Document Type : Research Article
Authors
Department of Information Technology Engineering, University of Isfahan, Isfahan, Iran
Abstract
Today, passive RFID tags have many applications in various fields such as healthcare, transportation, asset management, and supply chain management. In some of these applications, a group of tags need to prove they are present in the same place at the same time. To solve this problem, many protocols have been proposed so far, and each of them has been able to solve some security and performance problems, but unfortunately, many of these protocols have security vulnerabilities or do not have the necessary performance to run on passive RFID tags. In this study, a secure and lightweight protocol for RFID tags grouping proof called LSGPP is proposed. In this protocol, the reader is an untrusted entity, in other words, the protocol is secure even if the reader is hijacked by an attacker. This study shows that the LSGPP protocol is secure against tracking, eavesdropping, replay, concurrency, impersonation, desynchronization, denial of service (DoS), proof forgery, message integrity, man-in-the-middle, secret disclosure, denial of proof (DoP), and unlinkability attacks, and supports anonymity and forward secrecy features. Also, in this study, the notion of RFID reader compromised attack is introduced, and it is shown that, unlike its predecessors, the LSGPP protocol is also secure against this attack. Also, using the Proverif tool, it is shown that the proposed protocol provides confidentiality and authentication features. The LSGPP protocol uses lightweight operations affordable for passive RFID tags and is shown to be compliant with the EPC C1G2 standard.
Keywords
[2] Zhicai Shi, Xiaomei Zhang, and Jin Liu. The lightweight rfid grouping-proof protocols with identity authentication and forward security. Wireless Communications and Mobile Computing, 2020:1–12, 2020.
[3] Sarah Abughazalah, Konstantinos Markantonakis, and Keith Mayes. Two rounds rfid grouping-proof protocol. In 2016 IEEE International Conference on RFID (RFID), pages 1–14. IEEE, 2016.
[4] Saravanan Sundaresan, Robin Doss, and Wanlei Zhou. Zero knowledge grouping proof protocol for rfid epc c1g2 tags. IEEE Transactions on Computers, 64(10):2994–3008, 2015.
[5] Vanya Cherneva and Jerry L Trahan. A secure and efficient parallel-dependency rfid grouping-proof protocol. IEEE Journal of Radio Frequency Identification, 4(1):14–23, 2020.
[6] Vanya Cherneva and Jerry L Trahan. Serial-dependency grouping-proof protocol for rfid epc gen2 tags. IEEE Journal of Radio Frequency Identification, 4(2):159–169, 2020.
[7] Sjouke Mauw, Zach Smith, Jorge Toro-Pozo, and Rolando Trujillo-Rasua. Automated identification of desynchronisation attacks on shared secrets. In Computer Security: 23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, September 3-7, 2018, Proceedings, Part I 23, pages 406–426. Springer, 2018.
[8] Ming-Hour Yang, Yu-Shan Hsu, and Hung-Yu Ko. Dispute resistance multilayered rfid partial ownership transfer with blockchain. IEEE Access, 10:123634–123650, 2022.
[9] Zahra Rafati. A secure and scalable grouping proof for lightweight rfid tags. MSc Thesis, Faculty of Computer Engineering ,University of Isfahan, 2021.
[10] Cheng-Ter Hsi, Yuan-Hung Lien, Jung-Hui Chiu, and Henry Ker-Chang Chang. Solving scalability problems on secure rfid grouping-proof protocol. Wireless Personal Communications, 84:1069–1088, 2015.
[11] Vanya Cherneva and Jerry L Trahan. Grouping proofs for dynamic groups of rfid tags: A secure and scalable protocol. In 2020 10th Annual Computing and Communication Workshop and Conference (CCWC), pages 0097–0103. IEEE, 2020.
[12] Liu Ya-li, Qin Xiao-lin, Li Bo-han, and Liu Liang. A forward-secure grouping-proof protocol for multiple rfid tags. International Journal of Computational Intelligence Systems, 5(5):824–833, 2012.
[13] Fatemeh Borjal Bayatiani. A lightweight rfid grouping proof protocol with forward secrecy and resistant to reader compromised attack. MSc Thesis, Faculty of Computer Engineering, University of Isfahan, 2022.
[14] Lin Qiping, Zhang Fangguo, et al. ecc-based grouping-proof rfid for inpatient medication safety. 2012.
[15] Cunqing Ma, Jingqiang Lin, Yuewu Wang, and Ming Shang. Offline rfid grouping proofs with trusted timestamps. In 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, pages 674–681. IEEE, 2012.
[16] Shu Cheng, Vijay Varadharajan, Yi Mu, and Willy Susilo. An efficient and provably secure rfid grouping proof protocol. In Proceedings of the Australasian computer science week multi-conference, pages 1–7, 2017.
[17] Junichiro Saito and Kouichi Sakurai. Grouping proof for rfid tags. In 19th International Conference on Advanced Information Networking and Applications (AINA’05) Volume 1 (AINA papers), volume 2, pages 621–624. IEEE, 2005.
[18] Mike Burmester and Jorge Munilla. An anonymous rfid grouping-proof with missing tag identification. In 2016 IEEE International Conference on RFID (RFID), pages 1–7. IEEE, 2016.
[19] ¨Omer Aydin, G¨okhan Dalkili¸c, and Cem K¨osemen. A novel grouping proof authentication protocol for lightweight devices: Gpapxr+. Turkish Journal of Electrical Engineering and Computer Sciences, 28(5):3036–3051, 2020.
[20] Proverif: Cryptographic protocol verifier in the formal model., April 2023.
[21] HangRok Lee and DoWon Hong. The tag authentication scheme using self-shrinking generator on rfid system. International Journal of Information and Communication Engineering, 2(6):1242–1247, 2008.
[22] Hsieh-Hong Huang and Cheng-Yuan Ku. A rfid grouping proof protocol for medication safety of inpatient. Journal of medical systems, 33:467–474, 2009.
[23] Zhibin Zhou, Pin Liu, Qin Liu, and Guojun Wang. An anonymous offline rfid grouping-proof protocol. Future Internet, 10(1):2, 2018.
[24] Jean-Philippe Aumasson, Luca Henzen, Willi Meier, and Mar´ıa Naya-Plasencia. Quark: A lightweight hash. Journal of cryptology, 26:313–339, 2013.
[25] Charalampos Manifavas, George Hatzivasilis, Konstantinos Fysarakis, and Konstantinos Rantos. Lightweight cryptography for embedded systems–a comparative analysis. In International Workshop on Data Privacy Management,
pages 333–349. Springer, 2013.
[26] Seyed Farhad Aghili and Hamid Mala. New authentication/ownership transfer protocol for rfid objects. Journal of Information Security and Applications, 49:102401, 2019.
)