Wireless Networks

, Volume 25, Issue 1, pp 415–428 | Cite as

An efficient and secure RFID authentication protocol using elliptic curve cryptography

  • Negin Dinarvand
  • Hamid BaratiEmail author


Radio frequency identification (RFID) is a relatively new technology widely deployed in many applications. Due to several advantages of the technology including decreased costs and increased speed, different organizations and industries show interest in it, and its application range is gradually developing. Some of the main problems of RFID are security and privacy. The implementation of authentication protocols is a flexible and effective way to solve these problems. Several authentication protocols of RFID are based on hash functions or symmetric cryptography. According to the small size of the key, efficient computations, and high security in the elliptic curve cryptography (ECC), its use has increased. Recently some certain ECC-based authentication protocols have been represented. In this paper, a RFID authentication protocol is presented using ECC for mutual authentication to overcome weaknesses of the existing authentication protocols. It has been shown that the proposed protocol satisfies security requirements of RFID authentication protocol and prevents different attacks on RFID systems. Also, the proposed authentication protocol has been analyzed in terms of computational costs, communication costs, and storage requirements. The results revealed that the proposed authentication protocol is an appropriate model for RFID tags with limited resources.


Authentication protocol RFID Elliptic curve cryptography Privacy 



The authors thanks the editors and the anonymous reviewers for their valuable comments.


