Abstract
Although Radio Frequency IDentification (RFID) systems promise a fruitful future, security and privacy concerns have affected the adoption of the RFID technology. Several studies have been proposed to tackle the RFID security and privacy concerns under the assumption that the server is secure. In this paper, we assume that the server resides in the cloud that might be insecure, thus the tag’s data might be prone to privacy invasion and attacks. Xie et al. proposed a new scheme called “cloud-based RFID authentication”, which aimed to address the security and privacy concerns of RFID tag’s data in the cloud. In this paper, we showed that the Xie et al. protocol is vulnerable to reader impersonation attacks, location tracking and tag’s data privacy invasion. Hence, we proposed a new protocol that guarantees that the tag’s data in the cloud are anonymous, and cannot be compromised. Furthermore, the proposed protocol achieves mutual authentication between all the entities participating in a communication session, such as a cloud server, a reader and a tag. Finally, we analysed the proposed protocol informally, and formally using a privacy model and CasperFDR. The results indicate that the proposed protocol achieves data secrecy and authentication for RFID tags.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Finkenzeller, K.: RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification, 2nd edn. John Wiley & Sons Inc, New York (2003)
Juels, A.: RFID security and privacy: a research survey. IEEE J. Sel. Areas Commun. 24(2), 381–394 (2006)
Chien, H., Chen, C.: Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards. Comput. Stand. Interfaces 29(2), 254–259 (2007)
Song, B., Mitchell, C.: RFID authentication protocol for low-cost tags. In: Proceedings of the First ACM Conference on Wireless Network Security, pp. 140–147. ACM (2008)
Tan, C., Sheng, B., Li, Q.: Secure and serverless RFID authentication and search protocols. IEEE Trans. Wirel. Commun. 7(4), 1400–1407 (2008)
Poulopoulos, G., Markantonakis, K., Mayes, K.: A secure and efficient mutual authentication protocol for low-cost RFID systems. In: International Conference on Availability, Reliability and Security, ARES 2009, pp. 706–711. IEEE (2009)
Li, J., Wang, Y., Jiao, B., Xu, Y.: An authentication protocol for secure and efficient RFID communication. In: 2010 International Conference on Logistics Systems and Intelligent Management, vol. 3, pp. 1648–1651. IEEE (2010)
Chun, J., Hwang, J., Lee, D.: RFID tag search protocol preserving privacy of mobile reader holders. IEICE Electron. Express 8(2), 50–56 (2011)
Yoon, E.: Improvement of the securing RFID systems conforming to EPC Class 1 Generation 2 standard. Expert Syst. Appl. 39(1), 1589–1594 (2012)
Lee, C.F., Chien, H.Y., Laih, C.S.: Server-less RFID authentication and searching protocol with enhanced security. Int. J. Commun. Syst. 25(3), 376–385 (2012)
Xie, W., Xie, L., Zhang, C., Zhang, Q., Tang, C.: Cloud-based RFID authentication. In: 2013 IEEE International Conference on RFID (RFID), pp. 168–175. IEEE (2013)
Ouafi, K., Phan, R.C.-W.: Privacy of recent RFID authentication protocols. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 263–277. Springer, Heidelberg (2008)
Lowe, G.: Casper: a compiler for the analysis of security protocols. In: Proceedings of 10th IEEE Computer Security Foundations Workshop, pp. 18–30 (1997)
Alshehri, A., Briffa, J.A., Schneider, S., Wesemeyer, S.: Formal security analysis of NFC m-coupon protocols using casper/fdr. In: 2013 5th International Workshop on Near Field Communication (NFC), pp. 1–6. IEEE (2013)
Aiash, M., Mapp, G., Phan, R.W., Lasebae, A., Loo, J.: A formally verified device authentication protocol using Casper/FDR. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1293–1298. IEEE (2012)
Kumari, V.V., Raju, K.K.: Formal verification of IEEE 802.11w authentication protocol. Procedia Technology 6, 716–722 (2012). 2nd International Conference on Communication, Computing and Security [ICCCS-2012]
Acknowledgment
Sarah Abughazalah is supported by the Ministry of Higher Education and King Khaled University in Saudi Arabia.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Abughazalah, S., Markantonakis, K., Mayes, K. (2015). Secure Improved Cloud-Based RFID Authentication Protocol. In: Garcia-Alfaro, J., et al. Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance. DPM QASA SETOP 2014 2014 2014. Lecture Notes in Computer Science(), vol 8872. Springer, Cham. https://doi.org/10.1007/978-3-319-17016-9_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-17016-9_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17015-2
Online ISBN: 978-3-319-17016-9
eBook Packages: Computer ScienceComputer Science (R0)