Abstract
In order to support robust implementation of IoT, many schemes have been done to provide privacy, anonymity, scalability and customizability. Ray et al.’s scheme and Mir et al.’s protocol are analyzed in this paper and suffer from tracing attacks. Ray et al.’s scheme is subjected to malicious impersonation attacks, and does not achieve strong forward untraceability. Then the improved protocol is proposed, which adapts quadratic residue theorem to offer better security, scalability and customizability. Finally, the improved protocol meets forward untraceability, backward untraceability and strong forward untraceability under the untraceability model, and resists reader impersonation attacks, tag impersonation attacks, and tracing attacks. The comparison results show that the improved protocol offers better security and scalability than the existing protocols.
Similar content being viewed by others
References
Gautam, R., Singh, A., Karthik, K., et al. (2017). Traceability using RFID and its formulation for a kiwifruit supply chain. Computers and Industrial Engineering,103, 46–58.
Omar, H. Q., Khoshnaw, A., & Monnet, W. (2017). Smart patient management, monitoring and tracking system using radio-frequency identification (RFID) technology. In Biomedical engineering and sciences. IEEE.
Dusart, P., & Traoré, S. (2013). Lightweight authentication protocol for low-cost RFID tags. In L. Cavallaro & D. Gollmann (Eds.), WISTP 2013, LNCS (Vol. 7886, pp. 129–144). Heidelberg: Springer.
Li, C. T., Weng, C. Y., & Lee, C. C. (2015). A Secure RFID tag authentication protocol with privacy preserving in telecare medicine information system. Journal of Medical Systems,39(8), 1–8.
Srivastava, K., Awasthi, A. K., Kaul, S. D., et al. (2015). A hash based mutual RFID tag authentication protocol in telecare medicine information system. Journal of Medical Systems,39(1), 1–5.
Jin, C., Xu, C., Zhang, X., et al. (2015). A secure RFID mutual authentication protocol for healthcare environments using elliptic curve cryptography. Journal of Medical Systems,39(3), 1–8.
Tewari, A., & Gupta, B. B. (2017). Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags. Journal of Supercomputing,73, 1–18.
Gandino, F., Montrucchio, B., & Rebaudengo, M. (2017). A security protocol for RFID traceability. International Journal of Communication Systems,30(6), 1–14.
Sundaresan, S., Doss, R., Piramuthu, S., et al. (2017). A secure search protocol for low cost passive RFID tags. Computer Networks,122, 70–82.
Sundaresan, S., Doss, R., & Zhou, W. (2012). A secure search protocol based on quadratic residues for EPC Class-1 Gen-2 UHF RFID tags (Vol. 2012, pp. 30–35).
Gao, L., Zhang, L., & Ma, M. (2017). Low cost RFID security protocol based on rabin symmetric encryption algorithm. Wireless Personal Communications,96, 683–696.
Abdolmaleki, B., Baghery, K., Khazaei, S., et al. (2017). Game-based privacy analysis of RFID security schemes for confident authentication in IoT. Wireless Personal Communications,95, 5057–5080.
Efremov, S., Pilipenko, N., & Voskov, L. (2015). An integrated approach to common problems in the Internet of Things. Procedia Engineering,100(3), 1215–1223.
Cao, T., Chen, X., Doss, R., et al. (2016). RFID ownership transfer protocol based on cloud. Computer Networks,105, 47–59.
Xie, W., Xie, L., Zhang, C., Zhang, Q., & Tang, C. J. (2013). Cloud-based RFID authentication. In Proceedings of IEEE international conference on RFID, Apr 30–May 02, Orlando, FenLan, 2013 (pp. 168–175).
Doss, R., Zhou, W. L., & Yu, S. (2012). Secure RFID tag ownership transfer based on quadratic residues. IEEE Transactions on Information Forensics and Security,8(2), 390–401.
Farash, M. S., Nawaz, O., Mahmood, K., et al. (2016). A provably secure RFID authentication protocol based on elliptic curve for healthcare environments. Journal of Medical Systems,40(7), 165.
Shen, J., Tan, H., Moh, S., et al. (2016). An efficient RFID authentication protocol providing strong privacy and security. Journal of Internet Technology,17, 443–455.
Wang, X., & Yuan, C. W. (2014). Scalable and resynchronisable radio frequency identification ownership transfer protocol based on a sliding window mechanism. IET Information Security,8(3), 161–170.
Cho, J. S., Jeong, Y. S., & Park, S. O. (2015). Consideration on the brute-force attack cost and retrieval cost. Computers & Mathematics with Applications,69(1), 58–65.
Mir, O., & Nikooghadam, M. (2015). A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health Services. Wireless Personal Communications,83(4), 1–23.
Ray, B. R., Abawajy, J., & Chowdhury, M. (2014). Scalable RFID security framework and protocol supporting Internet of Things. Computer Networks,67, 89–103.
Yan, X., Li, Weiheng, Li, Ping, Wang, J., Hao, X., & Gong, P. (2013). A secure biometrics-based authentication scheme for telecare medicine information systems. Journal of Medical Systems,37, 9972.
Trujillo-Rasua, R., & Solanas, A. (2011). Scalable trajectory-based protocol for RFID tags identification. In Proceedings of the 2011 IEEE international conference on RFID-technologies and applications (RFID-TA) (pp. 279–285). IEEE.
Song, B., & Mitchell, C. J. (2011). Scalable RFID security protocols supporting tag ownership transfer. Computer Communications,34(4), 556–566.
Erguler, I., & Anarim, E. (2012). Security flaws in a recent RFID delegation protocol. Personal and Ubiquitous Computing,16(3), 337–349.
Trujillo-Rasua, R., Solanas, A., Pérez-Martínez, P. A., et al. (2012). Predictive protocol for the scalable identification of RFID tags through collaborative readers. Computers in Industry,63(6), 557–573.
Molnar, D., & Wagner, D. (2004). Privacy and security in library RFID: Issues, practices, and architectures. In Proceedings of the 11th ACM conference on computer and communications security (pp. 210–219). New York: ACM.
Chen, X., Cao, T., & Zhai, J. (2016). Untraceability analysis of two RFID authentication protocols. Chinese Journal of Electronics,25(5), 912–920.
Acknowledgements
The authors would like to thank the anonymous referee for their valuable discussions and comments. This research was partially supported by Jiangsu Postdoctoral Science Foundation (Grant Nos. 1701061B, 2017107007); Xuzhou Medical University Affiliated Hospital Postdoctoral Science Foundation (Grant Nos. 2016107011, 183822, 53120225, 53120226); Xuzhou Medical University Excellent Persons Scientific Research Foundation (Grant Nos. D2016006, D2016007, 53591506); Practice Inovation Trainng Program Projects for Jiangsu College Students (Grant Nos. 20161031308H, 201610313043Y); Natural Science Foundation of the Jiangsu Higher Education Institutions of China (Grant No. 16KJB180028); Innovation Project of JiangSu Province (Grant No. 2012); Educational Commission of Jiangsu Province of China (Grant No. 2015JSJJG261); 333 Project of Jiangsu Province (Grant No. BRA2017278).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Chen, X., Ma, K., Geng, D. et al. Untraceable Analysis of Scalable RFID Security Protocols. Wireless Pers Commun 109, 1747–1767 (2019). https://doi.org/10.1007/s11277-019-06650-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-019-06650-1