Abstract:The popular Radio Frequency IDentification (RFID) tags are some passive ones and they only have very limited computing and memory resources, which makes it difficult to solve the security, privacy and scalability problems of RFID authentication protocols. Based on Hash function, a security-provable lightweight authentication protocol was proposed. The protocol ensures the confidentiality and privacy of the sessions during the authentication process by Hashing and randomizing. Firstly, the identity of a tag was confirmed by its pseudonym and was preserved from leaking to any untrusted entity such as a reader. Secondly, only one Hashing computation was needed to confirm a tag's identity in the backend server, and the searching time to the tag's identity was limited to a constant by using the identifier to construct a Hash table. Finally, after each authentication, the secrecy and pseudonym of the tag were updated to ensure forward security of the protocol. It is proved that the proposed protocol satisfies scalability, forward security and anonymity demands and can prevent eavesdropping, tracing attack, replay attack and de-synchronization attack. The protocol only needs Hash function and pseudorandom generating operation for the tag, therefore it is very suitable to low-cost RFID systems.
[1] AAKANKSHA T, GUPTA B B. Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags[J]. The Journal of Supercomputing, 2017, 73(3):1085-1102. [2] WEIS S A, SARMA S E, RIVEST R L, et al. Security and privacy aspects of low-cost radio frequency identification systems[C]//Proceedings of the 1st International Conference on Security in Pervasive Computing, LNCS 2802. Berlin:Springer, 2003:201-212. [3] OHKUBO M, SUZUKI K, KINOSHITA S. Cryptographic approach to "privacy-friendly" tags[C]//Proceedings of the 2003 RFID Privacy Workshop. Cambridge:MIT Press, 2003:1-9. [4] LEE S M, HWANG Y J, LEE D H, et al. Efficient authentication for low-cost RFID systems[C]//Proceedings of the 2005 International Conference on Computational Science and Its Applications, LNCS 3480. Berlin:Springer, 2005:619-627. [5] CHO J-S, JEONG Y-S, PARK S O. Consideration on the brute-force attack cost and retrieval cost:a hash-based Radio-Frequency IDentification (RFID) tag mutual authentication protocol[J]. Computers and Mathematics with Applications, 2015, 69(1):58-65. [6] KIM H. Desynchronization attack on hash-based RFID mutual authentication protocol[J]. Journal of Security Engineering, 2012, 9(4):357-365. [7] KHEDR W I. SRFID:a hash-based secure scheme for low cost RFID systems[J]. Egyptian Informatics Journal, 2013, 14(1):89-98. [8] HA J H, MOON S J, ZHOU J, et al. A new formal proof model for RFID location privacy[C]//Proceedings of the 2008 European Symposium on Research in Computer Security, LNCS 5283. Berlin:Springer, 2008:267-281. [9] SUN D-Z, ZHONG J-D. A hash-based RFID security protocol for strong privacy protection[J]. IEEE Transactions on Consumer Electronics, 2012, 58(4):1246-1252. [10] LIU Y, PENG Y, WANG B, et al. Hash-based RFID mutual authentication protocol[J]. International Journal of Security and Its Applications, 2013, 7(3):183-194. [11] DEHKORDI M H, FARZANEH Y. Improvement of the hash-based RFID mutual authentication protocol[J]. Wireless Personal Communications, 2014, 75(1):219-232. [12] ABIDIN S. Novel construction of secure RFID authentication protocol[J]. International Journal of Security, 2014, 8(4):33-36. [13] HABIBI M H, AREF M R. Attacks on recent RFID authentication protocols[J]. Journal of Signal Processing Systems, 2015, 79(3):271-283. [14] GOPE P, HWANG T. A realistic lightweight authentication protocol preserving strong anonymity for securing RFID system[J]. Computers and Security, 2015, 55(C):271-280. [15] 李松,孙子文.基于PUF适用于大规模RFID系统的移动认证协议[J].计算机工程与科学,2018,40(6):1046-1053.(LI S, SUN Z W. PUF based authentication protocol in mobile and large-scale RFID systems[J]. Computer Engineering and Science, 2018, 40(6):1046-1053.) [16] 周永彬,冯登国.RFID安全协议的设计与分析[J].计算机学报,2006,29(4):581-589.(ZHOU Y B, FENG D G. Design and analysis of cryptographic protocols for RFID[J]. Chinese Journal of Computers, 2006, 29(4), 581-589.)