Abstract
In recent years, radio frequency identification (RFID) systems have become popular for identification. The key technology to protect the security of RFID systems is mutual authentication between the tags and the server. To enhance the efficiency of RFID systems, recently, Liu et al. proposed a group authentication protocol based on the concept of secret sharing. In this paper, we show that Liu et al.’s protocol falls short of providing security requirements. More specifically, we prove that in their protocol, authenticity of the tags to the server can not be achieved and on top of that the scheme can not be used more than once. We further propose a group mutual authentication protocol for RFID tags to overcome the mentioned drawbacks and prove that our proposal is secure. The results of analyzing the performance of the proposed protocol and its comparison with existing literature indicate that it outperforms current secure RFID authentication protocols.
Similar content being viewed by others
References
Jia, X., Feng, Q., & Ma, C. (2010). An efficient anti-collision protocol for RFID tag identification. IEEE Communication Letters, 14(11), 1014–1016.
Jia, X., Feng, Q., Fan, T., & Lei, Q. (2012). RFID technology and its applications in Internet of Things (IoT). In 2012 2nd international conference on consumer electronics, communications and networks (CECNet) (pp. 1282–1285).
Memon, I., Hussain, I., Akhtar, R., & Chen, G. (2015). Enhanced privacy and authentication: An efficient and secure anonymous communication for location based service using asymmetric cryptography scheme. Wireless Personal Communications, 84(2), 1487–1508.
Memon, I., Arain, Q. A., Memon, H., & Mangi, F. A. (2017). Efficient user based authentication protocol for location based services discovery over road networks. Wireless Personal Communications, 95(4), 3713–3732.
Madhusudhan, R., Hegde, M., & Memon, I. (2018). A secure and enhanced elliptic curve cryptography-based dynamic authentication scheme using smart card. International Journal of Communication Systems, 31(11), 1–21.
Michahelles, F., Thiesse, F., Schmidt, A., & Williams, J. R. (2007). Pervasive RFID and near field communication technology. IEEE Pervasive Computing, 6(3), 94–96.
Chien, H. (2007). SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing, 4(4), 337–340.
Avoine, G., Dysli, E., & Oechslin, P. (2006). Reducing time complexity in RFID systems. In Selected areas in cryptography (pp. 291–306).
Juels, A., & Weis, S. A. (2005). Authenticating pervasive devices with human protocols. Advances in Cryptology—CRYPTO, 2005, 293–308.
Cao, T., Shen, P., & Bertino, E. (2008). Cryptanalysis of some RFID authentication protocols. Journal of Communications, 3, 20–27.
Yang, J., Park, J., Lee, H., Ren, K., & Kim, K. (2005). Mutual authentication protocol for low-cost RFID. In Workshop on RFID and lightweight crypto (pp. 17–24).
Liu, Y., Zhong, Q., Chang, L., Xia, Z., He, D., & Cheng, C. (2016). A secure data backup scheme using multi-factor authentication. IET Information Security, 11(5), 250–255.
Yeh, T. C., Wu, C. H., & Tseng, Y. M. (2011). Improvement of the RFID authentication scheme based on quadratic residues. Computer Communications, 34(3), 337–341.
Liu, Y., Cheng, C., Gu, T., Jiang, T., & Li, X. (2016). A lightweight authenticated communication scheme for smart grid. IEEE Sensors Journal, 16(3), 836–842.
Molnar, D., & Wagner, D. (2004). Privacy and security in library RFID: Issues, practices, and architectures. In Proceedings of the 11th ACM conference on computer and communications security (pp. 210–219).
Chen, Y., Chou, J. S., & Sun, H. M. (2008). A novel mutual authentication scheme based on quadratic residues for RFID systems. Computer Networks, 52(12), 2373–2380.
Chien, H. Y. (2013). Combining Rabin cryptosystem and error correction codes to facilitate anonymous authentication with un-traceability for low-end devices. Computer Networks, 57(14), 2705–2717.
Chien, H. Y., & Laih, C. S. (2009). ECC-based lightweight authentication protocol with untraceability for low-cost RFID. Journal of Parallel and Distributed Computing, 69(10), 848–853.
Gòdor, G., & Imre, S. (2011). Elliptic curve cryptography based authentication protocol for low-cost RFID tags. InIEEE international conference on RFID-technologies and applications, 2011 (pp. 386–393).
Chien, H. Y. (2017). Elliptic curve cryptography-based RFID authentication resisting active tracking. Wireless Personal Communications, 94(4), 2925–2936.
Dinarvand, N., & Barati, H. (2019). An efficient and secure RFID authentication protocol using elliptic curve cryptography. Wireless Networks, 25(1), 415–428.
Gholami, V., & Alagheband, M. R. (2019). Provably privacy analysis and improvements of the lightweight RFID authentication protocols. Wireless Networks. https://doi.org/10.1007/s11276-019-02037-z.
