Skip to main content
SpringerLink
Log in

Towards secure authenticating of cache in the reader for RFID-based IoT systems

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

The use of radio frequency identification (RFID) in Internet of things (IoT) has led to a significant progress in numerous intelligent devices. However, due to its restrictions on computation ability, storage space and battery capacity, RFID-based IoT system has to confront with various security and efficiency challenges. Recently, a lightweight RFID mutual authentication protocol with cache in the reader is introduced by Fan et al., named LRMAPC. Fan et al.’s LRMAPC can achieve stronger security and privacy requirements and reduce the computation and storage overheads during authentication process. Unfortunately, we discover that Fan et al.’s LRMAPC is susceptible to reader impersonation attack, tag forgery attack and message eavesdropping attack. Besides, it fails to preserve mutual authentication between the reader and the database. In order to remedy these flaws mentioned above, we further present an advanced authentication mechanisms and demonstrate the correctness of the advanced LRMAPC through the Gong-Needham-Yahalom (GNY) logic analysis. Compared the security and efficiency with Fan et al.’s LRMAPC, the advanced LRMAPC satisfies desirable security requirements and maintains acceptable efficiency in terms of the costs of storage space and computation time. As a result, our advanced LRMAPC is a very promising solution for resource-constrained devices in RFID-based IoT systems.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Atzori L, Iera A, Morabito G (2010) The internet of things: a survey. Comput Netw 54(15):2787–2805

    Article  MATH  Google Scholar 

  2. Banerjee D, Dong B, Taghizadeh M, Biswas S (2014) Privacy-preserving channel access for internet of things. IEEE Internet of Things Journal 1(5):430–445

    Article  Google Scholar 

  3. Boyeon S, Chris JM (2008) RFID authentication protocol for low-cost tags Proceedings of 1st ACM conference on wireless network security, Alexandria, USA, pp 140–147

    Google Scholar 

  4. Cho JS, Yeo SS, Kim SK (2011) Securing against brute-force attack: a hash-based RFID mutual authentication protocol using a secret value. Comput Commun 34(3):391–397

    Article  Google Scholar 

  5. Deursen T, Mauw S, Radomirović S, Vullers P (2009) Secure ownership and ownership transfer in RFID systems Proceedings of 14th European symposium on research in computer security, lecture notes in computer science, vol 5789. pp 637–654

    Google Scholar 

  6. Dimitriou T (2016) Key evolving RFID systems: forward/ backward privacy and ownership transfer of RFID tags. Ad Hoc Netw 37(2):195–208

    Article  MathSciNet  Google Scholar 

  7. Dominikus S, Kraxberger S (2014) Secure communication with RFID tags in the internet of things. Secur Commun Netw 7(12): 2639–2653

    Article  Google Scholar 

  8. Gong L, Needham R, Yahalom R (1990) Reasoning about belief in cryptographic protocols IEEE computer society symposium on research in security and privacy, Oakland, USA, pp 234–248

    Google Scholar 

  9. Fan K, Ge N, Gong Y, Li H, Su R, Yang Y (2016) An ultra-lightweight RFID authentication scheme for mobile commerce. Peer-to-Peer Networking and Applications. doi:10.1007/s12083-016-0443-6

  10. Fan K, Gong Y, Liang C, Li H, Yang Y (2016) Lightweight and ultralightweight RFID mutual authentication protocol with cache in the reader for iot in 5g. Secur Commun Netw. doi:10.1002/sec.1314

  11. Fan K, Liang C, Li H, Yang Y (2014) LRMAPC: a lightweight RFID mutual authentication protocol with cache in the reader for IoT 2014 IEEE international conference on computer and information technology, Xi’an, China, pp 276–280

    Google Scholar 

  12. He D, Kumar N, Chilamkurti N, Lee JH (2014) Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol. J Med Syst 38:116

    Article  Google Scholar 

  13. He D, Zeadally S (2015) An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet of Things Journal 2(1):72–83

    Article  Google Scholar 

  14. Khedr WI (2013) SRFID: a hash-based security scheme for low cost RFID systems. Egyptian Informatics Journal 14(1):89–98

    Article  Google Scholar 

  15. Kumar N, Kaur K, Misra SC, Iqbal R (2015) An intelligent RFID-enabled authentication scheme for healthcare applications in vehicular mobile cloud. Peer-to-Peer Networking and Applications 9(5):824–840

    Article  Google Scholar 

  16. Lee CC, Chen CT, Li CT, Wu PH (2014) A practical RFID authentication mechanism for digital television. Telecommun Syst 57(3):239–246

