Communications, 91(3), 1237–1257.
Fan, K., Jiang, W., Li, H., & Yang, Y. (2018). Lightweight RFID protocol for medical privacy protection in IoT. IEEE Transactions on Industrial Informatics, 14(4), 1656–1665.
Feldhofer, M., Dominikus, S., & Wolkerstorfer, J. (2004). Strong authentication for RFID systems using the AES algorithm. In International workshop on cryptographic hardware and embedded systems (pp. 357–370). Springer, Berlin, Heidelberg.
Pham, T. A., Hasan, M. S., & Yu, H. (2012). A RFID mutual authentication protocol based on AES algorithm. In Proceedings of 2012 UKACC international conference on control (pp. 997–1002). IEEE.
Rahman, F., Hoque, M. E., & Ahamed, S. I. (2017). Anonpri: A secure anonymous private authentication protocol for RFID systems. Information Sciences, 379, 195–210.
Rahman, F., Bhuiyan, M. Z. A., & Ahamed, S. I. (2017). A privacy preserving framework for RFID based healthcare systems. Future Generation Computer Systems, 72, 339–352.
Tsudik, G. (2007). A family of dunces: Trivial RFID identification and authentication protocols. In International workshop on privacy enhancing technologies (pp. 45–61). Springer, Berlin, Heidelberg.
Shamir, A. (2008). SQUASH-A new MAC with provable security properties for highly constrained devices such as RFID tags. In International workshop on fast software encryption (pp. 144–157). Springer, Berlin, Heidelberg.
Bogdanov, A., Leander, G., Paar, C., Poschmann, A., Robshaw, M. J., & Seurin, Y. (2008). Hash functions and RFID tags: Mind the gap. In International workshop on cryptographic hardware and embedded systems (pp. 283–299). Springer, Berlin, Heidelberg.
Cho, J. S., Yeo, S. S., & Kim, S. K. (2011). Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value. Computer Cmmunications, 34(3), 391–397.
Benssalah, M., Djeddou, M., & Drouiche, K. (2017). Security analysis and enhancement of the most recent RFID authentication protocol for telecare medicine information system. Wireless Personal Communications, 96(4), 6221–6238.
Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., & Waters, B. (2016). Candidate indistinguishability obfuscation and functional encryption for all circuits. SIAM Journal on Computing, 45(3), 882–929.
Bitansky, N., & Vaikuntanathan, V. (2018). Indistinguishability obfuscation from functional encryption. Journal of the ACM (JACM), 65(6), 39.
Ramchen, K., & Waters, B. (2014). Fully secure and fast signing from obfuscation. In Proceedings of the 2014 ACM SIGSAC conference on computer and communications security (pp. 659–673). ACM.
Sahai, A., & Waters, B. (2014). How to use indistinguishability obfuscation: Deniable encryption, and more. In Proceedings of the forty-sixth annual ACM symposium on Theory of computing (pp. 475–484). ACM.
Hohenberger, S., Koppula, V., & Waters, B. (2015). Universal signature aggregators. In Annual international conference on the theory and applications of cryptographic techniques (pp. 3–34). Springer, Berlin, Heidelberg.
Boneh, D., Gupta, D., Mironov, I., & Sahai, A. (2015). Hosting services on an untrusted cloud. In Annual international conference on the theory and applications of cryptographic techniques (pp. 404–436). Springer, Berlin, Heidelberg.
Cheng, R., Yan, J., Guan, C., Zhang, F., & Ren, K. (2015). Verifiable searchable symmetric encryption from indistinguishability obfuscation. In Proceedings of the 10th ACM symposium on information, computer and communications security (pp. 621–626). ACM.
He, D., & Zeadally, S. (2014). An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet of Things Journal, 2(1), 72–83.
Weis, S. A., Sarma, S. E., Rivest, R. L., & Engels, D. W. (2004). Security and privacy aspects of low-cost radio frequency identification systems. In Security in pervasive computing (pp. 201–212). Springer, Berlin, Heidelberg.
Molnar, D., & Wagner, D. (2004). Privacy and security in library RFID: Issues, practices, and architectures. In Proceedings of the 11th ACM conference on computer and communications security (pp. 210–219). ACM.
