Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Wei Xie,Lei Xie,Chen Zhang,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.1109/RFID.2013.6548151

2013-01-01

Abstract:Along with the development of cloud computing, cloud-based RFID is receiving more and more attentions of researchers and engineers. However, there is no research in which cloud computing is applied to RFID authentication schemes. Most current works lay emphasis on functionalities, lacking considerations about security and privacy. Classical RFID authentication schemes fail to meet the special security and privacy requirements of cloud-based RFID. The basic postulates of traditional backend-sever-based RFID authentication, i.e. secure backend channel and entirely trustworthy database, are no longer natively tenable in cloud-based RFID scenarios. In this paper, a virtual private network agency is suggested to build secure backend channels and to provide readers with anonymous access to the cloud. The cloud database is structured as an encrypted hash table. The first cloud-based RFID authentication protocol preserving tag/reader privacy to database keepers is proposed. Comparing with classical schemes, the proposed scheme has advantages in deployment cost saving, pervasiveness of authentication, scalability of O(1) complexity to verify a tag, mobile reader holders' privacy preserving, and database security.

J Yang,Kui Ren,Kwangjo Kim

2005-01-01

Abstract:In the near future, radio frequency identiflcation (RFID) technology is expected to play an important role for object identiflcation as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Difierent from the previous works (4, 14), our protocol flrstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.

Wang Guowei,Jia Zongpu,Peng Weiping

DOI: https://doi.org/10.2174/1874110x01509010483

2015-01-01

Abstract:To solve the problems about securities, absence of calculation pertinence, incapability of making the most of the reader's computation and storage capacity that emerged in Radio Frequency Identification (RFID) authentication protocols, the paper proposes a Hash function based server/serverless adaptive and mutual authentication protocol of RFID based on the analysis of RFID authentication protocol that using a backend server and without using a backend server.The protocol can automatically switches between the RFID authentication protocol with or without a backend server according to the application range of RFID tags.The BAN logic proof, security and efficiency performances analysis and comparison with other similar RIFD protocols presented by the paper show that the protocol can effectively meets the security requirements of RFID authentication protocols.

Kai Fan,Qi Luo,Kuan Zhang,Yintang Yang

DOI: https://doi.org/10.1016/j.ins.2019.08.006

2017-01-01

Abstract:Radio Frequency Identification (RFID) makes it a supporting technology for the Internet of things (IoT). While RFID has been widely used and developed rapidly, its security and privacy issues cannot be ignored. With the development of cloud computing, cloud based RFID system has become a new solution. Protecting the security of RFID system in cloud environment is particularly important. Not verifying the tag or reader when reading message will have serious consequences, which may suffer many secure issues, such as intercept, modifying, replaying, DoS and synchronization. This paper puts forward an efficient and reliable RFID security authentication scheme in cloud environment. The protocol combines the logic encryption operation with timestamp, which can resist DoS attacks and anti-synchronization attacks. The proposed protocol not only can well solve the RFID security and privacy issues, but also can use the powerful cloud computing capabilities to process data.

Shuai-Min Chen,Mu-En Wu,Hung-Min Sun,King-Hang Wang

DOI: https://doi.org/10.1016/j.future.2013.05.004

IF: 7.307

2014-01-01

Future Generation Computer Systems

Abstract:Radio-frequency identification (RFID) systems can benefit from cloud databases since information on thousands of tags is queried at the same time. If all RFID readers in a system query a cloud database, data consistency can easily be maintained by cloud computing. Privacy-preserving authentication (PPA) has been proposed to protect RFID security. The time complexity for searching a cloud database in an RFID system is O(N), which is obviously inefficient. Fortunately, PPA uses tree structures to manage tags, which can reduce the complexity from a linear search to a logarithmic search. Hence, tree-based PPA provides RFID scalability. However, in tree-based mechanisms, compromise of a tag may cause other tags in the system to be vulnerable to tracking attacks. Here we propose a secure and efficient privacy-preserving RFID authentication protocol that uses a cloud database as an RFID server. The proposed protocol not only withstands desynchronizing and tracking attacks, but also provides scalability with O(logN) search complexity.

