Mutual Authentication Protocols for RFID Special Schemes

Sarah Abu Ghazalah

Research output: ThesisDoctoral Thesis

564 Downloads (Pure)


Radio Frequency IDentification (RFID) is a wireless identification technology that uses radio waves to identify tagged objects. RFID systems provide low-cost tagging capabilities for many applications such as access control systems, transportation ticketing, and supply chain management. Providing security and preserving privacy for these systems is challenging. The tags utilised in such applications are low-cost tags with limited resources that cannot afford the use of conventional cryptographic primitives. Thus, low-cost RFID tags might be vulnerable to passive attacks, such as eavesdropping, and active attacks, such as tag cloning,
impersonation, replay, data de-synchronization attacks, tag data leakage, forward secrecy invasion and location tracking.

There has been considerable research into the mutual authentication of passive RFID tags to combat passive and active attacks, and in this thesis we present analysis of the prior art, which led us to make five academic research contributions.

Security is increasingly important, especially for tagging of important objects, and there are growing concerns from users about their privacy.
To this end, in this thesis, we studied RFID security and privacy in several schemes, such as in RFID-enabled supply chains, RFID cloud-based scheme, and multi-tag group reading schemes. We focused on how to improve and propose RFID mutual authentication protocols in such schemes that are practical and cost effective, and satisfy the security and privacy requirements.

Lastly, we provide a formal analysis of the proposed protocols using CasperFDR and Scyther tools, along with the implementation of the proposed protocols with their performance measures.
Original languageEnglish
Awarding Institution
  • Royal Holloway, University of London
  • Markantonakis, Konstantinos, Supervisor
Thesis sponsors
Award date1 Feb 2017
Publication statusUnpublished - 2016


  • RFID
  • Mutual Authentication
  • Formal Analysis
  • CasperFDR
  • Scyther
  • DemoTag
  • Supply Chain
  • Cloud Computing
  • Privacy
  • Security

Cite this