Abstract
Despite the many conveniences of Radio Frequency Identification (RFID) systems, the underlying open architecture for communication between the RFID devices may lead to various security threats. Recently, many solutions were proposed to secure RFID systems and many such systems are based on only lightweight primitives, including symmetric encryption, hash functions, and exclusive OR operation. Many solutions based on only lightweight primitives were proved insecure, whereas, due to resource-constrained nature of RFID devices, the public key-based cryptographic solutions are unenviable for RFID systems. Very recently, Gope and Hwang proposed an authentication protocol for RFID systems based on only lightweight primitives and claimed their protocol can withstand all known attacks. However, as per the analysis in this article, their protocol is infeasible and is vulnerable to collision, denial-of-service (DoS), and stolen verifier attacks. This article then presents an improved realistic and lightweight authentication protocol to ensure protection against known attacks. The security of the proposed protocol is formally analyzed using Burrows Abadi-Needham (BAN) logic and under the attack model of automated security verification tool ProVerif. Moreover, the security features are also well analyzed, although informally. The proposed protocol outperforms the competing protocols in terms of security.
Highlights
Since its inception, the Internet of Things (IoT) is an emerging idea and is defined as, “A system of interrelated computing devices, mechanical and digital machines, objects, animals, or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction” [1]
A legitimate Radio Frequency Identification (RFID) tag can form a valid request message M1, including both these parameters, as valid AIDTi is only known to legal tag; IDT, Kts are known to the legal tag only
The proposed protocol does not reveal any login information of the current of or any previous sessions that lead to a security attack on the RFID system
Summary
Khwaja Mansoor 1,† , Anwar Ghani 2,† , Shehzad Ashraf Chaudhry 3,† , Shahaboddin Shamshirband 4,5, *,† , Shahbaz Ahmed Khan Ghayyur 2,† and Amir Mosavi 6,7,†.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have