Abhay Kumar Agrahari,Shirshu Varma

DOI: https://doi.org/10.1007/s12083-020-01069-z

2021-03-05

Abstract:Radio Frequency Identification (RFID) is an emerging technology that is used for the unique identification of objects. RFID can be used in different application domains, including Health-care systems, where the safety of patient-sensitive data is a primary concern. Since the RFID technology is used in various medicine sectors, particularly real-time patient monitoring, patient medicine Information, medical emergency, and drug administration system, the use of RFID raises severe security and privacy concerns. In order to cope with these security issues, we propose an Elliptic curve based authentication protocol for RFID. The proposed model uses an implicit certificate concept to secure health-care data. We prove this claim for secure communication using the formal security analysis, i.e., BAN logic, security analysis based on the mathematical model, i.e., ROR model, formal verification using AVISPA tool, and informal security analysis. We review some of the RFID authentication schemes based on ECC in terms of performance and security. Our analysis indicates that the proposed protocol provides mobility, scalability, security, and privacy in the health care environment.

computer science, information systems,telecommunications

Khwaja Mansoor,Anwar Ghani,Shehzad Ashraf Chaudhry,Shahaboddin Shamshirband,Shahbaz Ahmed Khan Ghayyur,Amir Mosavi,Shehzad Chaudhry,Shahbaz Ghayyur

DOI: https://doi.org/10.3390/s19214752

IF: 3.9

2019-11-01

Sensors

Abstract:Despite the many conveniences of Radio Frequency Identification (RFID) systems, the underlying open architecture for communication between the RFID devices may lead to various security threats. Recently, many solutions were proposed to secure RFID systems and many such systems are based on only lightweight primitives, including symmetric encryption, hash functions, and exclusive OR operation. Many solutions based on only lightweight primitives were proved insecure, whereas, due to resource-constrained nature of RFID devices, the public key-based cryptographic solutions are unenviable for RFID systems. Very recently, Gope and Hwang proposed an authentication protocol for RFID systems based on only lightweight primitives and claimed their protocol can withstand all known attacks. However, as per the analysis in this article, their protocol is infeasible and is vulnerable to collision, denial-of-service (DoS), and stolen verifier attacks. This article then presents an improved realistic and lightweight authentication protocol to ensure protection against known attacks. The security of the proposed protocol is formally analyzed using Burrows Abadi-Needham (BAN) logic and under the attack model of automated security verification tool ProVerif. Moreover, the security features are also well analyzed, although informally. The proposed protocol outperforms the competing protocols in terms of security.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Feng Zhu,Peng Li,He Xu,Ruchuan Wang

DOI: https://doi.org/10.3390/s20174846

IF: 3.9

2020-08-27

Sensors

Abstract:The Internet of Things (IoT) has been integrated into legacy healthcare systems for the purpose of improving healthcare processes. As one of the key technologies of IoT, radio frequency identification (RFID) technology has been applied to offer services like patient monitoring, drug administration, and medical asset tracking. However, people have concerns about the security and privacy of RFID-based healthcare systems, which require a proper solution. To solve the problem, recently in 2019, Fan et al. proposed a lightweight RFID authentication scheme in the IEEE Network. They claimed that their scheme can resist various attacks in RFID systems with low implementation cost, and thus is suitable for RFID-based healthcare systems. In this article, our contributions mainly consist of two parts. First, we analyze the security of Fan et al.’s scheme and find out its security vulnerabilities. Second, we propose a novel lightweight authentication scheme to overcome these security weaknesses. The security analysis shows that our scheme can satisfy the necessary security requirements. Besides, the performance evaluation demonstrates that our scheme is of low cost. Thus, our scheme is well-suited for practical RFID-based healthcare systems.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Haradhan Ghosh,Pramod Kumar Maurya,Satya Bagchi

