Sage Journals: Discover world-class research

Abstract

Recently, radio-frequency identification (RFID) technology has been applied to various industrial fields. It is used for various health-care purposes such as patient information management and health management, thereby providing convenience for both hospital officials and patients. However, the RFID system also presents various health-care security threats such as spoofing attacks and counterfeit attacks in the data communication between the server, reader, and tag, which adversely affect both hospital officials and patients. An RFID mutual authentication technique is thus required, and various such techniques have already been proposed. Research is being conducted for performing RFID mutual authentication using bit operation or based on a lightweight public key cryptosystem for application to a low-cost tag environment. In this study, we analyze the RFID mutual authentication protocol for RFID medical devices and propose an efficient, lightweight mutual authentication scheme for secure RFID medical devices by satisfying various security requirements and decreasing the computation cost.

Keywords

RFID mutual authentication scheme security NTRU lightweight

Introduction

Recently, with the development of information and communication technology, we are said to be living in the Internet-of-Things (IoT) age. The radio-frequency identification (RFID) sensor, an IoT sensor, is a technology used for identifying a tag attached to an article through a reader (i.e. RF module). RFID consists of tag, reader, and back-end server. It sends the data stored in the tag to the server through the reader and controls and processes the data in the server. Recently, RFID technology has been used in various industrial fields such as distribution, manufacturing, logistics, defense, and traffic. In particular, it is widely used as a method for ensuring convenience and accuracy in its applications to medical equipment and medical products in a health-care environment. Typically, in the health-care environment, RFID technology has various applications, including patient information management, emergency medical care, blood information management, health care, and drug management as shown in Figure 1. However, in the health-care field, RFID technology creates various security threats, such as patient data being forged by an attacker, eavesdropping on communicated data, spoofing and replay attacks, or tracking of a patient’s location. Typically, an attacker modifies the patient’s medication data (medicines and blood) stored in the hospital’s assets or the RFID tag bracelet worn by the patient, thereby interfering with the medication to be administered to the patient, which would threaten the patient’s life. In other cases, an attacker may eavesdrop on data communicated between a hospital official (reader) and a patient (tag) to find out the identifier value of the patient (tag) through replay attacks and spoofing attacks.¹ Malicious actions can also be taken by sending continuous data to the hospital Database (DB server) through the reader, overloading the service function, and stealing the patient data by accessing the hospital DB (server). Therefore, a secure technology is required to eliminate the security threat of RFID technology. One such technology is the RFID mutual authentication technology. To date, RFID mutual authentication based on various technologies such as hash function, symmetric key encryption, and public key encryption has been proposed. Recently, studies are being conducted on RFID mutual authentication that requires less computation and are based on a low-cost tag environment and lightweight cryptosystem. In this article, we propose a lightweight RFID mutual authentication protocol in a low-cost tag environment by comparing and analyzing the RFID mutual authentication scheme proposed for a medical environment, using bit operation and lightweight encryption NTRU(N-th degree TRUncated polynomial ring) to satisfy various security requirements and increase system efficiency.

Figure 1.

RFID application in medical environment. RFID: radio-frequency identification.

Related work

In this section, an RFID mutual authentication technique and NTRU cryptographic technology are explained, and the existing RFID mutual authentication protocol is analyzed.

RFID mutual authentication

RFID mutual authentication is the authentication of the other party for secure communication between the tag and the reader. Mutual authentication is performed using the data that are communicated between the reader and the tag and using a hash function, symmetric key encryption, and public key encryption based on the tag environment. In a medical environment, the hospital official (reader) contacts the hospital asset, medicine, and tag attached to the patient in order to request authentication. At this time, the tag, reader, and server perform mutual authentication while exchanging information required for authentication as shown in Figure 2. Table 1 compares schemes for authenticating patients using RFID. In 2012, Jeong and Lee proposed a patient authentication process using the RFID technology.² However, in the scheme used by Jeong and Lee, the tag responds to the communication of the reader with a fixed value, and the attacker can interrogate the response value of the tag and guess the location of the patient. This can result in various security threats such as location tracking attacks, patient privacy violations, spoofing attacks, and replay attacks. In 2013, Ahn et al. proposed an improved RFID patient authentication process for eliminating the security threats in the RFID mutual authentication of Jeong and Lee.³ The process introduced by Ahn et al. is protected against various security threats owing to its improved protocol, and its computational efficiency is higher than that of the scheme proposed by Jeong and Lee. However, it is difficult to apply to disposable bracelets with low computational power among patient medical bracelets.

