Skip to main content
SpringerLink
Log in

An efficient and secure authentication protocol for RFID systems

  • Published:
International Journal of Automation and Computing Aims and scope Submit manuscript

Abstract

The use of radio frequency identification (RFID) tags may cause privacy violation of users carrying an RFID tag. Due to the unique identification number of the RFID tag, the possible privacy threats are information leakage of a tag, traceability of the consumer, denial of service attack, replay attack and impersonation of a tag, etc. There are a number of challenges in providing privacy and security in the RFID tag due to the limited computation, storage and communication ability of low-cost RFID tags. Many research works have already been conducted using hash functions and pseudorandom numbers. As the same random number can recur many times, the adversary can use the response derived from the same random number for replay attack and it can cause a break in location privacy. This paper proposes an RFID authentication protocol using a static identifier, a monotonically increasing timestamp, a tag side random number and a hash function to protect the RFID system from adversary attacks. The proposed protocol also indicates that it requires less storage and computation than previous existing RFID authentication protocols but offers a larger range of security protection. A simulation is also conducted to verify some of the privacy and security properties of the proposed protocol.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. S. L. Garfinkel, A. Jules, R. Pappu. RFID privacy: An overview of problems and proposed solutions. IEEE Security and Privacy, vol. 3, no. 3, pp. 34–43, 2005.

    Article  Google Scholar 

  2. A. Jules. RFID security and privacy: A research survey. IEEE Journal on Selected Areas in Communication, vol. 24, no. 2, pp. 381–394, 2006.

    Article  Google Scholar 

  3. EPCglobal Web site, 2005. [Online], Available: http://www.EPCglobalinc.org, February 16, 2012.

  4. S. M. Lee, Y. J. Hwang, D. H. Lee, J. I. Lim. Efficient authentication for low-cost RFID systems. In Proceedings of the 2005 International Conference on Computational Science and its Applications, ACM, Berlin, Germany, vol. 3480, pp. 619–627, 2005.

    Google Scholar 

  5. R. Want. An introduction to RFID technology. IEEE Pervasive Computing, vol. 5, no. 1, pp. 25–33, 2006.

    Article  Google Scholar 

  6. B. S. Prabhu, X. Su, H. Ramamurthy, C. Chu, R. Gadh. WinRFID — A Middleware for the Enablement of Radio Frequency Identification (RFID) Based Applications. [Online], Available: http://www.techrepublic.com/whitepapers/winrfid-a-middleware-for-the-enablement-ofradio-frequency-identification/2349745, February 19, 2012.

  7. D. Henrici, P. Muller. Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In Proceedings of the 2nd IEEE Annual Conference on Pervasive Computing and Communications Workshops, IEEE, Orlando, USA, pp. 149–153, 2004.

  8. D. Molnar, D. Wagner. Privacy and security in library RFID: Issues, practices, and architectures. In Proceedings of Conference on Computer and Communications Security, ACM, Washington, USA, pp. 210–219, 2004.

  9. K. Rhee, J. Kwak, S. Kim, D. Won. Challengeresponse based RFID authentication protocol for distributed database environmnet. In Proceedings of International Conference on Security in Pervasive Computing, Mendeley, Boppard, Germany, vol. 3450, no. 3, pp. 70–84, 2005.

    Google Scholar 

  10. E. Y. Choi, S. M. Lee, D. H. Lee. Efficient RFID authentication protocol for ubiquitous computing environment. In Proceedings of Embedded and Ubiquitous Computing, vol. 3832, pp. 945–954, 2005.

    Google Scholar 

  11. H. Chien, C. Chen. Mutual authentication protocol for RFID conforming to EPC class 1 generation 2 standards. Computer Standards & Interfaces, vol. 29, no. 2, pp. 254–259, 2007.

    Article  MathSciNet  Google Scholar 

  12. M. Ohkubo, K. Suzki, S. Kinoshita. Cryptographic approach to “privacy-friendly” tags. [Online], Available: http://rfidprivacy.media.mit.edu/2003/papers/ohkubo.pdf, February 17, 2012.

  13. T. Dimitriou. A lightweight RFID protocol to protect against traceability and cloning attacks. In Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, IEEE, Athens, Greece, pp. 59–66, 2005.

  14. M. E. Hoque, F. Rahman, S. I. Ahamed. Supporting recovery, privacy and security in RFID systems using a robust authentication protocol. In Proceedings of the 2009 ACM Symposium on Applied Computing, ACM, Honlulu, USA, pp. 1062–1066, 2009.

  15. J. Ha, S. Moon, J. M. G. Nieto, C. Boyd. Security analysis and enhancement of one-way hash based low-cost authentication protocol. In Proceedings of the 2007 International Conference on Emerging Technologies in Knowledge Discovery and Data Mining, ACM, Berlin, Germany, vol. 4819, pp. 574–583, 2007.

    Article  Google Scholar 

  16. B. Song, C. J. Mitchell. RFID authentication protocol for low-cost tags. In Proceedings of the 1st ACM Conference on Wireless Network Security, ACM, New York, USA, pp. 140–147, 2008.

  17. B. Song. RFID Tag Ownership Transfer. In Proceedings of the 4th Workshop on RFID Security, Budaperst, Hungary, 2008. [Online], Available: http://events.iaik.tugraz.at/RFIDSec08/Papers/Publication/ 15 February 19, 2012.

