Distance bounding-based RFID binding proof protocol to protect inpatient medication safety against relay attack

Abstract

RFID binding proof protocols are suggested for the past decade to guard inpatient medication safety and to prevent medication errors in hospitals. In such protocols, the main goal is to authenticate two RFID tags one for the patient and one for the patient's drug simultaneously using an RFID reader by a nurse. This paper reveals that the existing RFID binding proof protocols are vulnerable to a relay attack. In the relay attack, an attacker is able to change the patient's drug without the nurse and the patient noticing the change. Furthermore, to overcome this weakness a paired distance bounding PDB protocol is proposed with two security parameters N and t to be deployed for RFID binding proof protocols. In a PDB protocol, two tags are authenticated simultaneously, and furthermore, an upper bound for the physical distance between these two tags and the reader is established. This implies the presence of both tags in the reader's area. The analytic results for the proposed protocol show that, with the appropriate selection of N and t parameters, the proposed protocol achieves a desirable security level against the relay attack.