A two-step mutual authentication protocol based on randomized hash-lock for small RFID networks

RFID has been widely used in today's commercial and supply chain industry, due to the significant advantages it offers and the relatively low production cost. However, this ubiquitous technology has inherent problems in security and privacy. This calls for the development of simple, efficient and cost effective mechanisms against a variety of security threats. This paper proposes a two-step authentication protocol based on the randomized hash-lock scheme proposed by S. Weis in 2003. By introducing additional measures during the authentication process, this new protocol proves to enhance the security of RFID significantly, and protects the passive tags from almost all major attacks, including tag cloning, replay, full-disclosure, tracking, and eavesdropping. Furthermore, no significant changes to the tags is required to implement this protocol, and the low complexity level of the randomized hash-lock algorithm is retained

Telemedicine patient identification with RFID; an embedded approach

Radio Frequency Identification (RFID) has potential for application in the new field of telemedicine, as the use of radio waves offers advantages over traditional optical technology such as bar codes. Radio waves are not limited by line of sight, they can penetrate objects and communicate in a wireless fashion. However, the same advantage is also the inherent weakness, as radio waves are susceptible to attack. Ongoing efforts have identified forward secure chain hashing as a viable security protocol for RFID authentication. Today\u27s typical RFID communications take place with the host-reader-tag arrangement where the computational requirements are performed by a back end server system which holds all the intelligence and houses all records for an entire facility. One server can easily utilize multiple readers, but a compromise of this single system could have serious ramifications. Why not make a smaller system that is more robust and tolerant of intrusion. This can be achieved by implementing a stand alone reader that relies only on itself. We propose a server-less system that can accomplish the same results. Because our enhanced reader does not require a server to perform its function, if any readers are breached it only impacts that specific reader, not the entire server. By eliminating the resource heavy server device, we can yield a more robust overall system. We have selected a forward secure protocol to implement on an embedded platform that will be able to authenticate a tag without the resources of a back end server

Experimental analysis of an RFID security protocol

Radio frequency identification (RFID) technology is expected to become a critical and ubiquitous infrastructure technology of logistics and supply chain management (SCM) related processes and services. Low-cost has been the key to RFID adoption in many logistics/SCM applications. However, the deployment of such tags may create new threats to user privacy due to the powerful track and trace capabilities of the tags, in addition to tag/reader manufacturing challenges. As a result, some security mechanisms must be imposed on the RFID tags for addressing the privacy problems. This paper provides detailed discussion on our proposal of a lightweight RFID security protocol. It examines the features and issues through experimental analysis pertinent to efficiency and scalability to meet the requirements of the proposed security protocol in metering and payment e-commerce applications. © 2006 IEEE.link_to_subscribed_fulltex