LRAPM: A Lightweight RFID Authentication Protocol for MIoT Systems
Subject Areas :
Communication Engineering
Alireza Abdollahi
1
,
Mahdi Sajadieh
2
,
Mohammad Rohollah Yazdani
3
1 - Department of Electrical Engineering, Isfahan (Khorasgan) Branch, Islamic Azad University, Khorasgan, Isfahan, Iran
2 - Department of Electrical Engineering, Isfahan (Khorasgan) Branch, Islamic Azad University, Khorasgan, Isfahan, Iran
3 - Department of Electrical Engineering, Isfahan (Khorasgan) Branch, Islamic Azad University, Khorasgan, Isfahan, Iran
Received: 2022-08-24
Accepted : 2022-10-30
Published : 2023-02-20
Keywords:
MIOT,
Lightweight authentication,
Reader impersonation,
De-synchronization,
Abstract :
In recent years, the Internet of Things (IoT) networks have extensively been used in various practical field, one of the most important of which is medical Internet of Things (MIoT). In these networks, radio frequency identification (RFID) is one of the main technologies in creating an authentication system that is able to efficiently identify and identify medical equipment and patients. Therefore, researchers in this field have proposed different authentication protocols for RFID-based MIOT systems and claimed that they are resistant to active and passive attacks. Contrary to their claims, most of these protocols are not resistant to conventional attacks. Fan et al. have recently proposed a lightweight RFID authentication scheme for cloud-based RFID health-care systems and claimed that it is sufficiently efficient and secure. In this paper , we analyzed the Fan et al protocole and demonstrated that their protocol is vulnerable to replay, reader impersonation, tag tracking, and de-synchronization attacks. Moreover, we show how the similarity of some of their protocol messages causes attack. Then, we propose an improved protocol (LRAMP) that is resistant to these and other known attacks in RFID authentication protocol. According to security analysis, we can see that the LRAPM protocol has a high level of security. This high security can only be achieved by adding a new message and changing other messages. A comparison of the performance of the LRAPM protocol shows that this protocol is comparable to similar protocols in terms of computational costs, storage costs and communication costs.
References:
A. Satoh, and K. Takano, “A scalable dual-field elliptic curve cryptographic processor.” IEEE Transactions on Computers, 52(4), pp.449-460, 2003. doi: 10.1109/TC.2003.1190586.
A. Juels, “RFID security and privacy: A research survey”. IEEE journal on selected areas in communications, 24(2), pp.381-394,2006. doi: 10.1109/JSAC.2005.861395 .
R. Weinstein, “RFID: a technical overview and its application to the enterprise.” IT professional, 7(3), pp.27-33, 2005. doi: 10.1109/MITP.2005.69 .
I. Erguler, “A potential weakness in RFID-based Internet-of-things systems.” Pervasive and Mobile Computing, 20, pp.115-126, 2015. https://doi.org/10.1016/j.pmcj.2014.11.001.
S. Karthikeyan, and M. Nesterenko, “RFID security without extensive cryptography.”, In Proceedings of the 3rd ACM workshop on Security of ad hoc and sensor networks, (pp. 63-67), 2005. https://doi.org/10.1145/1102219.1102229.
M. Shariq, K. Singh, M.Y. Bajuri, A.A. Pantelous, A. Ahmadian, and M. Salimi, “A secure and reliable RFID authentication protocol using digital schnorr cryptosystem for IoT-enabled healthcare in COVID-19 scenario.” Sustainable Cities and Society, 75, p.103354, 2021. doi:https://doi.org/10.1016/j.scs.2021.103354
Z. Shi, J. Pieprzyk, C. Doche, Y. Xia, Y. Zhang, and J. Dai, “A strong lightweight authentication protocol for low-cost RFID systems.”, International Journal of Security and Its Applications, 8(6), pp.225-234, 2014. doi: 10.14257/ijsia.2014.8.6.20.
K. Fan, S. Zhu, K. Zhang, H. Li, and Y. Yang, “A lightweight authentication scheme for cloud-based RFID healthcare systems.” IEEE Network, 33(2), pp.44-49, 2019. doi: 10.1109/MNET.2019.1800225.
T. C. Yeh, Y. J. Wang, T.C. Kuo, and S. S. Wang, “Securing RFID systems conforming to EPC Class 1 Generation 2 standard.”, Expert systems with applications, 37(12), pp.7678-7683, 2010. https://doi.org/10.1016/j.eswa.2010.04.074.
M. H. Habibi, M. R. Alagheband, and M. R. Aref, “June. Attacks on a lightweight mutual authentication protocol under EPC C-1 G-2 standard.”, In IFIP International Workshop on Information Security Theory and Practices (pp. 254-263). Springer, Berlin, Heidelberg, 2011. doi: https://doi.org/10.1007/978-3-642-21040-2_18.
M. Mohammadi, M. Hosseinzadeh and M. Esmaeildoust, “Analysis and improvement of the lightweight mutual authentication protocol under EPC C-1 G-2 standard,” Advances in Computer Science: an International Journal (ACSIJ) , vol. 3, pp. 10-16, 2014.
