Skip to main content
SpringerLink
Log in

Efficient RFID Authentication Using Elliptic Curve Cryptography for the Internet of Things

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The Internet of Things (IoT) is an expansion of Internet-based sensing, processing and networking. As a key technique of the IoT, the Radio Frequency Identification (RFID) had a prosperous development in the past decade. Security schemes were also proposed to ensure secure RFID authentication. This paper analyzes security weaknesses found in previous schemes and proposes a new RFID authentication scheme using Elliptic Curve Cryptography (ECC). Security analysis results show that the proposed scheme can meet security requirements of RFID authentication while requiring no extra cost in terms of performance.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Gubbi, J., Buyya, R., Marusic, S., & Palaniswami, M. (2013). Internet of Things (IoT): A vision architectural elements, and future directions. Future Generation Computer Systems, 29(7), 1645–1660.

    Article  Google Scholar 

  2. Najera, P., Lopez, J., & Roman, R. (2011). Real-time location and inpatient care systems based on passive RFID. Journal of Network and Computer Applications, 34(3), 980–989.

    Article  Google Scholar 

  3. Weinstein, R. (2005). RFID: A technical overview and its application to the enterprise. IEEE IT Professional, 7(3), 27–33.

    Article  Google Scholar 

  4. Juels, A. (2006). RFID security and privacy: A research survey. IEEE Journal on Selected Areas in Communication, 24, 381–394.

    Article  Google Scholar 

  5. Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. In Proceedings of 2nd Workshop in RFID Security (pp. 27–36)

  6. Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). EMAP: An efficient mutual authentication protocol for low-cost RFID tags. In Proceedings of OTM Federated Conference. Workshop: ISWorkshop (pp. 352–361)

  7. Weis, S., Sarma, S., Rivest, R., & Engels, D. (2003). Security and privacy aspects of low-cost radio frequency identification systems. In Proceedings of International Conference in Security in Pervasive Computing (pp. 454–469)

  8. Chien, H. (2006). Secure access control schemes for RFID systems with anonymity. In Proceedings of International Workshop in Future Mobile Ubiquitous Information Technology (FMUIT ‘06) (pp. 96–99)

  9. Lim, J., Oh, H., & Kim, S. (2008). A new hash-based RFID mutual authentication protocol providing enhanced user privacy protection. In Proceedings of 4th International Conference in Information Security Practice and Experience (ISPEC) (pp. 278–289)

  10. Liu, A., & Bailey, A. (2009). A privacy and authentication protocol for passive RFID tags. Computer Communications, 32(7), 1194–1199.

    Article  Google Scholar 

  11. Kang, S., Lee, D., & Lee, I. (2008). A study on secure RFID mutual authentication scheme in pervasive. Computer Communications, 31(18), 248–4254.

    Article  Google Scholar 

  12. Cho, J., Yeo, S., & Kim, S. (2011). Securing against brute-force attack: Ahash-based RFID mutual authentication protocol using a secret value. Computer Communications, 34(3), 391–397.

    Article  Google Scholar 

  13. Farash, M. (2014). Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography. The Journal of Supercomputing. doi:10.1007/s11227-014-1272-0.

    Google Scholar 

  14. Chou, J. (2014). An efficient mutual authentication RFID scheme based on elliptic curve cryptography. The Journal of Supercomputing, 70(1), 75–94.

    Article  MathSciNet  Google Scholar 

  15. Liu, Y., Qin, X., & Wang, C. (2013). A lightweight RFID authentication protocol based on elliptic curve cryptography. The Journal of Supercomputing, 8(11), 2880–2887.

    Google Scholar 

  16. Liao, Y., & Hsiao, C. (2014). A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol. Ad Hoc Networks, 18, 133–146.

    Article  Google Scholar 

  17. Chen, Y., & Chou, J. (2015). ECC-based untraceable authentication for large-scale active-tag RFID systems. Electronic Commerce Research, 15(1), 97–120.

    Article  Google Scholar 

  18. Tuyls, P., & Batina, L. (2006). RFID-tags for anti-counterfeiting. In Proceedings of Topics in Cryptology (CT-RSA) (pp. 115–131)

  19. Lee, Y., Batina, L., & Verbauwhede, I. EC-RAC (ECDLP based randomized access control): Provably secure RFID authentication protocol. In Proceedings of IEEE International Conference in RFID (pp. 97–104)

  20. Fu, Z., Sun, X., Liu, Q., Zhou, L., & Shu, J. (2015). Achieving efficient cloud search services: Multi keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Transactions on Communications, 98(1), 190–200.

    Article  Google Scholar 

  21. Xia, X., Wang, X., Sun, X., & Wang, Q. (2015). A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Transactions on Parallel and Distributed Systems, 27(2), 340–352.

    Article  Google Scholar 

  22. Fu, Z., Ren, K., Shu, J., Sun, X., & Huang, F. (2015). Enabling personalized search over encrypted outsourced data with efficiency improvement. IEEE Transactions on Parallel and Distributed Systems. doi:10.1109/TPDS.2015.2506573.

