Abstract
Radio frequency identification (RFID) is a wireless technology used in various applications to minimize the complexity of everyday life. However, it opens a large number of security and privacy issues that require to be addressed before its successful deployment. Many RFID authentication protocols are proposed in recent years to address security and privacy issues, and most of them are based on lightweight cryptographic techniques such as pseudo-random number generators (PRNGs), or bitwise logical operations. However, the existing RFID authentication protocols suffer from security weaknesses, and cannot solve most of the security and privacy problems. A new solution is necessary to address security and privacy issues. In this paper, an improved three-pass mutual authentication protocol (ITPMAP) for low-cost RFID tags is proposed to offer an adequate security level for RFID systems. The proposed ITPMAP protocol uses one PRNG on the tag side and heavy-weighted cryptographic techniques (i.e., digital signature and password-based encryption schemes) on the back-end server side instead of lightweight cryptographic techniques to address the security and privacy issues. The ITPMAP protocol is secure against various attacks such as cloning, spoofing, replay, and desynchronization attacks. Furthermore, as a proof of concept, the ITPMAP protocol is adopted to propose the design of three real-life RFID systems; namely: Signing and Verification of Graduation Certificate System, issuing and verification of e-ticketing system, and charging and discharging of prepaid card system. The Unified Modeling Language is used to demonstrate the design of the proposed ITPMAP protocol and systems. Java language is used for the implementation of the proposed systems. In addition, the “Mifare Classic” tags and readers are used as RFID apparatuses for the proposed systems.
Similar content being viewed by others
References
Syamsuddin, I., Dillon, T., Chang, E., & Han, S. (2008). A survey of RFID authentication protocols based on hash-chain method. In Proceedings of Third International Conference on Convergence and Hybrid Information Technology (pp. 559–564), USA.
Chaouchi, H. (2010). The internet of things: Connecting objects. Hoboken: Wiley.
Muhic, I., & Hodzic, M. (2014). Internet of things: Current technological review and new low power wireless sensor network protocol proposal. Southeast Europe Journal of Soft Computing, 3(2), 46–57.
Bilal, Z. (2015). Addressing security and privacy issues in low-cost RFID systems. Ph.D. Thesis, University of London, England.
Yousuf, Y., & Potdar, V. (2008). A survey of RFID authentication protocols. In Proceedings of 22nd International Conference on Advanced Information Networking and Applications (pp. 1346–1350), Japan.
Younis, M. I., & Abdulkareem, M. H. (2017). A survey of RFID authentication protocols. Inventi Impact: Information Security, 2017(1), 1–12.
Henrici, D., & Muller, P. (2004). Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In Proceedings of Second IEEE Annual Conference on Pervasive Computing and Communications Workshops (pp. 149–153), USA.
Choi, E. Y., Lee, S. M., & Lee, D. H. (2005). Efficient RFID authentication protocol for ubiquitous computing environment. Lecture Notes in Computer Science, 3823, 945–954.
Osaka, K., Takagi, T., Yamazaki, K., & Takahashi, O. (2006). An efficient and secure RFID security method with ownership transfer. In Proceedings of 2006 IEEE International Conference on Computational Intelligence and Security (pp. 1090–1095), China.
Ha, J., Moon, S., Nieto, J. M. G., & Boyd, C. (2007). Low-cost and strong-security RFID authentication protocol. Lecture Notes in Computer Science, 4809, 795–807.
Song, B., & Mitchell, C. J., (2008). RFID authentication protocol for low-cost tags. In Proceedings of First ACM Conference on Wireless Network Security (pp. 140–147), USA.
Liu, A. X., & Bailey, L. A. (2009). PAP: A privacy and authentication protocol for passive RFID tags. Computer Communications, 32(7), 1194–1199.
Sadighian, A., & Jalili, R. (2009). AFMAP: Anonymous forward-secure mutual authentication protocols for RFID systems. In Proceedings of Third International Conference on Emerging Security Information, Systems and Technologies (pp. 31–36), Greece.
Cho, J., Jeong, Y., & Park, S. O. (2012). Consideration on the brute-force attack cost and retrieval cost: a hash-based radio-frequency identification (RFID) tag mutual authentication protocol. Computers & Mathematics with Applications, 69(1), 58–65.
Srivastava, K., Awasthi, A. K., Kaul, S. D., & Mittal, R. C. (2015). A hash based mutual RFID tag authentication protocol in telecare medicine information system. Journal of Medical Systems, 39(1), 1–5.
Chien, H., & Huang, C. (2007). A lightweight RFID protocol using substring. Lecture Notes in Computer Science, 4808, 422–431.
Kim, K. H., Choi, E. Y., Lee, S. M., & Lee, D. H. (2006). Secure EPCglobal class-1 gen-2 RFID system against security and privacy problems. Lecture Notes in Computer Science, 4277, 362–371.
Sun, H., & Ting, W. (2009). A Gen2-based RFID authentication protocol for security and privacy. IEEE Transactions on Mobile Computing, 8(8), 1052–1062.
