A Mutual Anonymity Private Authentication Protocol to Use in Radio-Frequency Identification Systems

Document Type : Original Article

Authors

Abstract

Radio frequency identification (RFID) has many advantages in the field of large-scale identification,      including speed increase and cost reduction.For this reason, this system has many applications in the   modern world and can be used as an essential tool for improving human life. Since this technology faces serious challenges in the field of security and privacy, its applications has been limited due to security   concerns and delays in standardization. Given the widespread use of RFID technology in large-scale      systems, and importance of privacy in these systems, this article introduces a mutual anonymous private authentication protocol (MAPAP); a protocol which adds privacy and scalability features to a mutual    authentication protocol. In this new protocol the privacy is measured using the information leakage        criterion and it is seen that the amount of information disclosed by this protocol when compromised is    significantly less than group-based authentication. In a system with 220 tags, with the increase in the     number of compromised tags, the difference in information leakage between this protocol and the        group-based authentication protocol increases, such that, when the number of compromised tags in this system reaches 150, information disclosed by the proposed protocol is about 65 percent less than          group-based authentication and this difference increases with increasing system size.
 

Keywords


 

[1] S. Weis, S. Sarma, R. Rivest, and D. Engels, “Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems,” Security in Pervasive Computing, pp. 201-212, 2004.##
[2] Q. Yao, Y. Qi, J. Han, J. Zhao, X. Li, and Y. Liu, “Randomizing RFID private authentication,” in Proceedings of the Pervasive Computing and Communications Workshop (PerCom Workshops 2009), pp. 1–10, 2009.##
[3] M. Ohkubo, K. Suzuki, and S. Kinoshita, “Cryptographic approach to "privacy-friendly" tags,” RFID privacy workshop, vol. 82, 2003.##
[4] G. Avoine, E. Dysli, and P. Oechslin, “Reducing time complexity in RFID systems,” Selected Areas in Cryptography, vol. 3897, 2005.##
[5] T. Dimitriou, “A lightweight RFID protocol to protect against traceability and cloning attacks,” First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05), IEEE, 2005.##
[6] D. Henrici and P. Muller, “Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers,” IEEE Annual Conference on Pervasive Computing and Communications Workshops, Proceedings of the Second, IEEE, 2004.##
[7] H. Y. Chien and C. H. Chen, “Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards,” Computer Standards & Interfaces, vol. 29.2, pp. 254-259, 2007.##
[8] E. J. Yoon, “Improvement of the securing RFID systems conforming to EPC class 1 generation 2 standard,” Expert Systems with Applications, vol. 39.1, pp. 1589-1594, 2012.##
[9] A. Mohammadali, Z. Ahmadian, and M. R. Aref, “Analysis and Improvement of the securing RFID systems conforming to EPC Class 1 Generation 2 standard,” IACR Cryptology ePrint Archive, p. 66, 2013.##
[10] K. Srivastava, A. K. Awasthi, S. D. Kaul, and R. C. Mittal, “A hash based mutual RFID tag authentication protocol in telecare medicine information system,” Journal of medical systems, vol. 39.1, p. 153, 2015.##
[11] D. Molnar and D. Wagner, “Privacy and security in library RFID: Issues, practices, and architectures,” Proceedings of the 11th ACM conference on Computer and communications security, ACM, 2004.##
[12] L. Buttyán, T. Holczer, and I. Vajda, “Optimal key-trees for tree-based private authentication,” Privacy Enhancing Technologies, Springer Berlin/Heidelberg, 2006.##
[13] M. Chen and S. Chen, “An efficient anonymous authentication protocol for RFID systems using dynamic tokens,” Distributed Computing Systems (ICDCS), 2015 IEEE 35th International Conference on. IEEE, 2015.##
[14] M. Rahman, R. V. Sampangi, and S. Sampalli, “Lightweight protocol for anonymity and mutual authentication in RFID systems,” Consumer Communications and Networking Conference (CCNC), 2015 12th Annual IEEE, IEEE, 2015.##
 [15] G. Avoine, L. ButtyantT. Holczer, and I. Vajda, “Group-based private authentication,” World of Wireless, Mobile and Multimedia Networks, WoWMoM 2007. IEEE International Symposium on a, IEEE, pp. 1-6, 2007.##
[16] F. Rahman, M. E. Hoque, and S. I. Ahamed, “Anonpri: A secure anonymous private authentication protocol for RFID systems,” Information Sciences, vol. 379, pp.    195-210, 2017.##
[17] A. Juels and S. A. Weis, “Defining strong privacy for RFID,” ACM Transactions on Information and System Security (TISSEC), vol. 13.1, p. 7, 2009.##
[18] C. DiazS. SeysJ. Claessens, and B. Preneel, “Towards measuring anonymity,” International Workshop on Privacy Enhancing Technologies, Springer Berlin Heidelberg, 2002.##
[19] A. J. Menezes, P. C. Van Oorschot, and S. A. Vanstone, “Handbook of applied cryptography,” CRC press, 1996.##
[20] W. Diffie and ME. Hellman, “Multiuser cryptographic techniques,” Proceedings of the June 7-10, National Computer Conference and Exposition, ACM, 1976.##
[21] G. N. Khan and Z. Guangyu, “Secure RFID authentication protocol with key updating technique,” Computer Communications and Networks (ICCCN), 2013 22nd International Conference on, IEEE, 2013.##
[22] N. Koblitz and A. J. Menezes, “The random oracle model: a twenty-year retrospective,” Designs, Codes and Cryptography, vol. 77.2-3, pp. 587-610, 2015.##
[23] A. Laurie, “Practical attacks against RFID,” Network Security 2007, vol. 9, pp. 4-7, 2007.##
[24] K. Nohl and D. Evans, “Quantifying information leakage in tree-based hash protocols (short paper),” Information and Communications Security, pp. 228-237, 2006.##
[25] C. E. Shannon, “A mathematical theory of communication,” ACM SIGMOBILE Mobile Computing and Commnuications Review, vol. 5.1, pp. 3-55, 2001.##