URASP: An ultralightweight RFID authentication scheme using permutation operation

Due to low-cost, ease of use and convenience, Radio Frequency IDentification (RFID) is a contactless technology that has become more and more promising for automatic identification of an object and people without physical contact. However, the RFID system faces major issues related to its security and privacy, where an adversary may eavesdrop, temper, modify, and intercept the transmitted messages over a communication channel. To overcome these issues, there is a flexible and effective way to implement an ultralightweight RFID scheme. Therefore, we present an ultralightweight RFID authentication scheme using permutation operation named URASP in this paper. Our proposed scheme integrates permutation and left rotate operation to provide a higher level of security and privacy without increasing storage and computation overhead. In addition, the informal analysis of our proposal illustrates its ability to overcome all known security attacks. We show that the proposed URASP scheme preserves the properties of tags untraceability and information privacy by using Juels and Weis privacy model. The performance analysis has been performed which demonstrates that the proposed scheme outperforms other existing schemes as well as utilizes fewer resources on tags. The verification of our scheme has been done using Scyther simulation tool. Thereafter, the correctness of our scheme has been verified by using BAN logic inference rules. Hence, the proposed scheme is more suited for low-cost passive RFID tags.

[1]  Feng Lin,et al.  Secure RFID Authentication Schemes Based on Security Analysis and Improvements of the USI Protocol , 2019, IEEE Access.

[2]  Atsushi Kanai,et al.  Privacy Enhanced Active RFID Tag , 2005 .

[3]  Ankit Kumar Jain,et al.  Mutual authentication protocol for low cost passive tag in RFID system , 2021, International Journal of Information Technology.

[4]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[5]  Young-Sik Jeong,et al.  Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (RFID) tag mutual authentication protocol , 2015, Comput. Math. Appl..

[6]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[7]  Stephen A. Weis Security and Privacy in Radio-Frequency Identification Devices , 2003 .

[8]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[9]  Cjf Cas Cremers Scyther : semantics and verification of security protocols , 2006 .

[10]  Yichuan Wang,et al.  Efficient group authentication in RFID using secret sharing scheme , 2018, Cluster Computing.

[11]  Qiang Zhao,et al.  RFID ownership transfer protocol based on cloud , 2016, Comput. Networks.

[12]  He Xu,et al.  SKINNY-Based RFID Lightweight Authentication Protocol , 2020, Sensors.

[13]  Eun-Jun Yoon,et al.  A new ultra-lightweight RFID authentication protocol using merge and separation operations , 2013 .

[14]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[15]  Yali Liu,et al.  Lightweight authentication scheme with inverse operation on passive RFID tags , 2019 .

[16]  Nasour Bagheri,et al.  An Enhanced Authentication Protocol for RFID Systems , 2020, IEEE Access.

[17]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[18]  Hung-Yu Chien,et al.  Secure Access Control Schemes for RFID Systems with Anonymity , 2006, 7th International Conference on Mobile Data Management (MDM'06).

[19]  Paolo D'Arco,et al.  Design Weaknesses in Recent Ultralightweight RFID Authentication Protocols , 2018, SEC.

[20]  Tieyan Li,et al.  Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols , 2007, SEC.

[21]  Satya Bagchi,et al.  A Secure PUF-Based Unilateral Authentication Scheme for RFID System , 2018, Wirel. Pers. Commun..

[22]  Masoumeh Safkhani,et al.  Generalized Desynchronization Attack on UMAP: Application to RCIA, KMAP, SLAP and SASI+ protocols , 2016, IACR Cryptol. ePrint Arch..

[23]  Jian Su,et al.  SLAP: Succinct and Lightweight Authentication Protocol for low-cost RFID system , 2018, Wirel. Networks.

[24]  David A. Wagner,et al.  Security and Privacy Issues in E-passports , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[25]  Maode Ma,et al.  An ultralightweight RFID authentication protocol with CRC and permutation , 2014, J. Netw. Comput. Appl..

[26]  Satya Bagchi,et al.  A Coding Theory Based Ultralightweight RFID Authentication Protocol with CRC , 2017, Wirel. Pers. Commun..

[27]  Nasour Bagheri,et al.  \(\chi\)perbp: a Cloud-based Lightweight Mutual Authentication Protocol , 2021, IACR Cryptol. ePrint Arch..

[28]  Sherali Zeadally,et al.  An Analysis of RFID Authentication Schemes for Internet of Things in Healthcare Environment Using Elliptic Curve Cryptography , 2015, IEEE Internet of Things Journal.

