Premium
A hidden mutual authentication protocol for low‐cost RFID tags
Author(s) -
Li JungShian,
Liu KunHsuan
Publication year - 2011
Publication title -
international journal of communication systems
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.344
H-Index - 49
eISSN - 1099-1131
pISSN - 1074-5351
DOI - 10.1002/dac.1222
Subject(s) - computer science , mutual authentication , computer security , radio frequency identification , authentication protocol , authentication (law) , hash function , identifier , identification (biology) , replay attack , protocol (science) , session (web analytics) , challenge–response authentication , computer network , cryptography , challenge handshake authentication protocol , lightweight extensible authentication protocol , world wide web , medicine , botany , alternative medicine , pathology , biology
Radio‐frequency identification (RFID) technology enables the identification and tracking of objects by means of the wireless signals emitted by a tag attached to the objects of interest. Without adequate protection, however, malicious attackers can easily eavesdrop, scan or forge the information within the tag, thereby threatening the integrity of the system. Previous research has shown that the basic security requirements of RFID systems, i.e. identity authentication, information privacy and location privacy, can be satisfied using conventional cryptographic components. However, such components are expensive, and therefore conflict with the general requirement for low‐cost tag designs. Accordingly, this paper presents a low‐cost challenge‐response security protocol designated as the hidden mutual authentication protocol (HMAP) to accomplish both a mutual authentication capability between the tag and the reader and information privacy. The results show that HMAP provides an efficient means of concealing the authentication messages exchanged between the tag and the reader and is robust toward replay attacks. In addition, it is shown that HMAP is easily extended to provide complete location privacy by utilizing a hash function to generate different tag identifiers in each authentication session. Copyright © 2011 John Wiley & Sons, Ltd.