SLEC: A Novel Serverless RFID Authentication Protocol Based on Elliptic Curve Cryptography

Radio Frequency Identification (RFID) is one of the leading technologies in the Internet of Things (IoT) to create an efficient and reliable system to securely identify objects in many environments such as business, health, and manufacturing areas. Since the RFID server, reader, and tag communicate via insecure channels, mutual authentication between the reader and the tag is necessary for secure communication. The central database server supports the authentication of the reader and the tag by storing and managing the network data. Recent lightweight RFID authentication protocols have been proposed to satisfy the security features of RFID communication. A serverless RFID system is a new promising solution to alternate the central database for mobile RFID models. In this model, the reader and the tag perform the mutual authentication without the support of the central database server. However, many security challenges arise from implementing the lightweight RFID authentication protocols in the serverless RFID network. We propose a new robust serverless RFID authentication protocol based on the Elliptic Curve Cryptography (ECC) to prevent the security attacks on the network and maintain the confidentiality and the privacy of the authentication messages and tag information and location. While most of the current protocols assume a secure channel in the setup phase to transmit the communication data, we consider in our protocol an insecure setup phase between the server, reader, and tag to ensure that the data can be renewed from any checkpoint server along with the route of the mobile RFID network. Thus, we implemented the elliptic curve cryptography in the setup phase (renewal phase) to transmit and store the data and the public key of the server to any reader or tag so that the latter can perform the mutual authentication successfully. The proposed model is compared under the classification of the serverless model in term of computation cost and security resistance

A New Secure Authentication Protocol for Telecare Medicine Information System and Smart Campus

© 2013 IEEE. Telecare Medicine Information System (TMIS)'s security importance attracts a lot of attention these days. Whatever the security of TMIS improves, its application becomes wider. To address this requirement, recently, Li et al. proposed a new privacy-preserving RFID authentication protocol for TMIS. After that, Zhou et al. and also Benssalah et al. presented their scheme, which is not secure, and they presented their new authentication protocol and claim that their proposal can provide higher security for TMIS applications. In this stream, Zheng et al. proposed a novel authentication protocol with application in smart campus, including TMIS. In this paper, we present an efficient impersonation and replay attacks against Zheng et al. with the success probability of 1 and a desynchronization attack which is applicable against all of the rest three mentioned protocols with the success probability of 1-2^{-n} , where n is the protocols parameters length. After that, we proposed a new protocol despite these protocols can resist the attacks presented in this paper and also other active and passive attacks. Our proposed protocol's security is also done both informally and formally through the Scyther tool