    Google Scholar 

  23. Ren, Y., Shen, J., Wang, J., Han, J., & Lee, S. (2015). Mutual verifiable provable data auditing in public cloud storage. Journal of Internet Technology, 16(2), 317–323.

    Google Scholar 

  24. He, D., Zeadally, S., & Wu, L. (2015). Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Systems Journal. doi:10.1109/JSYST.2015.2428620.

    Google Scholar 

  25. He, D., Zeadally, S., Kumar, N., & Lee, J. (2016). One-to-many authentication for access control in mobile pay-tv systems. Science China Information Sciences. doi:10.1007/s11432-015-5469-5.

    MathSciNet  Google Scholar 

  26. He, D., Zeadally, S., Kumar, N., & Lee, J. (2016). Anonymous authentication for wireless body area networks with provable security. IEEE Systems Journal. doi:10.1109/JSYST.2016.2544805.

    Google Scholar 

  27. Bringer, J., Chabanne, H., & Icart, T. (2008). Cryptanalysis of EC-RAC, a RFID identification protocol. In Proceedings of 7th International Conference in Cryptology and Network Security (CNS’08) (pp. 149–161)

  28. Lee, Y., Batina, L., & Verbauwhede, I. (2009). Untraceable RFID authentication protocols: Revision of EC-RAC. In Proceedings of IEEE nternational Conference in RFID (pp. 178–185)

  29. Deursen, T., & Radomirovic, S. (2009). Untraceable RFID protocols are not trivially composable: Attacks on the revision of EC-RAC. Cryptology ePrint Archive, Report

  30. Jiang, Q., Ma, J., Lu, X., & Tian, Y. (2015). An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Networking and Applications, 8(6), 1070–1081.

    Article  Google Scholar 

  31. Jiang, Q., Ma, J., Li, G., & Yang, L. (2013). An enhanced authentication scheme with privacy preservation for roaming service in global mobility networks. Wireless Personal Communications, 68(4), 1477–1491.

    Article  Google Scholar 

  32. Wang, D., He, D., Wang, P., & Chu, C. (2015). Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Transactions on Dependable and Secure Computing, 12(4), 428–442.

    Article  Google Scholar 

  33. Wang, D., Wang, N., Wang, P., & Qing, S. (2015). Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity. Information Sciences, 321, 162–178.

    Article  Google Scholar 

  34. Guo, P., Wang, J., Li, B., & Lee, S. (2014). A variable threshold-value authentication architecture for wireless mesh networks. Journal of Internet Technology, 15(6), 929–936.

    Google Scholar 

  35. Shen, J., Tan, H., Wang, J., Wang, J., & Lee, S. (2015). A novel routing protocol providing good transmission reliability in underwater sensor networks. Journal of Internet Technology, 16(1), 171–178.

    Google Scholar 

  36. He, D., & Zeadally, S. (2015). Authentication protocol for ambient assisted living system. IEEE Communications Magazine, 35(1), 71–77.

    Article  Google Scholar 

  37. Ryu, E., Kim, D., Yoo, K. (2015). On elliptic curve based untraceable RFID authentication protocols. In Proceedings of the 3rd ACM Workshop in Information Hiding and Multimedia Security, ACM

  38. Pointcheval, D., & Stern, J. (2000). Security arguments for digital signatures and blind signatures. Journal of Cryptology, 13(3), 361–396.

    Article  MATH  Google Scholar 

  39. Godor, G., Giczi, N., Imre, S. (2010). Elliptic curve cryptography based mutual authentication protocol for low computational capacity RFID systems-performance analysis by simulations. In IEEE International Conference on Wireless Communications, Networking and Information Security (WCNIS) (pp. 650–657)

  40. Cao, X., & Kou, W. (2010). A pairing-free identity-based authenticated key agreement protocol with minimal message exchanges. Information Sciences, 180(15), 2895–2903.

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgments

The work of H. Shen was supported by the National Natural Science Foundation of China (Nos. 61272453, 61373169, 61402339, U1536204), the CICAEET fund, the PAPD fund, and the Guangxi Key Laboratory of Trusted Software (No. kx201529). The work of J.-H. Lee was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT & Future Planning (NRF-2014R1A1A1006770). The authors would like to extend their sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding this Prolific Research Group (PRG-1436-16).

Author information

Authors and Affiliations

  1. School of Mathematics and Statistics, Wuhan University, Wuhan, China

    Han Shen

  2. Guangxi Key Laboratory of Trusted Software, Guilin University of Electronic Technology, Guilin, China

    Han Shen

  3. School of Computer and Software, Nanjing University of Information Science and Technology, Nanjing, China

    Jian Shen

  4. Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia

    Muhammad Khurram Khan

  5. Department of Computer Science and Engineering, Sangmyung University, Cheonan, Republic of Korea

    Jong-Hyouk Lee

Authors
  1. Han Shen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jian Shen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jong-Hyouk Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jong-Hyouk Lee.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Shen, H., Shen, J., Khan, M.K. et al. Efficient RFID Authentication Using Elliptic Curve Cryptography for the Internet of Things. Wireless Pers Commun 96, 5253–5266 (2017). https://doi.org/10.1007/s11277-016-3739-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-016-3739-1

Keywords

Search

Navigation