S. M. Alavi, K. Baghery and B. Abdolmaleki, “Security and Privacy Flaws in a Recent Authentication Protocol for EPC C1 G2 RFID Tags”, ACSIJ Advances in Computer Science: An International Journal, Vol. 3, Issue 5, No.11, pp.44-52, 2014. doi:https://doi.org/10.1007/s11277-015-2469-0.
C. Caballero-Gil, P. Caballero-Gil, A. Peinado-Domı´nguez, & J. Molina-Gil, “Lightweight authentication for RFID used in VANETs”, In Computer aided systems theory–EUROCAST, pp. 493–500, 2012. doi: https://doi.org/10.1007/978-3-642-27579-1_64.
F. Moradi, H. Mala, B. Tork-Ladani, “Security Analysis and Strengthening of an RFID Lightweight Authentication Protocol Suitable for VANETs”, Wireless Personal Communications, ed: springer, pp 2607-2621, 2015. doi:https://doi.org/10.1007/s11277-015-2558-0.
A. Tewari, and B. B. Gupta, “Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags.” The Journal of Supercomputing, 73(3), pp.1085-1102, 2017. doi: https://doi.org/10.1007/s11227-016-1849-x.
M. Safkhani, and N. Bagheri, “Passive secret disclosure attack on an ultralightweight authentication protocol for Internet of Things.” The Journal of Supercomputing, 73(8), pp.3579-3585, 2017. doi: https://doi.org/10.1007/s11227-017-1959-0.
K. H. Wang, C. M. Chen, W. Fang, and T. Y. Wu, “On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags.” The Journal of Supercomputing, 74(1), pp.65-70, 2018, doi: https://doi.org/10.1007/s11227-017-2105-8
K. Fan, Y. Gong, C. Liang, H. Li, and Y. Yang, “Lightweight and ultralightweight RFID mutual authentication protocol with cache in the reader for IoT in 5G,” Security and Communication Networks, 9(16), pp.3095-3104, 2016. doi: https://doi.org/10.1002/sec.1314.
C. T. Li, C. C. Lee, C. Y. Weng, and C. M. Chen, 2018. “Towards secure authenticating of cache in the reader for RFID-based IoT systems,”, Peer-to-Peer Networking and Applications, 11(1), pp.198-208, 2018. doi: https://doi.org/10.1007/s12083-017-0564-6
K. Srivastava, A. K. Awasthi, S. D. Kaul, and R. C. Mittal, “A hash based mutual RFID tag authentication protocol in telecare medicine information system,”, Journal of medical systems, 39(1), pp.1-5, 2015, doi: https://doi.org/10.1007/s10916-014-0153-7.
C. T. Li, C. Y. Weng, and C. C. Lee, “A secure RFID tag authentication protocol with privacy preserving in telecare medicine information system,” Journal of medical systems, 39(8), pp.1-8, 2015. doi: https://doi.org/10.1007/s10916-015-0260-0.
S. S. S. GhaemMaghami, M. Mirmohseni, A. Haghbin, “A privacy preserving improvement for SRTA in telecare systems.” arXiv preprint arXiv:1510.04197, 2015. doi: https://doi.org/10.48550/arXiv.1510.04197
D. He, N. Kumar, N. Chilamkurti, and J. H. Lee, “Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol”. Journal of medical systems, 38(10), pp.1-6, 2014. doi: https://doi.org/10.1007/s10916-014-0116-z.
C. I. Lee, and H. Y. Chien, “An elliptic curve cryptography-based RFID authentication securing e-health system,” International Journal of Distributed Sensor Networks, 11(12), p.642425, 2015. doi: https://doi.org/10.1155/2015/642425.
N. Kumar, K. Kaur, S. C. Misra, and R. Iqbal, “An intelligent RFID-enabled authentication scheme for healthcare applications in vehicular mobile cloud,” Peer-to-Peer Networking and Applications, 9(5), pp.824-840, 2016. doi: https://doi.org/10.1007/s12083-015-0332-4.
C. Jin, C. Xu, X. Zhang, and F. Li, “A secure ECC-based RFID mutual authentication protocol to enhance patient medication safety,” Journal of medical systems, 40(1), pp.1-6, 2016. doi: https://doi.org/10.1007/s10916-015-0362-8.
F. Wu, L. Xu, S. Kumari, X. Li, A. K. Das, and J. Shen, “A lightweight and anonymous RFID tag authentication protocol with cloud assistance for e-healthcare applications,” Journal of Ambient Intelligence and Humanized Computing, 9(4), pp.919-930, 2018. doi: https://doi.org/10.1007/s12652-017-0485-5.
M. Benssalah, M. Djeddou, and K. Drouiche, “Security enhancement of the authenticated RFID security mechanism based on chaotic maps,” Security and Communication Networks, 7(12), pp.2356-2372, 2014. doi: https://doi.org/10.1002/sec.946.
_||_