Cloud-based Lightweight RFID Mutual
Authentication Protocol
Kai Fan, Qi Luo, Hui Li
State Key Laboratory of Integrated Service Networks
Xidian University
Xi’an, China
kfan@mail.xidian.edu.cn
343971785@qq.com
lihui@mail.xidian.edu.cn
Yintang Yang
Key Lab. of the Minist. of Educ. for Wide Band-Gap
Semiconductor Materials and Devices
Xidian University
Xi’an, China
ytyang@xidian.edu.cn
Abstract—Radio Frequency Identification (RFID) makes it a
supporting technology for the Internet of things (IoT). While
RFID has been widely used and developed rapidly, its security
and privacy issues cannot be ignored. With the development of
cloud computing, cloud based RFID system has become a new
solution. Protecting the security of RFID system in cloud
environment is particularly important. Not verifying the tag or
reader when reading message will have serious consequences,
which may suffer many secure issues, such as intercept,
modifying, replaying, DoS and synchronization. This paper puts
forward an efficient and reliable RFID security authentication
scheme in cloud environment. The protocol combines the logic
encryption operation with timestamp, which can resist DoS
attacks and anti-synchronization attacks. The proposed protocol
not only can well solve the RFID security and privacy issues, but
also can use the powerful cloud computing capabilities to process
data.
Keywords—RFID; security; privacy; mutual authentication;
cloud
I.
I
NTRODUCTION
IoT is widely used in the integration of the network, which
is called the third wave of the world information industry after
the computer and the internet. IoT refers to a huge network
formed by Internet and various information sensing devices,
such as RFID, infrared sensor, global positioning system
(GPS) and laser scanner [1].
RFID is a non-contact automatic identification technology,
without the need to establish a mechanical or optical contact
between the system and a specific target. There are many
traditional automatic identification technologies such as
barcode recognition technology, optical character recognition
technology, biometric identification technology, identification
technology of magnetic card and contact IC card identification
technology, but these techniques are unsatisfactory. Bar code
stores a small amount of data. Optical character recognition
cost is high. The development of biological recognition is not
perfect. Magnetic card identification and contact IC card
identification need close contact, whose flexibility is too bad.
RFID technology has the advantages that these traditional
identification technologies cannot be compared with, so RFID
is considered one of the most promising technologies in
twenty-first Century [2].
An RFID system consists of RFID tags, RFID readers, and
a backend server. Tags are attached to objects to identify them
uniquely and store the identification information of objects.
The reader and the tag exchange data via radio signals [3]. As
a new computing model, cloud computing is an on-demand,
dynamic, real-time computing resource sharing pool. The
cloud-based architecture is expected to provide a cost-
effective platform for modern systems, bringing development
to the traditional Internet industry. However, its security risks
cannot be ignored. Due to the direct communication between
the reader and tag in the wireless environment, data are
completely exposed to the outside world, so the RFID system
is vulnerable to attack. That cloud is not trusted third party
also increases the difficulty of cloud-based RFID technology
in applications.
II.
R
ELATED
W
ORK
Authentication protocols are the key to solving these
challenges. Due to the limited computing power and storage
space of the tags, its security solutions are different from the
traditional network. The biggest challenge of the RFID
certification scheme is to design a secure, efficient and low-
cost authentication protocol in the event that the RFID tag has
limited computing resources, limited storage and limited
power supply capability [4].
For the security problems of RFID system, many protocols
have been proposed. Some of these protocols are based on
back-end servers. But there are some problems about them. In
the hash-lock protocol [5], the
metaID
used by each tag is
always invariant, which makes it vulnerable to tracking
attacks. When the number of tags in the system is large, the
reader authentication will take a long time in the hash-lock
protocol [6] and the hash-chain protocol [7], which makes it
difficult to apply in practice. Timestamp-based protocol [8]
implements mutual authentication and does not have the
problems in the three protocols, but it cannot resist the
synchronization attack.
2017 IEEE Second International Conference on Data Science in Cyberspace
978-1-5386-1600-0/17 $31.00 © 2017 IEEE
DOI 10.1109/DSC.2017.41
333