Abstract
Radio frequency identification (RFID) has become one of the most eminent commercial technologies in the last few years. The RFID tags are embedded or latched with any item for their unique identification. These tags can carry small amounts of data and have capability to perform simple computations. However, because of their simple architecture, the data these tags carry are not secure. This paper discusses some of the state-of-the-art authentication schemes that can secure RFID tags along with some security models that are used to verify whether an authentication scheme is secure against any potential security risks or not. This paper analyzes some authentication schemes and security models along with their strengths and weaknesses.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bu, K., Weng, M., Zheng, Y., Xiao, B., & Liu, X. (2017). You can clone but you can’t hide: A survey of clone prevention and detection for RFID. IEEE Communications Surveys & Tutorials, 19(3), 1682–1700.
Buckley, J. (Ed.). (2006). The internet of things: From RFID to the next-generation pervasive networked systems. New York: Auerbach Publications.
Near Field Communications History. (2016). Timeline of RFID technology. Retrieved July, from http://www.nfcnearfieldcommunication.org/timeline.html
Edwards, C. (2016). RFID tags along with the Internet of Things. Engineering and Technology Magazine 9(8). http://eandt.theiet.org/magazine/2014/08/tagging-along.cfm.
Garfinkel, S. L., Juels, A., & Pappu, R. (2005). RFID privacy: An overview of problems and proposed solutions. IEEE Security & Privacy, 3(3), 34–43.
Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.
Ohkubo, M., Suzuki, K., & Kinoshita, S. (2003). Cryptographic approach to privacy-friendly tags, RFID Privacy Workshop.
Weis, S. A., Sarma, S. E., Rivest, R. L., & Engels, D. W. (2004). Security & Privacy Aspects of low-cost radio frequency identification systems. Security in Pervasive Computing, 2802, 201–212.
Henrici, A., & Muller, P. (2004). Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In International Workshop on Pervasive Computing and Communication Security PerSec, Orlando, Florida, USA (pp. 149–153).
Molnar, D., & Wagner, D. (2004). Privacy and security in library RFID: Issues, practices, and architectures. In Conference on Computer and Communications Security—ACM CCS, Washington, DC, USA (pp. 210–219). isbn:1-58113-961-6.
Kalra, S., & Sood, S. K. (2015). Secure authentication scheme for IoT and cloud servers. Pervasive and Mobile Computing, 24, 210–223.
Tuyls, P., & Batina, L. (2006). RFID-tags for anti-counterfeiting. In Topics in cryptology (CT-RSA’06), LNCS 3860 (pp. 115–131). New York: Springer.
Lee, Y. K., Batina, L., & Verbauwhede, I. (2008). EC-RAC (ECDLP based randomized access control): provably secure RFID authentication protocol. In IEEE International Conference on RFID (pp. 97–104).
Liao, Y., & Hsiao, C. (2013). A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol. Ad Hoc Networks, 18, 133–146. https://doi.org/10.1016/j.adhoc.2013.02.004.
Peeters, R., & Hermans, J. (2013). Attack on Liao and Hsiao’s secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol. Cryptology ePrint Archive, Report 2013/399.
Liao, Y., & Hsiao, C. (2013). A secure ECC-based RFID authentication scheme using hybrid protocols. In Advances in intelligent systems and applications (pp. 1–13). Berlin: Springer.
Tan, Z. (2014). A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. Journal of Medical Systems, 38(3), 1–9.
Arshad, H., & Nikooghadam, M. (2014). Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. Journal of Medical Systems, 38(12), 1–12.
Lu, Y., Li, L., Peng, H., & Yang, Y. (2015). An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. Journal of Medical Systems, 39(3), 32. https://doi.org/10.1007/s10916-015-0221-7.
Delvaux, J., Gu, D., Verbauwhede, I., Hiller, M., & Yu, M.-D. (2016). Efficient fuzzy extraction of PUF-induced secrets: Theory and applications. In Proceedings of the 18th International Conference on Cryptographic Hardware and Embedded Systems (CHES), vol. 9813. Santa Barbara, CA, USA (pp. 412–431).
Akgun, M., & Caglayan, M. U. (2015). Providing destructive privacy and scalability in RFID systems using PUFs. Ad Hoc Network, 32, 32–42.
Aysu, E., Gulcan, D., Moriyama, P. S., & Yung, M. (2015). End-to-end design of a PUF-based privacy preserving authentication protocol. In Proceedings of the 17th International Conference on Cryptographic Hardware and Embedded Systems (CHES), vol. 9293. Saint-Malo, France (pp. 556–576).