Kai Fan,Shanshan Zhu,Kuan Zhang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/mnet.2019.1800225

IF: 10.294

2019-01-01

IEEE Network

Abstract:Cloud-based RFID provides a new solution for the smart healthcare environment, and cloudbased RFID healthcare systems have many advantages over traditional healthcare systems, such as efficient medical assets management and medical information sharing. However, in the cloudbased RFID healthcare system, the untrusted cloud server manages private medical information, and these private data are transmitted on the public wireless channel, which exposes them to a high risk of leakage. Furthermore, attacks on the system may lead to serious consequences. Assuming a tag is implanted in an artificial organ and doctors use readers to monitor and control it, an attacker's tampering with these data may pose a risk to the life of this patient Thus, privacy and security issues need to be considered in the cloud-based RFID healthcare environment. In this article, we propose a lightweight authentication scheme based on quadratic reSIDuals and pseudo random number generator to guarantee the security of the cloud-based RFID healthcare system. It ensures data privacy and is resistant to typical attacks in mobile communication. Compared to other RFID authentication schemes, the proposed scheme provides strong security with fewer resources, thereby achieving a compromise between costs and security requirements of the smart healthcare system.

Hung‐Min Sun,Shuai-Min Chen,Chen-En Lu,Cheng‐Ta Yang

2009-01-01

Abstract:There are varies of RFID authentication schemes have been proposed. Most of them address on privacy issues over the tag and the user, however, they are still vulnerable to different attacks and with some weaknesses. In addition, the readers and the back-end server are considered as a single entity for these typical RFID schemes, hence, the communication channel is assumed to be secure. Recently, a concept of mobile reader has been proposed in which the reader is possessed by the user and is equipped inside a mobile device. The mobile RFID reader possessor can extract the information about the tagged objects by communicating with the back-end server through an insecure channel; consequently, a secure RFID authentication is needed. In this paper, two RFID authentication schemes are proposed for the reader-portable RFID environment. These schemes not only provide a novel usage of RFID system, but resolve privacy threats while a mobile reader is not authorized to acquire every tag’s information.

Shijie Zhou,Zhen Zhang,Zongwei Luo,Edward C. Wong

DOI: https://doi.org/10.1007/s10796-009-9216-6

2009-01-01

Information Systems Frontiers

Abstract:Radio frequency identification (RFID) technology has been widely used in ubiquitous infrastructures. However, resource constraint in the low-cost RFID systems has posed potential risks such as privacy and security problems, becoming adoption barrier for RFID-based applications. In this paper, current security issues in RFID are introduced firstly. Then, we propose a lightweight Anti-desynchronization privacy preserving RFID authentication protocol. It is particularly suitable for the low-cost RFID environment for only the capacity of one-way hash function and XOR operation is needed. In this lightweight Anti-desynchronization RFID authentication protocol, the back-end server keeps the history of the random key update to prevent the active attackers from de-synchronizing the shared secret between the tag and the back-end server. The security and the performance of the proposed protocol are analyzed as well.

Ben Niu,Hui Li,Xiaoyan Zhu,Chao Lv

DOI: https://doi.org/10.1109/cis.2011.152

2011-01-01

Abstract:Radio frequency identification technology has been increasingly used in many applications. However, there are many threats and security risks in the RFID systems since an insecure wireless channel exists between the reader and the tags. The security of RFID protocols must be designed and proved with careful cryptanalysis. In this paper, we analyze some RFID authentication protocols proposed recently. Firstly, Shen et al. propose an authentication protocol with strong privacy and security, but we prove that the attacker is able to impersonate a reader to desynchronize a tag by eavesdropping on and modifying the messages transmitted. Secondly, WeiHWang et al. claim that their hash function based protocol can resist from several attacks including denial of service attack, but we perform this attack by inducing a desynchronization of secret between server and tags. At last, Sandhya and Rangaswarmy propose an authentication protocol with many security features, while we present desynchronization attack and reader impersonation attack on this protocol.

Fan Wu,Lili Xu,Saru Kumari,Xiong Li,Ashok Kumar Das,Jian Shen

DOI: https://doi.org/10.1007/s12652-017-0485-5

IF: 3.662

2017-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:As an important part of Internet of Things, Radio Frequency Identification (RFID) system employs low-cost RFID tag to communicate with everything containing animate and inanimate objects. This technology is widely used in the e-healthcare applications. However, the malicious communication environment makes people more and more worried. In order to overcome the hazards in the network, RFID authentication schemes for e-healthcare have been proposed by researchers. But since the computation ability of the tag is relatively weak, it is necessary to put forward a lightweight and secure scheme for medical systems. Moreover, cloud is widely accepted by people and used in many kinds of systems. So we propose a novel and lightweight RFID authentication scheme with cloud for e-healthcare applications. We use an enhanced formal security model to prove the security of our scheme. In this model the channel between the server and the reader is considered to be insecure and informal analysis is used to prove the security of the proposed scheme. Through the formal and informal analysis, our scheme not only resists the common attacks, but also keeps mutual authentication, information integrity, forward untraceability and backward untraceability. Moreover, both the tag and the reader can reach the anonymity. Our scheme is only hash-based and suitable to realize various security requirements. Compared to recent schemes of the same sort, it is more applicable in e-healthcare.