Figure 2.

Rradio-frequency identification mutual authentication.

Table 1.

Comparison of patient authentication schemes using radio-frequency identification.

	Strength	Weakness
Jeong scheme	It is safe to use symmetric keys and hash functions	Location tracking possible Various security threats caused by eavesdropping Difficult to apply to low-cost tags
Ahn scheme	Safe for various security threats	Difficult to apply to low-cost tags

NTRU cryptograph

The NTRU cryptosystem is a public key cryptosystem in the polynomial basis proposed by Hoffstein et al. in 1998.⁴ NTRU encryption is easy to generate keys and requires a small amount of memory. According to the “A Study on the Development of the cryptosystems for the next generation” issued by National Security Research Institute in 2006, The NTRU cryptosystem provides the same security as the other public key cryptosystems RSA (Rivest Shamir Adleman), ECC (Elliptic Curve Cryptography), but with a higher encryption and decryption rate.⁵ In addition, as quantum computing is developed because NTRU is based on the lattice theory, it is more secure than the public key cryptosystem based on computational complexity such as the existing RSA or ECC. It can be applied to RFID because it proved that the NTRU cryptosystem can be implemented with only 10,000 gates through an article called “Low-cost Implementations of NTRU for Pervasive Security”.⁶ Recently, research has been conducted on NTRU-based commercial technology. The NTRU cryptosystem is described as follows.⁷

Key generation step: The initial key generation step first selects two polynomials f, g ∈ R of N − 1th order having small coefficients. f must have an inverse on mod p and mod q, and the inverse is $f_{p}^{- 1}, f_{q}^{- 1}$ . The secret keys are $f, g, f_{p}^{- 1}, f_{q}^{- 1}$ , and the public key is h.

f_{p}^{- 1} * f \equiv 1 (mod p)

f_{q}^{- 1} * f \equiv 1 (mod q)

h = f_{q}^{- 1} * g (mod q)

Encryption: Encrypts message m by selecting any polynomial φ ∈ R.

e = p * h * φ + m (mod q)

Decryption: The polynomial a is obtained by multiplying the cipher text e by the private key f, and the message m is decrypted by multiplying the polynomial a by the private key $f_{p}^{- 1}$ .

a \equiv f * e (mod q) \equiv f * (p * h * φ + m) (mod q) \equiv f * p * h * φ + f * m (mod q) \equiv f * p * (f_{q}^{- 1} * g) * φ + m (mod q) \equiv p * φ * g + f * m (mod q) m′ \equiv a * f_{p}^{- 1} (mod p) .

NTRU-based RFID mutual authentication scheme

Table 2 compares NTRU-based RFID mutual authentication scheme. Shi et al. proposed an NTRU-based RFID mutual authentication scheme in 2013 and 2014.⁸ However, during RFID communication, an attacker can guess the patient’s identity by eavesdropping, which leads to various security threats. Behazad Abdolmaleki has improved the protocol to satisfy security threats, but the computational efficiency is lower than that proposed by Shi et al.⁹ Rostampour et al. proposed an NTRU-based RFID mutual authentication scheme and claimed that it is safer than an ultra-lightweight mutual authentication scheme.¹⁰ However, it is difficult to apply to a public channel wherein a server and reader are one object.

Table 2.

Comparison of NTRU-based RFID mutual authentication scheme.

	Strength	Weakness
Shi scheme⁸	Use lightweight encryption NTRU	Unsafe for various security threats
Abdolmaleki scheme⁹	Use lightweight encryption NTRU Safe for various security threats	Increase in computation compared with Shi scheme It is difficult to use in open channels
Rostampour scheme¹⁰

RFID: radio-frequency identification; NTRU: N-th degree TRUncated polynomial ring.