  18. N. J. Hopper, M. Blum. Secure human identification protocols. In Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, ACM, London, UK, vol. 2248, pp. 52–66, 2001.

    MathSciNet  Google Scholar 

  19. A. Juels, S. Weis. Authenticating pervasive devices with human protocols. [Online], Available: http://www.iacr.org/cryptodb/archive/2005/CRYPTO/1478/1478.pdf, February 17, 2012.

  20. H. Gilbert, M. Robshaw, H. Sibert. Active attack against HB+: A provably secure lightweight authentication protocol. Electronics Letters, vol. 41, no. 21, pp. 1169–1170, 2005.

    Article  Google Scholar 

  21. J. Katz, J. S. Shin. Parallel and concurrent security of the HB and HB+ protocols. Cryptology ePrint archive, Report 2005/461, 2005. [Online], Available: http://eprint.iacr.org, February 17, 2012.

  22. J. Bringer, H. Chabanne, E. Dottax. HB++: A lightweight authentication protocol secure against some attacks. In Proceedings of the 2nd International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, IEEE, pp. 28–33, 2006.

  23. S. Piramuthu. HB and related lightweight authentication protocols for secure RFID tag/reader authentication. In Proceedings of CollECTeR Europe Conference, Basel, Switzerland, 2006. [Online], Available: http://www.avoine.net/rfid/download/papers/Piramuthu-2006-collecter.pdf, February 19, 2012.

  24. J. Munilla, A. Peinado. HB-MP: A further step in the HB-family of lightweight authentication protocols. Computer Networks, vol. 51, no. 9, pp. 2262–2267, 2007.

    Article  MATH  Google Scholar 

  25. A. J. Menezes, P. C. Oorshot, S. A. Vanstone. Handbook of Applied Cryptography, chapter 19, Boca Raton, USA: CRC Press, 1996.

    Book  Google Scholar 

  26. G. Tsudik. YA-TRAP: Yet another trivial RFID authentication protocol. In Proceedings of the 4th IEEE Annual Conference on Pervasive Computing and Communications, Pisa, Italy, pp. 640–643, 2006.

  27. G. Tsudik. A family of dunces: Trivial RFID identification and authentication protocols. In Proceedings of the 7th International Conference on Privacy Enhancing Technologies pp. 45–61, 2007.

  28. B. Lee, H. Kim. Ubiquitous RFID based medical application and the security architecture in smart hospitals. In Proceedings of the 2007 International Conference on Convergence Information Technology, ACM, Washington, USA, pp. 2359–2362, 2007.

Download references

Author information

Authors and Affiliations

  1. Faculty of Computing, Engineering and Technology, Staffordshire University, Stafford, ST18 ODF, UK

    Md. Monzur Morshed, Anthony Atkins & Hong-Nian Yu

Authors
  1. Md. Monzur Morshed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anthony Atkins
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hong-Nian Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hong-Nian Yu.

Additional information

Md. Monzur Morshed obtained M. Eng. degree in computer science and engineering from Bangladesh University of Engineering and Technology (BUET), Dhaka in 1999. He obtained his B.Eng. degree in computer science and engineering from BUET in 1996. He is an associate professor in the Department of Accounting and Information Systems, University of Dhaka, Bangladesh. He is now a Ph.D. candidate at Staffordshire University, UK. He obtained his M. Sc. degree in ICT from Waseda University, Japan in 2007. He published 14 research papers in various journals and proceedings on pattern recognition, human computer interaction, RFID privacy and security and other topics on computer science and engineering.

His research interests include the privacy and security of RFID systems, pattern recognition and Bangla text entry techniques in mobile phones.

Anthony Atkins is a reader in applied computing in the Faculty of Computing, Engineering and Technology at Staffordshire University, UK. He is a Chartered Engineer and Professional Engineer (USA) in both computing, and mineral and petroleum engineering. He is also a Churchill Fellowship in bioengineering and environmental engineering and has several patents in bioengineering and waste recycling with embedded real time systems covering the UK, EU, Australia and USA. Other interests are in IT outsourcing in which he has published 6 book chapters, service management and knowledge management systems (KMS). He has published over 130 refereed publications consisting of journals, chapters in books, and conferences with his colleagues and research students.

His research interests include mobile and RFID technology in waste recycling in the construction industry and in medical waste, supply chain management (SCM) and mobile technological application to the ageing population.

Hong-Nian Yu has held academic positions at Yanshan University, PRC, the Universities of Sussex, Liverpool John Moor, Exeter, Bradford and Staffordshire in the UK. He is currently professor of computer science at Staffordshire University, UK. He has published over 200 journal and conference research papers. He has held several research grants from the UK EPSRC, the Royal Society, and the EU, AWM, as well as from industry. Currently he is principal investigator on an EPSRC funded UK-Japan network grant on HAM and holds two EU funded projects. He was awarded the F.C. William Premium for his paper on adaptive and robust control of robot manipulators by the IEE Council.

His research interests include mobile computing, modelling, scheduling, planning, and simulations of large discrete event dynamic systems with applications to manufacturing systems, supply chains, transportation networks, computer networks and RFID applications, modelling and control of robots and mechatronics, and neural networks.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Morshed, M.M., Atkins, A. & Yu, HN. An efficient and secure authentication protocol for RFID systems. Int. J. Autom. Comput. 9, 257–265 (2012). https://doi.org/10.1007/s11633-012-0642-4

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11633-012-0642-4

Keywords

Search

Navigation