Skip to main content
SpringerLink
Log in

ITPMAP: An Improved Three-Pass Mutual Authentication Protocol for Secure RFID Systems

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Radio frequency identification (RFID) is a wireless technology used in various applications to minimize the complexity of everyday life. However, it opens a large number of security and privacy issues that require to be addressed before its successful deployment. Many RFID authentication protocols are proposed in recent years to address security and privacy issues, and most of them are based on lightweight cryptographic techniques such as pseudo-random number generators (PRNGs), or bitwise logical operations. However, the existing RFID authentication protocols suffer from security weaknesses, and cannot solve most of the security and privacy problems. A new solution is necessary to address security and privacy issues. In this paper, an improved three-pass mutual authentication protocol (ITPMAP) for low-cost RFID tags is proposed to offer an adequate security level for RFID systems. The proposed ITPMAP protocol uses one PRNG on the tag side and heavy-weighted cryptographic techniques (i.e., digital signature and password-based encryption schemes) on the back-end server side instead of lightweight cryptographic techniques to address the security and privacy issues. The ITPMAP protocol is secure against various attacks such as cloning, spoofing, replay, and desynchronization attacks. Furthermore, as a proof of concept, the ITPMAP protocol is adopted to propose the design of three real-life RFID systems; namely: Signing and Verification of Graduation Certificate System, issuing and verification of e-ticketing system, and charging and discharging of prepaid card system. The Unified Modeling Language is used to demonstrate the design of the proposed ITPMAP protocol and systems. Java language is used for the implementation of the proposed systems. In addition, the “Mifare Classic” tags and readers are used as RFID apparatuses for the proposed systems.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24
Fig. 25
Fig. 26
Fig. 27

Similar content being viewed by others

References

  1. Syamsuddin, I., Dillon, T., Chang, E., & Han, S. (2008). A survey of RFID authentication protocols based on hash-chain method. In Proceedings of Third International Conference on Convergence and Hybrid Information Technology (pp. 559–564), USA.

  2. Chaouchi, H. (2010). The internet of things: Connecting objects. Hoboken: Wiley.

    Google Scholar 

  3. Muhic, I., & Hodzic, M. (2014). Internet of things: Current technological review and new low power wireless sensor network protocol proposal. Southeast Europe Journal of Soft Computing, 3(2), 46–57.

    Article  Google Scholar 

  4. Bilal, Z. (2015). Addressing security and privacy issues in low-cost RFID systems. Ph.D. Thesis, University of London, England.

  5. Yousuf, Y., & Potdar, V. (2008). A survey of RFID authentication protocols. In Proceedings of 22nd International Conference on Advanced Information Networking and Applications (pp. 1346–1350), Japan.

  6. Younis, M. I., & Abdulkareem, M. H. (2017). A survey of RFID authentication protocols. Inventi Impact: Information Security, 2017(1), 1–12.

    Article  Google Scholar 

  7. Henrici, D., & Muller, P. (2004). Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In Proceedings of Second IEEE Annual Conference on Pervasive Computing and Communications Workshops (pp. 149–153), USA.

  8. Choi, E. Y., Lee, S. M., & Lee, D. H. (2005). Efficient RFID authentication protocol for ubiquitous computing environment. Lecture Notes in Computer Science, 3823, 945–954.

    Article  Google Scholar 

  9. Osaka, K., Takagi, T., Yamazaki, K., & Takahashi, O. (2006). An efficient and secure RFID security method with ownership transfer. In Proceedings of 2006 IEEE International Conference on Computational Intelligence and Security (pp. 1090–1095), China.

  10. Ha, J., Moon, S., Nieto, J. M. G., & Boyd, C. (2007). Low-cost and strong-security RFID authentication protocol. Lecture Notes in Computer Science, 4809, 795–807.

    Article  Google Scholar 

  11. Song, B., & Mitchell, C. J., (2008). RFID authentication protocol for low-cost tags. In Proceedings of First ACM Conference on Wireless Network Security (pp. 140–147), USA.