Ultra-lightweight RFID mutual authentication

RFID tags can be classified into active tags and passive tags. Active tags have their own power, which facilitates the use of cryptographic algorithms and complex computations in security protocols. In contrast, the passive tag lacks the power in the tag itself and lacks calculation capacity and storage space. Therefore, when mutual authentication is performed, it is difficult to apply a cryptographic algorithm or a complex operation, and thus, mutual authentication is performed only by a low operation. The ultralight authentication protocol was initially used to improve the system efficiency by performing mutual authentication with only bitwise operation (XOR, AND, OR, MOD) based on the low-cost tag environment. Table 3 compares the ultralight RFID mutual authentication scheme. However, security problems are caused by various attacks with only bit operations, and ultralight authentication protocols applying various operations such as ROT (rotation) operation and Per (permutation) operation are studied. Here, $R o t (A, B)$ means that a is rotated left by w(B) bits, and w(B) means the number of nonzero symbols included in the symbol string by the hamming weight of b. $Per (A, B)$ is a permutation operation as shown in Figure 3. However, even based on this bit operation, as it has more than one security threat, a study of lightweight RFID mutual authentication is required to satisfy various security requirements.¹⁵

Table 3.

Comparison of ultra-lightweight RFID mutual authentication scheme.

	Operation	Asynchronous	IDS collision resistance
Lopez scheme¹¹	Rot, Mixbits	Unsafe	Safe
Tian scheme¹²	Rot, Per	Unsafe	Unsafe
Jeon scheme¹³	Mer, Sep	Unsafe	Safe
Zhuang scheme¹⁴	Rec, Rot	Safe	Safe

RFID: radio-frequency identification; IDS: pseudonym of RFID tags. Safe: The protocol resists the attacks or provides the functionality; Unsafe: The protocol does not resist the attacks or provide the functionality.

Figure 3.

Operation (left rot operation, right per operation).

Security requirements

This article discusses RFID security requirements that must be adhered to in a medical environment as shown in Figure 4.

Location tracking: Whenever a hospital official (reader) transmits a serial number to a patient (tag), if the response value of the patient (tag) is a fixed value, the attacker can trace the location of the patient (tag). An attacker can track the location of the patient by analyzing the traffic with the eavesdropped value, and may violate the patient's personal information. In order to eliminate such a vulnerability, information of the patient (tag) should be designed to respond with a value other than the same pattern value every time a hospital official (reader) requests communication.

Eavesdropping: An attacker can cause various security threats by eavesdropping on the data of a patient (tag) in RFID communication. Even if an attacker taps the data, he or she should not be able to know the data. In addition, it should not be possible to perform the authentication process using the eavesdropped data in the future.

Spoofing and replay attacks: In this type of attack, a malicious attacker illegally masquerades as a legitimate tag or attack obtains information necessary for authentication or attacks to perform authentication. This attacker may forge the data of the patient (tag) in the future, which may pose a health risk to the patient in an emergency. Therefore, even if an attacker attempts to mutually authenticate the data that have been eavesdropped in a previous session, it should not be usable in the process of mutual authentication.

Mutual authentication: In the RFID system, this is a process in which it is confirmed that communication is occurring between the hospital official (reader), patient (tag), and hospital DB (server). The relationship between the hospital staff and the patient in the medical environment is trusted. The data shared between the tag, reader, and server, which are exchanged in advance, generate the same value and are compared and verified for performing authentication.

Efficiency: The proposed RFID mutual authentication protocol meets various security requirements by using a cryptographic algorithm, but it is difficult to use it with a low-cost tag owing to large amounts of traffic and computation. Therefore, it is necessary to apply a lightweight encryption algorithm in a low-cost tag environment or to propose an efficient authentication protocol that maintains existing security with a simple operation.

Figure 4.

Health-care security threats.

Proposed scheme

In this section, we propose a secure and efficient RFID mutual authentication scheme based on the lightweight RFID mutual authentication scheme and public key cryptographic NTRU cryptosystem in a low-cost tag environment that satisfies the security requirements discussed in the “Security requirements” section. In the proposed scheme, it is assumed that the communication between the tag, reader, and server is performed in an unsecured open channel, and the main goal is to perform mutual authentication securely and efficiently between the components in the open channel.

