Secure Improved Cloud-Based RFID Authentication Protocol


Abughazalah, S., Markantonakis, K., Mayes, K.: Secure Improved Cloud-Based RFID Authentication Protocol. To be published in the 9th DPM International Workshop on Data Privacy Management. Springer, Berlin Heidelberg (2014).


Although Radio Frequency IDentifi cation (RFID) systems promise a fruitful future, security and privacy concerns have affected the adoption of the RFID technology. Several studies have been proposed to tackle the RFID security and privacy concerns under the as- sumption that the server is secure. In this paper, we assume that the server resides in the cloud, which might be insecure. Hence, the tag's data might be prone to privacy invasion and attacks. Xie et al. proposed a new scheme called cloud-based RFID authentication, which aimed to address the security and privacy concerns of RFID tag's data in the cloud. In this paper, we showed that Xie et al. protocol is vulnerable to reader impersonation attacks, location tracking and tag's data privacy invasion. Therefore, we proposed a new protocol that guarantees that the tag's data in the cloud are anonymous, and cannot be compro- mised. Furthermore, the proposed protocol achieves mutual authentication between all the entities participating in a communication session, such as a cloud server, a reader and a tag. Finally, we analysed the proposed protocol informally and formally using a privacy model and CasperFDR. The results indicate that the proposed protocol achieves data secrecy and authentication for RFID tags.


To appear