Lightweight Mutual Authentication Protocol for Low Cost RFID Tags

Radio Frequency Identification (RFID) technology one of the most promising technologies in the field of ubiquitous computing. Indeed, RFID technology may well replace barcode technology. Although it offers many advantages over other identification systems, there are also associated security risks that are not easy to be addressed. When designing a real lightweight authentication protocol for low cost RFID tags, a number of challenges arise due to the extremely limited computational, storage and communication abilities of Low-cost RFID tags. This paper proposes a real mutual authentication protocol for low cost RFID tags. The proposed protocol prevents passive attacks as active attacks are discounted when designing a protocol to meet the requirements of low cost RFID tags. However the implementation of the protocol meets the limited abilities of low cost RFID tags.Comment: 11 Pages, IJNS

MUMAP: Modified Ultralightweight Mutual Authentication protocol for RFID enabled IoT networks

Flawed authentication protocols led to the need for a secured protocol for radio frequency identification (RFID) techniques. In this paper, an authentication protocol named Modified ultralightweight mutual authentication protocol (MUMAP) has been proposed and cryptanalysed by Juel-Weis challenge. The proposed protocol aimed to reduce memory requirements in the authentication process for low-cost RFID tags with limited resources. Lightweight operations like XOR and Left Rotation, are used to circumvent the flaws made in the other protocols. The proposed protocol has three-phase of authentication. Security analysis of the proposed protocol proves its resistivity against attacks like desynchronization, disclosure, tracking, and replay attack. On the other hand, performance analysis indicates that it is an effective protocol to use in low-cost RFID tags. Juel-Weis challenge verifies the proposed protocol where it shows insusceptibility against modular operations

SLEC: A Novel Serverless RFID Authentication Protocol Based on Elliptic Curve Cryptography

Radio Frequency Identification (RFID) is one of the leading technologies in the Internet of Things (IoT) to create an efficient and reliable system to securely identify objects in many environments such as business, health, and manufacturing areas. Since the RFID server, reader, and tag communicate via insecure channels, mutual authentication between the reader and the tag is necessary for secure communication. The central database server supports the authentication of the reader and the tag by storing and managing the network data. Recent lightweight RFID authentication protocols have been proposed to satisfy the security features of RFID communication. A serverless RFID system is a new promising solution to alternate the central database for mobile RFID models. In this model, the reader and the tag perform the mutual authentication without the support of the central database server. However, many security challenges arise from implementing the lightweight RFID authentication protocols in the serverless RFID network. We propose a new robust serverless RFID authentication protocol based on the Elliptic Curve Cryptography (ECC) to prevent the security attacks on the network and maintain the confidentiality and the privacy of the authentication messages and tag information and location. While most of the current protocols assume a secure channel in the setup phase to transmit the communication data, we consider in our protocol an insecure setup phase between the server, reader, and tag to ensure that the data can be renewed from any checkpoint server along with the route of the mobile RFID network. Thus, we implemented the elliptic curve cryptography in the setup phase (renewal phase) to transmit and store the data and the public key of the server to any reader or tag so that the latter can perform the mutual authentication successfully. The proposed model is compared under the classification of the serverless model in term of computation cost and security resistance

Security Analysis of Fan et al. Lightweight RFID Authentication Protocol for Privacy Protection in IoT

The designers of Radio-Frequency IDentification (RFID) systems have a challenging task for proposing secure mutual authentication protocols for Internet of Things (IoT) applications. Recently, Fan et al. proposed a new lightweight RFID mutual authentication protocol in the journal of IEEE Transactions on Industrial Informatics. They claimed that their protocol meets necessary security properties for RFID systems and can be applied for IoT. In this paper, we analyze the security of this protocol and show that it is vulnerable against secret disclosure, reader impersonation and tag traceability attacks. Additionally, we show that in their protocol the anonymity of the tag does not held

Cryptanalysis of two mutual authentication protocols for low-cost RFID

Radio Frequency Identification (RFID) is appearing as a favorite technology for automated identification, which can be widely applied to many applications such as e-passport, supply chain management and ticketing. However, researchers have found many security and privacy problems along RFID technology. In recent years, many researchers are interested in RFID authentication protocols and their security flaws. In this paper, we analyze two of the newest RFID authentication protocols which proposed by Fu et al. and Li et al. from several security viewpoints. We present different attacks such as desynchronization attack and privacy analysis over these protocols.Comment: 17 pages, 2 figures, 1 table, International Journal of Distributed and Parallel system

A Secure RFID Authentication Protocol Adopting Error Correction Code

RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In this paper, we propose a lightweight mutual authentication protocol adopting error correction code for RFID. Besides, we also propose an advanced version of our protocol to provide key updating. Based on the secrecy of shared keys, the reader and the tag can establish a mutual authenticity relationship. Further analysis of the protocol showed that it also satisfies integrity, forward secrecy, anonymity, and untraceability. Compared with other lightweight protocols, the proposed protocol provides stronger resistance to tracing attacks, compromising attacks and replay attacks. We also compare our protocol with previous works in terms of performance

SLEC: A Novel Serverless RFID Authentication Protocol Based on Elliptic Curve Cryptography

Internet of Things (IoT) is a new paradigm that has been evolving into the wireless sensor networks to expand the scope of networked devices (or things). This evolution drives communication engineers to design secure and reliable communication at a low cost for many network applications such as radio frequency identification (RFID). In the RFID system, servers, readers, and tags communicate wirelessly. Therefore, mutual authentication is necessary to ensure secure communication. Normally, a central server supports the authentication of readers and tags by distributing and managing the credentials. Recent lightweight RFID authentication protocols have been proposed to satisfy the security features of RFID networks. Using a serverless RFID system is an alternative solution to using a central server. In this model, both the reader and the tag perform mutual authentication without the need for the central server. However, many security challenges arise from implementing lightweight authentication protocols in serverless RFID systems. We propose a new secure serverless RFID authentication protocol based on the famous elliptic curve cryptography (ECC). The protocol also maintains the confidentiality and privacy of the messages, tag information, and location. Although most of the current serverless protocols assume secure channels in the setup phase, we assume an insecure environment during the setup phase between the servers, readers, and tags. We ensure that the credentials can be renewed by any checkpoint server in the mobile RFID network. Thus, we implement ECC in the setup phase (renewal phase), to transmit and store the communication credentials of the server to multiple readers so that the tags can perform the mutual authentication successfully while far from the server. The proposed protocol is compared with other serverless frameworks proposed in the literature in terms of computation cost and attacks resistance.http://dx.doi.org/10.3390/electronics810116