Abstract
Radio Frequency Identification (RFID) is an emerging technology that is used for the unique identification of objects. RFID can be used in different application domains, including Health-care systems, where the safety of patient-sensitive data is a primary concern. Since the RFID technology is used in various medicine sectors, particularly real-time patient monitoring, patient medicine Information, medical emergency, and drug administration system, the use of RFID raises severe security and privacy concerns. In order to cope with these security issues, we propose an Elliptic curve based authentication protocol for RFID. The proposed model uses an implicit certificate concept to secure health-care data. We prove this claim for secure communication using the formal security analysis, i.e., BAN logic, security analysis based on the mathematical model, i.e., ROR model, formal verification using AVISPA tool, and informal security analysis. We review some of the RFID authentication schemes based on ECC in terms of performance and security. Our analysis indicates that the proposed protocol provides mobility, scalability, security, and privacy in the health care environment.
Similar content being viewed by others
References
Hunt VD, Puglia A, Puglia M (2007) RFID: a guide to radio frequency identification. Wiley, New York
Juels A, Weis SA (2009) Defining strong privacy for RFID. ACM Trans Inf Sys Sec (TISSEC) 13(1):7
Cai S, Li Y, Li T, Deng RH (2009) Attacks and improvements to an RIFD mutual authentication protocol and its extensions. In: Proceedings of the second ACM conference on wireless network security. ACM, pp 51–58
Atzori L, Iera A, Morabito G (2010) The internet of things: a survey. Comput Netw 54 (15):2787–2805
Jin C, Xu C, Zhang X, Zhao J (2015) A secure RFID mutual authentication protocol for healthcare environments using elliptic curve cryptography. J Med Sys 39(3):24
Chien HY (2009) The study of RFID authentication protocols and security of some popular RFID tags. In: Development and implementation of RFID technology IntechOpen
Wu F, Xu L, Kumari S, Li X, Das AK, Shen J (2018) A lightweight and anonymous RFID tag authentication protocol with cloud assistance for e-healthcare applications. J Ambient Intell Hum Comput 9(4):919–930
Yang J, Park J, Lee H, Ren K, Kim K (2005) Mutual authentication protocol for low-cost RFID. In: Workshop on RFID and lightweight crypto. WRLC, pp 17–24
Piramuthu S (2011) RFID mutual authentication protocols. Decis Sup Sys 50(2):387–393
Liao YP, Hsiao CM (2014) A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol. Ad Hoc Netw 18:133–146
Zhao Z (2014) A secure RFID authentication protocol for healthcare environments using elliptic curve cryptosystem. J Med Sys 38(5):46
Chou JS (2014) An efficient mutual authentication RFID scheme based on elliptic curve cryptography. J Supercomput 70(1):75–94
Zhang Z, Qi Q (2014) An efficient RFID authentication protocol to enhance patient medication safety using elliptic curve cryptography. J Med Sys 38(5):47
Farash MS (2014) Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography. J Supercomput 70(2):987–1001
Agrahari AK, Varma S (2020) Authentication in RFID Scheme Based on Elliptic Curve Cryptography. Safety, Security, and Reliability of Robotic Systems: Algorithms, Applications, and Technologies, 217.
He D, Kumar N, Chilamkurti N, Lee JH (2014) Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol. J Med Sys 38(10):116
Lee CI, Chien HY (2015) An elliptic curve cryptography-based RFID authentication securing E-health system. Int J Distrib Sensor Netw 11(12):642425
Farash MS, Nawaz O, Mahmood K, Chaudhry SA, Khan MK (2016) A provably secure RFID authentication protocol based on elliptic curve for healthcare environments. J Med Sys 40(7):165
Alamr AA, Kausar F, Kim J, Seo C (2018) A secure ECC-based RFID mutual authentication protocol for internet of things. J Supercomput 74(9):4281–4294
Naeem M, Chaudhry SA, Mahmood K, Karuppiah M, Kumari S (2020) A scalable and secure RFID mutual authentication protocol using ECC for Internet of Things. Int J Commun Sys 33(13), e3906
Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48(177):203–209
Miller VS (1985) Use of elliptic curves in cryptography. In: Conference on the theory and application of cryptographic techniques. Springer, Berlin, pp 417–426
SEC 2 (2010) Recommended elliptic curve domain parameters. Version 2.0. www.secg.org
Barker EB, Kelsey JM (2012) Sp 800-90a. recommendation for random number generation using deterministic random bit generators
SECG. SEC 1: Elliptic Curve Cryptography May 2009. Version 2.0
Burrows M, Abadi M, Needham RM (1989) A logic of authentication. Proc Royal Soc London A Math Phys Sci 426(1871):233–271
Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29 (2):198–208
Koblitz N, Menezes A, Vanstone S (2000) The state of elliptic curve cryptography. Desig Codes Crypt 19(2-3):173–193
Ibrahim A, Dalkılıc G (2019) Review of different classes of RFID authentication protocols. Wirel Netw 25(3):961–974
Arshad H, Nikooghadam M (2016) An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimedia Tools Appl 75(1):181–197
Qiu S, Xu G, Ahmad H, Xu G, Qiu X, Xu H (2019) An improved lightweight two-factor authentication and key agreement protocol with dynamic identity based on elliptic curve cryptography. TIIS 13 (2):978–1002
Kilinc HH, Yanik T (2014) A survey of SIP authentication and key agreement schemes. IEEE Commun Surv Tutor 16(2):1005–1023
Bellare P, Rogaway (1993) Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM conference on computer and communications security, in: CCS ’93. ACM, New York, pp 62–73
Reddy G, Das AK, Odelu V, Ahmad A, Shin JS (2019) A privacy preserving three-factor authenticated key agreement protocol for client–server environment. J Ambient Intell Humaniz Comput 10(2):661–68
Srinivas J, Das AK, Kumar N, Rodrigues JJ (2018) Cloud centric authentication for wearable healthcare monitoring system. IEEE Transactions on Dependable Secure Computing, 17(5), 942–956.
AVISPA (2018) Automated validation of internet security protocols and applications, http://www.avispa-project.org. Accessed May 2018
Berenjian S, Hajizadeh S, Atani RE (2019) An incentive security model to provide fairness for peer-to-peer networks. In: 2019 IEEE conference on application, information and network security (AINS). IEEE, pp 71–76
Berenjian S, Shajari M, Farshid N, Hatamian M (2016) Intelligent automated intrusion response system based on fuzzy decision making and risk assessment. In: 2016 IEEE 8th international conference on intelligent systems (IS). IEEE, pp 709–714
Naghizadeh A, Berenjian S, Meamari E, Atani RE (2016) Structural-based tunneling: Preserving mutual anonymity for circular P2P networks. Int J Commun Sys 29(3):602–619
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Agrahari, A.K., Varma, S. A provably secure RFID authentication protocol based on ECQV for the medical internet of things. Peer-to-Peer Netw. Appl. 14, 1277–1289 (2021). https://doi.org/10.1007/s12083-020-01069-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-020-01069-z