An improved hash-based RFID two-way security authentication protocol and application in remote education

Abstract

With the increasingly expanding application of RFID technology, the security and privacy issues of RFID system has also been a widespread concern. The existing RFID security protocol can’t simultaneously meet the requirements of low-cost, low computing, high efficiency and high security. In this paper, through the analysis of common principles and shortcomings of RFID security protocols based on Hash Function, we improve the security protocols, so as to achieve the objectives of two-way authentication. This paper theoretically proves the protocol security through BAN logic. And the new protocols can effectively solve the security and privacy problems such as replay attack, fake attack, location privacy, anonymous tags and so on. The paper proposes a kind of authentication and communication security mechanism that makes full use of the functions of the conditional Access Module (CAM) which exist in the original remote education system and when authenticating the nodes of the system, we use the proposed security scheme. Analysis showed that the mechanism is safe, reliable, strong compatibility, economic and applicable.

Keywords

RFID hash function security protocol BAN logic remote education system

1 Introduction

RFID (Radio Frequency Identification) technology is a non-contact automatic identification technology with the use of the electromagnetic waves for communication, and it is able to automatically identify objects to quickly obtain data information [1], RFID technology has the advantages of efficient identification, low-cost, reuse, and certain computing and storage capacity. With the domestic popularity and development of the Internet of Things Technology, RFID has been widely used and developed in many areas, being one of their core technologies. RFID has played an increasingly important role in the medical and health care services, logistics, warehouse management, ticketing, marketing, transportation, aviation passenger baggage handling and other aspects [2]. Meanwhile, RFID security and privacy issues also have been increasingly concerned by people. RFID systems are vulnerable to a variety of attacks, such as replay attacks, attacks of denial of service, eavesdropping attack, attacks of location privacy and so on [3].

The common RFID system is composed of three parts: tag, reader and back-end database(DB) [4]. As shown in Fig. 1.

Tags [5] are mainly composed by the two parts of chip and the antenna. The chip stores data information and it can uniquely identify the objects, and some chips also have some computing ability. The passive tags are limited to computing and storage capacity because there’s no energy source of them, and they are subject to cost constraints [6]. Antenna is responsible for signal transformation between tag and reader.

The reader is the device for two-way communication with tag, and it is generally composed by an RF module, a communication control unit and coupling element used for querying tag via radio frequency communication [7]. In operation, reader [8] usually transmits signals to tag, and it obtains the data information in signal to transmit to the back-end database after receiving the response signal from tag [9].

The back-end database has powerful storage capacity and data analysis capability, including all the data and information of readers and tags. DB needs to make a thorough search of a large amount of data, and perform complex calculations and so on.

As shown in Fig. 2, the reader can communicate with the back-end database through wire links or wireless links, which can be considered secure. The wireless channel communication can be used between tag and reader. Because the information content is open, so it is easy to be stolen or attacked by the listener, resulting in the loss of privacy, which is insecure. Therefore, it’s critical to offer an efficient, low-cost security protocol.

Remote education has been proposed early. Remote education is discussed much nowadays for it’s convenient and resource saving. It’s becoming one of the popular education models in the education society worldwide. It gives students a flexible learning schedule and a kind environment. With the help of online practice platform and the feedback platform, the remote education can teach students just like face to face.

However, There are many secure problems in remote education. The main secure problems to the remote education system as following: 1) System penetration 2) Eavesdropping 3) Forge information 4) Deny 5) Interrupted.

In this paper, we propose an effective Hash-Based RFID Two-Way Security Authentication Protocol. This algorithm can effectively improve the security of remote education.

2 Analysis of hash-based RFID authentication protocol

Hash-based RFID authentication protocol has been extensively studied and widely used in order to achieve high performance and security [10]. This paper introduces three common protocol based on Hash function.

2.1 Hash lock

Hash Lock [11] was proposed by Sarma et al in 2003. This protocol [12] uses metalID to replace the real ID, as shown in Fig. 3.

Initially, tag is locked. Each metalID and ID is stored in tag, while metalID = Hash (key) and Hash () is a one-way cryptographic hash function. The back-end database stores key of tag, metalID, and ID. The specific workflow is as follows:

Reader sends a request to tag, tag receives the request and sends metalID as response.

Reader sends metalID to back-end database, back-end database queries (ID, key) corresponding to metalID. If the query succeeds, database sends (ID, key) to reader; Otherwise, authentication fails.

Reader sends key to tag received.

Tag calculates Hash (key) to check whether Hash (key) is the same with metalID or not. If same, it will unlock the real ID and return ID; Otherwise, authentication fails.