DOI: https://doi.org/10.1504/ijahuc.2024.141960

2024-10-04

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:Radio frequency identification technology has been rapidly embraced throughout different wireless communication domains as one of the primary identification solutions for the internet of things. Most present RFID authentication techniques are susceptible to a wide range of malicious attacks. A typical security feature in RFID authentication protocols is key updating, which leads to desynchronisation attacks. We propose a shared key update approach to overcome this issue by the hash function, properties of eigenvectors of a matrix, and addition and concatenation operations. Formal and informal security analyses of the proposed protocol reveal that it is durable to numerous assaults. To simulate the protocol, we apply the Scyther tool, and the findings suggest that the proposed protocol may endure severe assaults. The performance analysis also shows that it has less computation costs on the tag side, making it suitable for use in real-time control systems.

computer science, information systems,telecommunications

Maurya, Pramod Kumar

DOI: https://doi.org/10.1007/s12083-023-01620-8

IF: 3.488

2024-01-10

Peer-to-Peer Networking and Applications

Abstract:With the moderate and constant advancement of the smart internet of things (IoT) and the propagation of 5 G correspondence innovation, the security of asset-controlled IoT apparatuses like RFID-based telecare medicine information system (TMIS) applications has gotten overwhelming consideration. TMIS functions as an engineered overpass among patients staying at home, and specialists at medical services associations are authorized to approve the accuracy of exchanged information records among different association users. The utilization of RFID raises extreme security and protection concerns. Additionally, because of the wireless channel, RFID-based TMIS has a variety of security vulnerabilities, including spoofing, DoS, replay, and de-synchronization attacks. We propose a secret sharing-based authentication protocol for RFID using elliptic curve cryptography to prevent these security issues. We employ random oracle model to demonstrate the security features of the proposed protocol. In addition, we use Scyther tool and BAN logic for formal security analysis of the protocol. The performance analysis results show that the proposed protocol minimizes storage, computation, and communication costs. Therefore, our protocol is suitable and can be implemented for RFID-based TMIS.

computer science, information systems,telecommunications

Xingmiao Wang,Kai Fan,Kan Yang,Xiaochun Cheng,Qingkuan Dong,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.comcom.2022.01.014

IF: 5.047

2022-03-01

Computer Communications

Abstract:The widespread application of Radio Frequency Identification (RFID) technology in smart living, especially in smart healthcare, has greatly facilitated patient management, reduced the labour cost of medical services, and provided patients with better medical services. However, improper use of RFID tags is highly likely to threaten the safety and privacy of hospitals and even patients, which may not only cause physical and mental harm to patients but also damage the reputation of hospitals. Medical monitoring system based on RFID technology plays a significant role in guaranteeing the security of medical records as well as the privacy of patients. Nevertheless, due to the resource constraint of RFID tags/readers, it is also challenging to design an efficient and effective authentication protocol for RFID medical monitoring system. Aiming to reduce the resource overhead and meet security requirements of the RFID system, in this paper, we propose an ultra-lightweight RFID security authentication protocol utilizing a cloud server named CRUSAP, which is based on Bit-Crossing XOR rearrangement operations that can effectively resist forgery attacks, replay attacks, desynchronization attacks, and denial of service attacks while certifying the cloud server. The formal logic of BAN proves the safety and feasibility of the protocol. Additionally, the security analysis and experimental results show that the proposed authentication protocol can realize higher security goals at a lower cost and is more suitable for scaling to large-scale authentication.

computer science, information systems,telecommunications,engineering, electrical & electronic

S. Satheesh Kumar,Manjula Sanjay Koti

DOI: https://doi.org/10.1007/s13721-021-00329-z

2021-08-12

Network Modeling Analysis in Health Informatics and Bioinformatics

Abstract:In recent decades, broad range of Internet of Things (IoT) technologies are deployed such as machine to machine communication, Internet Technologies (IT), robots, smart devices, and wireless sensor networks. IoT is a spectacular technology in the modern world of IT in which the objects can do data transmission and connect using the intranet or internet networks. Data security and privacy is one of the top most challenging issue where several researchers are showing interest that to especially in healthcare domain. For this reason, a hybrid combination of Elliptic Curve Digital Signature Algorithm (ECDSA), Rivest Cipher 4 (RC4), and Secure Hash Algorithm (SHA-256) is proposed for protecting the reliable data which is transmitted from the IoT based healthcare systems. In the proposed model, the ECDSA is used for improving the RC4 in which the encryption of key is processed by ECDSA for performing the XOR operation in RC4. Furthermore, the security is ensured by transforming the incoming data using the SHA-256 technique. Experimental results show that the proposed model outperforms for 10 MB of data in terms of encryption time that obtained as 631 ms, decryption time is 616 ms, and throughput obtained by the proposed models is 11.71 MB/ms when compared with other existing techniques such as ECC+3DES+SHA-256, RC4+AES+SHA-256, and ECC+RC2+SHA-256.

