As the radio frequency identification (RFID) technology continues to evolve and mature, RFID tags can be implemented in a wide range of applications. Due to the shared wireless medium between the RFID reader and the RFID tag, adversaries can launch various attacks on the RFID system. To thwart different types of attacks, we propose an Efficient RFID Authentication Protocol (ERAP), which can accomplish the authentication without disclosing real IDs of the participating tags and provide strong privacy and security protection of the RFID users. ERAP offers the anonymity of tags in addition to tag untraceability. It also provides forward security (forward privacy) which ensures that data transmitted today will still be secure even if secret tag information is revealed by tampering in the future. In this paper, we define a formal security model for authentication and privacy in RFID system. Under this model, we describe protocol that provably achieves the properties of authentication and privacy. In addition, the proposed ERAP requires only little resources to perform the authentication, which satisfies the requirement of highly resource-constrained low-cost RFID tags.
All Science Journal Classification (ASJC) codes
- Computer Networks and Communications