Lightweight RFID mutual authentication for low-cost tag environment (proposed scheme 1)

Scheme 1 is proposed to protect the privacy of the patient in a medical environment. In comparison with the existing RFID mutual authentication schemes, the efficiency is improved by reducing the computational complexity while maintaining the existing security with a simple operation. The proposed scheme is applicable to low-cost medical bracelets that have a limited computation ability compared to other types of medical bracelets that manage the patient’s medical data in a medical environment. The proposed scheme is also applicable to RFID tag technology attached to hospital assets and pharmaceuticals. The overall mutual authentication process of the proposed scheme 1 is performed by the hospital official (reader), patient (tag), and hospital DB (server) through one to five processes as shown in Figure 5. In this section, we explain in detail each step of the proposed protocol.

Figure 5.

The proposed scheme 1.

System parameters

The system coefficients used in the proposed scheme are as follows.

R _n, T _n, S _n: Random number of reader and tag and server

K _SR, K _RT: Secret key shared only by server and reader, reader and tag

SID: The pseudonym of the unique identification number of the tag

SN: The unique identification number of the tag

Rot(A, B): A is w(B) bit left rotation; w(B) is Hamming weight of B

Initialization phase

In this step, the server, reader, and tag share the authentication information required for the mutual authentication. The server has $SID, S N, K_{S R}$ , reader $K_{S R}, K_{R T}$ , and tag $SID, S N, and, K_{R T}$ . The hospital DB (server), hospital official (reader), and patient (tag) perform mutual authentication using the information they have.

Authentication phase

In the authentication step, communication is carried out using the shared authentication information among the respective components, and the received information is calculated, compared, and verified for the purpose of authentication.

Step 1. The hospital official (reader) generates a random number R_n and sends it to the patient (tag) along with the message regarding the request for a serial number.

Step 2. The patient (tag) responding to the request of the hospital official (reader) generates the random number T_n. The tag authentication information $m_{1}, m_{2}, and m_{3}$ are then computed, concatenated into one message M₁, and sent to the reader along with the SID.

m_{1} = K_{R T} \oplus R_{n} \oplus T_{n}

m_{2} = S N \oplus T_{n}

m_{3} = Rot (S N + T_{n}, K_{R T}) \oplus T_{n}

M_{1} = (m_{1} | | m_{2} | | m_{3})

Step 3. The hospital official (reader) extracts T_n, SN using M₁, which is received from the patient (tag). Then m₃ is computed and compared with m₃, which is received from the tag for verifying that it is a legitimate tag.

T_{n} = K_{R T} \oplus R_{n} \oplus m_{1}

S N = m_{2} \oplus T_{n}

V e r i f y {m ′}_{3} = m_{3}

m_{4} = Rot (S N + T_{n}, K_{S R}) \oplus T_{n}

M_{2} = (m_{2} | | m_{4})

After authenticating that it is a legitimate patient (tag), it generates the authentication information m₄ of the hospital official (reader), concatenates it to M₂, and sends it to the hospital DB (server).

Step 4. The server finds the SID received from its DB and selects the SN corresponding to the SID. T_n is extracted using SID, and m₄' is computed and compared with m₄ received from the tag in order to verify that it is a legitimate reader.

T_{n} = SN \oplus m_{2}

V e r i f y {m ′}_{4} = m_{4}

Step 5. After the reader authentication, the server generates a random number S_n. The authentication information $m_{5}, m_{6}, and m_{7}$ are then generated and connected to M₃ and sent to the hospital official (reader).

m_{5} = S_{n} \oplus K_{S R} \oplus T_{n}

m_{6} = Rot (T_{n} + K_{S R}, K_{S R}) \oplus S_{n}

m_{7} = Rot (T_{n} + K_{S R}, S_{n}) \oplus T a g I n f o

M_{3} = (m_{2} | | m_{4})

Step 6. The reader extracts S_n using M₃ and computes $m_{6}^{′}$ and verifies it against m₆, which is received from the tag in order to certify that it is a legitimate reader. After the authentication, the information of the patient (tag) can be used via m₇.

S_{n} = m_{5} \oplus K_{S R} \oplus T_{n}

V e r i f y {m ′}_{6} = m_{6}

T a g I n f o = m_{7} \oplus Rot (T_{n} + K_{S R}, S_{n})

The hospital official (reader) generates the authentication information Auth and transmits it to the patient (tag).

