A secure and private RFID authentication protocol based on quadratic residue

Radio Frequency IDentification based systems are getting pervasively deployed in many real-life applications in various settings for identification and authentication of remote objects. However, the messages that are transmitted over a insecure channel, are vulnerable to security and privacy concerns such as data privacy, location privacy of tag owner and etc. Recently, Yeh et al.'s proposed a RFID authentication protocol based on quadratic residue which is claimed to provide location privacy and prevent possible attacks. In this paper, we formally analyzed the protocol and we proved that the protocol provides destructive privacy according to Vaudenay privacy model. Moreover, we proposed a unilateral authentication protocol and we prove that our protocol satisfies higher privacy level such as narrow strong privacy. Besides, we proposed an enhanced version of our proposed protocol, which has same privacy level as Yeh at al protocol, but has reader authentication against stronger adversaries. Furthermore, the enhanced version of our protocol uses smaller number of cryptographic operations when compared to Yeh at al protocol and it is also cost efficient at the server and tag side and requires O(1) complexity to identify a RFID tag.

[1]  Josep Domingo-Ferrer,et al.  A Scalable RFID Authentication Protocol Supporting Ownership Transfer and Controlled Delegation , 2011, RFIDSec.

[2]  Albert Levi,et al.  Providing Resistance against Server Information Leakage in RFID Systems , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.

[3]  Susan Older,et al.  Formal Methods for Assuring Security of Protocols , 2002, Comput. J..

[4]  Peter Y. A. Ryan,et al.  The modelling and analysis of security protocols: the csp approach , 2000 .

[5]  Mike Burmester,et al.  Anonymous RFID authentication supporting constant-cost key-lookup against active adversaries , 2008, Int. J. Appl. Cryptogr..

[6]  Chien-Hung Wu,et al.  Improvement of the RFID authentication scheme based on quadratic residues , 2011, Comput. Commun..

[7]  Pedro Peris López Lightweight cryptography in radio frequency identification (RFID) systems , 2008 .

[8]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[9]  Basel Alomair,et al.  Scalable RFID Systems: A Privacy-Preserving Protocol with Constant-Time Identification , 2012, IEEE Trans. Parallel Distributed Syst..

[10]  JaeCheol Ha,et al.  Low-Cost and Strong-Security RFID Authentication Protocol , 2007, EUC Workshops.

[11]  Ben Smyth,et al.  ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial , 2011 .

[12]  Siu-Ming Yiu,et al.  RFID Forward Secure Authentication Protocol: Flaw and Solution , 2009, 2009 International Conference on Complex, Intelligent and Software Intensive Systems.

[13]  Hung-Min Sun,et al.  Improvement of a novel mutual authentication scheme based on quadratic residues for RFID systems , 2008, 2009 Joint Conferences on Pervasive Computing (JCPC).

[14]  Serge Vaudenay,et al.  On Privacy Models for RFID , 2007, ASIACRYPT.

[15]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[16]  Ralf Küsters,et al.  Using ProVerif to Analyze Protocols with Diffie-Hellman Exponentiation , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[17]  Chris J. Mitchell,et al.  Scalable RFID security protocols supporting tag ownership transfer , 2011, Comput. Commun..

[18]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.