Abstract
The radio frequency identification (RFID) technology has been widely adopted and being deployed as a dominant identification technology in a health care domain such as medical information authentication, patient tracking, blood transfusion medicine, etc. With more and more stringent security and privacy requirements to RFID based authentication schemes, elliptic curve cryptography (ECC) based RFID authentication schemes have been proposed to meet the requirements. However, many recently published ECC based RFID authentication schemes have serious security weaknesses. In this paper, we propose a new ECC based RFID authentication integrated with an ID verifier transfer protocol that overcomes the weaknesses of the existing schemes. A comprehensive security analysis has been conducted to show strong security properties that are provided from the proposed authentication scheme. Moreover, the performance of the proposed authentication scheme is analyzed in terms of computational cost, communicational cost, and storage requirement.
Similar content being viewed by others
References
A. Juels, RFID security and privacy: a research survey, IEEE Journal on Selected Areas in Communication 24 (2006) 381-394.
T. Phillips, T. Karygiannis, R. Kuhn, Security standards for the RFID market, IEEE Security & Privacy 3 (6) (2005) 85-89.
C.M. Robert, Radio frequency identification, Computers and Security 25 (2006) 18-26.
P. Peris-Lopez, A. Orfila, A. Mitrokots, J. van der Lubbe, A comprehensive RFID solution to enhance inpatient medication safety, International Journal of Medical Informatics 80 (2011) 13-24.
S. L. Ting, S. K. Kwok, Albert H. C. Tsang, W. B. Lee, Critical Elements and Lessons Learnt from the Implementation of an RFID-enabled Healthcare Management System in a Medical Organization, Journal of Medical Systems 35 (4) (2011) 657-669.
Y. Yen, N. Lo, T. Wu, Two RFID-based solutions for secure inpatient medication administration, Journal of Medical Systems 36(5) (2012) 2769-2778.
A. Juels, Yoking-proofs for RFID tags, in: First International Workshop on Pervasive Computing and Communication Security, 2004.
K. Wong, P. Hui, A. Chan, Cryptography and authentication on RFID tags for apparels, Computer in Industry 57 (2005) 342–349.
Y. Chen, J.-S. Chou, H.-M. Sun, A novel mutual authentication scheme based on quadratic residues for RFID systems, Computer Networks 52 (2008) 2373–2380.
H.-Y. Chien, C.-H. Chen, Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards, Computer Standards and Interfaces 29 (2007) 254–259.
P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, A. Ribagorda, Cryptanalysis of a novel authentication protocol conforming to epc-c1g2 standard, Computer Standards and Interfaces 31 (2) (2009) 372–380.
N. Lo, K. Yeh, An efficient mutual authentication scheme for EPCglobal Class-1 Generation-2 RFID systems, in: Intenational Conference on Embedded and Ubiquitous Computing, 2007.
T.-C. Yeh, Y.-J. Wang, T.-C. Kuo, S.-S. Wang, Securing RFID systems conforming to EPC Class 1 Generation 2 standards, Expert Systems and Applications 37 (2010) 7678–7683.
J. Cho, S. Yeo, S. Kim, Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value, Computer Communications 34(3) (2011) 391-397.
M. Safkhani, P. Peris-Lopez, J.C. Hernandez-Castro, N. Bagheri, M. Naderi, Cryptanalysis of Cho et al.’s protocol, a hash-based mutual authentication protocol for RFID systems, Cryptology ePrint Archive, Report 2011/311, 2011. <http://eprint.iacr.org/2011/331.pdf>.
T. Cao, P. Shen, Cryptanalysis of some RFID authentication protocols, Journal of Communications 3 (7) (2008) 20–27.
T.-C. Yeh, C.-H. Wu, Y.-M. Tseng, Improvement of the RFID authentication scheme based on quadratic residues, Computer Communications (34) (2011) 337–341.
R. Doss, S. Sundaresan, W. Zhou, A practical quadratic residues based scheme for authentication and privacy in mobile RFID systems, Ad Hoc Networks 11(1) (2013) 383-396.
Y. Lee, L. Batina, I. Verbauwhede, EC-RAC (ECDLP based randomized access control): provably secure RFID authentication protocol. In IEEE International Conference on RFID 2008. IEEE, 97–104, 2008.
J. Bringer, H. Chabanne, T. Icart, Cryptanalysis of EC-RAC, a RFID identification protocol. In 7th International Conference on Cryptology And Network Security – CANS’08, Springer, New York 149–161, 2008.
T. Deursen, S. Radomirovic, Attacks on RFID protocols (version 1.1). Technical Report, August 2009.
Y. Lee, I. Batina, I. Verbauwhede, Untraceable RFID authentication protocols: revision of EC-RAC. In IEEE International Conference on RFID 2009. IEEE: Orlando,FL,USA, 178–185, 2009.
T. Deursen, S. Radomirovic, Untraceable RFID rotocols are not trivially composable: attacks on the evision of EC-RAC. Technical Report, University of uxembourg, July 2009.
Y. Lee, L. Batina, I. Verbauwhede, Privacy challenges in RFID systems. In The Internet of Things, Giusto D, Lera A, Morabito G, Atzori L (eds): Springer New York, 397–407, 2010.
C. Lv, H. Li, J. Ma, Y. Zhang, Vulnerability analysis of elliptic curve cryptography–based RFID authentication protocols, Transactions on Emerging Telecommunications Technologies 23(7) (2012) 618-624.
Y. Liao, C. Hsiao, A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol, Ad Hoc Networks, 2013, doi: 10.1016/j.adhoc.2013.02.004.
R. Peeters, J. Hermans, Attack on Liao and Hsiao’s Secure ECC-based RFID Authentication Scheme integrated with ID-Verifier Transfer Protocol. Cryptology ePrint Archive, Report 2013/399, 2013.
G. Godor, N. Giczi, S. Imre, Elliptic curve cryptography based mutual authentication protocol for low computational capacity RFID systems-performance analysis by simulations. In: IEEE international conference on wireless communications, networking and information security (WCNIS), IEEE, pp 650–657, 2010.
X. Cao, W. Kou, A Pairing-free Identity-based Authenticated Key Agreement Protocol with Minimal Message Exchanges, Information Sciences, 180 (15), 2895–2903, 2010.
Acknowledgments
The work of J.-H. Lee was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT & Future Planning (NRF-2014R1A1A1006770).
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Systems-Level Quality Improvement
Rights and permissions
About this article
Cite this article
He, D., Kumar, N., Chilamkurti, N. et al. Lightweight ECC Based RFID Authentication Integrated with an ID Verifier Transfer Protocol. J Med Syst 38, 116 (2014). https://doi.org/10.1007/s10916-014-0116-z
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-014-0116-z