A u t h = Rot (S N + T_{n}, T_{n}) \oplus K_{R T}

Step 7. The tag computes Auth′, verifies the Auth comparison received from the reader and certifies that it is a legitimate reader.

V e r i f y A u t h' = A u t h

Through the aforementioned process, secure mutual authentication is performed on the RFID communication between the server and the reader tag.

NTRU-based lightweight RFID mutual authentication (proposed scheme 2)

Scheme 2 proposes secure mutual authentication in an RFID public channel using public key NTRU cryptosystem. Compared with the existing NTRU-based RFID mutual authentication schemes, scheme 2 satisfies various security requirements and provides efficiency by reducing the amount of computation. The proposed scheme 2 can be applied to a tag that has a computing capability such as medicines management, medical band, and hospital asset management in a medical environment. Here, the role of the reader is that of an intermediary between the server and tag, and the actual operation is performed on the server. The overall mutual authentication process of the proposed scheme 2 is performed by the hospital official (reader), patient (tag), and hospital DB (server) through one to five processes as shown in Figure 6. In this section, we explain in detail each step of the proposed protocol.

Figure 6.

The proposed scheme 2.

System parameters

The system coefficients used in the proposed scheme are as follows.

R_n, T_n: Random number of reader and tag

K, K_n: Old and new secret keys that are only shared by the tag and server

IDS, IDS_n: The old and new pseudonym of the tag

ID_T, ID_S: The unique identifier of the tag and the server

h_S, f_S: The server’s public keys and private keys

φ: Random number for encryption

$R o t (A, B)$ : A is w(B) bit left rotation, w(B) is Hamming weight of B

Initialization phase

In this step, the tag is initialized, and the server and tag share the authentication information required for mutual authentication. The tag has $h_{S}, I D_{T}, I D S$ , and K, and the server has $f_{S}, I D_{s}, I D S, and K .$ The tag and server perform authentication using the information they have.

Authentication phase

In the authentication step, the authentication information is exchanged between the server and tag through the reader, and the received information is calculated, compared, and verified for the purpose of authentication. After mutual authentication between the server and the tag, information regarding the server and tag (IDS and K) is newly updated and used in the next session.

Step 1. The hospital official (reader) generates a random number R_n and sends it to the patient (tag) together with the query.

Step 2. The tag responding to the query generates a random number T_n and generates the tag authentication information m₁ and m₂ by computing. It is then encrypted using NTRU encryption technology and sent to the reader along with R_n, which is received from the reader.

m_{1} = K \oplus T_{n}

m_{2} = R_{n} \oplus T_{n}

e (IDS | | m_{1} | | m_{2}) = p * h_{R} * φ + m (mod q)

Step 3. The reader recognizes that the tag is within the reader range base on R_n, which is received from the tag. The authentication information e and R_n are then sent to the server.

Step 4. The server decrypts the received information e with its own private key f_R to obtain IDS, m₁ and m₂ and selects the key K corresponding to the IDS and the identifier ID_S in its DB. Then, T_n is extracted using the tag authentication information m₁, and ${m^{'}}_{2}$ is calculated. And ${m^{'}}_{2}$ compared with m₂ received from the reader, and if it is the same, it is authenticated with a valid tag.

f_{R} * e (mod q) = f_{R} * [e (IDS | | m_{1} | | m_{2})]

T_{n} = m_{1} \oplus K

{m'}_{2} = R_{n} \oplus T_{n}

Verify {m'}_{2} = m_{2}

Step 5. At the time of tag authentication, the server generates the authentication information m₃ by operation and transmits it to the tag. At the same time, it updates the information (IDS and K) on the server and performs mutual authentication with the new information (IDS and K) in the next communication.

m_{3} = R o t ({ID}_{S} + K, T_{n}) \oplus T_{n}

{IDS}_{n} = ({ID}_{S} + IDS) \oplus K

K_{n} = K \oplus T_{n}

Step 6. The tag itself computes ${m^{'}}_{3}$ , compares it with m₃ received from the server, and authenticates that it is a valid server if it matches. The tag information (IDS and K) is updated to perform mutual authentication with the new (IDS and K) in the next communication.

