SLEC: A Novel Serverless RFID Authentication Protocol Based on Elliptic Curve Cryptography

Radio Frequency Identification (RFID) is one of the leading technologies in the Internet of Things (IoT) to create an efficient and reliable system to securely identify objects in many environments such as business, health, and manufacturing areas. Since the RFID server, reader, and tag communicate via insecure channels, mutual authentication between the reader and the tag is necessary for secure communication. The central database server supports the authentication of the reader and the tag by storing and managing the network data. Recent lightweight RFID authentication protocols have been proposed to satisfy the security features of RFID communication. A serverless RFID system is a new promising solution to alternate the central database for mobile RFID models. In this model, the reader and the tag perform the mutual authentication without the support of the central database server. However, many security challenges arise from implementing the lightweight RFID authentication protocols in the serverless RFID network. We propose a new robust serverless RFID authentication protocol based on the Elliptic Curve Cryptography (ECC) to prevent the security attacks on the network and maintain the confidentiality and the privacy of the authentication messages and tag information and location. While most of the current protocols assume a secure channel in the setup phase to transmit the communication data, we consider in our protocol an insecure setup phase between the server, reader, and tag to ensure that the data can be renewed from any checkpoint server along with the route of the mobile RFID network. Thus, we implemented the elliptic curve cryptography in the setup phase (renewal phase) to transmit and store the data and the public key of the server to any reader or tag so that the latter can perform the mutual authentication successfully. The proposed model is compared under the classification of the serverless model in term of computation cost and security resistance

A survey on subjecting electronic product code and non-ID objects to IP identification

Over the last decade, both research on the Internet of Things (IoT) and real-world IoT applications have grown exponentially. The IoT provides us with smarter cities, intelligent homes, and generally more comfortable lives. However, the introduction of these devices has led to several new challenges that must be addressed. One of the critical challenges facing interacting with IoT devices is to address billions of devices (things) around the world, including computers, tablets, smartphones, wearable devices, sensors, and embedded computers, and so on. This article provides a survey on subjecting Electronic Product Code and non-ID objects to IP identification for IoT devices, including their advantages and disadvantages thereof. Different metrics are here proposed and used for evaluating these methods. In particular, the main methods are evaluated in terms of their: (i) computational overhead, (ii) scalability, (iii) adaptability, (iv) implementation cost, and (v) whether applicable to already ID-based objects and presented in tabular format. Finally, the article proves that this field of research will still be ongoing, but any new technique must favorably offer the mentioned five evaluative parameters.Comment: 112 references, 8 figures, 6 tables, Journal of Engineering Reports, Wiley, 2020 (Open Access

Quantitative Analysis for Authentication of Low-cost RFID Tags

Formal analysis techniques are widely used today in order to verify and analyze communication protocols. In this work, we launch a quantitative verification analysis for the low- cost Radio Frequency Identification (RFID) protocol proposed by Song and Mitchell. The analysis exploits a Discrete-Time Markov Chain (DTMC) using the well-known PRISM model checker. We have managed to represent up to 100 RFID tags communicating with a reader and quantify each RFID session according to the protocol's computation and transmission cost requirements. As a consequence, not only does the proposed analysis provide quantitative verification results, but also it constitutes a methodology for RFID designers who want to validate their products under specific cost requirements.Comment: To appear in the 36th IEEE Conference on Local Computer Networks (LCN 2011