Skip to main content
SpringerLink
Log in

Cryptanalysis and improvement of a group RFID authentication protocol

  • Published:
Wireless Networks Aims and scope Submit manuscript

Abstract

In recent years, radio frequency identification (RFID) systems have become popular for identification. The key technology to protect the security of RFID systems is mutual authentication between the tags and the server. To enhance the efficiency of RFID systems, recently, Liu et al. proposed a group authentication protocol based on the concept of secret sharing. In this paper, we show that Liu et al.’s protocol falls short of providing security requirements. More specifically, we prove that in their protocol, authenticity of the tags to the server can not be achieved and on top of that the scheme can not be used more than once. We further propose a group mutual authentication protocol for RFID tags to overcome the mentioned drawbacks and prove that our proposal is secure. The results of analyzing the performance of the proposed protocol and its comparison with existing literature indicate that it outperforms current secure RFID authentication protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Jia, X., Feng, Q., & Ma, C. (2010). An efficient anti-collision protocol for RFID tag identification. IEEE Communication Letters, 14(11), 1014–1016.

    Google Scholar 

  2. Jia, X., Feng, Q., Fan, T., & Lei, Q. (2012). RFID technology and its applications in Internet of Things (IoT). In 2012 2nd international conference on consumer electronics, communications and networks (CECNet) (pp. 1282–1285).

  3. Memon, I., Hussain, I., Akhtar, R., & Chen, G. (2015). Enhanced privacy and authentication: An efficient and secure anonymous communication for location based service using asymmetric cryptography scheme. Wireless Personal Communications, 84(2), 1487–1508.

    Google Scholar 

  4. Memon, I., Arain, Q. A., Memon, H., & Mangi, F. A. (2017). Efficient user based authentication protocol for location based services discovery over road networks. Wireless Personal Communications, 95(4), 3713–3732.

    Google Scholar 

  5. Madhusudhan, R., Hegde, M., & Memon, I. (2018). A secure and enhanced elliptic curve cryptography-based dynamic authentication scheme using smart card. International Journal of Communication Systems, 31(11), 1–21.

    Google Scholar 

  6. Michahelles, F., Thiesse, F., Schmidt, A., & Williams, J. R. (2007). Pervasive RFID and near field communication technology. IEEE Pervasive Computing, 6(3), 94–96.

    Google Scholar 

  7. Chien, H. (2007). SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing, 4(4), 337–340.

    Google Scholar 

  8. Avoine, G., Dysli, E., & Oechslin, P. (2006). Reducing time complexity in RFID systems. In Selected areas in cryptography (pp. 291–306).

  9. Juels, A., & Weis, S. A. (2005). Authenticating pervasive devices with human protocols. Advances in Cryptology—CRYPTO, 2005, 293–308.

    MathSciNet  MATH  Google Scholar 

  10. Cao, T., Shen, P., & Bertino, E. (2008). Cryptanalysis of some RFID authentication protocols. Journal of Communications, 3, 20–27.

    Google Scholar 

  11. Yang, J., Park, J., Lee, H., Ren, K., & Kim, K. (2005). Mutual authentication protocol for low-cost RFID. In Workshop on RFID and lightweight crypto (pp. 17–24).

  12. Liu, Y., Zhong, Q., Chang, L., Xia, Z., He, D., & Cheng, C. (2016). A secure data backup scheme using multi-factor authentication. IET Information Security, 11(5), 250–255.

    Google Scholar 

  13. Yeh, T. C., Wu, C. H., & Tseng, Y. M. (2011). Improvement of the RFID authentication scheme based on quadratic residues. Computer Communications, 34(3), 337–341.

    Google Scholar 

  14. Liu, Y., Cheng, C., Gu, T., Jiang, T., & Li, X. (2016). A lightweight authenticated communication scheme for smart grid. IEEE Sensors Journal, 16(3), 836–842.

    Google Scholar 

  15. Molnar, D., & Wagner, D. (2004). Privacy and security in library RFID: Issues, practices, and architectures. In Proceedings of the 11th ACM conference on computer and communications security (pp. 210–219).

  16. Chen, Y., Chou, J. S., & Sun, H. M. (2008). A novel mutual authentication scheme based on quadratic residues for RFID systems. Computer Networks, 52(12), 2373–2380.

    MATH  Google Scholar 

  17. Chien, H. Y. (2013). Combining Rabin cryptosystem and error correction codes to facilitate anonymous authentication with un-traceability for low-end devices. Computer Networks, 57(14), 2705–2717.

    Google Scholar 

  18. Chien, H. Y., & Laih, C. S. (2009). ECC-based lightweight authentication protocol with untraceability for low-cost RFID. Journal of Parallel and Distributed Computing, 69(10), 848–853.

    Google Scholar 

  19. Gòdor, G., & Imre, S. (2011). Elliptic curve cryptography based authentication protocol for low-cost RFID tags. InIEEE international conference on RFID-technologies and applications, 2011 (pp. 386–393).

  20. Chien, H. Y. (2017). Elliptic curve cryptography-based RFID authentication resisting active tracking. Wireless Personal Communications, 94(4), 2925–2936.

    Google Scholar 

  21. Dinarvand, N., & Barati, H. (2019). An efficient and secure RFID authentication protocol using elliptic curve cryptography. Wireless Networks, 25(1), 415–428.

    Google Scholar 

  22. Gholami, V., & Alagheband, M. R. (2019). Provably privacy analysis and improvements of the lightweight RFID authentication protocols. Wireless Networks. https://doi.org/10.1007/s11276-019-02037-z.