Perrin, R. A., & Simpson, N. (2004). RFID and bar codes-critical importance in enhancing safe patient care. Journal of Healthcare Information Management: JHIM, 18(4), 33–39.
Sun, P. R., Wang, B. H., & Wu, F. (2008). A new method to guard inpatient medication safety by the implementation of RFID. Journal of Medical Systems, 32(4), 327–332.
Yao, W., Chu, C. H., & Li, Z. (2012). The adoption and implementation of RFID technologies in healthcare: A literature review. Journal of Medical Systems, 36(6), 3507–3525.
Rosenbaum, B. P. (2014). Radio frequency identification (RFID) in health care: Privacy and security concerns limiting adoption. Journal of Medical Systems, 38(3), 19.
Srivastava, K., Awasthi, A. K., Kaul, S. D., & Mittal, R. C. (2015). A hash based mutual RFID tag authentication protocol in telecare medicine information system. Journal of Medical Systems, 39(1), 153.
Li, C. T., Weng, C. Y., & Lee, C. C. (2015). A secure RFID tag authentication protocol with privacy preserving in telecare medicine information system. Journal of MedicalSystems, 39(8), 77.
Maurya, P. K., & Bagchi, S. (2018). A secure PUF-based unilateral authentication scheme for RFID system. Wireless Personal Communications, 103(2), 1699–1712.
Xie, W., Xie, L., Zhang, C., Zhang, Q., & Tang, C. (2013). Cloud-based RFID authentication. In 2013 IEEE international conference on RFID (RFID) (pp. 168–175). IEEE.
Kardas, S., Çelik, S., Bingöl, M. A., & Levi, A. (2013). A new security and privacy framework for RFID in cloud computing. In 2013 IEEE 5th international conference on cloud computing technology and science (Vol. 1, pp. 171–176). IEEE.
Chen, S. M., Wu, M. E., Sun, H. M., & Wang, K. H. (2014). CRFID: An RFID system with a cloud database as a back-end server. Future Generation Computer Systems, 30, 155–161.
Lin, I. C., Hsu, H. H., & Cheng, C. Y. (2015). A cloud-based authentication protocol for RFID supply chain systems. Journal of Network and Systems Management, 23(4), 978–997.
Wu, F., Xu, L., Kumari, S., Li, X., Das, A. K., & Shen, J. (2018). A lightweight and anonymous RFID tag authentication protocol with cloud assistance for e-healthcare applications. Journal of Ambient Intelligence and Humanized Computing, 9(4), 919–930.
Fan, K., Jiang, W., Luo, Q., Li, H., & Yang, Y. (2019). Cloud-based RFID mutual authentication scheme for efficient privacy preserving in IoV. Journal of the Franklin Institute. https://doi.org/10.1016/j.jfranklin.2019.02.023.
Boneh, D., & Waters, B. (2013). Constrained pseudorandom functions and their applications. In International conference on the theory and application of cryptology and information security (pp. 280–300). Springer, Berlin, Heidelberg.
Boyle, E., Goldwasser, S., & Ivan, I. (2014). Functional signatures and pseudorandom functions. In International workshop on public key cryptography (pp. 501–519). Springer, Berlin, Heidelberg.
Hohenberger, S., Koppula, V., & Waters, B. (2015). Adaptively secure puncturable pseudorandom functions in the standard model. In International conference on the theory and application of cryptology and information security (pp. 79–102). Springer, Berlin, Heidelberg.
We are especially grateful to the editors and anonymous referees for their insightful and valuable comments. Moreover, this work is supported by the National Key R&D Program of China (2017YFB0802500), the National Natural Science Foundation of China (No. 61672550, No. 61972429), the Major Program of Guangdong Basic and Applied Research (2019B030302008), and the Natural Science Foundation of Guangdong Province (No. 2016A030310027).
Conflict of interest
The authors declare that they have no conflict of interest.
This article does not contain any studies with human participants or animals performed by any of the authors.
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
About this article
Cite this article
Xie, S., Zhang, F. & Cheng, R. Security Enhanced RFID Authentication Protocols for Healthcare Environment. Wireless Pers Commun 117, 71–86 (2021). https://doi.org/10.1007/s11277-020-07042-6
- Indistinguishability obfuscation