Huth, A., Aysu, J., Guajardo, P. D., & Güneysu, T. (2017). Secure and private, yet lightweight, authentication for the IoT via PUF and CBKA. In Proceedings of the International Conference on Information Security and Cryptology (ICISC) (pp. 28–48).
Aysu, Y., Wang, P. S., & Orshansky, M. (2017). New maskless debiasing method for lightweight physical unclonable function. In Proceedings of the 2011 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST) (pp. 134–139).
Hopper, N. J., & Blum, M. (2001). Secure human identification protocols, Advances in cryptology – ASYACRYPT’2001, lecture notes in computer science (Vol. 2248, pp. 52–66). Berlin: Springer.
Blum, M. L. F., Kearns, M. J., & Lipton, R. J. (1993). Crypto-graphic primitives based on hard learning problems, advances in cryptology – CRYPTO’93, lecture notes in computer science (pp. 278–291). Berlin: Springer.
Juels, S. W. (2005). Authenticating pervasive devices with human protocols, advances in cryptology – Crypto2005, lecture notes in computer science (Vol. 3621, pp. 293–308). Berlin: Springer.
Katz, J., & Shin, J. S. (2005). Parallel and concurrent security of the HB and HB+ protocols, Cryptology ePrint archive, Report 2005/461. http://eprint.iacr.org
Gilbert, H., Robshaw, M., & Silbert, H. (2005). An active attack against HB+: A provable secure lightweight authentication protocol, Cryptology ePrint Archive, Report 2005/237. http://eprint.iacr.org
Chien, H.-Y. (2007). SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing, 4(4), 337–340.
Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J., Ribagorda, A. (2006). LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. Printed handout of Workshop on RFID Security—RFIDSec 06 July.
Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J., & Ribagorda, A. (2006). M2AP: a minimalist mutual-authentication protocol for low-cost RFID tags. Lecture notes in computer science (pp. 912–923). Berlin: Springer.
Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). EMAP: an efficient mutual authentication protocol for low-cost RFID tags. In OTM Federated Conferences and Workshop: IS Workshop, IS’06, 4277. Lecture Notes in Computer Science (pp. 352–361). Berlin: Springer.
Peris-Lopez, P., Hernandez-Castro, J. C., Tapiador, J. M. E., & Ribagorda, A. (2008). Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol. In Proceedings of International Workshop on Information Security Applications (pp. 56–68).
Vaudenay, S. (2007). On privacy models for RFID. In Proceedings of 13th International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT ’07), vol. 4833 of Lecture Notes in Computer Science (pp. 68–87). Kuching: Springer.
Ouafi, K. (2011). Security and privacy in RFID systems. Ph.D. thesis, EPFL, Lausanne, Switzerland.
Vaudenay, S. (2010). Invited talk at RFIDSec 2010.
Canard, S., Coisel, I., Etrog, J., & Girault, M. (2010). Privacy preserving RFID systems: model and constructions. Cryptology ePrint Archive, Report 2010/405.
Canard, S., Coisel, I., & Girault, M. (2010). Security of privacy preserving RFID systems. In Proceedings of IEEE International Conference on RFID-Technology and Applications (RFID-TA10) (pp. 269–274).
van Le, T., Burmester, M., & de Medeiros, B. (2007). Universally composable and forward-secure RFID authentication and authenticated key exchange. In Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS ’07) (pp. 242–252). Singapore: ACM.
Juels, A., & Weis, S. A. (2007). Defining strong privacy for RFID. In Proceedings of the 5th Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom ’07) (pp. 342–347). New York, NY: IEEE.
Acknowledgments
This publication is an outcome of the R&D work undertaken under the project Visvesvaraya PhD Scheme of Ministry of Electronics & Information Technology, Government of India, and being implemented by Digital India Corporation.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Tewari, A., Gupta, B.B. (2020). An Analysis of Provable Security Frameworks for RFID Security. In: Gupta, B., Perez, G., Agrawal, D., Gupta, D. (eds) Handbook of Computer Networks and Cyber Security. Springer, Cham. https://doi.org/10.1007/978-3-030-22277-2_25
Download citation
DOI: https://doi.org/10.1007/978-3-030-22277-2_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-22276-5
Online ISBN: 978-3-030-22277-2
eBook Packages: Computer ScienceComputer Science (R0)