Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Data Privacy Management

International Workshop on Quantitative Aspects in Security Assurance

International Workshop on Autonomous and Spontaneous Security

DPM 2014, QASA 2014, SETOP 2014: Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance pp 147–164Cite as

Secure Improved Cloud-Based RFID Authentication Protocol

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8872))

Abstract

Although Radio Frequency IDentification (RFID) systems promise a fruitful future, security and privacy concerns have affected the adoption of the RFID technology. Several studies have been proposed to tackle the RFID security and privacy concerns under the assumption that the server is secure. In this paper, we assume that the server resides in the cloud that might be insecure, thus the tag’s data might be prone to privacy invasion and attacks. Xie et al. proposed a new scheme called “cloud-based RFID authentication”, which aimed to address the security and privacy concerns of RFID tag’s data in the cloud. In this paper, we showed that the Xie et al. protocol is vulnerable to reader impersonation attacks, location tracking and tag’s data privacy invasion. Hence, we proposed a new protocol that guarantees that the tag’s data in the cloud are anonymous, and cannot be compromised. Furthermore, the proposed protocol achieves mutual authentication between all the entities participating in a communication session, such as a cloud server, a reader and a tag. Finally, we analysed the proposed protocol informally, and formally using a privacy model and CasperFDR. The results indicate that the proposed protocol achieves data secrecy and authentication for RFID tags.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Finkenzeller, K.: RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification, 2nd edn. John Wiley & Sons Inc, New York (2003)

    Book  Google Scholar 

  2. Juels, A.: RFID security and privacy: a research survey. IEEE J. Sel. Areas Commun. 24(2), 381–394 (2006)

    Article  MathSciNet  Google Scholar 

  3. Chien, H., Chen, C.: Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards. Comput. Stand. Interfaces 29(2), 254–259 (2007)

    Article  MathSciNet  Google Scholar 

  4. Song, B., Mitchell, C.: RFID authentication protocol for low-cost tags. In: Proceedings of the First ACM Conference on Wireless Network Security, pp. 140–147. ACM (2008)

    Google Scholar 

  5. Tan, C., Sheng, B., Li, Q.: Secure and serverless RFID authentication and search protocols. IEEE Trans. Wirel. Commun. 7(4), 1400–1407 (2008)

    Article  Google Scholar 

  6. Poulopoulos, G., Markantonakis, K., Mayes, K.: A secure and efficient mutual authentication protocol for low-cost RFID systems. In: International Conference on Availability, Reliability and Security, ARES 2009, pp. 706–711. IEEE (2009)

    Google Scholar 

  7. Li, J., Wang, Y., Jiao, B., Xu, Y.: An authentication protocol for secure and efficient RFID communication. In: 2010 International Conference on Logistics Systems and Intelligent Management, vol. 3, pp. 1648–1651. IEEE (2010)

    Google Scholar 

  8. Chun, J., Hwang, J., Lee, D.: RFID tag search protocol preserving privacy of mobile reader holders. IEICE Electron. Express 8(2), 50–56 (2011)

    Article  Google Scholar 

  9. Yoon, E.: Improvement of the securing RFID systems conforming to EPC Class 1 Generation 2 standard. Expert Syst. Appl. 39(1), 1589–1594 (2012)

    Article  Google Scholar 

  10. Lee, C.F., Chien, H.Y., Laih, C.S.: Server-less RFID authentication and searching protocol with enhanced security. Int. J. Commun. Syst. 25(3), 376–385 (2012)

    Article  Google Scholar 

  11. Xie, W., Xie, L., Zhang, C., Zhang, Q., Tang, C.: Cloud-based RFID authentication. In: 2013 IEEE International Conference on RFID (RFID), pp. 168–175. IEEE (2013)

    Google Scholar 

  12. Ouafi, K., Phan, R.C.-W.: Privacy of recent RFID authentication protocols. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 263–277. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  13. Lowe, G.: Casper: a compiler for the analysis of security protocols. In: Proceedings of 10th IEEE Computer Security Foundations Workshop, pp. 18–30 (1997)

    Google Scholar 

  14. Alshehri, A., Briffa, J.A., Schneider, S., Wesemeyer, S.: Formal security analysis of NFC m-coupon protocols using casper/fdr. In: 2013 5th International Workshop on Near Field Communication (NFC), pp. 1–6. IEEE (2013)

    Google Scholar 

  15. Aiash, M., Mapp, G., Phan, R.W., Lasebae, A., Loo, J.: A formally verified device authentication protocol using Casper/FDR. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1293–1298. IEEE (2012)

    Google Scholar 

  16. Kumari, V.V., Raju, K.K.: Formal verification of IEEE 802.11w authentication protocol. Procedia Technology 6, 716–722 (2012). 2nd International Conference on Communication, Computing and Security [ICCCS-2012]

    Article  Google Scholar 

Download references

Acknowledgment

Sarah Abughazalah is supported by the Ministry of Higher Education and King Khaled University in Saudi Arabia.

Author information

Authors and Affiliations

  1. Smart Card Centre-Information Security Group (SCC-ISG), Royal Holloway, University of London, Egham, UK

    Sarah Abughazalah, Konstantinos Markantonakis & Keith Mayes

Authors
  1. Sarah Abughazalah
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Konstantinos Markantonakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Keith Mayes
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sarah Abughazalah .

Editor information

Editors and Affiliations

  1. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

  2. Universitat Autònoma de Barcelona, Bellaterra, Spain

    Jordi Herrera-Joancomartí

  3. Imperial College London, London, United Kingdom

    Emil Lupu

  4. Universität Passau, Passau, Germany

    Joachim Posegga

  5. University of Urbino, Urbino, Italy

    Alessandro Aldini

  6. Pisa Research Area, National Research Council - CNR, Pisa, Italy

    Fabio Martinelli

  7. Technische Universität Darmstadt, Darmstadt, Germany

    Neeraj Suri

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Abughazalah, S., Markantonakis, K., Mayes, K. (2015). Secure Improved Cloud-Based RFID Authentication Protocol. In: Garcia-Alfaro, J., et al. Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance. DPM QASA SETOP 2014 2014 2014. Lecture Notes in Computer Science(), vol 8872. Springer, Cham. https://doi.org/10.1007/978-3-319-17016-9_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17016-9_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17015-2

  • Online ISBN: 978-3-319-17016-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation