An IoT Based Secure Object Tracking System

Abstract

Internet of Things (IoT) aids in tracking of moving objects attached with Radio Frequency Identification tag. Earlier researchers assume that the owner of the object needs to either be online and actively participating for an update of travel status of a moving object, or rely on a third party to perform this task. If no such third party exists and owner is offline for a certain period, this leads to an inconsistent travel status. On the contrary, involvement of the third party in the update process requires it to be fully trusted, which can lead to privacy threats to the owner. Therefore, the existing works depend either on the unreliable owner device or on the vulnerable third party. This paper performs cryptanalysis on the object tracking protocol proposed by Ray et al. and discovers that this protocol does not allow the owner device to be offline, and it has various security issues. Along with this cryptanalysis, this paper proposes an IoT based object tracking system that depends only on the third party and allows the owner device to be offline. However, the vulnerabilities of this third party have been taken care in such a way that there is no privacy risk for the owner. Unlike the existing systems, this system provides unlinkability, untraceability, resistance against impersonation, information leakage through the communication link, replay, man-in-the-middle attack, desynchronization problem. In our experiment, we modeled the system using High-Level Protocol Specification Language (HLPSL) and simulated HLPSL model using automated security verification tool AVISPA.