Abstract
With the rapid development of microelectronics devices and the progress in communication and information technologies, many services and technologies are increasingly involved into our daily life. In fact, as the used systems are progressively interconnected and open, this introduce new threats such as more and more hacking, fraud and many other kinds of misuses. Consequently, the security and privacy of the exchanged data information tampering must be addressed most seriously. In this context, recently Elliptic Curve Cryptography (ECC) is widely used in many cryptosystems nowadays especially for those presenting challenging constraints in terms of power consumption, memory, computational cost, etc. It is well-known that the ECC provides high security level with much smaller key sizes. In this paper, we show that an inappropriate use of ECC cryptographic primitives, the lack of experience in designing secure protocols and the unsuitable choice of security verification tools can destroy the whole security of a given ECC-based scheme. Therefore, first we wreck efficient attacks on three most recent proposed ECC-based protocols published in three of well-known scientific journals. Then, an improved protocol that inherits the strengths of Dinarvand and Barati’s protocol and takes into account the discovered flaws is proposed. Via formal and informal security models, we assess that the improved protocol could deliver all the virtues of Dinarvand and Barati’s protocol and resists all known attacks.
Similar content being viewed by others
References
Bos, J. W., Halderman, J. A., Heninger, N., Moore, J., Naehrig, M., & Wustrow, E. (2014). In elliptic curve cryptography in practice. International conference on financial cryptography and data security (pp. 157–175). New York: Springer.
Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., & Verbauwhede, I. (2007). In Public-key cryptography for RFID-tags. In: Fifth annual IEEE international conference on pervasive computing and communications workshops (PerComW’07) IEEE, pp. 217–222.
Dinarvand, N., & Barati, H. (2019). An efficient and secure RFID authentication protocol using elliptic curve cryptography. Wireless Networks, 25(1), 415.
Wu, F., Li, X., Xu, L., Kumari, S., Karuppiah, M., & Shen, J. (2017). A lightweight and privacy-preserving mutual authentication scheme for wearable devices assisted by cloud server. Computers and Electrical Engineering, 63, 168.
Alamr, A. A., Kausar, F., Kim, J., & Seo, C. (2018). A secure ECC-based RFID mutual authentication protocol for internet of things. The Journal of Supercomputing, 74(9), 4281.
Lv, C., Li, H., Ma, J., & Zhang, Y. (2012). Vulnerability analysis of elliptic curve cryptography-based RFID authentication protocols. Transactions on Emerging Telecommunications Technologies, 23(7), 618.
Antipa, A., Brown, D., Menezes, A., Struik, R., & Vanstone, S. (2003). Validation of elliptic curve public keys. International workshop on public key cryptography (pp. 211–223). New York: Springer.
Hankerson, D., & Menezes, A. (2011). Elliptic curve cryptography. New York: Springer.
Hales, T. C. (2013). The NSA back door to NIST. Notices of the AMS, 61(2), 190.
Khoirom, M. S., Laiphrakpam, D. S., & Themrichon, T. (2018). Cryptanalysis of multimedia encryption using elliptic curve cryptography. Optik, 168, 370.
Lee, Y. K., Sakiyama, K., Batina, L., & Verbauwhede, I. (2008). Elliptic-curve-based security processor for RFID. IEEE Transactions on Computers, 57(11), 1514.
Kaya, S. V., Savaş, E., Levi, A., & Erçetin, Ö. (2009). Public key cryptography based privacy preserving multi-context RFID infrastructure. Ad Hoc Networks, 7(1), 136.
Tuyls, P., & Batina, L. (2006). In RFID-tags for anti-counterfeiting. Cryptographers’ track at the RSA conference (pp. 115–131). New York: Springer.
Lee, Y. K., Batina, L., & Verbauwhede, I. (2008). In EC-RAC (ECDLP based randomized access control): provably secure RFID authentication protocol. In: Proceedings of the 2008 IEEE international conference on RFID IEEE, pp. 97–104.
Liao, Y. P., & Hsiao, C. M. (2014). A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol. Ad Hoc Networks, 18, 133.
Zhao, Z. (2014). A secure RFID authentication protocol for healthcare environments using elliptic curve cryptosystem. Journal of Medical Systems, 38(5), 46.
Chou, J. (2014). A secure RFID authentication protocol to enhance patient medication safety using elliptic curve cryptography. Journal of Supercomputer,. https://doi.org/10.1007/s11227-013-1073-x.
Zhang, Z., & Qi, Q. (2014). An efficient RFID authentication protocol to enhance patient medication safety using elliptic curve cryptography. Journal of Medical Systems, 38(5), 47.
He, D., Kumar, N., Chilamkurti, N., & Lee, J. H. (2014). Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol. Journal of Medical Systems, 38(10), 116.
