Abstract
Although Radio Frequency IDentication (RFID) systems promise a fruitful fu-
ture, security and privacy concerns have aected the adoption of the RFID technology. Several
studies have been proposed to tackle the RFID security and privacy concerns under the as-
sumption that the server is secure. In this paper, we assume that the server resides in the cloud
that might be insecure, thus the tag's data might be prone to privacy invasion and attacks.
Xie et al. proposed a new scheme called \cloud-based RFID authentication", which aimed to
address the security and privacy concerns of RFID tag's data in the cloud. In this paper, we
showed that the Xie et al. protocol is vulnerable to reader impersonation attacks, location
tracking and tag's data privacy invasion. Hence, we proposed a new protocol that guarantees
that the tag's data in the cloud are anonymous, and cannot be compromised. Furthermore,
the proposed protocol achieves mutual authentication between all the entities participating
in a communication session, such as a cloud server, a reader and a tag. Finally, we analysed
the proposed protocol informally, and formally using a privacy model and CasperFDR. The
results indicate that the proposed protocol achieves data secrecy and authentication for RFID
tags.
ture, security and privacy concerns have aected the adoption of the RFID technology. Several
studies have been proposed to tackle the RFID security and privacy concerns under the as-
sumption that the server is secure. In this paper, we assume that the server resides in the cloud
that might be insecure, thus the tag's data might be prone to privacy invasion and attacks.
Xie et al. proposed a new scheme called \cloud-based RFID authentication", which aimed to
address the security and privacy concerns of RFID tag's data in the cloud. In this paper, we
showed that the Xie et al. protocol is vulnerable to reader impersonation attacks, location
tracking and tag's data privacy invasion. Hence, we proposed a new protocol that guarantees
that the tag's data in the cloud are anonymous, and cannot be compromised. Furthermore,
the proposed protocol achieves mutual authentication between all the entities participating
in a communication session, such as a cloud server, a reader and a tag. Finally, we analysed
the proposed protocol informally, and formally using a privacy model and CasperFDR. The
results indicate that the proposed protocol achieves data secrecy and authentication for RFID
tags.
| Original language | English |
|---|---|
| Title of host publication | The 9th DPM International Workshop on Data Privacy Management (DPM 2014) |
| Publisher | Springer |
| Publication status | Published - 10 Sept 2014 |