    Article  Google Scholar 

  17. Li CT, Lee CC, Weng CY (2016) A secure cloud-assisted wireless body area network in mobile emergency medical care system. J Med Syst 40(5):1–15, article no. 117

    Article  Google Scholar 

  18. Li CT, Lee CW, Shen JJ (2015) An extended chaotic maps based keyword search scheme over encrypted data resist outside and inside keyword guessing attacks in cloud storage services. Nonlinear Dyn 80(3):1601–1611

    Article  MATH  Google Scholar 

  19. Li CT, Weng CY, Lee CC (2015) A secure RFID tag authentication protocol with privacy preserving in telecare medicine information systems. J Med Syst 39(8):77

    Article  Google Scholar 

  20. Mayzaud A, Badonnel R, Chrisment I (2016) A taxonomy of attacks in RPL-based internet of things. International Journal of Network Security 18(3):459–473

    Google Scholar 

  21. Nguyen KT, Laurent M, Oualha N (2016) Survey on secure communication protocols for the Internet of things. Ad Hoc Netw 32:17–31

    Article  Google Scholar 

  22. Ohkubo M, Suzuki K, Kinoshita S (2003) Cryptographic approach to ’privacy-friendly’ tags Proceedings of RFID privacy workshop, pp 1–9

    Google Scholar 

  23. Qian Q, Jia YL, Zhang R (2016) A lightweight RFID security protocol based on elliptic curve crytography. International Journal of Network Security 18(2):354–361

    Google Scholar 

  24. RFC 2104 – HMAC. Keyed-Hashing for message authentication. http://www.ietf.org/rfc/rfc2104.txt

  25. Roman R, Zhou J, Lopez J (2013) On the features and challenges of security and privacy in distributed internet of things. Comput Netw 57(10):2266–2279

    Article  Google Scholar 

  26. Srivastava K, Awasthi AK, Kaul SD, Mittal RC (2015) A hash based mutual RFID tag authentication protocol in telecare medicine information system. J Med Syst 39:153

    Article  Google Scholar 

  27. Weis SA, Sarma SE, Rivest RL, Engels DW (2004) Security and privacy aspects of low-cost radio frequency identification systems Proceedings of the 1st security in pervasive computing, lecture notes in computer science, vol 2802. pp 201–212

    Google Scholar 

  28. Xu D, Wu Z, Wu Z, Zhang Q, Qin L, Zhou J (2015) Internet of things: hotspot-based discovery service architecture with security mechanism. International Journal of Network Security 17(2):208–216

    Google Scholar 

  29. Zhou S, Zhang Z, Luo Z, Wong EC (2010) A lightweight anti-desynchronization RFID authentication protocol. Inf Syst Front 12(5):521–528

    Article  Google Scholar 

Download references

Acknowledgements

The authors would like to thank the anonymous reviewers and the Editor for their constructive and generous feedback on this paper. In addition, this research was partially supported and funded by the Ministry of Science and Technology, Taiwan, R.O.C., under contract no.: MOST 105-2221-E-165-005 and MOST 105-2221-E-030-012.

Author information

Authors and Affiliations

  1. Department of Information Management, Tainan University of Technology, No. 529, Zhongzheng Road, Tainan City, 71002, Taiwan, Republic of China

    Chun-Ta Li

  2. Department of Library and Information Science, Fu Jen Catholic University, No. 510, Jhongjheng Road, New Taipei City, 24205, Taiwan, Republic of China

    Cheng-Chi Lee

  3. Department of Photonics and Communication Engineering, Asia University, No. 500, Lioufeng Road, Taichung City, 41354, Taiwan, Republic of China

    Cheng-Chi Lee

  4. Department of Computer Science, National Pingtung University, No. 4-18, Min-Sheng Road, Pingtung City, 90003, Taiwan, Republic of China

    Chi-Yao Weng

  5. School of Computer Science and Technology, Harbin Institute of Technology Shenzhen Graduate School, Shenzhen University Town, Nanshan District, Shenzhen, 518055, People’s Republic of China

    Chien-Ming Chen

Authors
  1. Chun-Ta Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Cheng-Chi Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chi-Yao Weng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chien-Ming Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Cheng-Chi Lee.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Li, CT., Lee, CC., Weng, CY. et al. Towards secure authenticating of cache in the reader for RFID-based IoT systems. Peer-to-Peer Netw. Appl. 11, 198–208 (2018). https://doi.org/10.1007/s12083-017-0564-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-017-0564-6

Keywords

Search

Navigation