A Secure and Efficient Authentication Protocol for Mobile RFID Systems

The design of a secure communication scheme for Radio Frequency Identification (RFID) systems has been exten- sively studied in recent years in view of the awareness of individual privacy and the requirement of robust system security. Most of previous works assume the communication channel between an RFID reader and its backend server is secure and concentrate on the security enhancement between an RFID tag and an RFID reader. However, once RFID reader modules are extensively deployed in consumer's handheld devices, the security violation problems at reader side will be deeply concerned by individuals and organizations. In this paper, it is assumed that the future communication environment for RFID systems will be all wireless and insecure. Under such infrastructure, handheld device such as mobile phone, embedded with RFID reader modules will be situated everywhere and operated with many RFID tags in various RFID application systems. Hence in this paper, an authentication protocol in mobile RFID environment is proposed which effectively achieves forward security with preventing replay, eavesdropping, and counterfeit tag attacks. Based on the security analyses, it has been shown that the scheme can enhance data security and provide privacy protection at reader side even in the presence of an active adversary under insecure mobile RFID environment.

[1]  Simson L. Garfinkel,et al.  RFID privacy: an overview of problems and proposed solutions , 2005, IEEE Security & Privacy Magazine.

[2]  Zongwei Luo,et al.  A lightweight mutual authentication protocol for RFID networks , 2005, IEEE International Conference on e-Business Engineering (ICEBE'05).

[3]  Andrew S. Tanenbaum,et al.  RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management , 2005, ACISP.

[4]  Ya-ling Zhang,et al.  A HMAC-Based RFID Authentication Protocol , 2010, 2010 2nd International Symposium on Information Engineering and Electronic Commerce.

[5]  Sozo Inoue,et al.  RFID Privacy Using User-Controllable Uniqueness , 2003 .

[6]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[7]  Ari Juels,et al.  Squealing Euros: Privacy Protection in RFID-Enabled Banknotes , 2003, Financial Cryptography.

[8]  Yong Gan,et al.  An Improved Lightweight RFID Protocol Using Substring , 2009, 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing.

[9]  Hung-Min Sun,et al.  On the Security of Chien's Ultralightweight RFID Authentication Protocol , 2011, IEEE Transactions on Dependable and Secure Computing.

[10]  Gene Tsudik,et al.  YA-TRAP: yet another trivial RFID authentication protocol , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[11]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[12]  Kwangjo Kim,et al.  Enhancing Security of EPCglobal Gen-2 RFID Tag against Traceability and Cloning , 2006 .

[13]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[14]  Ari Juels,et al.  Minimalist Cryptography for Low-Cost RFID Tags , 2004, SCN.

[15]  Jan Camenisch,et al.  Untraceable RFID tags via insubvertible encryption , 2005, CCS '05.

[16]  Jinpyo Hong,et al.  A Framework for Seamless Information Retrieval between an EPC Network and a Mobile RFID Network , 2006, The Sixth IEEE International Conference on Computer and Information Technology (CIT'06).

[17]  Dwen-Ren Tsai,et al.  An improved certificate mechanism for transactions using radio frequency identification enabled mobile phone , 2009, 43rd Annual 2009 International Carnahan Conference on Security Technology.

[18]  Y.-C. Lee,et al.  An Improvement on RFID Authentication Protocol with Privacy Protection , 2008, 2008 Third International Conference on Convergence and Hybrid Information Technology.

[19]  Laura Quilter,et al.  Radio Frequency Identification and Privacy with Information Goods , 2004 .

[20]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[21]  Philippe Oechslin,et al.  Reducing Time Complexity in RFID Systems , 2005, Selected Areas in Cryptography.

[22]  Ingrid Verbauwhede,et al.  Secure and Low-cost RFID Authentication Protocols , 2005 .

[23]  Günter Karjoth,et al.  Disabling RFID tags with visible confirmation: clipped tags are silenced , 2005, WPES '05.

[24]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[25]  He Lei,et al.  A one-way Hash based low-cost authentication protocol with forward security in RFID system , 2010, 2010 2nd International Asia Conference on Informatics in Control, Automation and Robotics (CAR 2010).

[26]  Paul F. Syverson,et al.  High-Power Proxies for Enhancing RFID Privacy and Utility , 2005, Privacy Enhancing Technologies.

[27]  Dongho Won,et al.  Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment , 2005, SPC.

[28]  Kwangjo Kim,et al.  Mutual Authentication Protocol for Low-cost RFID , 2005, CRYPTO 2005.

[29]  Ari Juels,et al.  Strengthening EPC tags against cloning , 2005, WiSe '05.

[30]  Sang Ho Lee,et al.  Security and Privacy on Authentication Protocol for Low-cost RFID , 2006, 2006 International Conference on Computational Intelligence and Security.

[31]  Marc Langheinrich,et al.  Scanning with a Purpose - Supporting the Fair Information Principles in RFID Protocols , 2004, UCS.