Analysis and Improvement of Anonymous Authentication Protocol for Low-Cost RFID Systems

  • Zhijun Ge
  • Yongsheng Hao
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 213)


With the rapid growth of RFID applications, security has become an important issue. Security protocols work as a kernel for RFID technology. In this paper, we propose a serverless protocol to protect the system from suffering different type of attacks. Moreover, safety requirements for RFID protocols were analyzed, and a low-cost anonymous authentication protocol for RFID was proposed based on the universal composability mode. This protocol is feasible under a desynchronizing attack by recovering the disabled tags that are desynchronized with the reader because of this attack. The improvement of our scheme is the index item used for an advanced search. Finally, sufficient analysis is given to prove security quality of the protocol.


Security Authentication protocol Desynchronizing attack Radio frequency identification (RFID) 


  1. 1.
    Juels A (2006) RFID security and privacy: a research survey. IEEE J Sel Areas in Commun vol 24(2), pp 381–395Google Scholar
  2. 2.
    Kerschbaum F, Sorniotti A (2009) RFID-based supply chain partner authentication and key agreement. In: ACM conference on wireless network security (WiSec 09). pp 41–50Google Scholar
  3. 3.
    Weis S (2003) Security and privacy in radio frequency identification device. MIT, CambridgeGoogle Scholar
  4. 4.
    Weis S, Sarma S, Rivest R, Engels D (2003) Security and privacy aspects of low-cost radio frequency identification systems. In: international conference on security in pervasive computing (SPC03), pp 454-469Google Scholar
  5. 5.
    Ohkubo M, Suzuki K, Kinoshita S (2003) Cryptographic approach to “Privacy-Friendly” tags. In: RFID privacy workshop, pp 624–654. USAGoogle Scholar
  6. 6.
    Tan C, Sheng B, Li Q (2007) Serverless search and authentication protocols for RFID. In: annual IEEE international conference on pervasive computing and communications (PerCom 07), pp 3–12. IEEE Press, New YorkGoogle Scholar
  7. 7.
    Ahamed I, Rahman F, Hoque M, et al (2008) YA-SRAP: Yet another serverless RFID authentication protocol. In: IET international conference on intelligent environment (IE 08), pp 1–8. IEEE Press, New YorkGoogle Scholar
  8. 8.
    Hoque M, Rahman F, Ahamed S, Park J (2009) Enhancing privacy and security of RFID system with serverless authentication and search protocols in pervasive environments. Springer wireless personal communicationGoogle Scholar
  9. 9.
    Ma CS (2011) Low cost RFID authentication protocol with forward privacy. Chin J Comput. China, vol 34 Aug, pp 1387–1398Google Scholar
  10. 10.
    Luo L, Chan T, Li JS et al. (2006) Experimental analysis of an RFID security protocol. In: IEEE international conference on e-Business engineering (ICEE 06), pp 62–70Google Scholar
  11. 11.
    Feldhofer M (2007) Comparison of low-power implementations of Trivium and Grain. In: workshop on the state of the art of stream ciphers (SASC 07), pp 236–246Google Scholar
  12. 12.
    Haitner I, Reingold O, Vadhan S (2010) Efficiency improvements in constructing pseudorandom generator from any one-way function. In: ACM symposium on theory of computing (STOC 10), pp 437–446Google Scholar
  13. 13.
    Yksel J, Kaps JP, Sunar B (2004) Universal hash functions for emerging ultra-low-power networks. In CNDSGoogle Scholar
  14. 14.
    Feldhofer M, Wolkerstoefer J (2007) Strong crypto for RFID tags—A comparison of low-power hardware implementations. In: IEEE international symposium on circuits and systems (ISCAS 07), pp 27–30Google Scholar
  15. 15.
    Berbain C, Billet O, Etrog J et al. (2009) An efficient forward private RFID protocol. In: 16th ACM conference on computer and communications security (ACM CCS’ 09), pp 43–53. Chicago, USAGoogle Scholar
  16. 16.
    Miaolei D, Jianfeng M, Fulong L (2009) Universally composable three party password-based key exchange protocol. China communications, vol 6(3), pp 150–155Google Scholar
  17. 17.
    Deng ML, Wang YL, Qiu G et al. (2009) Authentication Protocol for RFID without back-end database. J Beijing Univ Posts Telecommun, vol 32(4), pp 59–62Google Scholar
  18. 18.
    Conti M, Pietro R, Mancini L, et al. (2007) RIPP-FS: an RFID identification, privacy preserving protocol with forward secrecy. In: IEEE international workshop on pervasive computing and communication security (PCCS 07), pp 229–234 IEEE PressGoogle Scholar
  19. 19.
    Hoque M, Rahman F, Ahamed S (2009) Supporting recovery, privacy and security in RFID systems using a robust authentication protocol. In: 24th ACM symposium on applied computing (ACMSAC 09), pp 1062–1066Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  1. 1.Department of Navigation EngineeringMechanism Engineering CollegeShijiazhuangChina

Personalised recommendations