Formal Security Analysis of ECC-Based RFID in Logic of Events Theory

Abstract

Radio frequency identification (RFID) is a crucial component of the Internet of Things (IoT), and RFID using elliptic curve Cryptography (ECC) is a public key cryptosystem authentication approach that tackles the problem of electronic tag data encryption in RFID systems. The commercialisation and large-scale deployment of RFID systems has raised a number of security-related issues that suggest the need for security protocols. Logic of events theory (LoET) is a formal method for constructing and reasoning about distributed systems and protocols involving security concepts. This paper proposes three event classes, Compute, Retrieve, and Generate, and related axioms and inference rules to formally abstract the ECC session key generation function and formally institute the authentication process of both parties, and the ex-tended LoET is used to analyse the security properties of ECC-based RFID security protocols. Under reasonable assumptions, an ECC-based RFID mutual authentication scheme is shown to satisfy the strong mutual authentication feature. It is shown that extended logic of events theory may be used to prove the security properties of this class of ECC-based RFID protocols.