A Cloud-Based Distance Bounding Protocol for RFID Conforming to EPC-C1 G2 Standards

The development and maturation of cloud computing provides a new idea for deploying RFID systems. A Cloud-based RFID system becomes a new promising architecture. It can be offered as a service of cloud computing to individuals and organizations. However, the cloud-based RFID systems are confronted with more special security and privacy threats, especially the untrustworthy cloud provider and insecure backward communications. Unfortunately, most current RFID authentication schemes fail to meet the special security and privacy requirements of cloud-based RFID, i.e. to provide anonymity and confidentiality against the cloud and build secure backend channels. In this paper, we propose a secure distance bounding protocol for a RFID system, which is cloud-based RFID mutual authentication protocol compatible with the mature EPC-C1 G2 standards. It can effectively resist various threats in cloud environment comparing with other cloud-based RFID authentication protocol and reduce the success probability of a Mafia attack and make it lower than the optimal situation \( (1/2)^{n} \) in academic circles.

[1]  Hung-Yu Chien,et al.  Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards , 2007, Comput. Stand. Interfaces.

[2]  Sébastien Gambs,et al.  Prover anonymous and deniable distance-bounding authentication , 2014, AsiaCCS.

[3]  Chin-Ling Chen,et al.  A Novel Mutual Authentication Scheme for RFID conforming EPCglobal Class 1 Generation 2 Standards , 2012, Inf. Technol. Control..

[4]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[5]  Mohammad Reza Aref,et al.  Formal cryptanalysis of a CRC-based RFID authentication protocol , 2014, 2014 22nd Iranian Conference on Electrical Engineering (ICEE).

[6]  Samy Bengio,et al.  Special Uses and Abuses of the Fiat-Shamir Passport Protocol , 1987, CRYPTO.

[7]  David Chaum,et al.  Distance-Bounding Protocols (Extended Abstract) , 1994, EUROCRYPT.

[8]  Maode Ma,et al.  An ultralightweight RFID authentication protocol with CRC and permutation , 2014, J. Netw. Comput. Appl..

[9]  Daesung Kwon,et al.  Vulnerability of an RFID authentication protocol conforming to EPC Class 1 Generation 2 Standards , 2009, Comput. Stand. Interfaces.

[10]  Masoumeh Safkhani,et al.  For an EPC-C1 G2 RFID compliant Protocol, CRC with Concatenation : No; PRNG with Concatenation : Yes , 2013, IACR Cryptol. ePrint Arch..

[11]  Mehmet Sabir Kiraz,et al.  Anonymous RFID Authentication for Cloud Services , 2012 .

[12]  Mete Akgün,et al.  On the Security of Recently Proposed RFID Protocols , 2013, IACR Cryptol. ePrint Arch..

[13]  Chen Zhang,et al.  Cloud-based RFID authentication , 2013, 2013 IEEE International Conference on RFID (RFID).

[14]  Hung-Min Sun,et al.  CRFID: An RFID system with a cloud database as a back-end server , 2014, Future Gener. Comput. Syst..

[15]  Albert Levi,et al.  A New Security and Privacy Framework for RFID in Cloud Computing , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[16]  Henk C. A. van Tilborg,et al.  Encyclopedia of Cryptography and Security, 2nd Ed , 2005 .

[17]  Gildas Avoine,et al.  Distance Bounding Facing Both Mafia and Distance Frauds , 2014, IEEE Transactions on Wireless Communications.

[19]  Liaojun Pang,et al.  Secure and efficient lightweight RFID authentication protocol based on fast tag indexing , 2014, Int. J. Commun. Syst..

[20]  Cédric Lauradoux,et al.  A framework for analyzing RFID distance bounding protocols , 2011, J. Comput. Secur..