RFID Authentication Against an Unsecure Backend Server

This paper address a new problem in RFID authentication research for the first time. That is, existing RFID authentication schemes generally assume that the backend server is absolutely secure, however, this assumption is rarely tenable in practical conditions. It disables existing RFID authentication protocols from being safely applied to a reallife scenario in which the backend server is actually vulnerable, compromised or even malicious itself. We propose an RFID authentication scheme against an unsecure backend server. It is based on hash chain, searching over encrypted data, and coprivacy, defending against the privacy revealing to the backend server. The proposed scheme is scalable, resistant to desynchronization attacks, and provides mutual authentication in only three frontend communication steps. Moreover, it is the first scheme meeting the special security and privacy requirement for a cloud-based RFID authentication scenario in which the backend server is untrustworthy to readers held by cloud clients.

[1]  Tao Gu,et al.  Secure RFID Identification and Authentication with Triggered Hash Chain Variants , 2008, 2008 14th IEEE International Conference on Parallel and Distributed Systems.

[2]  Bo Sheng,et al.  Severless Search and Authentication Protocols for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom'07).

[3]  Qi Li,et al.  Research on Data Processing of RFID Middleware Based on Cloud Computing , 2010, RSKT.

[4]  Shih-Jung Wu,et al.  An Integrated Building Fire Evacuation System with RFID and Cloud Computing , 2011, 2011 Seventh International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[5]  Hung-Yu Chien,et al.  Server‐less RFID authentication and searching protocol with enhanced security , 2012, Int. J. Commun. Syst..

[6]  Bo Sheng,et al.  Secure and Serverless RFID Authentication and Search Protocols , 2008, IEEE Transactions on Wireless Communications.

[7]  Hideki Imai,et al.  Practical Searching over Encrypted Data by Private Information Retrieval , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[8]  Josep Domingo-Ferrer,et al.  Coprivacy: Towards a Theory of Sustainable Privacy , 2010, Privacy in Statistical Databases.

[9]  Chin-Ling Chen,et al.  Conformation of EPC Class 1 Generation 2 standards RFID system with mutual authentication and privacy protection , 2009, Eng. Appl. Artif. Intell..

[10]  Jin-Young Choi,et al.  Formal Verification of Cryptographic Protocol for Secure RFID System , 2008, 2008 Fourth International Conference on Networked Computing and Advanced Information Management.

[11]  Jong Hyuk Park,et al.  Enhancing Privacy and Security of RFID System with Serverless Authentication and Search Protocols in Pervasive Environments , 2010, Wirel. Pers. Commun..

[12]  Sushil Jajodia,et al.  Privacy of data outsourced to a cloud for selected readers through client-side encryption , 2011, WPES '11.

[13]  Lucas Ballard,et al.  Achieving Efficient Conjunctive Keyword Searches over Encrypted Data , 2005, ICICS.

[14]  Sjouke Mauw,et al.  Untraceability of RFID Protocols , 2008, WISTP.

[15]  Yinqi Tang,et al.  Phrase Search over Encrypted Data with Symmetric Encryption Scheme , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[16]  HoonJae Lee,et al.  Secure storage and access of data in cloud computing , 2012, 2012 International Conference on ICT Convergence (ICTC).

[17]  Dominique Guinard,et al.  Cloud computing, REST and Mashups to simplify RFID application development and deployment , 2011, WoT '11.

[18]  J. Muller,et al.  RFID middleware as a service — Enabling small and medium-sized enterprises to participate in the EPC network , 2009, 2009 16th International Conference on Industrial Engineering and Engineering Management.

[19]  Thomas Peyrin,et al.  The PHOTON Family of Lightweight Hash Functions , 2011, IACR Cryptol. ePrint Arch..

[20]  P. Hartel,et al.  Conjunctive Wildcard Search over Encrypted Data , 2011, Secure Data Management.

[21]  Dong Hoon Lee,et al.  RFID tag search protocol preserving privacy of mobile reader holders , 2011, IEICE Electron. Express.

[22]  Kazuo Ohta,et al.  A Study on Computational Formal Verification for Practical Cryptographic Protocol: The Case of Synchronous RFID Authentication , 2011, Financial Cryptography Workshops.

[23]  Ioannis K. Paparrizos,et al.  Quantitative analysis for authentication of low-cost RFID tags , 2011, 2011 IEEE 36th Conference on Local Computer Networks.

[24]  Nai-Wei Lo,et al.  An Efficient Mutual Authentication Scheme for EPCglobal Class-1 Generation-2 RFID System , 2007, EUC Workshops.

[25]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.