Secure Timestamp-Based Mutual Authentication Protocol for IoT Devices Using RFID Tags

Internet of Things (IoT) is playing more and more important roles in our daily lives in the last decade. It can be a part of traditional machine or equipment to daily household objects as well as wireless sensor networks and devices. IoT has a huge potential which is still to be unleashed. However, as the foundation of IoT is the Internet and all the data collected by these devices is over the Internet, these devices also face threats to security and privacy. At the physical or sensor layer of IoT devices the most commonly used technology is RFID. Thus, securing the RFID tag by cryptographic mechanisms can secure our data at the device as well as during communication. This article first discusses the flaws of our previous ultra-lightweight protocol due to its vulnerability to passive secret disclosure attack. Then, the authors propose a new protocol to overcome the shortcomings of our previous work. The proposed scheme uses timestamps in addition to bitwise operation to provide security against de-synchronization and disclosure. This research also presents a security and performance analysis of our approach and its comparison with other existing schemes.

[1]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[2]  Jian Shen,et al.  Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks , 2018, J. Netw. Comput. Appl..

[3]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[4]  Jian Su,et al.  SLAP: Succinct and Lightweight Authentication Protocol for low-cost RFID system , 2018, Wirel. Networks.

[5]  L. Batina,et al.  EC-RAC (ECDLP Based Randomized Access Control): Provably Secure RFID authentication protocol , 2008, 2008 IEEE International Conference on RFID.

[6]  Jin Li,et al.  Multi-authority fine-grained access control with accountability and its application in cloud , 2018, J. Netw. Comput. Appl..

[7]  Amitav Mukherjee,et al.  Physical-Layer Security in the Internet of Things: Sensing and Communication Confidentiality Under Resource Constraints , 2015, Proceedings of the IEEE.

[8]  Gene Tsudik A Family of Dunces: Trivial RFID Identification and Authentication Protocols , 2007, Privacy Enhancing Technologies.

[9]  Yalin Chen,et al.  A Novel RFID Authentication Protocol based on Elliptic Curve Cryptosystem , 2011, IACR Cryptol. ePrint Arch..

[10]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[11]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[12]  Fatos Xhafa,et al.  L-EncDB: A lightweight framework for privacy-preserving data queries in cloud computing , 2015, Knowl. Based Syst..

[13]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[14]  Chih-Ming Hsiao,et al.  A Secure ECC-Based RFID Authentication Scheme Using Hybrid Protocols , 2013 .

[15]  Ingrid Verbauwhede,et al.  Hierarchical ECC-Based RFID Authentication Protocol , 2011, RFIDSec.

[16]  Kai Fan,et al.  An ultra-lightweight RFID authentication scheme for mobile commerce , 2017, Peer-to-Peer Netw. Appl..

[17]  B. B. Gupta,et al.  Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags , 2017, The Journal of Supercomputing.

[18]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[19]  Xu Zhuang,et al.  Security Issues in Ultralightweight RFID Authentication Protocols , 2018, Wirel. Pers. Commun..

[20]  Witawas Srisa-an,et al.  Significant Permission Identification for Machine-Learning-Based Android Malware Detection , 2018, IEEE Transactions on Industrial Informatics.

[21]  Shahzad Sarwar,et al.  A New Ultralightweight RFID Authentication Protocol for Passive Low Cost Tags: KMAP , 2017, Wirel. Pers. Commun..

[22]  Xu Zhuang,et al.  A New Ultralightweight RFID Protocol for Low-Cost Tags: R$$^{2}$$2AP , 2014, Wirel. Pers. Commun..

[23]  Yun Tian,et al.  A New Ultralightweight RFID Authentication Protocol with Permutation , 2012, IEEE Communications Letters.

[24]  M. Ufuk Çaglayan,et al.  Vulnerabilities of RFID Security Protocol Based on Chaotic Maps , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[25]  Kostas E. Psannis,et al.  Secure integration of IoT and Cloud Computing , 2018, Future Gener. Comput. Syst..

[26]  Jonathan Katz,et al.  Parallel and Concurrent Security of the HB and HB+ Protocols , 2006, EUROCRYPT.

[27]  Lejla Batina,et al.  RFID-Tags for Anti-counterfeiting , 2006, CT-RSA.

[28]  Masoumeh Safkhani,et al.  Passive secret disclosure attack on an ultralightweight authentication protocol for Internet of Things , 2017, The Journal of Supercomputing.

[29]  Tim Kerins,et al.  Public-Key Cryptography for RFID-Tags , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[30]  Masoumeh Safkhani,et al.  Generalized Desynchronization Attack on UMAP: Application to RCIA, KMAP, SLAP and SASI+ protocols , 2016, IACR Cryptol. ePrint Arch..

[31]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[32]  Jian Shen,et al.  An ID-Based Linearly Homomorphic Signature Scheme and Its Application in Blockchain , 2018, IEEE Access.

[33]  Ingrid Verbauwhede,et al.  Privacy Challenges in RFID Systems , 2010, IOT 2010.

[34]  Tatsuaki Okamoto,et al.  Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes , 1992, CRYPTO.

[35]  Mohammad Sabzinejad Farash Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography , 2014, The Journal of Supercomputing.

[36]  Rasool Jalili,et al.  FLMAP: A fast lightweight mutual authentication protocol for RFID systems , 2008, 2008 16th IEEE International Conference on Networks.

[37]  Jin Li,et al.  Privacy-preserving Naive Bayes classifiers secure against the substitution-then-comparison attack , 2018, Inf. Sci..

[38]  Umar Mujahid,et al.  RCIA: A New Ultralightweight RFID Authentication Protocol Using Recursive Hash , 2015, Int. J. Distributed Sens. Networks.

[39]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[40]  Mohsen Guizani,et al.  Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications , 2015, IEEE Communications Surveys & Tutorials.

[41]  Manuel Blum,et al.  Secure Human Identification Protocols , 2001, ASIACRYPT.

[42]  Umar Mujahid Khokhar,et al.  A New Ultralightweight RFID Mutual Authentication Protocol: SASI Using Recursive Hash , 2016, Int. J. Distributed Sens. Networks.

[43]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[44]  Gene Tsudik,et al.  YA-TRAP: yet another trivial RFID authentication protocol , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[45]  Mehmet A. Orgun,et al.  Survey on cybersecurity issues in wireless mesh networks based eHealthcare , 2016, 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom).

[46]  Srdan Popic,et al.  Provided security measures of enabling technologies in Internet of Things (IoT): A survey , 2016, 2016 Zooming Innovation in Consumer Electronics International Conference (ZINC).