Secure and Privacy Preserving RFID Based Access Control to Smart Buildings

  • Ahmed Raad Al-SudaniEmail author
  • Shang Gao
  • Sheng Wen
  • Muhmmad Al-Khiza’ay
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11342)


With the emergence of Internet of Things (IoT), there is exponential growth in the usage of smart applications that exhibit machine-to-machine and device-device interactions. As IoT integration with applications like healthcare became a reality, it is inevitable to leverage RFID authentication systems with privacy preserving features. Unless RFID system guarantees a strong meaning of privacy, the technology cannot be used by people without apprehensions. To address aforementioned issues, in this paper, we first investigate the privacy concerns in RFID authenticated systems. We define privacy and its probable occurrences in such systems. Then we propose and implement a framework for secure and privacy preserving RFID based access control to smart buildings. We evaluate it with an attack model that focuses on privacy related attacks. Our prototype application demonstrates proof of the concept. Our empirical results reveal the utility of the proposed system for leveraging privacy while authenticating requests to access smart buildings.


RFID Smart buildings Privacy preservation Security 


  1. 1.
    Ziegeldorf, J.H., Morchon, O.G., Wehrle, K.: Privacy in the internet of things: threats and challenges. Secur. Commun. Netw. 7(12), 2728–2742 (2014)CrossRefGoogle Scholar
  2. 2.
    Celdrán, A.H., Clemente, F.J.G., Pérez, M.G., Pérez, G.M.: Secoman: a semantic-aware policy framework for developing privacy-preserving and context-aware smart applications. IEEE Syst. J. 10(3), 1111–1124 (2016)CrossRefGoogle Scholar
  3. 3.
    Gope, P., Amin, R., Islam, S.H., Kumar, N., Bhalla, V.K.: Lightweight and privacy-preserving RFID authentication scheme for distributed IOT infrastructure with secure localization services for smart city environment. Fut. Gener. Comput. Syst. 83, 629–637 (2017)CrossRefGoogle Scholar
  4. 4.
    Arjunan, P., et al.: Sensoract: a decentralized and scriptable middleware for smart energy buildings. In: 2015 IEEE 12th International Conference on Ubiquitous Intelligence And Computing and 2015 IEEE 12th International Conference on Autonomic and Trusted Computing and 2015 IEEE 15th International Conference on Scalable Computing and Communications and its Associated Workshops (UIC-ATC-ScalCom), pp. 11–19. IEEE (2015)Google Scholar
  5. 5.
    Das, A.K., Pathak, P.H., Jee, J., Chuah, C.-N., Mohapatra, P.: Non-intrusive multi-modal estimation of building occupancy (2017)Google Scholar
  6. 6.
    Ahvar, E., Daneshgar-Moghaddam, N., Ortiz, A.M., Lee, G.M., Crespi, N.: On analyzing user location discovery methods in smart homes: a taxonomy and survey. J. Netw. Comput. Appl. 76, 75–86 (2016)CrossRefGoogle Scholar
  7. 7.
    Zhang, K., Ni, J., Yang, K., Liang, X., Ren, J., Shen, X.S.: Security and privacy in smart city applications: challenges and solutions. IEEE Commun. Mag. 55(1), 122–129 (2017)CrossRefGoogle Scholar
  8. 8.
    Tan, C.C., Sheng, B., Li, Q.: Secure and serverless RFID authentication and search protocols. IEEE Trans. Wirel. Commun. 7(4), 1400–1407 (2008)CrossRefGoogle Scholar
  9. 9.
    Cai, S., Li, Y., Li, T., Deng, R.H.: Attacks and improvements to anrifd mutual authentication protocol and its extensions. In: Proceedings of the Second ACM Conference on Wireless Network Security, pp. 51–58. ACM (2009)Google Scholar
  10. 10.
    Cho, J.-S., Jeong, Y.-S., Park, S.O.: Consideration on the brute-force attack cost and retrieval cost: a hash-based radio-frequency identification (RFID) tag mutual authentication protocol. Comput. Math. Appl. 69(1), 58–65 (2015)CrossRefGoogle Scholar
  11. 11.
    Al-Sudania, A.R., Zhoub, W., Liuc, B., Almansoorid, A., Yange, M.: Detecting unauthorized RFID tag carrier for secure access control to a smart building. Int. J. Appl. Eng. Res. 13(1), 749–760 (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.School of Information Technology, Faculty of Science, Engineering and Built EnvironmentDeakin UniversityGeelongAustralia
  2. 2.School of Information TechonolgySwinburne UniversityHawthornAustralia

Personalised recommendations