The program has achieved the initial access control, but it fails to realize the dynamic refresh of tag ID and metalID, and the tag ID is transmitted in the form of clear text, which can’t prevent fake attack, replay attack and track attack.

2.2 Random Hash Lock

As an extension of the Hash Lock, Random Hash Lock [13] introduces a mechanism of random number so that each time the transmission of information is different, as shown in Fig. 4.

Initially, tag is locked. Tag contains the real ID and random number generator, and The back-end database stores ID of each tag. The specific workflow is as follows:

Reader sends a request to tag. Tag uses Hash function to calculate tag’s ID and a random number R generated by a random number generator and R’s Hash value Hash (ID||R), then sends (R, Hash (ID||R)) to reader as response.

Reader sends (R, Hash (ID||R)) to back-end database, back-end database calculates Hash (ID_k||R) of each ID_k. If Hash (ID_k||R) = Hash (ID||R), database sends ID_k to reader; Otherwise, authentication fails.

Reader sends ID_k to tag received.

Tag checks ID_k and ID. If same, it unlocks; Otherwise, authentication fails.

Although the program make a progress in hash lock, the ID_k is still transmitted in the form of clear text, which can’t prevent replay attack and track attack. In addition, it is time-consuming for back-end database to hash each ID.

2.3 Hash chain

Hash chain [14] is also an extension of the Hash Lock. In addition to a hash function G () for the response message, a function H () is added to update the identifier, as shown in the Fig. 5.

Initially, Tag and back-end database share an initial randomized identifier S_i,1 while tag is locked. The back-end database stores ID of each tag. The specific workflow is as follows:

Reader sends a request to tag.

Tag uses Hash function G () to calculate a_i = G (S_i,j), then sends a_i to reader and updates identifier S_i,j+1 = Hash (S_i,j) at the same time.

Reader sends a_i = G (S_i,j) to back-end database, back-end database make a thorough search of all ID stored, checking whether there is an equation a_i,j = G (H^j-1 (S_i,1)) in (ID, S_i,1). If successful, database sends ID_i to reader; otherwise, authentication fails.

In this program, although the ID updates every time, it increases the computation. Also, there is no authentication for reader because that hash chain is a one-way authentication protocol.

3 Improved security authentication protocol

In view of the problems in the above three protocols, this paper proposes an improved security authentication protocol. The new protocol is shown in Fig. 6.

Assumption: The communication between reader and the background database is secure while the communication between tag and reader is insecure; Hash function is secure, that counterfeiters unable to acquire effective information; Tag’s computing and storage capacity is limited because tag is a low-cost passive tag.

Initially, tag stores ID_t, reader stores ID_r, and back-end database stores (ID_t, ID_r). The specific workflow is as follows:

Reader sends request and R generated by a random number generator to tag.

After receiving request, tag calculate h = Hash (ID_t||R) and sends it to reader as response.

Reader sends R and Hash (ID_t||R) to back-end database received.

Database uses R and hash function to calculate ID_t reversely, checking whether there is ID_t equal to ID. If equal, tag is legal; Otherwise, authentication fails.

After that, database uses (ID_t, ID_r) to calculate Hash (R ⊕ ID_t ⊕ ID_r) and sends it to reader.

Reader uses its ID_r and R to calculate ID_t, and then calculates h₁ = Hash (ID_t||R). Reader sends h₁ to tag.

Tag checks whether h₁ is equal to h. If equal, reader is legal; Otherwise, authenticationfails.

4 Formal proof of improved protocol

4.1 BAN logic

BAN logic [15] has become the precedent of formal analysis. When using BAN logic, it’s necessary to make the steps idealized, that is to transfer the actual messaging into the formula of BAN logic. After the reasonable assumption conditions according to the facts, whether the protocol meets the corresponding expected goals can be inferred by logical axioms and assumptions reasoning.

Basic logic symbols are as follows:

P ⊲ X:P receives X.

P ⊲ * X : P receives X and P believes X that X is different from the past.

P ∋ X : X is belong to P.

P| ≡ # (X) : P believes X that X is new which means X is first discovered by P.

P| ∼ X : P once sent a message to X.

P| ≡ P $\overset{s}{\leftrightarrow}$ Q : P believes S that S is the effective shared key between P and Q.