{m'}_{3} = R o t ({ID}_{T} + K, T_{n}) \oplus T_{n}

Verify {m'}_{3} = m_{3}

Through the aforementioned process, secure mutual authentication is performed on the RFID communication between the server and the reader tag.

Analysis of the proposed scheme

Security analysis

The proposed scheme 1

The proposed scheme 1 is a mutual authentication scheme proposed for eliminating various security threats in RFID communication. The majority of the existing schemes comprise mutual authentication by encrypting communication data using an encryption algorithm. In this proposed scheme, mutual authentication is performed using only XOR operations and ROT operations. Table 4 shows the comparison between the existing RFID mutual authentication scheme and the proposed scheme 1 security.

Protection from location-tracking attack: The attacker cannot infer M₁ because he cannot find out the value of T_n even if he obtains a response value M₁ from the patient (tag) by sending a message requesting for the SN to the patient (tag) assuming that the attacker is a hospital official (reader). The attacker cannot know the patient (tag) identifier value SN and, thus, cannot guess the position of the patient (tag).

Protection from eavesdropping: Even if the attacker eavesdrops on the data $SID, M_{1}, M_{2}, and M_{3}$ to be communicated, it cannot be used in other authentication procedures and is protected from eavesdropping attacks because the attacker does not know what their values are.

Protected from spoofing and replay attacks: The system is protected from spoofing and replay attacks because it performs the authentication procedure using the values calculated using random numbers ( $R_{n}, T_{n}, S_{n}$ ) that are newly generated in every session during communication.

Forward secrecy: As the data to be communicated is bit-computed using random numbers ( $R_{n}, T_{n}, S_{n}$ ) that are newly generated for each session, the attacker cannot perform various attacks in the current session using the data obtained in the previous session. This thus ensures forward secrecy.

Table 4.

Comparison of the existing RFID mutual authentication scheme and the proposed scheme 1.

Scheme items		Jeong scheme²	Ahn scheme³	The proposed scheme 1
Location tracking		Unsafe	Safe	Safe
Eavesdropping		Unsafe	Safe	Safe
Spoofing, replay attack		Unsafe	Safe	Safe
Forward secrecy		Unsafe	Safe	Safe
Operation	Tag	1E+5H	3H	5X+2R
	Reader	2E+4H	1E+5H	9X+5R
	Server	1E	1E+2H	6X+3R

RFID: radio-frequency identification. Safe: The protocol resists the attacks or provides the functionality; Unsafe: The protocol does not resist the attacks or provide the functionality; E: symmetric encryption; X: XOR operation; R: Rot operation.

The proposed scheme 2

This proposed scheme 2 is a mutual authentication scheme proposed for securely protecting data from various attacks when communicating on an open channel based on the NTRU cryptosystem. Compared with the existing scheme, it satisfies various security requirements and requires a reduced amount of computation, thus providing efficiency. Table 5 shows the comparison between the existing RFID mutual authentication scheme and the proposed scheme 2 security.

Protection from location-tracking attacks, eavesdropping, spoofing, and replay attacks: As the data communicated from the tag to the server are NTRU encrypted using the public key polynomial h_R of the server, only the server having the private key f_R corresponding to the public key polynomial of the server can decrypt it. Thus, attackers cannot decrypt an encrypted message even if they acquire it, and the system remains protected from various security threats.

Protection from denial-of-service (DoS) attacks and asynchronous attacks: The attacker can send data continuously in order to obtain authentication information and deny the mutual authentication process by asynchronizing the data that are synchronized at the time of authentication with a denial-of-service attack that interferes with the service function. In the case of the proposed scheme 2, the server has a list of IDS and K values such that the tag can mutually authenticate with the previous IDS and K values in the next communication even if the IDS and K values are not updated owing to the authentication failure due to the denial-of-service attack. The system is thus protected from denial-of-service attacks and asynchronous attacks.

Table 5.

Comparison of the existing RFID mutual authentication scheme and the proposed scheme 2.

