Security and privacy on authentication protocol for low-cost radio frequency identification

Abstract

In the near future, radio frequency identification (RFID) technology is expected to play an important role for object identification as a ubiquitous infrastructure. One of its main objectives is the next generation technology that is mainly used to identify massive objects and will be a substitution for the existing optical bar code system. On the other hand, low-cost RFID tags are highly resource-constrained, cannot support its long-term security and it is very restricted to implement the existing cryptographic algorithms. Thus, they have potential risks and may violate privacy for their bearers, and user privacy issues would be a big barrier for the admirable usage of RFID in the future ubiquitous society. As far as user privacy issues concerned, we should consider the data leakage illegally from a tag and the malicious tracking for the unique ID of a tag. Due to the characteristics of RFID interface, the identification data from RFID tags must guarantee their integrity with other entities, readers or backend servers. In addition to it, these entities must trust each other, be seamlessly integrated with their authentication messages, and anonymously interact protecting user location privacy without revealing any information of tag bearers. To protect user privacy and remove security vulnerabilities, we propose a robust and privacy preserving mutual authentication protocol that fits the low-cost RFlD environment. Different from the previous works, our protocol firstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. In addition, the proposed protocol exhibits forgery resistance against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, the proposed protocol is very feasible for low-cost RFID system compared t...