A Validated Lightweight Authentication Protocol Towards Commercial Low-Cost RFID Tags

摘要

Radio Frequency Identification (RFID) remains a widely used and researched technology for identification with cost, security and privacy being the crucial parameters of the system. Low-cost RFID tags are more popular but not secure because they are resource-limited devices. Researchers published several methods that RFID manufacturers implemented on low-cost tags such as RFID kill functions and RFID Password protection functions. But many kinds of attacks have been found such as desynchronization, reflection, relay and eavesdropping that compromises the system. An RFID system consists of three kinds of entities: RFID tags, RFID readers, and a back-end server. With low-cost RFID tags, more research is done to address the weakness of the tag and the wireless channel between the tag and reader. Authentication is the first gate of achieving security and privacy. This paper performs several attacks to widely used commercial low-cost RFID tags and discusses the security weakness of the tag and the security weakness of the channel between the tag and reader to analyse the lightweight authentication scheme used. A model is then developed based on relevant researched lightweight authentication schemes, RFID standards and manufacturer chip architectures that assist authentication and security for the low-cost RFID tag systems. The paper proceeds by proposing a lightweight authentication protocol that uses the developed model parameters to resist identified attacks. The scheme is analysed and evaluated for comparison with counterparts. The paper concludes by suggesting where future efforts will be focused.