Scheme items		Shi scheme⁸	Abdolmaleki scheme⁹	Rostampour scheme¹⁰	The proposed scheme 2
Location tracking		Unsafe	Safe	Safe	Safe
Eavesdropping		Unsafe	Safe	Safe	Safe
Spoofing, replay attack		Unsafe	Safe	Safe	Safe
Forward secrecy		Unsafe	Safe	Safe	Safe
DoS attack		Unsafe	Unsafe	Unsafe	Safe
Asynchronous		Unsafe	Unsafe	Unsafe	Safe
Operation	Tag	1E+3X	2E+5X	1E+1D	1E+5X+1Rot
	Reader	1D+4X	2D+5X	1E+1D	—
	Server	1D+4X	2D+5X	1E+1D	1D+5X+1Rot
Mutual authentication		Reader-Tag (secure channels)			Server-Tag (insecure channels)

RFID: radio-frequency identification. Safe: The protocol resists the attacks or provides the functionality; Unsafe: The protocol does not resist the attacks or provide the functionality; E: asymmetric encryption; D: asymmetric decryption; X: XOR operation; DoS: denial-of-service.

Efficiency

In this article, we compared the computational complexity of each component (tag, reader, and server) when applying the cryptographic algorithms in an RFID environment in order to compare the computations of the proposed schemes 1 and 2 with the existing schemes. Figure 7 is a graph comparing proposed scheme 1 with the existing scheme. In the proposed scheme 1, the computation amount was measured using the hash function SHA-256 and the symmetric key AES-128 in the C language environment. When the encryption is performed once, the message length is made equal to 512 bits. Since the amount of computation time when communicating in each method was measured to be too small, the time of computation was measured by 10,000 times of communication rather than once. Since the bit operation is too small to be measured, it is indicated as 0.0001. Figure 8 is a graph comparing proposed scheme 2 with the existing scheme. In the proposed scheme 2, the computation amount was measured using NTRU in Python environment. When the encryption is performed once, the message length is the same, and the time of calculation is measured by 10,000 times of communication.

Figure 7.

Comparison of the proposed scheme 1 and the proposed RFID mutual authentication scheme. RFID: radio-frequency identification.

Figure 8.

Comparison of the proposed scheme 2 and the proposed RFID mutual authentication scheme. RFID: radio-frequency identification.

The proposed scheme 1

The scheme proposed by Jeong et al, and Ahn et al, Use encryption and decryption of data based on symmetric keys and hash functions, but the symmetric key algorithm is too expensive to use as low-cost tag. Thus, in the proposed scheme 1, data are encrypted and decoded based on bit operations to provide a suitable amount of computation for the low-cost tag. Table 4 presents that the performance of the scheme proposed in this article is superior to that of the proposed scheme based on the measured amount of computation between each component of the schemes of Jeongand Lee and Ahn et al. Therefore, the scheme proposed in this article was found to be suitable for a low-cost tag environment with limited computation.

The proposed scheme 2

Figure 8 shows that the proposed scheme 2 is better than the Abdolmaleki scheme and the Rostampour scheme when compared to the proposed scheme. When compared with the scheme proposed by Shi et al., the computation volume is similar, but this proposed scheme satisfies all the security requirements of the Shi scheme and is more efficient than the existing NTRU-based RFID mutual authentication scheme.

Conclusion

In the health-care environment, RFID technology is applied to various fields, such as the patient’s medical information management and health care, and provides convenience to hospitals, doctors, and patients. However, in health care environment, RFID technology has various security threats by attackers. To solve this problem, RFID mutual authentication technology is needed in health care environment. To date, various RFID mutual authentication techniques have been proposed, but it is difficult to eliminate one or more security threats or they require excessive amounts of computation in a low-cost tag environment. Therefore, the proposed scheme is focused on improving the efficiency by reducing the computation and ensuring safety from various security threats when compared with the existing RFID mutual authentication schemes. The proposed scheme 1 can be applied to a medical bracelet or a low-cost tag environment of a patient, and its computation ability is limited by performing the RFID mutual authentication based on a simple operation. In the proposed scheme 2, the RFID mutual authentication is based on the lightweight public key NTRU cryptosystem and can be applied to a medical band having a medicine amount management capability and a calculation capacity. Future research is required to develop an RFID mutual authentication that satisfies various security requirements other than the security requirements presented in this article. This can be applied in an actual medical environment to eliminate RFID security threats, and it will be the basis of the research for RFID communication in a safe environment.