Basic logic axioms are as follows:

If X sends message to P at the first time, then X is transmitted to P. $\frac{P ⊲ * X}{P ⊲ X}$ (1)

If P has received a formula, then P can know all the contents within the formula. $\frac{P ⊲ (X, Y)}{P ⊲ X}$ (2)

If P believes X that X is new, then P believes it that all the operations and the combination of X are new. $\frac{P | \equiv # (X)}{P | \equiv # (X, y), P | \equiv # F (X)}$ (3)

If P receives X, then X is belong to P. $\frac{P ⊲ X}{P ∋ X}$ (4)

$\frac{P ⊲ * H (X, S), P ∋ (X, S), P | \equiv P \overset{s}{\leftrightarrow} Q, P | \equiv # (X, S)}{P | \equiv [Q | \sim (X, S)], P | \equiv [Q | \sim H (X, S)]}$ (5)

4.2 Formal proof of improved protocol

In the improved protocol, reader stores ID_r, tag stores ID_t, and they share the random number Ra. All the messages they received are new.

Initial assumptions of the protocol are shown as follows while T represents tag and R represents reader. $1) R | \equiv # (Ra)$ (6) $2) R | \equiv R \overset{Ra}{\leftrightarrow} T$ (7) $3) T | \equiv # (Ra)$ (8) $4) T | \equiv T \overset{Ra}{\leftrightarrow} R$ (9) $5) R ⊲ * H (IDt, Ra)$ (10) $6) T ⊲ * H (IDt, Ra)$ (11)

In this paper, we need to prove the following two points to illustrate the correctness of the improved protocol: $\begin{matrix} Goal 1 : R | \equiv [T | \sim # H (IDt, Ra)] \\ Goal 2 : T | \equiv [R | \sim # H (IDt, Ra)] \end{matrix}$

The proof procedure is as follows:

Refer to (6) R| ≡ # (Ra) and (3) $\frac{P | \equiv # (X)}{P | \equiv # (X, y), P | \equiv # F (X)}$ , we can get the following formula

$R | \equiv # (IDt, Ra)$ (12)

Refer to (1) $\frac{P ⊲ * X}{P ⊲ X}$ , (4) $\frac{P ⊲ X}{P ∋ X}$ and (10) R ⊲ * H (IDt, Ra), we can get the following formula

$R ∋ (IDt, Ra)$ (13)

Refer to (12), (13), (7) R| ≡ R $\overset{Ra}{\leftrightarrow}$ T and (10) R ⊲ * H (IDt, Ra), we finally come to the conclusion

$R | \equiv [T | \sim # H (IDt, Ra)]$ (14)

Goal1 is proved.

Refer to (8) T| ≡ # (Ra) and (3) $\frac{P | \equiv # (X)}{P | \equiv # (X, y), P | \equiv # F (X)}$ , we can get the following formula

$T | \equiv # (IDt, Ra)$ (15)

Refer to (1) $\frac{P ⊲ * X}{P ⊲ X}$ , (4) $\frac{P ⊲ X}{P ∋ X}$ and (11) T ⊲ * H (IDt, Ra), we can get the following formula $T ∋ (IDt, Ra)$ (16)

Refer to (15), (16), (9) T| ≡ T $\overset{Ra}{\leftrightarrow}$ R and (11) T ⊲ * H (IDt, Ra), we finally come to the conclusion $T | \equiv [R | \sim # H (IDt, Ra)]$ (17)

Goal 2 is proved.

5 Security and performance analysis of improved protocol

5.1 Security analysis

Protocol-based security analysis [16] is mainly based on the aspects of preventing location tracking, replay attacks, eavesdropping attack, camouflage trick, and forward security, etc. [17]. The following are the results of the analysis of improved protocol:

Forward Security: Since the hash function is un- directionality, and the random number is constantly changing, even if the listener steals the information of last tag, it’s impossible to trace back to the history information, which ensures the forward security.

Location Tracking: Since the random number generated each time is different, the transferred data is not fixed, so the listener can’t judge the tag location according to its content, which thus solves the problem of location tracking.

Replay Attack: The random number generated by the reader each time is different, all the content won’t be sent until the hash operation, so the content delivered every time is different. Repeat message delivered by the replay attacks can’t pass the two-way authentication of the protocol.

Eavesdropping Attack: The encryption mechanism of hash function is shared among the reader, tag, and back-end database, the transmitted information is encrypted, so it’s impossible to obtain the real information after being eavesdropped.

Camouflage Trick: The improved protocol achieves two-way authentication between the reader and tag, so it’s impossible for camouflage and illegal access.

The security results of the improved protocol compared with the original protocols are shown in Table 1.

5.2 Performance analysis

Due to limited storage capacity and computing ability, the security authentication protocol should not only avoid all kinds of external attacks, but also consider the performances of hardware devices. This paper analyzes the performance of various protocols through the analysis of computing and storage capacity of tag, reader and back-end database. Assume the number of tags in the database is n. CR represents the frequency of generating the random number, CH represents an operation of hash, CXOR represents an operation of XOR. L represents 128 bits, because only the value output from the hash function is greater than 128 bits that can resist specific attacks [18]. The identifiers of tags and readers are 128 bits. The results are shown as follows in Table 2.