Xiaoyun Chen,Youli Su,Hui Xiong,Yukai Yao,Guohua Liu,Min Yue

DOI: https://doi.org/10.1109/IHMSC.2010.61

2010-01-01

Abstract:Radio Frequency Identification (RFID) systems is increasingly rife in a variety of applications during recent years, such as inventory management, automobile immobilizers, animal tracking, supply chain management (SCM) and payment system. However, due to its wireless communication and demand for invisibility, security and privacy in RFID system becomes a serious challenge. In this paper, our main attention is constructing an efficient privacy preserving proposal. After reviewing the past work, we propose an improved method to enhance the security and privacy in RFID system. Based on random hash lock approach, we use random list stored in tag instead random value generator, and this novel method can achieve both mutual authentication with lower tag design cost. Meanwhile, the proposed solution satisfies security requirements, for instance, no information leaking, forward security and is resistant to replay attacks. In addition, it is suitable for distribute environment. Analysis of this approach shows it effective and efficiency. Compared with some existing schemes, this solution is superior.

Xingmiao Wang,Kai Fan,Kan Yang,Xiaochun Cheng,Qingkuan Dong,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.comcom.2022.01.014

IF: 5.047

2022-03-01

Computer Communications

Abstract:The widespread application of Radio Frequency Identification (RFID) technology in smart living, especially in smart healthcare, has greatly facilitated patient management, reduced the labour cost of medical services, and provided patients with better medical services. However, improper use of RFID tags is highly likely to threaten the safety and privacy of hospitals and even patients, which may not only cause physical and mental harm to patients but also damage the reputation of hospitals. Medical monitoring system based on RFID technology plays a significant role in guaranteeing the security of medical records as well as the privacy of patients. Nevertheless, due to the resource constraint of RFID tags/readers, it is also challenging to design an efficient and effective authentication protocol for RFID medical monitoring system. Aiming to reduce the resource overhead and meet security requirements of the RFID system, in this paper, we propose an ultra-lightweight RFID security authentication protocol utilizing a cloud server named CRUSAP, which is based on Bit-Crossing XOR rearrangement operations that can effectively resist forgery attacks, replay attacks, desynchronization attacks, and denial of service attacks while certifying the cloud server. The formal logic of BAN proves the safety and feasibility of the protocol. Additionally, the security analysis and experimental results show that the proposed authentication protocol can realize higher security goals at a lower cost and is more suitable for scaling to large-scale authentication.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yongming Jin,Huiping Sun,Wei Xin,Song Luo,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-25243-3_6

2011-01-01

Abstract:The wide deployment of RFID systems has raised many concerns about the security and privacy. Many RFID authentication protocols are proposed for these low-cost RFID tags. However, most of existing RFID authentication protocols suffer from some feasible problems. In this paper, we first discuss the feasible problems that exist in some RFID authentication protocols. Then we propose a lightweight RFID mutual authentication protocol against these feasible problems. To the best of our knowledge, it is the first scalable RFID authentication protocol that based on the SQUASH scheme. The new protocol is lightweight and can provide the forward security. In every authentication session, the tag produces the random number and the response is fresh. It also prevents the asynchronization between the reader and the tag. Additionally, the new protocol is secure against such attacks as replay attack, denial of service attack, man-in-the-middle attack and so on. We also show that it requires less cost of computation and storage than other similar protocols.

Ben Niu,Xiaoyan Zhu,Hui Li

DOI: https://doi.org/10.1109/WCNC.2013.6554848

2013-01-01

Abstract:Existing work on RFID authentication problems always make assumptions that 1) hash function can be fully used in designing RFID protocols; 2) channels between readers and the server are always secure. However, the first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be adopted in mobile RFID applications where the wireless channels between readers and the server are always insecure. In this paper, we propose a new ultralightweight authentication protocol for mobile RFID systems. We only use bitwise XOR, and special constructed pseudo-random number generators (RNGs) to achieve our aims in insecure mobile RFID environment. Security analysis shows that our protocol can provide several privacy properties and avoid suffering from kinds of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare authentication delays with several existing work, the results indicate us that our protocol significantly improves the efficiency. © 2013 IEEE.