  12. Liu, A. X., & Bailey, L. A. (2009). PAP: A privacy and authentication protocol for passive RFID tags. Computer Communications, 32(7), 1194–1199.

    Article  Google Scholar 

  13. Sadighian, A., & Jalili, R. (2009). AFMAP: Anonymous forward-secure mutual authentication protocols for RFID systems. In Proceedings of Third International Conference on Emerging Security Information, Systems and Technologies (pp. 31–36), Greece.

  14. Cho, J., Jeong, Y., & Park, S. O. (2012). Consideration on the brute-force attack cost and retrieval cost: a hash-based radio-frequency identification (RFID) tag mutual authentication protocol. Computers & Mathematics with Applications, 69(1), 58–65.

    Article  MATH  Google Scholar 

  15. Srivastava, K., Awasthi, A. K., Kaul, S. D., & Mittal, R. C. (2015). A hash based mutual RFID tag authentication protocol in telecare medicine information system. Journal of Medical Systems, 39(1), 1–5.

    Article  Google Scholar 

  16. Chien, H., & Huang, C. (2007). A lightweight RFID protocol using substring. Lecture Notes in Computer Science, 4808, 422–431.

    Article  Google Scholar 

  17. Kim, K. H., Choi, E. Y., Lee, S. M., & Lee, D. H. (2006). Secure EPCglobal class-1 gen-2 RFID system against security and privacy problems. Lecture Notes in Computer Science, 4277, 362–371.

    Article  Google Scholar 

  18. Sun, H., & Ting, W. (2009). A Gen2-based RFID authentication protocol for security and privacy. IEEE Transactions on Mobile Computing, 8(8), 1052–1062.

    Article  Google Scholar 

  19. Niu, H., Taqieddin, E., & Jagannathan, S. (2015). EPC Gen2v2 RFID standard authentication and ownership management protocol. IEEE Transactions on Mobile Computing, 15(1), 137–149.

    Article  Google Scholar 

  20. Burmester, M., & Medeiros, B. (2008). The security of EPC Gen2 compliant RFID protocols. Lecture Notes in Computer Science, 5037, 490–506.

    Article  Google Scholar 

  21. Qingling, C., Yiju, Z., & Yonghua, W. (2008). A minimalist mutual authentication protocol for RFID system & ban logic analysis. In ISECS International Colloquium on Computing, Communication, Control, and Management (pp. 449–453), China.

  22. Yeh, T., Wang, Y., Kuo, T., & Wang, S. (2010). Securing RFID systems conforming to EPC class 1 generation 2 standard. Expert Systems with Applications, 8(12), 7678–7683.

    Article  Google Scholar 

  23. Deng, G., Li, H., Zhang, Y., & Wang, J. (2013). Tree-LSHB+: An LPN-based lightweight mutual authentication RFID protocol. Wireless Personal Communications, 72(1), 159–174.

    Article  Google Scholar 

  24. Zhou, J. (2015). A quadratic residue-based lightweight RFID mutual authentication protocol with constant-time identification. Journal of Communications, 10(2), 117–123.

    Article  Google Scholar 

  25. Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. In Proceedings of Second Workshop on RFID Security, Austria.

  26. Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). M2AP: A minimalist mutual-authentication protocol for low-cost RFID tags. Lecture Notes in Computer Science, 4159, 912–923.

    Article  Google Scholar 

  27. Chien, H. (2007). SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing, 4(4), 337–340.

    Article  Google Scholar 

  28. Li, T. (2008). Employing lightweight primitives on low-cost RFID tags for authentication. In Proceedings of 2008 IEEE vehicular technology conference (pp. 1–5), Canada.

  29. Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2009). Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol. Lecture Notes in Computer Science, 5379, 56–68.

