Abstract
Telecare medicine information system (TMIS) is one of most important RFID applications in the healthcare field. Li et al. proposed a RFID tag authentication protocol with privacy preserving in TMIS. They claimed that the protocol can resist many existing attacks and possess the advantages of high efficiency. However, we demonstrate that this protocol still have replay attack, strong forward traceability attack, de-synchronization attack, unguaranteed data integrity and the problem of tag/reader anonymity. Aiming to efficiently improve the security of Li et al.’s protocol, we propose a more secure and effective authentication protocol based on quadratic residue theory, which is suitable for TMIS with the requirements of strong privacy protection. In order to resist replay attack, the timestamp generated by the reader is used to compute reader request message sent to the server and the message is encrypted by hash function and quadratic residue theory. The improved protocol does not transmit reader and tag identifier in plaintext to guarantee anonymity and the data integrity is ensured by means of encrypting tag data using hash function. To guarantee strong forward untraceability, random number is introduced in tag key update operation and is encrypted by quadratic residue theory. Using the feature of public key cryptography of quadratic residual theory can meet the purpose of constant time identification. Our security analysis and Performance comparisons proves that our scheme has higher security and better performance to be applicable to TMIS.
Similar content being viewed by others
References
Akgün M, Aglayan MU (2015) Providing destructive privacy and scalability in rfid systems using pufs. Ad Hoc Netw 32(C):32–42. https://doi.org/10.1016/j.adhoc.2015.02.001
Alavi SM, Baghery K, Abdolmaleki B, Aref MR (2015) Traceability analysis of recent rfid authentication protocols. Wirel Pers Commun 83(3):1663–1682. https://doi.org/10.1007/s11277-015-2469-0
Amiribesheli M, Benmansour A, Bouchachia A (2015) A review of smart homes in healthcare. J Ambient Intell Hum Comput 6(4):495–517. https://doi.org/10.1007/s12652-015-0270-2
Avoine G, Bingol MA, Carpent X, Yalcin SBO (2013) Privacy-friendly authentication in rfid systems: On sublinear protocols based on symmetric-key cryptography. IEEE Trans Mobile Comput 12(10):2037–2049. https://doi.org/10.1109/TMC.2012.174
Avoine G, Buttyant L, Holczer T, Vajda I (2007) Group-based private authentication. In: IEEE International symposium on a world of wireless, mobile and multimedia networks, pp 1–6, https://doi.org/10.1109/WOWMOM.2007.4351808
Chen X, Doss R, Zhai J (2016) Rfid ownership transfer protocol based on cloud. Comput Netw 105(C):47–59. https://doi.org/10.1016/j.comnet.2016.05.017
Cho JS, Jeong YS, Sang OP (2015) Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (rfid) tag mutual authentication protocol. Comput Math Appl 69(1):58–65. https://doi.org/10.1016/j.camwa.2012.02.025
Dehkordi MH, Farzaneh Y (2014) Improvement of the hash-based rfid mutual authentication protocol. Wirel Pers Commun 75(1):219–232. https://doi.org/10.1007/s11277-013-1358-7
Deng G, Zhang Y, Wang J (2013) Tree-lshb: an lpn-based lightweight mutual authentication rfid protocol. Wirel Pers Commun 72(1):159–174. https://doi.org/10.1007/s11277-013-1006-2
Deng M, Yang W, Zhu W (2014) Weakness in a serverless authentication protocol for radio frequency identification. Springer International Publishing, New York. https://doi.org/10.1007/978-3-319-01273-5_119
Doss R, Sundaresan S, Zhou W (2013) A practical quadratic residues based scheme for authentication and privacy in mobile rfid systems. Ad Hoc Netw 11(1):383–396. https://doi.org/10.1016/j.adhoc.2012.06.015
Hoque ME, Rahman F, Ahamed SI, Park JH (2010) Enhancing privacy and security of rfid system with serverless authentication and search protocols in pervasive environments. Wirel Pers Commun 55(1):65–79. https://doi.org/10.1007/s11277-009-9786-0