[29]  Umar Mujahid,et al.  RCIA: A New Ultralightweight RFID Authentication Protocol Using Recursive Hash , 2015, Int. J. Distributed Sens. Networks.

[30]  Mohammad Reza Aref,et al.  Desynchronization attack on RAPP ultralightweight authentication protocol , 2013, Inf. Process. Lett..

[31]  Tassos Dimitriou Key evolving RFID systems: Forward/backward privacy and ownership transfer of RFID tags , 2016, Ad Hoc Networks.

[32]  Yun Tian,et al.  A New Ultralightweight RFID Authentication Protocol with Permutation , 2012, IEEE Communications Letters.

[33]  Qi Luo,et al.  Cloud-based lightweight secure RFID mutual authentication protocol in IoT , 2020, Inf. Sci..

[34]  Robert H. Deng,et al.  Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[35]  Kai Fan,et al.  An ultra-lightweight RFID authentication scheme for mobile commerce , 2017, Peer-to-Peer Netw. Appl..

[36]  Xu Zhuang,et al.  Security Analysis of a new Ultra-lightweight RFID Protocol and Its Improvement , 2013, J. Inf. Hiding Multim. Signal Process..

[37]  Ziba Eslami,et al.  Cryptanalysis and improvement of a group RFID authentication protocol , 2020, Wirel. Networks.

[38]  Mohd Shariq,et al.  A novel vector-space-based lightweight privacy-preserving RFID authentication protocol for IoT environment , 2021, The Journal of Supercomputing.

[39]  R. C. Mittal,et al.  A Hash Based Mutual RFID Tag Authentication Protocol in Telecare Medicine Information System , 2014, Journal of Medical Systems.

[40]  Hamid Mala,et al.  Security analysis of an ultra‐lightweight RFID authentication protocol for m‐commerce , 2018, IACR Cryptol. ePrint Arch..

[41]  Cas J. F. Cremers,et al.  The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols , 2008, CAV.

[42]  Ruhul Amin,et al.  A privacy-preserving RFID authentication protocol based on El-Gamal cryptosystem for secure TMIS , 2020, Inf. Sci..

[43]  Fangguo Zhang,et al.  Security Enhanced RFID Authentication Protocols for Healthcare Environment , 2020, Wireless Personal Communications.

[44]  Hung-Yu Chien,et al.  Security of ultra-lightweight RFID authentication protocols and its improvements , 2007, OPSR.

[45]  Chien-Ming Chen,et al.  On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags , 2017, The Journal of Supercomputing.

[46]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[47]  Mete Akgün,et al.  On the Security of Recently Proposed RFID Protocols , 2013, IACR Cryptol. ePrint Arch..

[48]  Gökhan Dalkiliç,et al.  Review of different classes of RFID authentication protocols , 2019, Wirel. Networks.

[49]  Hamid Mala,et al.  Tracking and impersonating tags in a CRC-based ultralightweight RFID authentication protocol , 2020, Peer Peer Netw. Appl..

[50]  Julien Bringer,et al.  HB^+^+: a Lightweight Authentication Protocol Secure against Some Attacks , 2006, Second International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU'06).

[51]  Matthew J. B. Robshaw,et al.  An Active Attack Against HB +-A Provably Secure Lightweight Authentication Protocol , 2022 .

[52]  Yali Liu,et al.  Double verification protocol via secret sharing for low-cost RFID tags , 2019, Future Gener. Comput. Syst..

[53]  Hung-Yu Chien,et al.  Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards , 2007, Comput. Stand. Interfaces.

[54]  Shahzad Sarwar,et al.  A New Ultralightweight RFID Authentication Protocol for Passive Low Cost Tags: KMAP , 2017, Wirel. Pers. Commun..

[55]  Masoumeh Safkhani,et al.  IoT in medical & pharmaceutical: Designing lightweight RFID security protocols for ensuring supply chain integrity , 2020, Computer Networks.

[56]  Kwangjo Kim,et al.  Mutual Authentication Protocol for Low-cost RFID , 2005, CRYPTO 2005.

[57]  Masoumeh Safkhani,et al.  A Novel Lightweight Block Cipher-Based Mutual Authentication Protocol for Constrained Environments , 2020, IEEE Access.

[58]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[59]  B. B. Gupta,et al.  Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags , 2017, The Journal of Supercomputing.