  1. 1.
    Finkenzeller, K. (2010). RFID handbook: Fundamentals and applications in contactless smart cards, radio frequency identification and near-field communication. Hoboken: Wiley.CrossRefGoogle Scholar
  2. 2.
    Chou, J. S. (2014). An efficient mutual authentication RFID scheme based on elliptic curve cryptography. The Journal of Supercomputing, 70(1), 75–94. doi: 10.1007/s11227-013-1073-x.CrossRefGoogle Scholar
  3. 3.
    Park D. G., Boyd C., & TDawson E. (2000). Classification of authentication protocols: A practical approach. In Third international workshop, ISW 2000 Wollongong (pp. 194–208).Google Scholar
  4. 4.
    Liao, Y. P., & Hsiao, C. M. (2013). A secure ECC-based RFID authentication scheme using hybrid protocols. Advances in Intelligent Systems and Applications, 2, 1–13.Google Scholar
  5. 5.
    Juels, A. (2006). RFID security and privacy: A research surve. IEEE Journal on Selected Areas in Communications, 24, 381–394.CrossRefGoogle Scholar
  6. 6.
    Chien, H. Y. (2007). SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing, 4(4), 337–340. doi: 10.1109/TDSC.2007.70226.CrossRefGoogle Scholar
  7. 7.
    Deng, G., Li, H., Zhang, Y., & Wang, J. (2013). Tree-LSHB+: An LPN-based lightweight mutual authentication RFID protocol. Wireless Personal Communications, 72, 159–174.CrossRefGoogle Scholar
  8. 8.
    Khan, G. N., & Moessner, M. (2015). Low-cost authentication protocol for passive, computation capable RFID tags. Wireless Networks, 21, 565–580.CrossRefGoogle Scholar
  9. 9.
    Kumar, N., Kaur, K., Misra, S. C., & Iqbal, R. (2015). An intelligent RFID-enabled authentication scheme for healthcare applications in vehicular mobile cloud. Peer-to-Peer Networking and Applications, 9(5), 1–17.Google Scholar
  10. 10.
    Rahman, F., & Ahamed, S. L. (2014). Efficient detection of counterfeit products in large-scale RFID systems using batch authentication protocols. Personal and Ubiquitous Computing, 18(1), 177–188.CrossRefGoogle Scholar
  11. 11.
    Farash, M. S., Nawaz, O., Mahmood, K., Chaudhry, S. A., & Khan, M. K. (2016). A provably secure RFID authentication protocol based on elliptic curve for healthcare environments. Journal of Medical Systems, 40(7), 165.CrossRefGoogle Scholar
  12. 12.
    Godor, G., Giczi, N., & Imre, S. (2010). Elliptic curve cryptography based mutual authentication protocol for low computational capacity RFID systems performance analysis by simulations. In IEEE international conference on wireless communications, networking and information security (WCNIS), IEEE (pp. 650–657). DOI: 10.1109/WCINS.2010.5541860.
  13. 13.
    Juels, A. (2004). Minimalist cryptography for low-cost RFID tags. In International conference on security in communication networks (pp. 149–164). Berlin: Springer.Google Scholar
  14. 14.
    Dolev, S., Kopeetsky, M., & Shamir, A. (2011). RFID authentication efficient proactive information security within computational security. Theory of Computing Systems, 48(1), 132–149.MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Juels, A., & Pappu, R. (2003). Squealing Euros: Privacy protection in RFID-enabled banknotes. In International conference on financial cryptography (pp. 103–121). Berlin: Springer.Google Scholar
  16. 16.
    Hopper, N. J., & Blum, M. (2000). A secure human-computer authentication scheme. Technical Report CMU-CS-00-139. Carnegie Mellon University.Google Scholar
  17. 17.
    Juels, A., & Weis, S. A. (2005). Authenticating pervasive devices with human protocols. In Annual international cryptology conference (pp. 293–308). Berlin: Springer.Google Scholar
  18. 18.
    Tuyls P., & Batina L. (2006). RFID-tags for anti-counterfeiting. In Topics in cryptology CT-RSA (pp. 115–131).Google Scholar
  19. 19.
    Schnorr, C. P. (1991). Efficient signature generation by smart cards. Journal of Cryptology, 4(3), 161–174. doi: 10.1007/BF00196725.CrossRefzbMATHGoogle Scholar
  20. 20.
    Batina L., Guajardo J., Kerins T., et al. (2007). Public-key cryptography for RFID-tags. In Proceedings of the fifth annual ieee international conference pervasive computing and communications workshop (pp. 217–222). DOI: 10.1109/PERCOMW.2007.98.
  21. 21.
    Okamoto, T. (1993). Provably secure and practical identification schemes and corresponding signature schemes. Advances in Cryptology CRYPTO, 92, 31–53.MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Lee Y. K., Batina L., & Verbauwhede I. (2008). EC-RAC (ECDLP based randomized access control): Provably secure RFID authentication protocol. In Proceedings of the 2008 IEEE International Conference (pp. 97–104). DOI: 10.1109/RFID.2008.4519370.
  23. 23.
    Bringer J., Chabanne H., & Icart T. (2008). Cryptanalysis of EC-RAC, a RFID identification protocol. In Cryptology and network security (pp. 149–161).Google Scholar
  24. 24.
    Juels, A., Pappu, R., & Parno, B. (2008). Unidirectional key distribution across time and space with applications to RFID security. In USENIX security symposium (pp. 75–90).Google Scholar
  25. 25.
    Tian, Y., Chen, G., & Li, J. (2012). A new ultralightweight RFID authentication protocol with permutation. IEEE Communications Letters, 16, 702–705. doi: 10.1109/LCOMM.2012.031212.120237.CrossRefGoogle Scholar
  26. 26.
    Ahmadiana, Z., Salmasizadehb, M., & Arefa, M. R. (2013). Desynchronization attack on RAPP ultralightweight authentication protocol. Information Processing Letters, 113(7), 205–209. doi: 10.1016/j.ipl.2013.01.003.MathSciNetCrossRefGoogle Scholar
  27. 27.
    Zheng, X., Chen, C. M., & Wu, T. Y. (2014). Another improvement of RAPP: An ultra-lightweight authentication protocol for RFID. Intelligent Data Analysis and its Applications, I, 145–153.Google Scholar
  28. 28.
    Sabzinejad Farash, M. (2014). Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography. The Journal of Supercomputing, 70(2), 987–1001. doi: 10.1007/s11227-014-1272-0.CrossRefGoogle Scholar
  29. 29.
    Zhao, Z. (2014). A secure RFID authentication protocol for healthcare environments using elliptic curve cryptosystem. Journal of Medical Systems. doi: 10.1007/s10916-014-0046-9.Google Scholar
  30. 30.
    Koblitz, N., Menezes, A., & Vanstone, S. (2000). The state of elliptic curve cryptography. Towards a Quarter-Century of Public Key Cryptography, 19, 103–123.MathSciNetCrossRefzbMATHGoogle Scholar
  31. 31.
    Hankerson, D., Menezes, A., & Vanstone, S. (2004). Guide to Elliptic Curve Cryptography. New York: Springer.zbMATHGoogle Scholar
  32. 32.
    Ouafi, K., & Phan, R. C. W. (2008). Traceable privacy of recent provably-secure RFID protocols. In International conference on applied cryptography and network security (pp. 479–489).Google Scholar
  33. 33.
    Alamr, A. A., Kausar, F., & Kim, J. S. (2016). Secure mutual authentication protocol for RFID based on elliptic curve cryptography. In Proceedings of the 2016 international conference on platform technology and service (PlatCon), IEEE (pp. 1–7).Google Scholar
  34. 34.
    Jin, C., Xu, C., Zhang, X., & Li, F. (2016). A secure ECC-based RFID mutual authentication protocol to enhance patient medication safety. Journal of Medical Systems, 40, 1–6.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2017

Authors and Affiliations

  1. 1.Department of computer engineering, Dezful BranchIslamic Azad universityDezfulIran

Personalised recommendations