Jannati H, Bahrak B (2016) Security analysis of an rfid tag search protocol. Inform Process Lett 116(10):618–622. https://doi.org/10.1016/j.ipl.2016.05.001
Kaul SD, Awasthi AK (2013) RFID authentication protocol to enhance patient medication safety. Plenum Press, New York. https://doi.org/10.1007/s10916-013-9979-7
Li CT, Weng CY, Lee CC (2015) A secure rfid tag authentication protocol with privacy preserving in telecare medicine information system. J Med Syst 39(8):1–8. https://doi.org/10.1007/s10916-015-0260-0
Li T, Luo W, Mo Z, Chen S (2012) Privacy-preserving rfid authentication based on cryptographical encoding. In: IEEE INFOCOM, pp 2174–2182. https://doi.org/10.1109/INFCOM.2012.6195601
Malasinghe LP, Ramzan N, Dahal K (2017) Remote patient monitoring: a comprehensive study. J Ambient Intell Hum Comput 10(4):1–20. https://doi.org/10.1007/s12652-017-0598-x
Mohammedi M, Omar M, Bouabdallah A (2017) Secure and lightweight remote patient authentication scheme with biometric inputs for mobile healthcare environments. J Ambient Intell Hum Comput 80(10):1–13. https://doi.org/10.1007/s12652-017-0574-5
Pokala JP, Reddy CM, Abdul JS, Bapana S, Vorugunti CS (2016) A secure rfid protocol for telecare medicine information systems using ecc. In: International conference on wireless communications, signal processing and networking, pp 2295–2300. https://doi.org/10.1109/WiSPNET.2016.7566552
Poncela A, Coslado F, Garca B, Fernndez M, Ariza J, Peinado G, Demetrio C, Sandoval F (2018) Smart care home system: a platform for eassistance. J Ambient Intell Hum Comput. https://doi.org/10.1007/s12652-018-0979-9
Qing MA, Guo Y, Zeng Q, Duo XU (2016) A new ultra-lightweight RFID mutual authentication protocol. Netinfo Secur 16(5):44–50. https://doi.org/10.3969/j.issn.1671-1122.2016.05.007
Rahman F, Bhuiyan MZA, Ahamed SI (2016a) A privacy preserving framework for rfid based healthcare systems. Future Gener Comput Syst. https://doi.org/10.1016/j.future.2016.06.001
Rahman F, Hoque ME, Ahamed SI (2016b) Anonpri: A secure anonymous private authentication protocol for rfid systems. Inform Sci. 379(10), https://doi.org/10.1016/j.ins.2016.07.038
Sareen S, Sood SK, Gupta SK (2016) Iot-based cloud framework to control ebola virus outbreak. J Ambient Intell Hum Comput 9(12):1–18. https://doi.org/10.1007/s12652-016-0427-7
Srivastava K, Awasthi AK, Kaul SD, Mittal RC (2015) A hash based mutual rfid tag authentication protocol in telecare medicine information system. J Med Syst 39(1):153. https://doi.org/10.1007/s10916-014-0153-7
Su C, Santoso B, Li Y, Deng R, Huang X (2017) Universally composable rfid mutual authentication. IEEE Trans Dependable Secure Comput 14(1):83–94. https://doi.org/10.1109/TDSC.2015.2434376
Sundaresan S, Doss R, Piramuthu S, Zhou W (2015) Secure tag search in rfid systems using mobile readers. IEEE Trans Dependable Secure Comput 12(2):230–242. https://doi.org/10.1109/TDSC.2014.2302305
Wu F, Xu L, Kumari S, Li X (2017) A privacy-preserving and provable user authentication scheme for wireless sensor networks based on internet of things security. J Ambient Intell Hum Comput 8(1):101–116. https://doi.org/10.1007/s12652-016-0345-8
Wu F, Xu L, Kumari S, Li X, Das AK, Shen J (2018) A lightweight and anonymous rfid tag authentication protocol with cloud assistance for e-healthcare applications. J Ambient Intell Hum Comput 9(4):919–930. https://doi.org/10.1007/s12652-017-0485-5
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
On behalf of all authors, the corresponding author states that there is no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Zhou, Z., Wang, P. & Li, Z. A quadratic residue-based RFID authentication protocol with enhanced security for TMIS. J Ambient Intell Human Comput 10, 3603–3615 (2019). https://doi.org/10.1007/s12652-018-1088-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-018-1088-5