Three elliptic curve cryptography-based RFID authentication protocols for Internet of Things

With the development of information technology, the Internet of Thing (IoT) is extensively employed in many fields such as logistics, medical healthcare, food safety and intelligent transportation. The Radio Frequency Identification (RFID) technology is an important building block of the IoT. Therefore, how to address security problem in RFID system is a crucial issue for the security of the IoT. The RFID authentication protocol is a key cryptographic protocol ensuring communication security because it could provide authentication between the tag and the server. Recently, elliptic curve cryptography (ECC)-based RFID authentication protocols were studied widely because they could provide better security attributes compared with traditional RFID authentications. Lv et al. proposed three ECC-based RFID protocols and claimed their protocols could overcome weaknesses in previous protocols. Unfortunately, in this paper, we show that Lv et al.’s protocols cannot withstand the man-in-the-middle attack. To solve security problems in their protocols, we propose three improved ECC-based RFID authentication protocols.

[1]  Sasa Radomirovic,et al.  Untraceable RFID protocols are not trivially composable: Attacks on the revision of EC-RAC , 2009, IACR Cryptol. ePrint Arch..

[2]  Ingrid Verbauwhede,et al.  Elliptic-Curve-Based Security Processor for RFID , 2008, IEEE Transactions on Computers.

[3]  Lejla Batina,et al.  Untraceable RFID authentication protocols: Revision of EC-RAC , 2009, 2009 IEEE International Conference on RFID.

[4]  Maode Ma,et al.  An ultralightweight RFID authentication protocol with CRC and permutation , 2014, J. Netw. Comput. Appl..

[5]  Hyeong-Chan Lee,et al.  Secure and Lightweight Authentication Protocol for Mobile RFID Privacy , 2013 .

[6]  Zhenguo Zhao,et al.  A Secure RFID Authentication Protocol for Healthcare Environments Using Elliptic Curve Cryptosystem , 2014, Journal of Medical Systems.

[7]  Chih-Ming Hsiao,et al.  A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol , 2014, Ad Hoc Networks.

[8]  Serge Vaudenay,et al.  On Privacy Models for RFID , 2007, ASIACRYPT.

[9]  Julien Bringer,et al.  Cryptanalysis of EC-RAC, a RFID Identification Protocol , 2008, CANS.

[10]  Der-Jiunn Deng,et al.  Authentication with low-cost RFID tags in mobile networks , 2013, Secur. Commun. Networks.

[11]  Amit K. Awasthi,et al.  RFID Authentication Protocol to Enhance Patient Medication Safety , 2013, Journal of Medical Systems.

[12]  Gildas Avoine,et al.  Privacy-Friendly Authentication in RFID Systems: On Sublinear Protocols Based on Symmetric-Key Cryptography , 2013, IEEE Transactions on Mobile Computing.

[13]  Yi Mu,et al.  RFID Privacy Models Revisited , 2008, ESORICS.

[14]  Masoud Hadian Dehkordi,et al.  Improvement of the Hash-Based RFID Mutual Authentication Protocol , 2014, Wirel. Pers. Commun..

[15]  Jianfeng Ma,et al.  Vulnerability analysis of elliptic curve cryptography‐based RFID authentication protocols , 2012, Trans. Emerg. Telecommun. Technol..

[16]  Zezhong Zhang,et al.  An Efficient RFID Authentication Protocol to Enhance Patient Medication Safety Using Elliptic Curve Cryptography , 2014, Journal of Medical Systems.

[17]  Ying Zhang,et al.  Tree-LSHB+: An LPN-Based Lightweight Mutual Authentication RFID Protocol , 2013, Wirel. Pers. Commun..

[18]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[19]  Yun Tian,et al.  A New Ultralightweight RFID Authentication Protocol with Permutation , 2012, IEEE Communications Letters.

[20]  Ju-Chuan Wu,et al.  A Reliable RFID Mutual Authentication Scheme for Healthcare Environments , 2013, Journal of Medical Systems.

[21]  L. Batina,et al.  EC-RAC (ECDLP Based Randomized Access Control): Provably Secure RFID authentication protocol , 2008, 2008 IEEE International Conference on RFID.

[22]  Zhu Wang,et al.  From the internet of things to embedded intelligence , 2013, World Wide Web.

[23]  Younho Lee,et al.  A New Privacy-preserving Path Authentication Scheme using RFID for Supply Chain Management , 2013 .

[24]  Fahim Kawsar,et al.  The Internet of Things: The Next Technological Revolution , 2013, Computer.