Cloud-Based Lightweight RFID Healthcare Privacy
Protection Protocol
Kai Fan, Wei Wang
State Key Laboratory of
Integrated Service Networks
Xidian University
Xi’an, China
kfan@mail.xidian.edu.cn
386690487@qq.com
Yue Wang
School of Information
Engineering
Xi’an University
Xi’an, China
kelly8266no1@sina.com
Hui Li
State Key Laboratory of
Integrated Service Networks
Xidian University
Xi’an, China
lihui@mail.xidian.edu.cn
Yintang Yang
Key Lab. of the Minist. of
Educ. for Wide Band-Gap
Semiconductor Materials
and Devices
Xidian University
Xi’an, China
ytyang@xidian.edu.cn
Abstract—Researchers and engineers have paid more attention
to cloud-based application systems, whose features are
virtualization and services provisioning. Fortunately the
technology can be just right to healthcare. Meanwhile, security
has also become more challenging. Although many cloud-based
RFID authentication protocols have been proposed, some of them
only improve the function and performance without considering
security and privacy, and most of them are heavyweight. It is not
appropriate in the field of healthcare, because improving the
trustworthiness of anonymous virtual computing services should
be the primary consideration. So we propose a lightweight
privacy protection authentication scheme which can be applied in
the cloud environment, in the scheme, service providers could be
anonymous or unknown to the application consumer. Assuming
many hospitals build a cloud platform together, the information
of patient and his physician will be stored anonymously in the
cloud. Patient can go to a doctor in any one hospital with a
unique RFID tag. Reader may be fixed or mobile; Readers read
tags and upload collected data to the cloud for further processing
in real time. Compared with some traditional schemes, our
scheme is lightweight, cost-efficient, elastic scalability, real-time,
and easy to against synchronization attack.
Keywords: privacy protection, lightweight, RFID, cloud,
authentication.
I. I
NTRODUCTION
The network has developed dramatically, the number of
active users on the network skyrockets, followed by various
phenomena have occurred, such as privacy disclosure, credit
cards fraud and so on. As communication and information
systems are becoming more indispensable to the society
today,the trend will inevitably continue in future. Personal
privacy is usually under a great threat, especially healthcare
privacy. Considering a situation where patients do not want to
reveal their healthcare privacy. First, in addition to the doctors
and the patients themselves, other people cannot access the
patients’ private information easily. Second, the data in the
cloud must exist through special processing instead of plain
text. Even many hackers have attacked the cloud server, they
cannot obtain any useful information. It has been shown that it
is possible to recover fingerprints from minutiae points stored
in the database [1, 2]. There are currently several methods and
mechanisms to increase the strength of the authentication
process for applications. It is obvious that not only to improve
the user authentication process, but also to improve the
transaction authentication [3]. Cloud-based application
systems are rapidly deployed worldwide via virtualization and
services computing technologies. However, different levels of
security issues have put forward several new technical
challenges, as a result
,
users cannot trust the cloud. But the
cloud has its own superiority, especially the system is
breached, it can accurately evaluate the security risk that the
network is facing, and has a strong ability for detecting DDoS
[4].
Security analysis shows that permutation and rotation
assure data confidentiality and integrity as well as the
resistance to various attacks. The computation complexity for
the tags is not high because the tag in RAPP only involves
effective operations [5]. However, security analysis of RAPP
which bases on permutation have been given in some
literatures, but analysis is theoretically achievable [6, 7].
When all the variables in the protocol are 96 bit, in order to
recover the random number and secret key, the number that
attacker need to query the tag is about 2
30
. NFC technology
has been developed rapidly, but there are some serious
security risks from the beginning, and the requirements of
software and hardware for NFC are high, so far NFC has not
been widely used [8]. By analyzing the above reasons, RFID
is the key technique in healthcare privacy protection system.
RFID is more economical means and more reliable technology
than the traditional access control. Due to the price of
common RFID tag is low, so performance will be
unsatisfactory. It is also unrealistic for lower tags to encrypt
by using public key algorithm. So a novel architecture and the
corresponding authentication protocol are urgently needed.
In order to change the traditional architecture, back-end
server should be replaced. Heavyweight authentication
protocol should also be replaced with lightweight
authentication protocol. Because one of the most possible
solutions in secure authentication of the low-cost RFID system
is the lightweight RFID authentication protocol [9]. Since this
system is a long-term real-time monitoring, which would
produce plenty of data, the system also has to process data
with a high speed. So it is not suitable to use the back-end
978-1-5090-1328-9/16/$31.00 ©2016 IEEE