Skip to main content
SpringerLink
Log in

Elliptic Curve Cryptography-Based RFID Authentication Resisting Active Tracking

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The challenge of authentication for radio frequency identification (RFID) with low computing capacities call for computation-efficient authentication that can achieve mutual authentication, anonymity, and tracking resistance. The excellent performance of elliptic curve cryptography (ECC) including its strong security, its small key size and efficient computation has attracted many researchers’ attention in designing RFID authentication. Recently there are several promising ECC-based RFID authentication schemes aimed at achieving the above functions. Despite of their good performance in terms of computation and general security properties, we find that they all fall in the same security pitfall-being vulnerable to active tracking. In this paper, we identify these weaknesses and then propose a new ECC-based RFID authentication which conquers the weakness and even improves the computational performance.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. EPC Radio-Frequency Identity Protocols Class-1 Generation-2 UHF RFID Protocol for Communications at 860 MHz–960 MHz, Version 1.2.0. EPCglobal Inc., October 2008. www.gs1.org.

  2. Avoine’s RFID Security & Privacy Lounge. http://www.avoine.net/rfid/.

  3. Avoine, G., Dysli, E., & Oechslin, P. (2005). Reducing time complexity in RFID systems. In The 12th annual workshop on selected areas in cryptography (SAC).

  4. Juels, A., & Weis, S. A. (2005). Authenticating pervasive devices with human protocols. In Advances in cryptology—Crypto’05, LNCS (Vol. 3126, pp. 293–308). Berlin: Springer.

  5. Duc, D. N., Park, J., Lee, H., & Kim, K. (2006). Enhancing security of EPCglobal Gen-2 RFID tag against traceability and cloning. In The 2006 symposium on cryptography and information security.

  6. Juels, A. (2005). Strengthening EPC tag against cloning. In Proceedings of WiSe ‘05.

  7. Yang, J., Park, J., Lee, H., Ren, K., & Kim, K. (2005). Mutual authentication protocol for low-cost RFID. In Handout of the Ecrypt Workshop on RFID and Lightweight Crypto.

  8. Hopper, N. J., & Blum, M. (2001). Secure human identification protocols. In Proceedings of in advances in cryptology—ASIACRYPT 2001, LNCS (Vol. 2248, pp. 52–66).

  9. Piramuthu, S. (2006). HB and related lightweight authentication protocols for secure RFID tag/reader authentication. In CollECTeR Europe Conference.

  10. Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. In Proceedings of 2nd Workshop on RFID Security.

  11. Li, T., & Wang, G. (2007). Security analysis of two ultra-lightweight RFID authentication protocols. In IFIP SEC 2007.

  12. Li, T., & Deng, R. H. (2007). Vulnerability analysis of EMAP—An efficient RFID mutual authentication protocol. In The second international conference on availability, reliability and security (AReS 2007), 2007 Vienna.

  13. Chien, H. Y. (2007). SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing, 4(4), 337–340.

    Article  Google Scholar 

  14. Karthikeyan, S., & Nesterenko, M. (2005). RFID security without extensive cryptography. In Proceedings of the 3rd ACM workshop on Security of ad hoc and sensor networks, Alexandria, VA, USA, pp. 63–67, Nov., 2005.

  15. Molnar, D., & Wagner, D. (2004). Privacy and security in library RFID: Issues, practices, and architectures. In Proceedings of conference on computer and communications security—CCS’04, Washington, DC, USA, pp. 210–219, Oct., 2004.

  16. Ohkubo, M., Suzki, K., & Kinoshita, S. (2003). Cryptographic approach to ‘Privacy-Friendly’ tags. Presented at the RFID Privacy Workshop (MIT, Cambridge, MA, Nov. 15 2003); rfidprivacy.ex.com/2003/agenda.php.

  17. Rhee, K., Kwak, J., Kim, S., & Won, D. (2005). Challenge-response based RFID authentication protocol for distributed database environment. In Proceedings of international conference on security in pervasive computing—SPC, Berlin, Germany, LNCS (Vol. 3450, pp. 70–84).

  18. Chien, H. Y., & Laih, C. S. (2009). ECC-based lightweight authentication protocol with untraceability for low-cost RFID. Journal of Parallel and Distributed Computing, 69, 848–853.

    Article  Google Scholar 

  19. Chien, H. Y. (2013). Combining Rabin cryptosystem and error correction codes to facilitate anonymous authentication with un-traceability for low-end devices. Computer Networks, 57(14), 2705–2717.

    Article  Google Scholar 

  20. Lee, Y. K., Batina, L., & Verbauwhede, I. (2008). EC-RAC (ECDLP based randomized access control): Provably secure RFID authentication protocol. In IEEE International Conference on RFID, pp. 97–104.

  21. Zhang, X. L., Li, L. S., Wu, Y., & Zhang, Q. (2011). An ECDLP-based randomized key RFID authentication protocol. In 2011 international conference on network computing and information security.

  22. Tuyls, P., & Batina, L. (2006). RFID-tags for anti-counterfeiting. Lecture Notes in Computer Science, 3860, 115–131.

    Article  MathSciNet  MATH  Google Scholar 

  23. Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., Verbauwhede, I. (2007). Public-key cryptography for RFID-tags. In Fifth IEEE international conference on pervasive computing and communications workshops, 2007, pp. 217–222.

  24. Deursen, T., Radomirovíc, S. (2008). Attacks on RFID protocols. In Cryptology ePrint Archive: listing for 2008 (2008/310), 2008.

  25. Bringer, J., Chabanne, H., & Icart, T. (2008). Cryptanalysis of EC-RAC, a RFID identification protocol. In International conference on cryptology and network security—CANS’08, Lecture Notes in Computer Science. Berlin: Springer.

  26. Godor, G., & Imre, S. (2011). Elliptic curve cryptography based authentication protocol for low-cost RFID tags. In 2011 IEEE international conference on RFID-technologies and applications.

  27. Liao, Y. P., & Hsiao, C. M. (2014). A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol. Ad Hoc Networks, 18, 133–146.

    Article  Google Scholar 

  28. Jurisic, A., & Menezes, A. J. (1997). Elliptic curves and cryptography. Certicom Whitepaper.

  29. Boneh, D., & Franklin, M. (2001). Identity-based encryption from the Weil pairing. In Proceedings of Crypto’01, Santa Barbara, California, USA, 19–23 August, LNCS (Vol. 2139, pp. 213–229). Berlin: Springer.

  30. National Security Agency, the US, The case for elliptic curve cryptography. https://www.nsa.gov/business/programs/elliptic_curve.shtml. Accessed December 25, 2014.

  31. Jurisic, A., & Menezes A. J. (1997). Elliptic curves and cryptography. Certicom Whitepaper.

Download references

Acknowledgments

This project is partially supported by the Ministry of Science and Technology, Taiwan, R.O.C., under Grant No. MOST 105-2221-E-260-014.

Author information

Authors and Affiliations

  1. Department of Information Management, National Chi-Nan University, Nantou, Taiwan, ROC

    Hung-Yu Chien

Authors
  1. Hung-Yu Chien
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hung-Yu Chien.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chien, HY. Elliptic Curve Cryptography-Based RFID Authentication Resisting Active Tracking. Wireless Pers Commun 94, 2925–2936 (2017). https://doi.org/10.1007/s11277-016-3756-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-016-3756-0

Keywords

Search

Navigation