Kai Bu,Junze Bao,Minyu Weng,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1016/j.adhoc.2015.06.006

IF: 4.816

2016-01-01

Ad Hoc Networks

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring applications. Along with this trend, a corresponding important problem is to verify the intactness of a set of objects using that of their attached tags. Existing solutions necessitate the knowledge of tag identifiers (IDs), sharing the intuition that verifying whether any tag is absent comes after knowing which tags are supposed to be present. Such solutions, however, can hardly live up to the recent vision of anonymous RFID systems that isolate tag IDs from protocols design for privacy concern. In this paper, we take the first leap toward verifying intactness of anonymous RFID systems. We first identify three critical solution requirements—deterministic verification, anonymity preservation, and scalability—for applications tolerating no absence. Without tag IDs as a priori, we propose a series of crypto-free, lightweight protocols that satisfy the requirements. The proposed protocols explore tag-cardinality difference or leverage Direct-Sequence Spread Spectrum enabled RFID. We validate their performance in terms of accuracy, privacy, and scalability through both analytical and simulation results. To cater for applications that tolerate losing some tagged objects, we further explore probabilistic intactness verification to trade tiny accuracy for boosted efficiency.

Hung-Min Sun,Chen-En Lu,Shuai-Min Chen

DOI: https://doi.org/10.1109/tencon.2007.4429060

2007-01-01

Abstract:RFIDs have been popularly used in daily life. To avoid being intruded on user privacy, proper protection is necessary. The privacy issues, such as object tracking and forgery of tags, are widely studied in the literature. Traditionally, the reader is regarded as a part of the system. In mobile RFID environment, however, anyone who holds the reader can connect to the server and acquire other information about the objects he owns. To verify whether a reader has the rights to access the tags has become essential. In this paper, we propose an RFID authentication protocol that can achieve the above goal and provide tag anonymity and forgery resistance. Hence, the user privacy is guaranteed.

Ben Niu,Xiaoyan Zhu,Haotian Chi,Hui Li

DOI: https://doi.org/10.1007/s11277-014-1605-6

IF: 2.017

2014-01-01

Wireless Personal Communications

Abstract:Security and privacy issues in RFID technology gain tremendous popularity recently. However, existing work on RFID authentication problems always make assumptions such as (1) hash function can be fully employed in designing RFID protocols; (2) channels between readers and server are always secure. The first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be directly adopted in mobile RFID applications where wireless channels between readers and server are always insecure. To solve these problems, in this paper, we propose a novel ultralightweight and privacy-preserving authentication protocol for mobile RFID systems. We only use bitwise XOR, and several special constructed pseudo-random number generators to achieve our aims in the insecure mobile RFID environment. We use GNY logic to prove the security correctness of our proposed protocol. The security and privacy analysis show that our protocol can provide several privacy properties and avoid suffering from a number of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare several parameters with existing work, the evaluation results indicate us that our protocol significantly improves the system performance.

Chien-Ming Chen,Shuai-Min Chen,Xinying Zheng,Pei-Yu Chen,Hung-Min Sun

DOI: https://doi.org/10.1155/2014/704623

2014-01-01

The Scientific World JOURNAL

Abstract:RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In this paper, we propose a lightweight mutual authentication protocol adopting error correction code for RFID. Besides, we also propose an advanced version of our protocol to provide key updating. Based on the secrecy of shared keys, the reader and the tag can establish a mutual authenticity relationship. Further analysis of the protocol showed that it also satisfies integrity, forward secrecy, anonymity, and untraceability. Compared with other lightweight protocols, the proposed protocol provides stronger resistance to tracing attacks, compromising attacks and replay attacks. We also compare our protocol with previous works in terms of performance.

Kai Fan,Wei Wang,Yue Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/glocom.2016.7841663

2016-01-01

Abstract:Researchers and engineers have paid more attention to cloud-based application systems, whose features are virtualization and services provisioning. Fortunately the technology can be just right to healthcare. Meanwhile, security has also become more challenging. Although many cloud-based RFID authentication protocols have been proposed, some of them only improve the function and performance without considering security and privacy, and most of them are heavyweight. It is not appropriate in the field of healthcare, because improving the trustworthiness of anonymous virtual computing services should be the primary consideration. So we propose a lightweight privacy protection authentication scheme which can be applied in the cloud environment, in the scheme, service providers could be anonymous or unknown to the application consumer. Assuming many hospitals build a cloud platform together, the information of patient and his physician will be stored anonymously in the cloud. Patient can go to a doctor in any one hospital with a unique RFID tag. Reader may be fixed or mobile; Readers read tags and upload collected data to the cloud for further processing in real time. Compared with some traditional schemes, our scheme is lightweight, cost-efficient, elastic scalability, real-time, and easy to against synchronization attack.