Abstract
The use of radio frequency identification (RFID) in Internet of things (IoT) has led to a significant progress in numerous intelligent devices. However, due to its restrictions on computation ability, storage space and battery capacity, RFID-based IoT system has to confront with various security and efficiency challenges. Recently, a lightweight RFID mutual authentication protocol with cache in the reader is introduced by Fan et al., named LRMAPC. Fan et al.’s LRMAPC can achieve stronger security and privacy requirements and reduce the computation and storage overheads during authentication process. Unfortunately, we discover that Fan et al.’s LRMAPC is susceptible to reader impersonation attack, tag forgery attack and message eavesdropping attack. Besides, it fails to preserve mutual authentication between the reader and the database. In order to remedy these flaws mentioned above, we further present an advanced authentication mechanisms and demonstrate the correctness of the advanced LRMAPC through the Gong-Needham-Yahalom (GNY) logic analysis. Compared the security and efficiency with Fan et al.’s LRMAPC, the advanced LRMAPC satisfies desirable security requirements and maintains acceptable efficiency in terms of the costs of storage space and computation time. As a result, our advanced LRMAPC is a very promising solution for resource-constrained devices in RFID-based IoT systems.
Similar content being viewed by others
References
Atzori L, Iera A, Morabito G (2010) The internet of things: a survey. Comput Netw 54(15):2787–2805
Banerjee D, Dong B, Taghizadeh M, Biswas S (2014) Privacy-preserving channel access for internet of things. IEEE Internet of Things Journal 1(5):430–445
Boyeon S, Chris JM (2008) RFID authentication protocol for low-cost tags Proceedings of 1st ACM conference on wireless network security, Alexandria, USA, pp 140–147
Cho JS, Yeo SS, Kim SK (2011) Securing against brute-force attack: a hash-based RFID mutual authentication protocol using a secret value. Comput Commun 34(3):391–397
Deursen T, Mauw S, Radomirović S, Vullers P (2009) Secure ownership and ownership transfer in RFID systems Proceedings of 14th European symposium on research in computer security, lecture notes in computer science, vol 5789. pp 637–654
Dimitriou T (2016) Key evolving RFID systems: forward/ backward privacy and ownership transfer of RFID tags. Ad Hoc Netw 37(2):195–208
Dominikus S, Kraxberger S (2014) Secure communication with RFID tags in the internet of things. Secur Commun Netw 7(12): 2639–2653
Gong L, Needham R, Yahalom R (1990) Reasoning about belief in cryptographic protocols IEEE computer society symposium on research in security and privacy, Oakland, USA, pp 234–248
Fan K, Ge N, Gong Y, Li H, Su R, Yang Y (2016) An ultra-lightweight RFID authentication scheme for mobile commerce. Peer-to-Peer Networking and Applications. doi:10.1007/s12083-016-0443-6
Fan K, Gong Y, Liang C, Li H, Yang Y (2016) Lightweight and ultralightweight RFID mutual authentication protocol with cache in the reader for iot in 5g. Secur Commun Netw. doi:10.1002/sec.1314
Fan K, Liang C, Li H, Yang Y (2014) LRMAPC: a lightweight RFID mutual authentication protocol with cache in the reader for IoT 2014 IEEE international conference on computer and information technology, Xi’an, China, pp 276–280
He D, Kumar N, Chilamkurti N, Lee JH (2014) Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol. J Med Syst 38:116
He D, Zeadally S (2015) An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet of Things Journal 2(1):72–83
Khedr WI (2013) SRFID: a hash-based security scheme for low cost RFID systems. Egyptian Informatics Journal 14(1):89–98
Kumar N, Kaur K, Misra SC, Iqbal R (2015) An intelligent RFID-enabled authentication scheme for healthcare applications in vehicular mobile cloud. Peer-to-Peer Networking and Applications 9(5):824–840
Lee CC, Chen CT, Li CT, Wu PH (2014) A practical RFID authentication mechanism for digital television. Telecommun Syst 57(3):239–246
Li CT, Lee CC, Weng CY (2016) A secure cloud-assisted wireless body area network in mobile emergency medical care system. J Med Syst 40(5):1–15, article no. 117
Li CT, Lee CW, Shen JJ (2015) An extended chaotic maps based keyword search scheme over encrypted data resist outside and inside keyword guessing attacks in cloud storage services. Nonlinear Dyn 80(3):1601–1611
Li CT, Weng CY, Lee CC (2015) A secure RFID tag authentication protocol with privacy preserving in telecare medicine information systems. J Med Syst 39(8):77
Mayzaud A, Badonnel R, Chrisment I (2016) A taxonomy of attacks in RPL-based internet of things. International Journal of Network Security 18(3):459–473
Nguyen KT, Laurent M, Oualha N (2016) Survey on secure communication protocols for the Internet of things. Ad Hoc Netw 32:17–31
Ohkubo M, Suzuki K, Kinoshita S (2003) Cryptographic approach to ’privacy-friendly’ tags Proceedings of RFID privacy workshop, pp 1–9
Qian Q, Jia YL, Zhang R (2016) A lightweight RFID security protocol based on elliptic curve crytography. International Journal of Network Security 18(2):354–361
RFC 2104 – HMAC. Keyed-Hashing for message authentication. http://www.ietf.org/rfc/rfc2104.txt
Roman R, Zhou J, Lopez J (2013) On the features and challenges of security and privacy in distributed internet of things. Comput Netw 57(10):2266–2279
Srivastava K, Awasthi AK, Kaul SD, Mittal RC (2015) A hash based mutual RFID tag authentication protocol in telecare medicine information system. J Med Syst 39:153
Weis SA, Sarma SE, Rivest RL, Engels DW (2004) Security and privacy aspects of low-cost radio frequency identification systems Proceedings of the 1st security in pervasive computing, lecture notes in computer science, vol 2802. pp 201–212
Xu D, Wu Z, Wu Z, Zhang Q, Qin L, Zhou J (2015) Internet of things: hotspot-based discovery service architecture with security mechanism. International Journal of Network Security 17(2):208–216
Zhou S, Zhang Z, Luo Z, Wong EC (2010) A lightweight anti-desynchronization RFID authentication protocol. Inf Syst Front 12(5):521–528
Acknowledgements
The authors would like to thank the anonymous reviewers and the Editor for their constructive and generous feedback on this paper. In addition, this research was partially supported and funded by the Ministry of Science and Technology, Taiwan, R.O.C., under contract no.: MOST 105-2221-E-165-005 and MOST 105-2221-E-030-012.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Li, CT., Lee, CC., Weng, CY. et al. Towards secure authenticating of cache in the reader for RFID-based IoT systems. Peer-to-Peer Netw. Appl. 11, 198–208 (2018). https://doi.org/10.1007/s12083-017-0564-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-017-0564-6