Skip to main content

Advertisement

Springer Nature Link
Log in

Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Radio frequency identification (RFID) is a wireless technology for automatic identification and data capture. Security and privacy issues in the RFID systems have attracted much attention. Many approaches have been proposed to achieve the security and privacy goals. One of these approaches is RFID authentication protocols by which a server and tags can authorize each other through an intracity process. Recently, Chou proposed a RFID authentication protocol based on elliptic curve cryptography. However, this paper demonstrates that the Chou’s protocol does not satisfy tag privacy, forward privacy and authentication, and server authentication. Based on these security and privacy problems, we also show that Chou’s protocol is defenseless to impersonation attacks, tag cloning attacks and location tracking attacks. Therefore, we propose a more secure and efficient scheme, which does not only cover all the security flaws and weaknesses of related previous protocols, but also provides more functionality. We prove the security of the proposed improved protocol in the random oracle model.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Burmester M, Le TV, Medeiros BD, Tsudik G (2009) Universally composable RFID identification and authentication protocols. ACM Trans Inf Syst Secur (TISSEC) 12(4):21

    Article  Google Scholar 

  2. Juels A, Weis S (2006) Defining strong privacy for RFID. Cryptology ePrint Archive, Report 2006/137

  3. Cai S, Li Y, Li T, Deng RH (2009) Attacks and improvements to an RIFD mutual authentication protocol and its extensions. In: Proceedings of the second ACM conference on wireless network security, pp 51–58

  4. Song B, Mitchell CJ (2011) Scalable RFID security protocols supporting tag ownership transfer. Comput Commun 34(4):556–566

    Article  Google Scholar 

  5. Niu B, Zhu X, Chi H, Li H (2014) Privacy and authentication protocol for mobile RFID systems. Wirel Pers Commun. doi:10.1007/s11277-014-1605-6

  6. Shao-hui W, Zhijie H, Sujuan L, Dan-wei C (2013) Security analysis of two lightweight RFID authentication protocols. Ann Telecommun. doi:10.1007/s12243-013-0361-z

  7. Dehkordi MH, Farzaneh Y (2013) Improvement of the hash-based RFID mutual authentication protocol. Wirel Pers Commun. doi:10.1007/s11277-013-1358-7

  8. Safkhani M, Peris-Lopez P, Hernandez-Castro JC, Bagheri N (20174) Cryptanalysis of the Cho et al. protocol: a hash-based RFID tag mutual authentication protocol. J Comput Appl Math 259(1):571–577

    MathSciNet  Google Scholar 

  9. Alagheband MR, Aref MR (2013) Simulation-based traceability analysis of RFID authentication protocols. Wirel Pers Commun. doi:10.1007/s11277-013-1552-7

  10. Chen CL, Huang YC, Shih TF (2012) A novel mutual authentication scheme for RFID conforming EPCglobal class 1 generation 2 standards. Inf Technol Control 41(3):220–228

    Google Scholar 

  11. Kuo WC, Chen BL, Wuu LC (2013) Secure indefinite-index RFID authentication scheme with challenge-response strategy. Inf Technol Control 42(2):124–130

    Google Scholar 

  12. Alagheband MR, Aref MR (2013) Unified privacy analysis of newfound RFID authentication protocols. Secur Commun Netw 6(8):999–1009

    Article  Google Scholar 

  13. Hein D, Wolkerstorfer J, Felber N (2009) ECC is ready for RFID—a proof in silicon. Sel Areas Cryptogr LNCS 5381:401–413

    Article  Google Scholar 

  14. Lee YK, Sakiyama K, Batina L, Verbauwhede I (2008) Elliptic curve based security processor for RFID. IEEE Trans Comput 57(11):1514–1527

    Article  MathSciNet  Google Scholar 

  15. N.N.I., Technology of Standards: Cryptographic hash algorithm competition. http://csrc.nist.gov/groups/ST/hash/sha-3/index.html

  16. Ning H, Liu H, Mao J, Zhang Y (2011) Scalable and distributed key array authentication protocol in radio frequency identification-based sensor systems. IET Commun 5(12):1755–1768

    Article  MathSciNet  Google Scholar 

  17. Alomair B, Clark A, Cuellar J, Poovendran R (2012) Scalable RFID systems: a privacy-preserving protocol with constant-time identification. IEEE Trans Parallel Distrib Syst 23(8):1536–1550