Niu, H., Taqieddin, E., & Jagannathan, S. (2015). EPC Gen2v2 RFID standard authentication and ownership management protocol. IEEE Transactions on Mobile Computing, 15(1), 137–149.
Burmester, M., & Medeiros, B. (2008). The security of EPC Gen2 compliant RFID protocols. Lecture Notes in Computer Science, 5037, 490–506.
Qingling, C., Yiju, Z., & Yonghua, W. (2008). A minimalist mutual authentication protocol for RFID system & ban logic analysis. In ISECS International Colloquium on Computing, Communication, Control, and Management (pp. 449–453), China.
Yeh, T., Wang, Y., Kuo, T., & Wang, S. (2010). Securing RFID systems conforming to EPC class 1 generation 2 standard. Expert Systems with Applications, 8(12), 7678–7683.
Deng, G., Li, H., Zhang, Y., & Wang, J. (2013). Tree-LSHB+: An LPN-based lightweight mutual authentication RFID protocol. Wireless Personal Communications, 72(1), 159–174.
Zhou, J. (2015). A quadratic residue-based lightweight RFID mutual authentication protocol with constant-time identification. Journal of Communications, 10(2), 117–123.
Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. In Proceedings of Second Workshop on RFID Security, Austria.
Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). M2AP: A minimalist mutual-authentication protocol for low-cost RFID tags. Lecture Notes in Computer Science, 4159, 912–923.
Chien, H. (2007). SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing, 4(4), 337–340.
Li, T. (2008). Employing lightweight primitives on low-cost RFID tags for authentication. In Proceedings of 2008 IEEE vehicular technology conference (pp. 1–5), Canada.
Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2009). Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol. Lecture Notes in Computer Science, 5379, 56–68.
Lee, Y., Hsieh, Y., You, P., & Chen, T. (2009). A new ultralightweight RFID protocol with mutual authentication. In Proceedings of 2009 WASE International Conference on Information Engineering (pp. 58–61), China.
Kianersi, M., Gardeshi, M., & Arjmand, M. (2011). SULMA: A secure ultra light-weight mutual authentication protocol for low cost RFID tags. International Journal of UbiComp, 2(2), 17–24.
Lee, Y. (2012). Two ultralightweight authentication protocols for low-cost RFID tags. Applied Mathematics and Information Sciences, 6, 425–431.
Tian, Y. (2012). A new ultralightweight RFID authentication protocol with permutation. IEEE Communications Letters, 16(5), 702–705.
NXP Semiconductors (2014). Mainstream contactless smart card IC for fast and easy solution development. Product Data Sheet, Rev. 3.0. Available at https://www.nxp.com/documents/data_sheet/MF1S50YYX.pdf.
Liao, H., & Shen, Y. (2006). On the elliptic curve digital signature algorithm. Tunghai Science, 8, 109–126.
Khalique, A., Singh, K., & Sood, S. (2010). Implementation of elliptic curve digital signature algorithm. International Journal of Computer Applications, 2(2), 21–27.
Abdalla, M., Fouque, P. A., & Pointcheval, D. (2006). Password-based authenticated key exchange in the three-party setting. IEE Information Security, 153(1), 27–39.
Atreya, M. (2004). Password based encryption. https://web.cs.ship.edu/~cdgira/courses/CSC434/Fall2004/docs/course_docs/Article3-PBE.pdf. Accessed Oct 22, 2016.
Jacobs, B. (2009). Architecture is politics: Security and privacy issues in transport and beyond. In Proceedings of Second International Conference on Computers, Privacy and Data Protection (pp. 289–299), Belgium.
Barker, E., & Roginsky, A. (2015). Transitions: Recommendation for transitioning the use of cryptographic algorithms and key lengths. NIST Special Publication. 800-131A Rev. 1. http://dx.doi.org/10.6028/NIST.SP.800-131Ar1
Smart, N. (2012). Ecrypt II yearly report on algorithms and keysizes (2011–2012). Technical Report. http://cordis.europa.eu/docs/projects/cnect/6/216676/080/deliverables/002-DSPA20.pdf
D-Logic. uFR classic NFC RFID reader. http://www.d-logic.net/nfc-rfid-reader-sdk/products/ufr-classic
Al-Tameemi, Z. F. A. (2010). Design and implementation of a scalable automated RFID-based attendance system with scheduling technique. M.Sc. Thesis, Universiti Sains Malaysia (USM), Malaysia.
Bock, H. (2011). The definitive guide to NetBeans platform 7 (expert’s voice in Java), (1st edn.). CA: Apress Berkely.
Author information
Authors and Affiliations
Corresponding author
Appendices
Appendix I: Java Codes for the SVGCS System
Appendix II: Java Codes for the IVETS System
Appendix III: Java Codes for the CDPCS System
Rights and permissions
About this article
Cite this article
Younis, M.I., Abdulkareem, M.H. ITPMAP: An Improved Three-Pass Mutual Authentication Protocol for Secure RFID Systems. Wireless Pers Commun 96, 65–101 (2017). https://doi.org/10.1007/s11277-017-4152-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-017-4152-0