Kiran Dewangan,Mina Mishra,Naveen Kumar Dewangan

DOI: https://doi.org/10.1007/s11845-020-02425-x

Abstract:Internet of Things is a fast growing technology and a network of devices in which everything (smart objects or smart devices) are associated to the internet for effective exchange of information between these connected objects. Internet of Things (IoT) serves as a method for healthcare and acts as an essential part in broad range of real-time healthcare monitoring applications. Previous work shows networked sensor devices, either equipped on the body or embedded inside living being or a camera, make possible in gathering real-time information to evaluate physical and mental health state of the patient by collecting body temperature, blood pressure, patient's image, etc. Communicating this collected real-time data to the doctor, making accurate assessment on the data gathered and notifying the patient is challenging task in the IoT. The architechture of Internet of Things comprises of three layers, and it is the network of devices embedded with sensor, software, and electronics, enabling this device to communicate with each other and exchange data over a computer network. The IoT-based real-time healthcare systems are highly vulnerable to cyber-attacks as the numbers of sensors are deployed in an unprotected network. These may even introduce the attacks, which cannot be monitored and controlled. This paper attempts to review the previous work done and a new scheme has been proposed, the new lightweight authentication protocol for smart real-time healthcare. The proposed scheme requires implementation with the authentication protocol. It is important to satisfy the major parameters of security: confidentiality, integrity, authentication, and access control. In this paper our focus is on the authentication of devices.

Sanjeev Kumar,Haider Banka,Baijnath Kaushik,Kumar, Sanjeev

DOI: https://doi.org/10.1007/s11042-024-19013-1

IF: 2.577

2024-04-02

Multimedia Tools and Applications

Abstract:Nowadays, wireless technology has been widely used in healthcare and communication systems. It makes our life easier in all respects. A radiofrequency identification device (RFID) has been deployed as a wireless and identity communication device. RFID is a low-resource device that requires cryptography with limited energy regarding the minimum key size. Security and authentication between the server and the tags are key challenges for an RFID system to maintain data privacy. This article presents the security vulnerabilities of recent existing RFID authentication schemes. Keeping the focus on stringent security, privacy, and low cost, we have designed a new lightweight group authentication protocol for the robust RFID system. A single server controls multiple tags by using the proposed lightweight protocol in the RFID system. Formal and informal security analysis is performed compared to other lightweight group authentication articles in which only informal security analysis is carried out. The formal security strength of our proposed protocol is analyzed using the AVISPA (Automated Verification of Internet Security Protocol Analysis) tool, confirming that it is safe from different security threats. The newly designed protocol's performance analysis results are measured in terms of computational cost, storage space, and communication cost. Finally, the combined consequence of security and lightweight of the proposed group authentication protocol is superior and outperforms compared to the existing scheme.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Vikas Kumar,Rahul Kumar,Akber Ali Khan,Vinod Kumar,Yu-Chi Chen,Chin-Chieh Chang

DOI: https://doi.org/10.3390/s22093110

IF: 3.9

2022-04-19

Sensors

Abstract:The Internet of Things (IoT) is a future trend that uses the Internet to connect a variety of physical things with the cyber world. IoT technology is rapidly evolving, and it will soon have a significant impact on our daily lives. While the growing number of linked IoT devices makes our daily lives easier, it also puts our personal data at risk. In IoT applications, Radio Frequency Identification (RFID) helps in the automatic identification of linked devices, and the dataflow of the system forms a symmetry in communication between the tags and the readers. However, the security and privacy of RFID-tag-connected devices are the key concerns. The communication link is thought to be wireless or insecure, making the RFID system open to several known threats. In order to address these security issues, we propose a robust authentication framework for IoT-based RFID infrastructure. We use formal security analysis in the random oracle model, as well as information analysis to support the claim of secure communication. Regarding the desirable performance characteristics, we describe and analyze the proposed framework’s performance and compare it to similar systems. According to our findings, the proposed framework satisfies all security requirements while also improving the communication.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Behzad Abdolmaleki,Karim Baghery,Shahram Khazaei,Mohammad Reza Aref