    Article  Google Scholar 

  18. Alomair B, Poovendran R (2010) Privacy versus scalability in radio frequency identification systems. Comput Commun 33(18):2155–2163

    Article  Google Scholar 

  19. Song B, Mitchell CJ (2011) Scalable RFID security protocols supporting tag ownership transfer. Comput Commun 34(4):556–566

    Article  Google Scholar 

  20. Batina L, Lee YK, Seys S, Singele D, Verbauwhede I (2012) Extending ECC-based RFID authentication protocols to privacy-preserving multi-party grouping proofs. Pers Ubiquitous Comput 16(3):323–335

    Article  Google Scholar 

  21. Chou JS (2013) An efficient mutual authentication RFID scheme based on elliptic curve cryptography. J Supercomput. doi:10.1007/s11227-013-1073-x

  22. Tuyls P, Batina L (2006) RFID-tags for anti-counterfeiting. In: Topics in Cryptology (CT-RSA’06), LNCS 3860, pp 115–131

  23. Schnorr CP (1990) Efficient identification and signatures for smart cards. In: Advances in cryptology (CRYPTO’89), pp 239–252

  24. Batina L, Guajardo J, Kerins T, Mentens N, Tuyls P, Verbauwhede I (2007) Public-key cryptography for RFID-tags. In: Fifth annual IEEE international conference on pervasive computing and communications workshops, 2007. (PerCom Workshops’07), pp 217–222

  25. Okamoto T (1993) Provably secure and practical identification schemes and corresponding signature schemes. In: Advances in Cryptology (CRYPTO’92), pp 31–53

  26. Lee YK, Batina L, Verbauwhede I (2008) EC-RAC (ECDLP based randomized access control): provably secure RFID authentication protocol. In: IEEE international conference on RFID, pp 97–104

  27. O’Neill M, Robshaw MJ (2010) Low-cost digital signature architecture suitable for radio frequency identification tags. Comput Digital Tech IET 4(1):14–26

    Article  Google Scholar 

  28. Godor G, Giczi N, Imre S (2010) Elliptic curve cryptography based mutual authentication protocol for low computational capacity RFID systems-performance analysis by simulations. In: IEEE international conference on wireless communications, networking and information security (WCNIS), pp 650–657

  29. Farash MS, Bayat M, Attari MA (2011) Vulnerability of two multiple-key agreement protocols. Comput Electr Eng 37(2):199–204

    Article  MATH  Google Scholar 

  30. Farash MS, Attari MA, Bayat M (2012) A certificateless multiple-key agreement protocol without one-way hash functions based on bilinear pairings. IACSIT Int J Eng Technol 4(3):321–325

    Article  Google Scholar 

  31. Farash MS, Attari MA, Atani RE, Jami M (2013) A new efficient authenticated multiple-key exchange protocol from bilinear pairings. Comput Electr Eng 39(2):530–541

    Article  Google Scholar 

  32. Farash MS, Attari MA (2013) Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC. ISC Int J Inf Secur 5(1):1–15

    Google Scholar 

  33. Farash MS, Attari MA (2014) A pairing-free ID-based key agreement protocol with different PKGs. Int J Netw Secur 16(2):143–148

    MathSciNet  Google Scholar 

  34. Farash MS, Attari MA (2014) An enhanced and secure three-party password-based authenticated key exchange protocol without using server’s public-keys and symmetric cryptosystems. Inf Technol Control 43(2):143–150

    MathSciNet  Google Scholar 

  35. Niu B, Zhu X, Chi H, Li H (2014) Privacy and authentication protocol for mobile RFID systems. Wirel Pers Commun. doi:10.1007/s11277-014-1605-6

Download references

Author information

Authors and Affiliations

  1. Faculty of Mathematical Sciences and Computer, Kharazmi University, Tehran, Iran

    Mohammad Sabzinejad Farash

Authors
  1. Mohammad Sabzinejad Farash
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Mohammad Sabzinejad Farash.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Farash, M.S. Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography. J Supercomput 70, 987–1001 (2014). https://doi.org/10.1007/s11227-014-1272-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-014-1272-0

Keywords