Global, E. P. C. (2008). EPC radio-frequency identity protocols class-1 generation-2 UHF RFID protocol for communications at 860 MHz–960 MHz. Version, 1, 23.
Liu, Y., Sun, Q., Wang, Y., Zhu, L., & Ji, W. (2019). Efficient group authentication in RFID using secret sharing scheme. Cluster Computing, 22(4), 8605–8611.
Saito, J., & Sakurai, K. (2005). Grouping proof for RFID tags. In 19th international conference on advanced information networking and applications, AINA 2005, vol. 2 (pp. 621–624).
Lin, C. C., Lai, Y. C., Tygar, J., Yang, C. K., & Chiang, C. L. (2007). Coexistence proof using chain of timestamps for multiple RFID tags. Advances in Web and Network Technologies, and Information Management, 4537, 634–643.
Lien, Y., Leng, X., Mayes, K., & Chiu, J. H. (2008). Reading order independent grouping proof for RFID tags. In IEEE international conference on intelligence and security informatics, 2008 (pp. 128–136).
Liu, H., Ning, H., Zhang, Y., He, D., Xiong, Q., & Yang, L. (2013). Grouping proofs-based authentication protocol for distributed RFID systems. IEEE Transactions on Parallel and Distributed Systems, 24(7), 1321–1330.
Dhal, S., & Gupta, I. (2014). A new authentication protocol for RFID communication in multi-tag arrangement. In International conference on computing for sustainable global development (INDIACom), 2014 (pp. 668–673).
Shen, J., Tan, H., Chang, S., Ren, Y., & Liu, Q. (2015). A lightweight and practical RFID grouping authentication protocol in multiple-tag arrangements. In 2015 17th international conference on advanced communication technology (ICACT).
Cheng, S., Varadharajan, V., Mu, Y., & Susilo, W. (2017). An efficient and provably secure RFID grouping proof protocol. In Proceedings of the Australasian computer science week multiconference (p. 71).
Vaudenay, S. (2007). On privacy models for RFID. In International conference on the theory and application of cryptology and information security (pp. 68–87).
Batina, L., Lee, Y. K., Seys, S., Singelee, D., & Verbauwhede, I. (2010). Privacy-preserving ECC-based grouping proofs for RFID. In International conference on information security (pp. 159–165).
Lv, C., Jia, X., Lin, J., Jing, J., & Tian, L. (2011). An efficient group-based secret sharing scheme. In International conference on information security practice and experience (pp. 288–301).
Hermans, J., & Peeters, R. (2012). Private yoking proofs: Attacks, models and new provable constructions. In International workshop on radio frequency identification: Security and privacy issues (pp. 96–108).
Lin, Q., & Zhang, F. (2012). ECC-based grouping-proof RFID for inpatient medication safety. Journal of Medical Systems, 36(6), 3527–3531.
Ko, W. T., Chiou, S. Y., Lu, E. H., & Chang, H. K. C. (2014). Modifying the ECC-based grouping-proof RFID system to increase inpatient medication safety. Journal of Medical Systems, 38(9), 66.
Langheinrich, M., & Marti, R. (2007). Practical minimalist cryptography for RFID privacy. IEEE Systems Journal, 1(2), 115–128.
Shamir, A. (1979). How to share a secret. Communications of the ACM, 22(11), 612–613.
Lv, C., Jia, X., Lin, J., Jing, J., Tian, L., & Sun, M. (2011). Efficient secret sharing schemes. In Data management and applications: Secure and trust computing (pp. 114–121).
Juels, A., Pappu, R., & Parno, B. (2008). Unidirectional key distribution across time and space with applications to RFID security. In USENIX security symposium (pp. 75–90).
Cai, S., Li, T., Ma, C., Li, Y., & Deng, R. H. (2009). Enabling secure secret updating for unidirectional key distribution in RFID-enabled supply chains. In International conference on information and communications security (pp. 150–164).
Abughazalah, S., Markantonakis, K., & Mayes, K. (2014). Enhancing the key distribution model in the RFID-enabled supply chains. In 2014 28th international conference on advanced information networking and applications workshops (pp. 871–878).
Zhang, X., Li, L., Wu, Y., & Zhang, Q. (2011). An ECDLP-based randomized key RFID authentication protocol. In 2011 international conference on network computing and information security, vol. 2 (pp. 146–149).
Liao, Y. P., & Hsiao, C. M. (2014). A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol. Ad Hoc Networks, 18, 133–146.
Avoine, G., Carpent, X., & Hernandez-Castro, J. (2015). Pitfalls in ultralightweight authentication protocol designs. IEEE Transactions on Mobile Computing, 15(9), 2317–2332.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Pakniat, N., Eslami, Z. Cryptanalysis and improvement of a group RFID authentication protocol. Wireless Netw 26, 3363–3372 (2020). https://doi.org/10.1007/s11276-020-02266-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11276-020-02266-7