SCARA: A Framework for Secure Cloud-Assisted RFID Authentication for Smart Building Access Control

  • Ahmed Raad Al-SudaniEmail author
  • Wanlei Zhou
  • Sheng Wen
  • Ahmed Al-Mansoori
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11058)


Managing security in an RFID system is a complex activity considering that it is imperatively challenging to implement trust among tags and readers. There is always the chance that an unauthorized individual might assume the identity of a trusted tag and manage to gain confidential data in an RFID system. The situation becomes worse in systems that use a backend server and a private Internet connection. In such a system, there is no comprehensive mechanism for authenticating a tag into the system. It is thus essential to consider the implementation of a robust framework that improves the trust and the authentication levels in an RFID system. In this paper, a system known as Secure Cloud-Assisted RFID Authentication (SCARA) is proposed, which uses cloud-assisted RFID authentication to reap benefits of cloud-like scalability, availability and fault tolerance. It has three parties such as a cloud server, RFID reader and issuer involved. Issuer provides system parameters to other parties through a secure channel. Server and RFID reader are included in the authentication process with the help of information obtained from the issuer. The proposed system is secure even if the private keys associated with server and RFID tag are compromised. It does mean that it can prevent server-side insider attack in addition to external attacks. Amazon EC2 is used to have experiments. We built a prototype application to demonstrate proof of the concept. The empirical results revealed that the proposed system is able to withstand various kinds of attacks and provides a more efficient solution with less overhead.


Cloud-assisted RFID authentication Smart building Hash Encryption 


  1. 1.
    Abughazalah, S., Markantonakis, K., Mayes, K.: Secure improved cloud-based RFID authentication protocol. In: Garcia-Alfaro, J., et al. (eds.) DPM/QASA/SETOP -2014. LNCS, vol. 8872, pp. 147–164. Springer, Cham (2015). Scholar
  2. 2.
    Alabrah, A., Bassiouni, M.: A tree-based authentication scheme for a cloud toll/traffic RFID system. In: 2015 IEEE Vehicular Networking Conference (VNC), pp. 108–111. IEEE (2015)Google Scholar
  3. 3.
    Bu, K., Weng, M., Zheng, Y., Xiao, B., Liu, X.: You can clone but you cannot hide: a survey of clone prevention and detection for RFID. IEEE Commun. Surv. Tutor. 19(3), 1682–1700 (2017)CrossRefGoogle Scholar
  4. 4.
    Dong, Q., Tong, J., Chen, Y.: Cloud-based RFID mutual authentication protocol without leaking location privacy to the cloud. Int. J. Distrib. Sens. Netw. 11(10), 937198 (2015)Google Scholar
  5. 5.
    Fan, K., Luo, Q., Li, H., Yang, Y.: Cloud-based lightweight RFID mutual authentication protocol. In: 2017 IEEE Second International Conference on Data Science in Cyberspace (DSC), pp. 333–338. IEEE (2017)Google Scholar
  6. 6.
    Juels, A., Pappu, R.: Squealing euros: privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003). Scholar
  7. 7.
    Kiraz, M.S., Bingöl, M.A., Kardaş, S., Birinci, F.: Anonymous RFID authentication for cloud services. Int. J. Inf. Secur. Sci. 1(2), 32–42 (2012)Google Scholar
  8. 8.
    Lehtonen, M., Staake, T., Michahelles, F.: From identification to authentication-a review of RFID product authentication techniques. In: Cole, P., Ranasinghe, D. (eds.) Networked RFID Systems and Lightweight Cryptography, pp. 169–187. Springer, Heidelberg (2008). Scholar
  9. 9.
    Lehtonen, M.O., Michahelles, F., Fleisch, E.: Trust and security in RFID-based product authentication systems. IEEE Syst. J. 1(2), 129–144 (2007)CrossRefGoogle Scholar
  10. 10.
    Lin, I.C., Hsu, H.H., Cheng, C.Y.: A cloud-based authentication protocol for RFID supply chain systems. J. Netw. Syst. Manag. 23(4), 978–997 (2015)CrossRefGoogle Scholar
  11. 11.
    Rahman, M., Sampangi, R.V., Sampalli, S.: Lightweight protocol for anonymity and mutual authentication in RFID systems. In: 2015 12th Annual IEEE Consumer Communications and Networking Conference (CCNC), pp. 910–915. IEEE (2015)Google Scholar
  12. 12.
    Weber, R.H.: Internet of things-new security and privacy challenges. Comput. Law Secur. Rev. 26(1), 23–30 (2010)CrossRefGoogle Scholar
  13. 13.
    Xiao, H., Alshehri, A.A., Christianson, B.: A cloud-based RFID authentication protocol with insecure communication channels. In: 2016 IEEE Trustcom/BigDataSE/I SPA, pp. 332–339. IEEE (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.School of Information Technology, Faculty of Science, Engineering and Built EnvironmentDeakin UniversityGeelongAustralia
  2. 2.School of Information TechonolgySwinburne UniversityHawthornAustralia

Personalised recommendations