research-article

HAKECC: : Highly efficient authentication and key agreement scheme based on ECDH for RFID in IOT environment

Authors:

Mahdi Nikooghadam,

Hamid Reza Shahriari,

Saeid Tousi SaeidiAuthors Info & Claims

Volume 76, Issue C

https://doi.org/10.1016/j.jisa.2023.103523

Published: 01 August 2023 Publication History

Abstract

The ever-increasing internet usage has led to creation of Internet of Things. RFID is one of the most common tracking tools for objects in Internet of Things, which has many different usages in navigation, medicine, military, smart cities, and smart homes. Therefore, researchers have presented various schemes to provide security of RFID systems. Based on our study results, most of proposed schemes have some weaknesses, such as vulnerability to some security attacks. Moreover, any proposed scheme should consider limitation of IoT systems in storage and power. This paper presents a secure and efficient protocol using elliptic curve cryptography for authentication and key agreement between RFID tag and reader. We evaluated security of our proposed scheme (HAKECC) by the Scyther tool, ROR model and BAN logic. The results show high security of HAKECC against different attacks. Later on, HAKECC was compared to other similar schemes based on communication cost (bits) and computation cost (ms); which shows considerably better performance compared to other similar schemes.

Highlights

•

Secure ECC-based authentication and key agreement scheme for RFID with efficiency.

•

It is proved by BAN logic that the protocol reaches its goals.

•

The security of the proposed protocol is validated formally through the Scyther tool.

•

The Protocol resists common security attacks.

•

HAKECC protocol outperforms competitors in computation and communication overhead.

References

[1]

Abughazalah S., Markantonakis K., Mayes K., Secure improved cloud-based RFID authentication protocol, in: Data privacy management, autonomous spontaneous security, and security assurance, Springer, Cham, 2014, pp. 147–164.

[2]

Syamsuddin I., Dillon T., Chang E., Han S., A survey of RFID authentication protocols based on hash-chain method, in: 2008 third international conference on convergence and hybrid information technology, vol. 2, 2008, pp. 559–564.

[3]

Baashirah R., Abuzneid A., Survey on prominent RFID authentication protocols for passive tags, Sensors 18 (10) (2018) 3584.

[4]

Juels A., RFID security and privacy: A research survey, IEEE J Sel Areas Commun 24 (2) (2006) 381–394.

[5]

Monali S., Patel A.J., A survey of authentication of RFID devices using elliptic curve cryptography, vol, 4, 2018, pp. 53–56.

[6]

Cremers C.J.F., Scyther: Semantics and verification of security protocols, Eindhoven university of Technology, Eindhoven, Netherlands, 2006.

[7]

Burrows M., Abadi M., Needham R.M., A logic of authentication, Proc R Soc Lond Ser A Math Phys Eng Sci 426 (1871) (1989) 233–271.

[8]

Liao Y.P., Hsiao C.M., A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol, Ad Hoc Netw 18 (2014) 133–146.

[9]

Chou J.S., An efficient mutual authentication RFID scheme based on elliptic curve cryptography, J Supercomput 70 (1) (2014) 75–94.

[10]

Farash M.S., Kumari S., Bakhtiari M., Cryptanalysis and improvement of a robust smart card secured authentication scheme on SIP using elliptic curve cryptography, Multimedia Tools Appl 75 (8) (2016) 4485–4504.

[11]

Zhao Z., A secure RFID authentication protocol for healthcare environments using elliptic curve cryptosystem, J Med Syst 38 (5) (2014) 1–7.

[12]

Alamr A.A., Kausar F., Kim J., Seo C., A secure ECC-based RFID mutual authentication protocol for Internet of Things, J Supercomput 74 (9) (2018) 4281–4294.

[13]

Naeem M., Chaudhry S.A., Mahmood K., Karuppiah M., Kumari S., A scalable and secure RFID mutual authentication protocol using ECC for Internet of Things, Int J Commun Syst 33 (13) (2020).

[14]

Gabsi S., Kortli Y., Beroulle V., Kieffer Y., Alasiry A., Hamdi B., Novel ECC-based RFID mutual authentication protocol for emerging IoT applications, IEEE Access (2021).

[15]

Izza S., Benssalah M., Drouiche K., An enhanced scalable and secure RFID authentication protocol for WBAN within an IoT environment, J Inf Secur Appl 58 (2021).

[16]

Arslan A., Bingöl M.A., Protocol: An enhanced scalable and secure RFID authentication protocol for WBAN within an IoT environment, IACR Cryptol (2021) 519. ePrint Arch.

[17]

Hankerson D., Menezes A.J., Vanstone S., Guide to elliptic curve cryptography, Springer Science & Business Media, 2006.