    Article  Google Scholar 

  30. Lee, Y., Hsieh, Y., You, P., & Chen, T. (2009). A new ultralightweight RFID protocol with mutual authentication. In Proceedings of 2009 WASE International Conference on Information Engineering (pp. 58–61), China.

  31. Kianersi, M., Gardeshi, M., & Arjmand, M. (2011). SULMA: A secure ultra light-weight mutual authentication protocol for low cost RFID tags. International Journal of UbiComp, 2(2), 17–24.

    Article  Google Scholar 

  32. Lee, Y. (2012). Two ultralightweight authentication protocols for low-cost RFID tags. Applied Mathematics and Information Sciences, 6, 425–431.

    MathSciNet  Google Scholar 

  33. Tian, Y. (2012). A new ultralightweight RFID authentication protocol with permutation. IEEE Communications Letters, 16(5), 702–705.

    Article  Google Scholar 

  34. NXP Semiconductors (2014). Mainstream contactless smart card IC for fast and easy solution development. Product Data Sheet, Rev. 3.0. Available at https://www.nxp.com/documents/data_sheet/MF1S50YYX.pdf.

  35. Liao, H., & Shen, Y. (2006). On the elliptic curve digital signature algorithm. Tunghai Science, 8, 109–126.

    Google Scholar 

  36. Khalique, A., Singh, K., & Sood, S. (2010). Implementation of elliptic curve digital signature algorithm. International Journal of Computer Applications, 2(2), 21–27.

    Article  Google Scholar 

  37. Abdalla, M., Fouque, P. A., & Pointcheval, D. (2006). Password-based authenticated key exchange in the three-party setting. IEE Information Security, 153(1), 27–39.

    Article  MATH  Google Scholar 

  38. Atreya, M. (2004). Password based encryption. https://web.cs.ship.edu/~cdgira/courses/CSC434/Fall2004/docs/course_docs/Article3-PBE.pdf. Accessed Oct 22, 2016.

  39. Jacobs, B. (2009). Architecture is politics: Security and privacy issues in transport and beyond. In Proceedings of Second International Conference on Computers, Privacy and Data Protection (pp. 289–299), Belgium.

  40. Barker, E., & Roginsky, A. (2015). Transitions: Recommendation for transitioning the use of cryptographic algorithms and key lengths. NIST Special Publication. 800-131A Rev. 1. http://dx.doi.org/10.6028/NIST.SP.800-131Ar1

  41. Smart, N. (2012). Ecrypt II yearly report on algorithms and keysizes (2011–2012). Technical Report. http://cordis.europa.eu/docs/projects/cnect/6/216676/080/deliverables/002-DSPA20.pdf

  42. D-Logic. uFR classic NFC RFID reader. http://www.d-logic.net/nfc-rfid-reader-sdk/products/ufr-classic

  43. Al-Tameemi, Z. F. A. (2010). Design and implementation of a scalable automated RFID-based attendance system with scheduling technique. M.Sc. Thesis, Universiti Sains Malaysia (USM), Malaysia.

  44. Bock, H. (2011). The definitive guide to NetBeans platform 7 (expert’s voice in Java), (1st edn.). CA: Apress Berkely.

    Book  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Engineering Department, College of Engineering, University of Baghdad, Jadryah, Baghdad, Iraq

    Mohammed Issam Younis & Mustafa Hashim Abdulkareem

Authors
  1. Mohammed Issam Younis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mustafa Hashim Abdulkareem
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammed Issam Younis.

Appendices

Appendix I: Java Codes for the SVGCS System

figure c

Appendix II: Java Codes for the IVETS System

figure d

Appendix III: Java Codes for the CDPCS System

figure e

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Younis, M.I., Abdulkareem, M.H. ITPMAP: An Improved Three-Pass Mutual Authentication Protocol for Secure RFID Systems. Wireless Pers Commun 96, 65–101 (2017). https://doi.org/10.1007/s11277-017-4152-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-017-4152-0

Keywords

Search

Navigation