A Cloud-Based Distance Bounding Protocol for RFID Conforming to EPC-C1 G2 Standards

  • Zhenjiang Dong
  • Xinluo Wang
  • Miao Lei
  • Wei Wang
  • Hui Li
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 237)


The development and maturation of cloud computing provides a new idea for deploying RFID systems. A Cloud-based RFID system becomes a new promising architecture. It can be offered as a service of cloud computing to individuals and organizations. However, the cloud-based RFID systems are confronted with more special security and privacy threats, especially the untrustworthy cloud provider and insecure backward communications. Unfortunately, most current RFID authentication schemes fail to meet the special security and privacy requirements of cloud-based RFID, i.e. to provide anonymity and confidentiality against the cloud and build secure backend channels. In this paper, we propose a secure distance bounding protocol for a RFID system, which is cloud-based RFID mutual authentication protocol compatible with the mature EPC-C1 G2 standards. It can effectively resist various threats in cloud environment comparing with other cloud-based RFID authentication protocol and reduce the success probability of a Mafia attack and make it lower than the optimal situation \( (1/2)^{n} \) in academic circles.


RFID Authentication Distance bounding Cloud computing 



This work was supported by ZTE Corporation and University Joint Research Project.


  1. 1.
    Xie, W., Xie, L., Zhang, C., et al.: Cloud-based RFID authentication. In: IEEE International Conference on RFID 2013, pp. 168–175 (2013)Google Scholar
  2. 2.
    Van Tilborg, H.C.A., Jajodia, S. (eds.): Encyclopedia of Cryptography and Security. Springer Science & Business Media, Heidelberg (2014)zbMATHGoogle Scholar
  3. 3.
    Avoine, G., Bingol, M.A., Kardas, S., Lauradoux, C., Martin, B.: A framework for analyzing RFID distance bounding protocols. J. Comput. Secur. 19(2), 289–317 (2009)CrossRefGoogle Scholar
  4. 4.
    Desmedt, Y., Goutier, C., Bengio, S.: Special uses and abuses of the fiat-shamir passport protocol (extended abstract). In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1988). Scholar
  5. 5.
    Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994). Scholar
  6. 6.
    Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: 2005 SECURECOMM (2005)Google Scholar
  7. 7.
    Gambs, S., Onete, C., Robert, J.M.: Prover anonymous and deniable distance-bounding authentication. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, AsiaCCS 2014, pp. 501–506 (2014)Google Scholar
  8. 8.
    Trujillo-Rasua, R., Martin, B., Avoine, G.: Distance-bounding facing both mafia and distance frauds. IEEE Trans. Wireless Commun. 13(10), 5690–5698 (2014)CrossRefGoogle Scholar
  9. 9.
    Jeon, I.-S., Yoon, E.-J.: An ultra-lightweight RFID distance bounding protocol. Int. J. Math. Anal. 8(46), 2265–2275 (2014)CrossRefGoogle Scholar
  10. 10.
    Kiraz, M.S., Bingl, M.A., Karda, S., et al.: Anonymous RFID authentication for cloud services. Int. J. Inf. Secur. Sci. 1(2), 32–42 (2012)Google Scholar
  11. 11.
    Karda, S., Celik, S., Bingl, M.A., et al.: A new security and privacy framework for RFID in cloud computing. In: 2013 IEEE 5th International Conference on Cloud Computing Technology and Science, vol. 1, pp. 171–176. IEEE (2013)Google Scholar
  12. 12.
    Jobe, S., Venifa Mini, G., Celin, J.J.A.: Efficient RFID authentication in cloud computing. Int. J. Sci. Eng. Technol. Res. (IJSETR) 2(4), 954–958 (2013)Google Scholar
  13. 13.
    Chen, S.-M., Wu, M.-E., Sun, H.-M., et al.: CRFID: an RFID system with a cloud database as a back-end server. Future Gener. Comput. Syst. 30, 155–161 (2014)CrossRefGoogle Scholar
  14. 14.
    UHF Class 1 Gen 2 Standard v. 2.0.0 [S], GS1/EPCglobal (2013)Google Scholar
  15. 15.
    Chien, H., Chen, C.: Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards. Comput. Stand. Interfaces 29, 254–259 (2007)CrossRefGoogle Scholar
  16. 16.
    Chen, C.-L., Huang, Y.-C., Shih, T.-F.: A novel mutual authentication scheme for RFID conforming EPCglobal Class 1 Generation 2 standards. Inf. Technol. Control 41(3), 220–228 (2012)Google Scholar
  17. 17.
    Pang, L., Li, H., He, L., Alramadhan, A., et al.: Secure and efficient lightweight RFID authentication protocol based on fast tag indexing. Int. J. Commun. Syst. 27, 3244–3254 (2014)Google Scholar
  18. 18.
    Gao, L., Ma, M., Shu, Y., Wei, Y.: An ultra-lightweight RFID authentication protocol with CRC and permutation. J. Netw. Comput. Appl. 41, 37–46 (2014)CrossRefGoogle Scholar
  19. 19.
    Han, D., Kwon, D.: Vulnerability of an RFID authentication protocol conforming to EPC Class 1 Generation 2 standards. Comput. Stand. Interfaces 31, 648–652 (2009)CrossRefGoogle Scholar
  20. 20.
    Safkhani, M., Bagheri, N.: For an EPC-C1G2 RFID compliant Protocol, CRC with Concatenation: No; PRNG with Concatenation: Yes. Cryptology ePrint Archive, Report 2013/490 (2013)Google Scholar
  21. 21.
    Akgn, M., Caglayan, M.U.: On the security of recently proposed RFID protocols. IACR Cryptology ePrint Archive, 2013/820 (2013)Google Scholar
  22. 22.
    Zahra, S.B., Mahdi, R.A., Aref, M.R.: Formal cryptanalysis of a CRC-based RFID authentication protocol. In: 2014 22nd Iranian Conference on Electrical Engineering (ICEE), Shahid Beheshti University, pp. 1642–1647 (2014)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  • Zhenjiang Dong
    • 1
    • 3
  • Xinluo Wang
    • 2
  • Miao Lei
    • 2
  • Wei Wang
    • 3
  • Hui Li
    • 2
  1. 1.Shanghai Jiao Tong UniversityShanghaiChina
  2. 2.Beijing University of Posts and TelecommunicationsBeijingPeople’s Republic of China
  3. 3.ZTE Cloud Computing and IT Research InstituteNanjingPeople’s Republic of China

Personalised recommendations