A quadratic residue-based RFID authentication protocol with enhanced security for TMIS

  • Zhiping ZhouEmail author
  • Ping Wang
  • Zhicong Li
Original Research


Telecare medicine information system (TMIS) is one of most important RFID applications in the healthcare field. Li et al. proposed a RFID tag authentication protocol with privacy preserving in TMIS. They claimed that the protocol can resist many existing attacks and possess the advantages of high efficiency. However, we demonstrate that this protocol still have replay attack, strong forward traceability attack, de-synchronization attack, unguaranteed data integrity and the problem of tag/reader anonymity. Aiming to efficiently improve the security of Li et al.’s protocol, we propose a more secure and effective authentication protocol based on quadratic residue theory, which is suitable for TMIS with the requirements of strong privacy protection. In order to resist replay attack, the timestamp generated by the reader is used to compute reader request message sent to the server and the message is encrypted by hash function and quadratic residue theory. The improved protocol does not transmit reader and tag identifier in plaintext to guarantee anonymity and the data integrity is ensured by means of encrypting tag data using hash function. To guarantee strong forward untraceability, random number is introduced in tag key update operation and is encrypted by quadratic residue theory. Using the feature of public key cryptography of quadratic residual theory can meet the purpose of constant time identification. Our security analysis and Performance comparisons proves that our scheme has higher security and better performance to be applicable to TMIS.


RFID authentication Telecare medicine information system (TMIS) Enhanced security Quadratic residue theory Constant time identification 


Compliance with ethical standards

Conflict of interest

On behalf of all authors, the corresponding author states that there is no conflict of interest.


  1. Akgün M, Aglayan MU (2015) Providing destructive privacy and scalability in rfid systems using pufs. Ad Hoc Netw 32(C):32–42. CrossRefGoogle Scholar
  2. Alavi SM, Baghery K, Abdolmaleki B, Aref MR (2015) Traceability analysis of recent rfid authentication protocols. Wirel Pers Commun 83(3):1663–1682. CrossRefGoogle Scholar
  3. Amiribesheli M, Benmansour A, Bouchachia A (2015) A review of smart homes in healthcare. J Ambient Intell Hum Comput 6(4):495–517. CrossRefGoogle Scholar
  4. Avoine G, Bingol MA, Carpent X, Yalcin SBO (2013) Privacy-friendly authentication in rfid systems: On sublinear protocols based on symmetric-key cryptography. IEEE Trans Mobile Comput 12(10):2037–2049. CrossRefGoogle Scholar
  5. Avoine G, Buttyant L, Holczer T, Vajda I (2007) Group-based private authentication. In: IEEE International symposium on a world of wireless, mobile and multimedia networks, pp 1–6,
  6. Chen X, Doss R, Zhai J (2016) Rfid ownership transfer protocol based on cloud. Comput Netw 105(C):47–59. CrossRefGoogle Scholar
  7. Cho JS, Jeong YS, Sang OP (2015) Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (rfid) tag mutual authentication protocol. Comput Math Appl 69(1):58–65. CrossRefzbMATHGoogle Scholar
  8. Dehkordi MH, Farzaneh Y (2014) Improvement of the hash-based rfid mutual authentication protocol. Wirel Pers Commun 75(1):219–232. CrossRefGoogle Scholar
  9. Deng G, Zhang Y, Wang J (2013) Tree-lshb: an lpn-based lightweight mutual authentication rfid protocol. Wirel Pers Commun 72(1):159–174. CrossRefGoogle Scholar
  10. Deng M, Yang W, Zhu W (2014) Weakness in a serverless authentication protocol for radio frequency identification. Springer International Publishing, New York. Google Scholar
  11. Doss R, Sundaresan S, Zhou W (2013) A practical quadratic residues based scheme for authentication and privacy in mobile rfid systems. Ad Hoc Netw 11(1):383–396. CrossRefGoogle Scholar
  12. Hoque ME, Rahman F, Ahamed SI, Park JH (2010) Enhancing privacy and security of rfid system with serverless authentication and search protocols in pervasive environments. Wirel Pers Commun 55(1):65–79. CrossRefGoogle Scholar
  13. Jannati H, Bahrak B (2016) Security analysis of an rfid tag search protocol. Inform Process Lett 116(10):618–622. CrossRefGoogle Scholar
  14. Kaul SD, Awasthi AK (2013) RFID authentication protocol to enhance patient medication safety. Plenum Press, New York. CrossRefGoogle Scholar
  15. Li CT, Weng CY, Lee CC (2015) A secure rfid tag authentication protocol with privacy preserving in telecare medicine information system. J Med Syst 39(8):1–8. CrossRefGoogle Scholar
  16. Li T, Luo W, Mo Z, Chen S (2012) Privacy-preserving rfid authentication based on cryptographical encoding. In: IEEE INFOCOM, pp 2174–2182.
  17. Malasinghe LP, Ramzan N, Dahal K (2017) Remote patient monitoring: a comprehensive study. J Ambient Intell Hum Comput 10(4):1–20. CrossRefGoogle Scholar
  18. Mohammedi M, Omar M, Bouabdallah A (2017) Secure and lightweight remote patient authentication scheme with biometric inputs for mobile healthcare environments. J Ambient Intell Hum Comput 80(10):1–13. CrossRefGoogle Scholar
  19. Pokala JP, Reddy CM, Abdul JS, Bapana S, Vorugunti CS (2016) A secure rfid protocol for telecare medicine information systems using ecc. In: International conference on wireless communications, signal processing and networking, pp 2295–2300.
  20. Poncela A, Coslado F, Garca B, Fernndez M, Ariza J, Peinado G, Demetrio C, Sandoval F (2018) Smart care home system: a platform for eassistance. J Ambient Intell Hum Comput.
  21. Qing MA, Guo Y, Zeng Q, Duo XU (2016) A new ultra-lightweight RFID mutual authentication protocol. Netinfo Secur 16(5):44–50. CrossRefGoogle Scholar
  22. Rahman F, Bhuiyan MZA, Ahamed SI (2016a) A privacy preserving framework for rfid based healthcare systems. Future Gener Comput Syst. CrossRefGoogle Scholar
  23. Rahman F, Hoque ME, Ahamed SI (2016b) Anonpri: A secure anonymous private authentication protocol for rfid systems. Inform Sci. 379(10), CrossRefGoogle Scholar
  24. Sareen S, Sood SK, Gupta SK (2016) Iot-based cloud framework to control ebola virus outbreak. J Ambient Intell Hum Comput 9(12):1–18. CrossRefGoogle Scholar
  25. Srivastava K, Awasthi AK, Kaul SD, Mittal RC (2015) A hash based mutual rfid tag authentication protocol in telecare medicine information system. J Med Syst 39(1):153. CrossRefGoogle Scholar
  26. Su C, Santoso B, Li Y, Deng R, Huang X (2017) Universally composable rfid mutual authentication. IEEE Trans Dependable Secure Comput 14(1):83–94. CrossRefGoogle Scholar
  27. Sundaresan S, Doss R, Piramuthu S, Zhou W (2015) Secure tag search in rfid systems using mobile readers. IEEE Trans Dependable Secure Comput 12(2):230–242. CrossRefGoogle Scholar
  28. Wu F, Xu L, Kumari S, Li X (2017) A privacy-preserving and provable user authentication scheme for wireless sensor networks based on internet of things security. J Ambient Intell Hum Comput 8(1):101–116. CrossRefGoogle Scholar
  29. Wu F, Xu L, Kumari S, Li X, Das AK, Shen J (2018) A lightweight and anonymous rfid tag authentication protocol with cloud assistance for e-healthcare applications. J Ambient Intell Hum Comput 9(4):919–930. CrossRefGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  1. 1.School of Internet of Things EngineeringJiangnan UniversityWuxiChina
  2. 2.Engineering Research Center of Internet of Things Technology Applications Ministry of EducationJiangnan UniversityWuxiChina

Personalised recommendations