DOI: https://doi.org/10.1007/s11277-017-4145-z

IF: 2.017

2017-04-29

Wireless Personal Communications

Abstract:Recently, Radio Frequency Identification (RFID) and Near Field Communication systems are found in various user-friendly services that all of us deal with in our daily lives. As these systems are ubiquitously deployed in different authentication and identification applications, inferring information about our behavior will be possible by monitoring our use of them. In order to provide privacy and security requirements of RFID users in novel authentication applications, lots of security schemes have been proposed which have tried to provide secure and untraceable communication for end-users. In this paper, we investigate the privacy of three RFID security schemes which have been proposed recently. For privacy analysis, we use the well-known RFID formal privacy model proposed by Ouafi and Phan. We show that all the studied protocols have some privacy drawbacks, making them vulnerable to various traceability attacks. Moreover, in order to overcome all the reported weaknesses and prevent the presented attacks, we apply some modifications in the structures of the studied protocols and propose an improved version of each one. Our analyses show that the modified protocols are more efficient than their previous versions and new modifications can omit all the existing weaknesses on the analyzed protocols. Finally, we compare the modified protocols with some new-found RFID authentication protocols in the terms of security and privacy.

telecommunications

V. Chegeni,H. Haj Seyyed javadi,M. R Moazami Goudarzi,A. Rezakhani

DOI: https://doi.org/10.22042/isecure.2020.226400.535

2021-04-16

Abstract:Today, the Internet of Things (IoT) is one of the emerging technologies that enable the connection and transfer of information through communication networks. The main idea of the IoT is the widespread presence of objects such as mobile devices, sensors, and RFID. With the increase in traffic volume in urban areas, the existing intelligent urban traffic management system based on IoT can be vital. Therefore, this paper focused on security in urban traffic based on using RFID. In our scheme, RFID tags chose as the purpose of this article. We, in this paper, present a mutual authentication protocol that leads to privacy based on hybrid cryptography. Also, an authentication process with RFID tags is proposed that can be read at high speed. The protocol has attempted to reduce the complexity of computing. At the same time, the proposed method can withstand attacks such as spoofing of tag and reader, tag tracking, and replay attack.

Cryptography and Security

Junbin Kang,Kai Fan,Kuan Zhang,Xiaochun Cheng,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.comcom.2020.12.004

IF: 5.047

2021-02-01

Computer Communications

Abstract:<p>As an application of IoT technology in the healthcare industry, IoMT has higher security requirements than IoT while improving medical efficiency and reducing medical costs. How to ensure the safety of IoMT is a challenging task. In the implementation of IoMT, Radio-Frequency Identification (RFID) is a key technology for establishing an identity authentication system, which can efficiently identify medical equipment and patients. Designing a safe and efficient RFID authentication protocol will help protect user privacy, enhance the security of the IoMT system and improve the efficiency of medical staff to detect and manage patients. Most of the existing RFID authentication protocols can only authenticate one tag in each authentication session, which is called a per-tag protocol. In medical scenarios that need to efficiently authenticate a mass of tags at short notice, the use of traditional per-tag protocols is inefficient and may delay the treatment of patients. To solve the problem that the per-tag protocols are not applicable in some medical scenarios, we designed a low-cost batch authentication protocol which can accurately identify each illegal tag and reduce the overhead of authentication data transmission. We use the solution of homogeneous linear equations as a key to encrypt the authentication data of the tag to further reduce the cost of the tag. The protocol proposed in this paper is capable of batch certification of tags, with strong security and low tag cost. After security analysis and performance analysis, our scheme can be well applied to IoMT.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic

Kai Bu,Junze Bao,Minyu Weng,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1016/j.adhoc.2015.06.006