Digital Library

[18]

Silverman J.H., The arithmetic of elliptic curves, vol. 106, Springer, New York, 2009, pp. xx+–513.

[19]

Nikooghadam M., Amintoosi H., Perfect forward secrecy via an ECC-based authentication scheme for SIP in VoIP, J Supercomput 76 (4) (2020) 3086–3104.

[20]

Abdalla M., Fouque D., Password-based authenticated key exchange in the three-party setting, in: Public key cryptography-PKC 2005: 8th international workshop on theory and practice in public key cryptography, Les Diablerets, Switzerland, January (2005) 23-26. proceedings 8, Springer Berlin Heidelberg, 2005, pp. 65–84.

[21]

Wazid M., Das A.K., Odelu V., Kumar N., Susilo W., Secure remote user authenticated key establishment protocol for smart home environment, IEEE Trans Dependable Secure Comput 17 (2) (2017) 391–406.

Digital Library

[22]

Das A.K., Wazid M., Kumar N., Khan M.K., Choo Y., Design of secure and lightweight authentication protocol for wearable devices environment, IEEE J Biomed Health Inform 22 (4) (2017) 1310–1322.

[23]

Safkhani M., Rostampour S., Bendavid Y., Bagheri N., IoT in medical & pharmaceutical: Designing lightweight RFID security protocols for ensuring supply chain integrity, Comput Netw 181 (2020).

[24]

Noori D., Shakeri H., Torshiz M.N., Scalable, efficient, and secure RFID with elliptic curve cryptosystem for internet of things in healthcare environment, EURASIP J Inf Secur 2020 (1) (2020) 1–11.

[25]

Xu L., Wu F., Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care, J Med Syst 39 (2) (2015) 1–9.

[26]

Salem F.M., Amin R., A privacy-preserving RFID authentication protocol based on El-Gamal cryptosystem for secure TMIS, Inform Sci 527 (2020) 382–393.

[27]

Kumar S., Banka H., Kaushik B., Sharma S., A review and analysis of secure and lightweight ECC-based RFID authentication protocol for internet of vehicles, Trans Emerg Telecommun Technol (2021).

[28]

He D., Kumar N., Chilamkurti N., Lee J.H., Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol, J Med Syst 38 (10) (2014) 1–6.

[29]

Lee C.I., Chien H.Y., An elliptic curve cryptography-based RFID authentication securing e-health system, Int J Distrib Sens Netw 11 (12) (2015).

[30]

Benssalah M., Sarah I., Drouiche K., An efficient RFID authentication scheme based on elliptic curve cryptography for Internet of Things, in: Wireless personal communications, vol. 117, no. 3, Springer Science and Business Media LLC, 2020, pp. 2513–2539,.

Digital Library

[31]

Safkhani M., Camara C., Peris-Lopez P., Bagheri N., Rseap2: an enhanced version of rseap, an rfid based authentication protocol for vehicular cloud computing, in: Vehicular communications, vol. 28, Elsevier BV, 2021, p. 100311,.

[32]

Nikooghadam M., Amintoosi H., Secure communication in CloudIoT through design of a lightweight authentication and session key agreement scheme, Int J Commun Syst (2020).

[33]

Ravanbakhsh N., Mohammadi M., Nikooghadam M., Perfect forward secrecy in VoIP networks through design a lightweight and secure authenticated communication scheme, Multimedia Tools Appl 78 (9) (2019) 11129–11153.

Recommendations

Lightweight ECC Based RFID Authentication Integrated with an ID Verifier Transfer Protocol

The radio frequency identification (RFID) technology has been widely adopted and being deployed as a dominant identification technology in a health care domain such as medical information authentication, patient tracking, blood transfusion medicine, ...
A Secure and Robust Smartcard-Based Authentication Scheme for Session Initiation Protocol Using Elliptic Curve Cryptography

The session initiation protocol (SIP) is a signaling communications protocol, which is widely used for controlling multimedia communication sessions. Recently, Yeh et al. presented an ECC-based authenticated protocol for SIP to conquer various attacks ...
Understanding Security Failures of Two Authentication and Key Agreement Schemes for Telecare Medicine Information Systems

Smart card based authentication and key agreement schemes for telecare medicine information systems (TMIS) enable doctors, nurses, patients and health visitors to use smart cards for secure login to medical information systems. In recent years, several ...

Comments

Information & Contributors

Information

Published In

cover image Journal of Information Security and Applications

Journal of Information Security and Applications Volume 76, Issue C

Aug 2023

327 pages

ISSN:2214-2126

Issue’s Table of Contents

Elsevier Ltd.

Publisher

Elsevier Science Inc.

United States

Publication History

Published: 01 August 2023

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents