An Enhanced Mutual Key Agreement Protocol for Mobile RFID-enabled Devices

Mobile RFID is a new application that uses a mobile phone as an RFID reader with wireless technology and provides a new valuable service to users by integrating RFID and ubiquitous sensor network infrastructures with mobile communication and wireless Internet. Whereas the mobile RFID system has many advantages, privacy violation problems on the reader side are very concerning to individuals and researchers. Unlike in regular RFID environments, where the communication channel between the server and reader is assumed to be secure, the communication channel between the backend server and the RFID reader in the mobile RFID system is not assumed to be safe. Therefore it has become necessary to devise a new communication protocol that secures the privacy of mobile RFID-enabled devices. Recently, Lo et al. proposed a mutual key agreement protocol that secures the authenticity and privacy of engaged mobile RFID readers by constructing a secure session key between the reader and server. However, this paper shows that this protocol does not meet all of the necessary security requirements. Therefore we developed an enhanced mutual key agreement protocol for mobile RFID-enabled devices that alleviates these concerns. We further show that our protocol can enhance data security and provide privacy protection for the reader in an unsecured mobile RFID environment, even in the presence of an active adversary.

[1]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[2]  Eun-Jun Yoon,et al.  Cryptanalysis of Lo et al.'s Mutual Key Agreement Protocol for Mobile RFID-Enabled Devices , 2012 .

[3]  Paul F. Syverson,et al.  High-Power Proxies for Enhancing RFID Privacy and Utility , 2005, Privacy Enhancing Technologies.

[4]  Hung-Yu Chien,et al.  Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards , 2007, Comput. Stand. Interfaces.

[5]  Jaecheol Ryou,et al.  Enhancing Privacy of Universal Re-encryption Scheme for RFID Tags , 2004, EUC.

[6]  A. Juels,et al.  Universal Re-encryption for Mixnets , 2004, CT-RSA.

[7]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[8]  Pradeep Kumar Framework of Smart Mobile Rfid Networks , 2011 .

[9]  Hung-Min Sun,et al.  Secure and Efficient Mobile RFID Authentication Protocol , 2009 .

[10]  Sang-Soo Yeo,et al.  MARP: Mobile Agent for RFID Privacy Protection , 2006, CARDIS.

[11]  Minho Jo Message from Founder and Editor-in-Chief , 2012 .

[12]  Yu-Fang Chung,et al.  ID-based digital signature scheme on the elliptic curve cryptosystem , 2007, Comput. Stand. Interfaces.

[13]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[14]  Jain-Shing Wu,et al.  Protect mobile RFID location privacy using dynamic identity , 2008, 2008 7th IEEE International Conference on Cognitive Informatics.