Abstract
With the widely development and deployment of Radio Frequency Identification (RFID) technology for nowadays’ object automatic identification, it has became one of the core technologies of the Internet of Things (IoT). RFID authentication is a primary approach to secure a RFID system and make it privacy-friendly. There are many RFID authentication protocols proposed to tackle the RFID security, privacy and efficiency concerns. However, with the increasingly stringent security and privacy requirements and limited computation capacity of tags, most of these protocols have suffered with serious security weaknesses and inefficient performance. In this paper, we firstly give an overview on Kaur et al.’s protocol and point out the security deficiencies of their protocol. Then, we propose an improved lightweight anonymous authentication protocol for RFID systems using elliptic curve cryptography (ECC) algorithm. The security analysis shows that the proposed protocol achieves mutual authentication, confidentiality, anonymity as well as resistance to various attacks, such as replay, impersonation and modification attacks, etc. Furthermore, performance evaluation indicates that the proposed protocol significantly reduces the computation cost by at least 3 times and decreases the communication cost by at least 50% compared to previous RFID authentication protocols.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Atzori, L., Iera, A., Morabito, G.: The Internet of Things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)
BlueKrypt: Nist key length recommended (2016). https://www.keylength.com/en/4/
Bringer, J., Chabanne, H., Icart, T.: Cryptanalysis of EC-RAC, a RFID identification protocol. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds.) CANS 2008. LNCS, vol. 5339, pp. 149–161. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89641-8_11
Burmester, M., De Medeiros, B., Motta, R.: Robust, anonymous RFID authentication with constant key-lookup. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, pp. 283–291. ACM (2008)
Chien, H.Y., Chen, C.H.: Mutual authentication protocol for RFID conforming to EPC class 1 generation 2 standards. Comput. Stand. Interfaces 29(2), 254–259 (2007)
Cho, J.S., Yeo, S.S., Kim, S.K.: Securing against brute-force attack: a hash-based RFID mutual authentication protocol using a secret value. Comput. Commun. 34(3), 391–397 (2011)
van Deursen, T., Radomirovic, S.: Untraceable RFID protocols are not trivially composable: attacks on the revision of ec-rac. IACR Cryptology ePrint Archive 2009, 332 (2009)
Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_26
Gaubatz, G., Kaps, J.P., Ozturk, E., Sunar, B.: State of the art in ultra-low power public key cryptography for wireless sensor networks. In: Third IEEE International Conference on Pervasive Computing and Communications Workshops, PerCom 2005 Workshops, pp. 146–150. IEEE (2005)
Gope, P., Hwang, T.: A realistic lightweight authentication protocol preserving strong anonymity for securing RFID system. Comput. Secur. 55, 271–280 (2015)
He, D., Kumar, N., Chilamkurti, N., Lee, J.H.: Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol. J. Med. Syst. 38(10), 116 (2014)
Juels, A.: RFID security and privacy: a research survey. IEEE J. Sel. Areas Commun. 24(2), 381–394 (2006)
Juels, A., Molnar, D., Wagner, D.: Security and privacy issues in e-passports. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks, SecureComm 2005, pp. 74–88. IEEE (2005)
Kaur, K., Kumar, N., Singh, M., Obaidat, M.S.: Lightweight authentication protocol for RFID-enabled systems based on ECC. In: 2016 IEEE Global Communications Conference (GLOBECOM), pp. 1–6. IEEE (2016)
Kaya, S.V., Savaş, E., Levi, A., Erçetin, Ö.: Public key cryptography based privacy preserving multi-context RFID infrastructure. Ad Hoc Netw. 7(1), 136–152 (2009)
Lee, I., Lee, K.: The Internet of Things (IoT): applications, investments, and challenges for enterprises. Bus. Horiz. 58(4), 431–440 (2015)
Lee, Y.K., Batina, L., Verbauwhede, I.: EC-RAC (ECDLP based randomized access control): provably secure RFID authentication protocol. In: 2008 IEEE International Conference on RFID, pp. 97–104. IEEE (2008)
Lee, Y.K., Batina, L., Verbauwhede, I.: Untraceable RFID authentication protocols: revision of EC-RAC. In: 2009 IEEE International Conference on RFID, pp. 178–185. IEEE (2009)
Liao, Y.P., Hsiao, C.M.: A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol. Ad Hoc Netw. 18, 133–146 (2014)
Lv, C., Li, H., Ma, J., Zhang, Y.: Vulnerability analysis of elliptic curve cryptography-based RFID authentication protocols. Trans. Emerg. Telecommun. Technol. 23(7), 618–624 (2012)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: EMAP: an efficient mutual-authentication protocol for low-cost RFID tags. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006. LNCS, vol. 4277, pp. 352–361. Springer, Heidelberg (2006). https://doi.org/10.1007/11915034_59
Peris-Lopez, P., Hernandez-Castro, J.C., Estévez-Tapiador, J.M., Ribagorda, A.: LMAP: a real lightweight mutual authentication protocol for low-cost RFID tags. In: Proceedings of 2nd Workshop on RFID Security, p. 06 (2006)
Shen, H., Shen, J., Khan, M.K., Lee, J.H.: Efficient RFID authentication using elliptic curve cryptography for the Internet of Things. Wirel. Pers. Commun. 96(4), 5253–5266 (2017)
Tan, L., Wang, N.: Future internet: the Internet of Things. In: 2010 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), vol. 5, p. V5-376. IEEE (2010)
Xu, L.D., He, W., Li, S.: Internet of Things in industries: a survey. IEEE Trans. Ind. Inform. 10(4), 2233–2243 (2014)
Yeh, T.C., Wang, Y.J., Kuo, T.C., Wang, S.S.: Securing RFID systems conforming to EPC class 1 generation 2 standard. Expert. Syst. Appl. 37(12), 7678–7683 (2010)
Acknowledgement
This work is partial supported by Australian Research Council Discovery Project (DP160100913: Security and Privacy of Individual Data Used to Extract Public Information), Data61 Research Collaborative Project (Enhancing Security and Privacy in IoT), the Distinguished Young Scholars Fund of Fujian, China (2016J06013) and Fujian Provincial Department of Education Project, China (JOPX15066).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Yang, X., Yi, X., Zeng, Y., Khalil, I., Huang, X., Nepal, S. (2018). An Improved Lightweight RFID Authentication Protocol for Internet of Things. In: Hacid, H., Cellary, W., Wang, H., Paik, HY., Zhou, R. (eds) Web Information Systems Engineering – WISE 2018. WISE 2018. Lecture Notes in Computer Science(), vol 11233. Springer, Cham. https://doi.org/10.1007/978-3-030-02922-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-02922-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02921-0
Online ISBN: 978-3-030-02922-7
eBook Packages: Computer ScienceComputer Science (R0)