Lightweight authentication protocol for mobile RFID networks

Current RFID authentication schemes are not suitable for use in a mobile RFID environment since the proposed authentication schemes result in a computing load because of the low-cost tag and provide insufficient protection to the information and to the privacy of the user. Therefore, we propose a lightweight authentication protocol for mobile RFID networks that complies with Electronic Product Code (EPC) Class-1 Gen-2 norms, effectively achieving forward security. We use the GNY logic analysis to show what the proposed authentication protocol can do against threats of replay attacks, spoofing, Man-In-The-Middle (MITM), counterfeit tag and message loss.

[1]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Hung-Yu Chien,et al.  Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards , 2007, Comput. Stand. Interfaces.

[3]  Howon Kim,et al.  Privacy-Friendly Mobile RFID Reader Protocol Design based on trusted Agent and PKI , 2006, 2006 IEEE International Symposium on Consumer Electronics.

[4]  Simson L. Garfinkel,et al.  RFID privacy: an overview of problems and proposed solutions , 2005, IEEE Security & Privacy Magazine.

[5]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[6]  Dongho Won,et al.  Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment , 2005, SPC.

[7]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[8]  Philippe Oechslin,et al.  A scalable and provably secure hash-based RFID protocol , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[9]  Ari Juels,et al.  Squealing Euros: Privacy Protection in RFID-Enabled Banknotes , 2003, Financial Cryptography.

[10]  Jinpyo Hong,et al.  A Framework for Seamless Information Retrieval between an EPC Network and a Mobile RFID Network , 2006, The Sixth IEEE International Conference on Computer and Information Technology (CIT'06).

[11]  Jain-Shing Wu,et al.  Protect mobile RFID location privacy using dynamic identity , 2008, 2008 7th IEEE International Conference on Cognitive Informatics.

[12]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[13]  Alex Biryukov,et al.  Real Time Cryptanalysis of A5/1 on a PC , 2000, FSE.

[14]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[15]  Gildas Avoine Cryptography in radio frequency identification and fair exchange protocols , 2005 .

[16]  Ari Juels,et al.  Strengthening EPC tags against cloning , 2005, WiSe '05.

[17]  Kwangjo Kim,et al.  Enhancing Security of EPCglobal Gen-2 RFID Tag against Traceability and Cloning , 2006 .

[18]  Howon Kim,et al.  Security Vulnerability and Considerations in Mobile RFID environment , 2006, 2006 8th International Conference Advanced Communication Technology.

[19]  Mikhail Nesterenko,et al.  RFID security without extensive cryptography , 2005, SASN '05.

[20]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[21]  Dongho Won,et al.  A Security and Privacy Enhanced Protection Scheme for Secure 900MHz UHF RFID Reader on Mobile Phone , 2006, 2006 IEEE International Symposium on Consumer Electronics.

[22]  Howon Kim,et al.  Design of an Extended Architecture for Secure Low-Cost 900MHz UHF Mobile RFID Systems , 2006, 2006 IEEE International Symposium on Consumer Electronics.