Footnotes

Declaration of Conflicting Interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This research was supported by the Ministry of Science and ICT (MSIT) Korea, under the Information Technology Research Center (ITRC) support programme (IITP-2017-2015-0-00403) supervised by the Institute for Information & Communications Technology Promotion (IITP).

References

Park

Kang

. A research on information security issue of RFID in U-healthcare environment. J Secur Eng 2008; 5(5): 359–370.

Jeong

Lee

. U-healthcare service authentication protocol based on RFID technology. J Digit Converg 2012; 10(2): 153–159.

Ahn

Yoon

EJ,

. Improved U-healthcare service authentication protocol based on RFID technology. J Instit Electr Inform Eng 2013; 50(10): 107–115.

Hoffstein

Pipher

Silverman

. NTRU: A ring-based public key cryptosystem. In: International Algorithmic Number Theory Symposium, Berlin, Heidelberg, 1998. pp. 267–288. Berlin, Heidelberg: Springer.

Chee

Yeom

Kwon

. A study on the development of cryptosystems for the next generation. Report of National Security Technology Research Institute 2006. Available at: http://www.itfind.or.kr/doc/F20031027000/F20071120000/2005/2005-S-062/2005-S-062.pdf.

Atici

Batina

Fan

. Low-cost implementations of NTRU for pervasive security. In: International conference on application-specific systems, architectures and processors 2008, Leuven, Belgium, 2–4 July 2008, pp. 79–84. IEEE.

Park

Lee

. Authentication scheme based on NTRU for the protection of payment information in NFC mobile environment. KIPS Trans Comput Commun Syst 2013; 2(3): 133–142.

Shi

Zhou

Xia

. A novel RFID authentication protocol based on NTRU. Appl Mech Mater 2013; 411–414: 16–20.

Abdolmaleki

Baghery

Akhbari

. Attacks and improvements on two new-found RFID authentication protocols. In: 2014 7th international symposium on telecommunications (IST), Tehran, Iran, 9–11 September 2014, pp. 895–900. IEEE.

10.

Rostampour

Namin

. A new efficient and secure mutual authentication protocol for RFID systems. In: IEEE European Modelling Symposium, 2015, pp. 383–388. IEEE.

11.

Peris-Lopez

Hernandez-Castro

Tapiador

JME

. Advances in ultralightweight cryptography for low-cost RFID tags: gossamer protocol. In: International workshop on information security applications, Berlin, Heidelberg, 2008. pp. 56–68. Berlin, Heidelberg: Springer.

12.

Tian

Chen

. A new ultralightweight RFID authentication protocol with permutation. IEEE Commun Lett 2012; 16(5): 702–705.

13.

Jeon

Yoon

. A new ultra-lightweight RFID authentication protocol using merge and separation operations. Int J Math Anal 2013; 7(52): 2583–2593.

14.

Zhuang

Zhu

Chang

. A new ultralightweight RFID protocol for low-cost tags: R2 AP. Wireless Person Commun 2014; 79(3): 1787–1802.

15.

Hwang

Lee

. Lightweight mutual authentication protocol for RFID system. In: Korea multimedia society fall conference proceedings 2016, Vol. 19(2), 2016.

A study on lightweight mutual authentication for radio-frequency identification medical device

Abstract

Keywords

Introduction

Related work

RFID mutual authentication

NTRU cryptograph

NTRU-based RFID mutual authentication scheme

Ultra-lightweight RFID mutual authentication

Security requirements

Proposed scheme

Lightweight RFID mutual authentication for low-cost tag environment (proposed scheme 1)

System parameters

Initialization phase

Authentication phase

NTRU-based lightweight RFID mutual authentication (proposed scheme 2)

System parameters

Initialization phase

Authentication phase

Analysis of the proposed scheme

Security analysis

The proposed scheme 1

The proposed scheme 2

Efficiency

The proposed scheme 1

The proposed scheme 2

Conclusion

Footnotes

Declaration of Conflicting Interests

Funding

References