Qu, J., & Tan, X. L. (2014). Two-factor user authentication with key agreement scheme based on elliptic curve cryptosystem. Journal of Electrical and Computer Engineering, 2014
Huang, B., Khan, M. K., Wu, L., Muhaya, F. T. B., & He, D. (2015). An efficient remote user authentication with key agreement scheme using elliptic curve cryptography. Wireless Personal Communications, 85(1), 225.
Chaudhry, S. A., Naqvi, H., Mahmood, K., Ahmad, H. F., & Khan, M. K. (2017). An improved remote user authentication scheme using elliptic curve cryptography. Wireless Personal Communications, 96(4), 5355.
Chen, Y., & Chou, J. S. (2015). ECC-based untraceable authentication for large-scale active-tag RFID systems. Electronic Commerce Research, 15(1), 97.
Shen, H., Shen, J., Khan, M. K., & Lee, J. H. (2017). Efficient RFID authentication using elliptic curve cryptography for the internet of things. Wireless Personal Communications, 96(4), 5253.
Jin, C., Xu, C., Zhang, X., & Zhao, J. (2015). A secure RFID mutual authentication protocol for healthcare environments using elliptic curve cryptography. Journal of Medical Systems, 39(3), 24.
Luo, M., Zhang, Y., Khan, M. K., & He, D. (2017). A secure and efficient identity-based mutual authentication scheme with smart card using elliptic curve cryptography. International Journal of Communication Systems, 30(16), e3333.
Islam, S. H., & Biswas, G. (2014). Dynamic id-based remote user mutual authentication scheme with smartcard using elliptic curve cryptography. Journal of Electronics (China), 31(5), 473.
Madhusudhan, R., Hegde, M., & Memon, I. (2018). A secure and enhanced elliptic curve cryptography-based dynamic authentication scheme using smart card. International Journal of Communication Systems, 31(11).
Truong, T. T., Tran, M. T., & Duong, A. D. (2014). Enhanced dynamic authentication scheme (edas). Information Systems Frontiers, 16(1), 113.
Liu, G., Zhang, H., Kong, F., & Zhang, L. (2018). A novel authentication management RFID protocol based on elliptic curve cryptography. Wireless Personal Communications, 101(3), 1445.
Adhikari, S., Ray, S., Biswas, G. P., & Obaidat, M. S. (2019). Efficient and secure business model for content centric network using elliptic curve cryptography. International Journal of Communication Systems, 32(1), e3839.
Naresh, V. S., Sivaranjani, R., & Murthy, N. V. E. S. (2018). Provable secure lightweight hyper elliptic curve-based communication system for wireless sensor networks. International Journal of Communication Systems, 31(15), e3763.
Qi, M., & Chen, J. (2018). New robust biometrics-based mutual authentication scheme with key agreement using elliptic curve cryptography. Multimedia Tools and Applications, 77, 1.
Sahoo, S. S., Mohanty, S., & Majhi, B. (2019). Improved biometric-based mutual authentication and key agreement scheme using ECC. Wireless Personal Communications, 111, 1–27.
Naeem, M. Chaudhry, S. A., Mahmood, K., Karuppiah, M. & Kumari, S. (2019). A scalable and secure RFID mutual authentication protocol using ECC for internet of things. International Journal of Communication Systems, p. e3906.
Jager, T., Schwenk, J., & Somorovsky, J. (2015). In practical invalid curve attacks on TLS-ECDH. European Symposium on research in computer security (pp. 407–425). New York: Springer.
Benssalah, M., Djeddou, M., & Drouiche, K. (2017). A provably secure RFID authentication protocol based on elliptic curve signature with message recovery suitable for m-health environments. Transactions on Emerging Telecommunications Technologies, 28(11), e3166.
Marzouqi, H., Al-Qutayri, M., & Salah K. (2013). In an FPGA implementation of NIST 256 prime field ECC processor. In: Proceedings of the 2013 IEEE 20th international conference on electronics, circuits, and systems (ICECS) IEEE, pp. 493–496.
Abadi, M., & Needham, R. (1996). Prudent engineering practice for cryptographic protocols. IEEE Transactions on Software Engineering, 22(1), 6.
Joye, M., & Quisquater, J. J. (2001). Hessian elliptic curves and side-channel attacks. International workshop on cryptographic hardware and embedded systems (pp. 402–410). New York: Springer.
Canetti, R., Goldreich, O., & Halevi, S. (2004). The random oracle methodology, revisited. Journal of the ACM (JACM), 51(4), 557.
Jin, C., Xu, C., Zhang, X., & Li, F. (2016). A secure ECC-based RFID mutual authentication protocol to enhance patient medication safety. Journal of Medical Systems, 40(1), 12.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Benssalah, M., Sarah, I. & Drouiche, K. An Efficient RFID Authentication Scheme Based on Elliptic Curve Cryptography for Internet of Things. Wireless Pers Commun 117, 2513–2539 (2021). https://doi.org/10.1007/s11277-020-07992-x
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-020-07992-x