Abstract
Radio Frequency Identification (RFID) systems authenticate products as well as people without any physical contact. Using RFID systems is an inevitable part of recent identifying and shopping affairs. However, RFID systems have huge hardware limitations in tags side because of their need to be as cheap as possible and in access for vast number of products. Moreover, The identity of the tag owners has to be anonymous and secure from the attackers actions. These critical necessities have made researchers to concentrate on designing lightweight secure authentication protocols. In this paper, four new designed lightweight RFID authentication protocols are analyzed. Security and privacy of each protocol is analyzed, and the weaknesses are proved, discussed and modified. We demonstrate that none of them provide even weak privacy level. Each protocol is improved through a solution to overcome the weaknesses and provide at least the weak privacy. All of the privacy and security analysis are done in the Vaudenay model. Also, we propose a new lightweight protocol which uses the pros of the considered protocols and provides weak privacy level. Moreover, some comprehensive methods are proposed to provide weak privacy in the lightweight authentication protocols.
Similar content being viewed by others
References
Bilal, Z. (2015). Addressing security and privacy issues in low-cost RFID systems (Doctoral dissertation, PHD thesis, Royal Holloway, University of London).
Xie, L., Yin, Y., Vasilakos, A. V., & Lu, S. (2014). Managing RFID data: Challenges, opportunities and solutions. IEEE Communications Surveys and Tutorials, 16(3), 1294–1311.
Alagheband, M. R., & Aref, M. R. (2013). Unified privacy analysis of new-found RFID authentication protocols. Security and Communication Networks, 6(8), 999–1009.
Sohrabi-Bonab, Z., Alagheband, M. R., & Aref, M. R. (2013). Traceability analysis of quadratic residue-based RFID authentication protocols. In Eleventh annual international conference on privacy, security and trust (PST), 2013 (pp. 61–68). IEEE.
Memon, I., Hussain, I., Akhtar, R., & Chen, G. (2015). Enhanced privacy and authentication: An efficient and secure anonymous communication for location based service using asymmetric cryptography scheme. Wireless Personal Communications, 84(2), 1487–1508.
Moessner, M., & Khan, G. N. (2012). Secure authentication scheme for passive C1G2 RFID tags. Computer Networks, 56(1), 273–286.
Memon, I., Arain, Q. A., Memon, H., & Mangi, F. A. (2017). Efficient user based authentication protocol for location based services discovery over road networks. Wireless Personal Communications, 95(4), 3713–3732.
Gupta, B., Agrawal, D. P., & Yamaguchi, S. (Eds.). (2016). Handbook of research on modern cryptographic solutions for computer and cyber security. IGI Global.
Rogaway, P. (2004). On the role definitions in and beyond cryptography. In Annual Asian computing science conference (pp. 13–32). Berlin: Springer
Avoine, G. (2005). Radio frequency identification: adversary model and attacks on existing protocols (No. LASEC-REPORT-2005-001).
Juels, A., & Weis, S. A. (2009). Defining strong privacy for RFID. ACM Transactions on Information and System Security (TISSEC), 13(1), 7.
Ouafi, K., & Phan, R. C. W. (2008, June). Traceable privacy of recent provably-secure RFID protocols. In International conference on applied cryptography and network security (pp. 479–489). Berlin: Springer.
Vaudenay, S. (2007). On privacy models for RFID. In International conference on the theory and application of cryptology and information security (pp. 68–87). Springer, Berlin
Ohkubo, M., Suzuki, K., & Kinoshita, S. (2003). Cryptographic approach to “privacy-friendly” tags. In RFID privacy workshop (Vol. 82).
Avoine, G., Coisel, I., & Martin, T. (2010). Time measurement threatens privacy-friendly RFID authentication protocols. In International workshop on radio frequency identification: Security and privacy issues (pp. 138–157). Berlin: Springer.
Dass, P., & Om, H. (2016). A secure authentication scheme for RFID systems. Procedia Computer Science, 78, 100–106.
Zhang, W., Liu, S., Wang, S., Yi, B., & Wu, L. (2017). An efficient lightweight RFID authentication protocol with strong trajectory privacy protection. Wireless Personal Communications, 96(1), 1215–1228.
Shen, J., Tan, H., Zhang, Y., Sun, X., & Xiang, Y. (2017). A new lightweight RFID grouping authentication protocol for multiple tags in mobile environment. Multimedia Tools and Applications, 76(21), 22761–22783.
Wu, F., Xu, L., Kumari, S., Li, X., Das, A. K., & Shen, J. (2017). A lightweight and anonymous RFID tag authentication protocol with cloud assistance for e-healthcare applications. Journal of Ambient Intelligence and Humanized Computing, pp. 1–12.
Erguler, I., Anarim, E., & Saldamli, G. (2014). Unbalanced states violates RFID privacy. Journal of Intelligent Manufacturing, 25(2), 273–281.
Burmester, M., Van Le, T., & de Medeiros, B. (2006, August). Provably secure ubiquitous systems: Universally composable RFID authentication protocols. In Securecomm and workshops, 2006 (pp. 1–9). IEEE.
Erguler, I., & Anarim, E. (2011). Scalability and security conflict for RFID authentication protocols. Wireless Personal Communications, 59(1), 43–56.
Erguler, I., Anarim, E., & Saldamli, G. (2011). A salient missing link in rfid security protocols. EURASIP Journal on Wireless Communications and Networking, 2011(1), 541283.
Avoine, G., Dysli, E., & Oechslin, P. (2005). Reducing time complexity in RFID systems. In International workshop on selected areas in cryptography (pp. 291–306). Springer, Berlin.
Ng, C. Y., Susilo, W., Mu, Y., & Safavi-Naini, R. (2008). RFID privacy models revisited. In European symposium on research in computer security (pp. 251–266). Berlin: Springer.
Ouafi, K., & Vaudenay, S. (2012). Strong privacy for RFID systems from plaintext-aware encryption. In International conference on cryptology and network security (pp. 247–262). Berlin: Springer.
Ng, C. Y., Susilo, W., Mu, Y., & Safavi-Naini, R. (2009). New privacy results on synchronized RFID authentication protocols against tag tracing. In European symposium on research in computer security (pp. 321–336). Berlin: Springer.
Alagheband, M. R., & Aref, M. R. (2014). Simulation-based traceability analysis of RFID authentication protocols. Wireless Personal Communications, 77(2), 1019–1038.
Fan, K., Ge, N., Gong, Y., Li, H., Su, R., & Yang, Y. (2017). An ultra-lightweight RFID authentication scheme for mobile commerce. Peer-to-Peer Networking and Applications, 10(2), 368–376.
He, D., Kumar, N., & Chilamkurti, N. (2015). A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Information Sciences, 321, 263–277.
Ha, J., Ha, J., Moon, S., & Boyd, C. (2007). LRMAP: lightweight and resynchronous mutual authentication protocol for RFID system. In Ubiquitous convergence technology (pp. 80–89). Springer, Berlin.
Shen, J., Tan, H. W., Wang, J., Wang, J. W., & Lee, S. Y. (2015). A novel routing protocol providing good transmission reliability in underwater sensor networks. Internet Technol, 16(1), 171–178.
Shoup, V. (2004). Sequences of games: A tool for taming complexity in security proofs. IACR Cryptology ePrint Archive, 2004, 332.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Gholami, V., Alagheband, M.R. Provably privacy analysis and improvements of the lightweight RFID authentication protocols. Wireless Netw 26, 2153–2169 (2020). https://doi.org/10.1007/s11276-019-02037-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11276-019-02037-z