IF: 4.816

2016-01-01

Ad Hoc Networks

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring applications. Along with this trend, a corresponding important problem is to verify the intactness of a set of objects using that of their attached tags. Existing solutions necessitate the knowledge of tag identifiers (IDs), sharing the intuition that verifying whether any tag is absent comes after knowing which tags are supposed to be present. Such solutions, however, can hardly live up to the recent vision of anonymous RFID systems that isolate tag IDs from protocols design for privacy concern. In this paper, we take the first leap toward verifying intactness of anonymous RFID systems. We first identify three critical solution requirements—deterministic verification, anonymity preservation, and scalability—for applications tolerating no absence. Without tag IDs as a priori, we propose a series of crypto-free, lightweight protocols that satisfy the requirements. The proposed protocols explore tag-cardinality difference or leverage Direct-Sequence Spread Spectrum enabled RFID. We validate their performance in terms of accuracy, privacy, and scalability through both analytical and simulation results. To cater for applications that tolerate losing some tagged objects, we further explore probabilistic intactness verification to trade tiny accuracy for boosted efficiency.

Seyed Salman Sajjadi Ghaemmaghami,Afrooz Haghbin,Mahtab Mirmohseni

DOI: https://doi.org/10.48550/arXiv.1601.04622

2016-01-19

Abstract:Radio Frequency IDentification (RFID) is a pioneer technology which has depicted a new lifestyle for humanity in all around the world. Every day we observe an increase in the scope of RFID applications and no one cannot withdraw its numerous usage around him/herself. An important issue which should be considered is providing privacy and security requirements of an RFID system. Recently in 2014, Cai et al. proposed two improved RFID authentication protocols based on R-RAPS rules by the names of IHRMA and I2SRS. In this paper, we investigate the privacy of the aforementioned protocols based on Ouafi and Phan formal privacy model and show that both IHRMA and I2SRS protocols cannot provide private authentication for RFID users. Moreover, we showthat these protocols are vulnerable to impersonation, DoS and traceability attacks. Then, by considering the drawbacks of the studied protocols and implementation of messages with new structures, we present two improved efficient and secure authentication protocols to ameliorate the performance of Cai et al schemes. Our analysis illustrate that the existing weaknesses of the discussed protocols are eliminated in our proposed protocols.

Cryptography and Security

J Yang,Kui Ren,Kwangjo Kim

2005-01-01

Abstract:In the near future, radio frequency identiflcation (RFID) technology is expected to play an important role for object identiflcation as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Difierent from the previous works (4, 14), our protocol flrstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.

Rong Zhu,Xiaoxi He,Jiahong Xie,Zongjie Zhang,Ping Wang

DOI: https://doi.org/10.1109/bigdatase50710.2020.00017

2020-01-01

Abstract:RFID system plays an important role in railway transportation. The importance of RFID security has always been a concern. However, attack methods also develop with the development of protocol design. Many authentication protocols which declared to be secure actually have some defects. These defects may help the attacker to obtain important and confidential data, which can lead to more severe problems. In this paper, we discovered some weaknesses in Safkhani et al.’s RFID authentication scheme. Through theoretical analysis and experiment by an automated analysis tool ProVerif, we found their protocol is susceptible to forgery attack and desynchronization attack. After that, we proposed an improved scheme which achieved better security. Besides, we used ProVerif to formally prove the security of our protocol. ProVerif is more flexible and powerful compared with other formal verification tools. The experiment result shows our protocol is safer than Safkhani et al.’s scheme. In general, our protocol is more practical in the application of the RFID system.

Wei Xie,Chen Zhang,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.48550/arXiv.1304.1318

2013-04-04

Cryptography and Security

Abstract:This paper address a new problem in RFID authentication research for the first time. That is, existing RFID authentication schemes generally assume that the backend server is absolutely secure, however, this assumption is rarely tenable in practical conditions. It disables existing RFID authentication protocols from being safely applied to a reallife scenario in which the backend server is actually vulnerable, compromised or even malicious itself. We propose an RFID authentication scheme against an unsecure backend server. It is based on hash chain, searching over encrypted data, and coprivacy, defending against the privacy revealing to the backend server. The proposed scheme is scalable, resistant to desynchronization attacks, and provides mutual authentication in only three frontend communication steps. Moreover, it is the first scheme meeting the special security and privacy requirement for a cloud-based RFID authentication scenario in which the backend server is untrustworthy to readers held by cloud clients.