Lightweight ECC Based RFID Authentication Integrated with an ID Verifier Transfer Protocol

He, Debiao; Kumar, Neeraj; Chilamkurti, Naveen; Lee, Jong‐Hyouk

doi:10.1007/s10916-014-0116-z

Cited by 82 publications

(64 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The communication overhead denotes the length of the messages transmitted between the reader and tags when they execute the protocol. According to [32], we assume that an elliptic curve with length of 160 bits is used in our schemes. The length of an elliptic curve point is 320 bits.…”

Section: Performance Analysismentioning

confidence: 99%

An Anonymous Offline RFID Grouping-Proof Protocol

Zhou

Liu

et al. 2018

Future Internet

View full text Add to dashboard Cite

Abstract:As more and more items are tagged with RFID (Radio Frequency Identification) tags, grouping-proof technology is widely utilized to provide a coexistence evidence for a group of related items. Due to the wireless channel used in RFID systems, a security risk exists in the communication between the reader and tags. How to ensure the tag's information security and to generate reliable grouping-proof becomes a hot research topic. To protect the privacy of tags, the verification of grouping-proof is traditionally executed by the verifier, and the reader is only used to collect the proof data. This approach can cause the reader to submit invalid proof data to the verifier in the event of DoP (Deny of Proof) attack. In this paper, an ECC-based, off-line anonymous grouping-proof protocol (EAGP) is proposed. The protocol authorizes the reader to examine the validity of grouping-proof without knowing the identities of tags. From the security and performance analysis, the EAGP can protect the security and privacy of RFID tags, and defence impersonation and replay attacks. Furthermore, it has the ability to reduce the system overhead caused by the invalid submission of grouping-proofs. As a result, the proposed EAGP equips practical application values.

show abstract

Section: Performance Analysismentioning

confidence: 99%

An Anonymous Offline RFID Grouping-Proof Protocol

Zhou

Liu

et al. 2018

Future Internet

View full text Add to dashboard Cite

show abstract

“…The next protocol we analyze in this work is due to [36]. This is an RFID-based authentication protocol to preserve identity privacy.…”

Section: He Et Al's Rfid-based Authentication Protocolmentioning

confidence: 99%

“…Figure 8 shows the notations used for the protocol. This protocol has been proven to be immune to various attacks [36]. We present a clogging attack on the protocol and observe that it is inherently vulnerable to clogging, weak authentication and SQL injection attacks.…”

Section: He Et Al's Rfid-based Authentication Protocolmentioning

confidence: 99%

Cryptanalysis and Improvement of ECC Based Authentication and Key Exchanging Protocols

Roy

Khatwani

2017

Cryptography

View full text Add to dashboard Cite

Elliptic curve cryptography (ECC) is extensively used in various multifactor authentication protocols. In this work, various recent ECC-based authentication and key exchange protocols are subjected to threat modeling and static analysis to detect vulnerabilities and to enhance them to be more secure against threats. This work demonstrates how currently-used ECC-based protocols are vulnerable to attacks. If protocols are vulnerable, damage could include critical data loss and elevated privacy concerns. The protocols considered in this work differ in their usage of security factors (e.g., passwords, pins and biometrics), encryption and timestamps. The threat model considers various kinds of attacks including denial of service, man in the middle, weak authentication and SQL injection. Countermeasures to reduce or prevent such attacks are suggested. Beyond cryptanalysis of current schemes and the proposal of new schemes, the proposed adversary model and criteria set forth provide a benchmark for the systematic evaluation of future two-factor authentication proposals.

show abstract

“…This section reviews He et al 's protocol [13]. The system consists of three kinds of entities: readers, a back-end server, and a set of tags; but the RFID reader is omitted from the protocol description since it acts as an intermediate party that relays messages exchanged between a tag and the server.…”

Section: Review Of He Et Al 'S Protocolmentioning

confidence: 99%

“…The essence of the active tracking resistance of the proposed scheme is that each calculation of Auth = ( + TK 2 ) ⊕ ( 1 + TK 1 ) involves the confusion value ( 1 + TK 1 ), where the computation of TK 1 needs either tag's secret 2 or the server's private key ; therefore, International Journal of Distributed Sensor Networks 5 Arshad and Nikooghadam [12] Liao and Hsiao [9] He et al [13] Ours The server's computational cost Server Spoofing Attack Resistance. To impersonate the server, the adversary must be able to generate a valid message 3 = {Auth }, where 1 = 1 and Auth = ( +2TK 2 )⊕2 ( 1 + TK 1 ).…”

Section: Security Analysismentioning

confidence: 99%

An Elliptic Curve Cryptography-Based RFID Authentication Securing E-Health System

Lee

Chien

2015

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

Mobile healthcare (M-health) systems can monitor the patients' conditions remotely and provide the patients and doctors with access to electronic medical records, and Radio Frequency Identification (RFID) technology plays an important role in M-health services. It is important to securely access RFID data in M-health systems: here, authentication, privacy, anonymity, and tracking resistance are desirable security properties. In 2014, He et al. proposed an elliptic curve cryptography-(ECC-) based RFID authentication protocol which is quite attractive to M-health applications, owing to its claimed performance of security, scalability, and efficiency. Unfortunately, we find their scheme fails to achieve the privacy protection if an adversary launches active tracking attacks. In this paper, we demonstrate our active attack on He et al. 's scheme and propose a new scheme to improve the security. Performance evaluation shows the improved scheme could meet the challenges of M-health applications.

show abstract

Lightweight ECC Based RFID Authentication Integrated with an ID Verifier Transfer Protocol

Cited by 82 publications

References 22 publications

An Anonymous Offline RFID Grouping-Proof Protocol

An Anonymous Offline RFID Grouping-Proof Protocol

Cryptanalysis and Improvement of ECC Based Authentication and Key Exchanging Protocols

An Elliptic Curve Cryptography-Based RFID Authentication Securing E-Health System

Contact Info

Product

Resources

About