A quadratic residue-based RFID authentication protocol with enhanced security for TMIS
Telecare medicine information system (TMIS) is one of most important RFID applications in the healthcare field. Li et al. proposed a RFID tag authentication protocol with privacy preserving in TMIS. They claimed that the protocol can resist many existing attacks and possess the advantages of high efficiency. However, we demonstrate that this protocol still have replay attack, strong forward traceability attack, de-synchronization attack, unguaranteed data integrity and the problem of tag/reader anonymity. Aiming to efficiently improve the security of Li et al.’s protocol, we propose a more secure and effective authentication protocol based on quadratic residue theory, which is suitable for TMIS with the requirements of strong privacy protection. In order to resist replay attack, the timestamp generated by the reader is used to compute reader request message sent to the server and the message is encrypted by hash function and quadratic residue theory. The improved protocol does not transmit reader and tag identifier in plaintext to guarantee anonymity and the data integrity is ensured by means of encrypting tag data using hash function. To guarantee strong forward untraceability, random number is introduced in tag key update operation and is encrypted by quadratic residue theory. Using the feature of public key cryptography of quadratic residual theory can meet the purpose of constant time identification. Our security analysis and Performance comparisons proves that our scheme has higher security and better performance to be applicable to TMIS.
KeywordsRFID authentication Telecare medicine information system (TMIS) Enhanced security Quadratic residue theory Constant time identification
Compliance with ethical standards
Conflict of interest
On behalf of all authors, the corresponding author states that there is no conflict of interest.
- Avoine G, Buttyant L, Holczer T, Vajda I (2007) Group-based private authentication. In: IEEE International symposium on a world of wireless, mobile and multimedia networks, pp 1–6, https://doi.org/10.1109/WOWMOM.2007.4351808
- Li T, Luo W, Mo Z, Chen S (2012) Privacy-preserving rfid authentication based on cryptographical encoding. In: IEEE INFOCOM, pp 2174–2182. https://doi.org/10.1109/INFCOM.2012.6195601
- Pokala JP, Reddy CM, Abdul JS, Bapana S, Vorugunti CS (2016) A secure rfid protocol for telecare medicine information systems using ecc. In: International conference on wireless communications, signal processing and networking, pp 2295–2300. https://doi.org/10.1109/WiSPNET.2016.7566552
- Poncela A, Coslado F, Garca B, Fernndez M, Ariza J, Peinado G, Demetrio C, Sandoval F (2018) Smart care home system: a platform for eassistance. J Ambient Intell Hum Comput. https://doi.org/10.1007/s12652-018-0979-9
- Qing MA, Guo Y, Zeng Q, Duo XU (2016) A new ultra-lightweight RFID mutual authentication protocol. Netinfo Secur 16(5):44–50. https://doi.org/10.3969/j.issn.1671-1122.2016.05.007 CrossRefGoogle Scholar