    Article  Google Scholar 

  23. Global, E. P. C. (2008). EPC radio-frequency identity protocols class-1 generation-2 UHF RFID protocol for communications at 860 MHz–960 MHz. Version, 1, 23.

    Google Scholar 

  24. Liu, Y., Sun, Q., Wang, Y., Zhu, L., & Ji, W. (2019). Efficient group authentication in RFID using secret sharing scheme. Cluster Computing, 22(4), 8605–8611.

    Google Scholar 

  25. Saito, J., & Sakurai, K. (2005). Grouping proof for RFID tags. In 19th international conference on advanced information networking and applications, AINA 2005, vol. 2 (pp. 621–624).

  26. Lin, C. C., Lai, Y. C., Tygar, J., Yang, C. K., & Chiang, C. L. (2007). Coexistence proof using chain of timestamps for multiple RFID tags. Advances in Web and Network Technologies, and Information Management, 4537, 634–643.

    Google Scholar 

  27. Lien, Y., Leng, X., Mayes, K., & Chiu, J. H. (2008). Reading order independent grouping proof for RFID tags. In IEEE international conference on intelligence and security informatics, 2008 (pp. 128–136).

  28. Liu, H., Ning, H., Zhang, Y., He, D., Xiong, Q., & Yang, L. (2013). Grouping proofs-based authentication protocol for distributed RFID systems. IEEE Transactions on Parallel and Distributed Systems, 24(7), 1321–1330.

    Google Scholar 

  29. Dhal, S., & Gupta, I. (2014). A new authentication protocol for RFID communication in multi-tag arrangement. In International conference on computing for sustainable global development (INDIACom), 2014 (pp. 668–673).

  30. Shen, J., Tan, H., Chang, S., Ren, Y., & Liu, Q. (2015). A lightweight and practical RFID grouping authentication protocol in multiple-tag arrangements. In 2015 17th international conference on advanced communication technology (ICACT).

  31. Cheng, S., Varadharajan, V., Mu, Y., & Susilo, W. (2017). An efficient and provably secure RFID grouping proof protocol. In Proceedings of the Australasian computer science week multiconference (p. 71).

  32. Vaudenay, S. (2007). On privacy models for RFID. In International conference on the theory and application of cryptology and information security (pp. 68–87).

  33. Batina, L., Lee, Y. K., Seys, S., Singelee, D., & Verbauwhede, I. (2010). Privacy-preserving ECC-based grouping proofs for RFID. In International conference on information security (pp. 159–165).

  34. Lv, C., Jia, X., Lin, J., Jing, J., & Tian, L. (2011). An efficient group-based secret sharing scheme. In International conference on information security practice and experience (pp. 288–301).

  35. Hermans, J., & Peeters, R. (2012). Private yoking proofs: Attacks, models and new provable constructions. In International workshop on radio frequency identification: Security and privacy issues (pp. 96–108).

  36. Lin, Q., & Zhang, F. (2012). ECC-based grouping-proof RFID for inpatient medication safety. Journal of Medical Systems, 36(6), 3527–3531.

    MathSciNet  Google Scholar 

  37. Ko, W. T., Chiou, S. Y., Lu, E. H., & Chang, H. K. C. (2014). Modifying the ECC-based grouping-proof RFID system to increase inpatient medication safety. Journal of Medical Systems, 38(9), 66.

    Google Scholar 

  38. Langheinrich, M., & Marti, R. (2007). Practical minimalist cryptography for RFID privacy. IEEE Systems Journal, 1(2), 115–128.

    Google Scholar 

  39. Shamir, A. (1979). How to share a secret. Communications of the ACM, 22(11), 612–613.

    MathSciNet  MATH  Google Scholar 

  40. Lv, C., Jia, X., Lin, J., Jing, J., Tian, L., & Sun, M. (2011). Efficient secret sharing schemes. In Data management and applications: Secure and trust computing (pp. 114–121).

  41. Juels, A., Pappu, R., & Parno, B. (2008). Unidirectional key distribution across time and space with applications to RFID security. In USENIX security symposium (pp. 75–90).

  42. Cai, S., Li, T., Ma, C., Li, Y., & Deng, R. H. (2009). Enabling secure secret updating for unidirectional key distribution in RFID-enabled supply chains. In International conference on information and communications security (pp. 150–164).

  43. Abughazalah, S., Markantonakis, K., & Mayes, K. (2014). Enhancing the key distribution model in the RFID-enabled supply chains. In 2014 28th international conference on advanced information networking and applications workshops (pp. 871–878).

  44. Zhang, X., Li, L., Wu, Y., & Zhang, Q. (2011). An ECDLP-based randomized key RFID authentication protocol. In 2011 international conference on network computing and information security, vol. 2 (pp. 146–149).

  45. Liao, Y. P., & Hsiao, C. M. (2014). A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol. Ad Hoc Networks, 18, 133–146.

    Google Scholar 

  46. Avoine, G., Carpent, X., & Hernandez-Castro, J. (2015). Pitfalls in ultralightweight authentication protocol designs. IEEE Transactions on Mobile Computing, 15(9), 2317–2332.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Science Research Center, Iranian Research Institute for Information Science and Technology (IRANDOC), Tehran, Iran

    Nasrollah Pakniat

  2. Department of Data and Computer Science, Shahid Beheshti University, G.C., Tehran, Iran

    Ziba Eslami

Authors
  1. Nasrollah Pakniat
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ziba Eslami
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nasrollah Pakniat.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Pakniat, N., Eslami, Z. Cryptanalysis and improvement of a group RFID authentication protocol. Wireless Netw 26, 3363–3372 (2020). https://doi.org/10.1007/s11276-020-02266-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11276-020-02266-7

Keywords

Search

Navigation