We simulate the authentication progress in the development environment of Visual Studio in Win7 system. Two indicators are selected to compare the performance of these four protocols: the average authentication time and the throughput. The experimental results are shown in Table 3 and Fig. 7:

It can be seen from the results above that the improved protocol requires a certain cost in the computing and storage capacity. However, in terms of storage capacity, the improved protocol tags and readers only need to store their own identifiers, there’s no need of the additional storage space to meet the needs of lightweight tags. As for computing, the improved protocol does not need the n-level hash calculation, thereby improving the operational efficiency. In summary, the improved protocol is compromised in computing capacity and storage space, thus to improve the safety performance, and the improved protocol is with better overall performance. For example, satellite receiving terminal does not require additional configuration smart card [19]; it makes full use of existing facilities and compatible with the existing system, avoiding the hardware deployment and maintenance of thousands of terminal nodes, and it greatly reduces system implementation workload. In addition, the development of the program in each communication entity based on the security standard [20], easy implementation and portability.

After all these works done, we designed an education platform with high security insurance, and successfully combined the theory with real application further. In order to get the feedback of the students about the platform, we define several feedback sheets on the platform and let the student finish them when they finish the curriculum. At the same time we record the comprehensive scores to evaluate our curriculum design and the platform. Our investigation is based on 875 feedback sheets. The result is showed in Fig. 8. The average satisfied percentage is 87.46%. The feedback from the comprehensive score is show in Fig. 9. The result shows that more than 96% of the students have passed the comprehensive exam and 68.37% of the students have the scores over 80. The feedback shows that our remote platformimplementation is satisfactory. They are helpful in remote education of information security.

6 Conclusion

This paper lists three Hash-based security protocols and analyzes their advantages and disadvantages. On the basis of these three protocols, we put forward an improved two-way security authentication protocol based on Hash function. Through the analysis of security and performance, the improved protocol with the better overall performance can resist all kinds of attacks, such as replay attacks. Finally, we prove the security of the improved protocol by using reasoning approach through BAN logic, which is the basis for practical application. However, this protocol fails to consider fully, such as application environment, particularity and limitations of RFID device (tag costs, et al.) and other affecting factors, which need the further experimental exploration. The security mechanism of system has many benefits. The achievement of the communications security, which is in the interactive remote education system which based on the former security protocol, relies on the system’s original conditional access system. The security mechanism is our proposed programs. This design has these advantages, using existing conditional access module functions to help encrypt information and distribute keys, compatibly with the original system, and resolving the rare problem of key distribution in remote areas. The application of public and private key pairs ensures the security of system authentication key, and make authentication between the nodes more effective. In short, when communication entities involves in the return link change information, this set of security mechanism could ensure the receiving and storage after strong authentication. The process, user using conditions to receive the key is fully encrypted, so that system resources and information security is guaranteed.

References

Yang

D.Z.

, Li

C.X.

and Lu

Z.Q.

, The Present Situation and development trends of RFID, China Science and Technology Review6 (2013), 187.

Shakiba

, Sundararajan

, Zavvari

and Islam

M.T.

, Cubic spline-based tag estimation method in RFID multi-tags identification process, Canadian Journal of Electrical and Computer Engineering CJECE 20131 (2013), 11–17.

Wang

, Liu

and Chen

, Security analysis and improvement on two RFID authentication protocols, Wireless Personal Communications1(2) (2015), 1–33.

Maarof

, Sime

, Rabat

, Labbi

, Senhadji

and Belkasmi

, Security Analysis of Low Cost RFID Systems, Codes, Cryptography and Communication Systems (WCCCS), 5th Workshop on IEEE, 2014, pp. 11–16.

, Tek

, Da Silva

, et al., Game on, science-how video game technology may help biologists tackle visualization challenges[J], PloS One8(3) (2013), e57990.

Sadikin

M.F.

and Kyas

, Security and Privacy Protocol for Emerging Smart RFID Applications, Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), 2014 15th IEEE/ACIS International Conference, 2014, pp. 1–7.

Wang

Y.J.

, Research on Security and Privacy in RFID System. Tianjin University, Master’s thesis, 2013.

et al., Managing big city information based on WebVRGIS,, IEEE Access4 (2016), 407–415.

Zavvari

, Islam

M.T.

, Shakiba

and Mandeep

S.J.

, Theoretical Analysis of RFID Security Protocols, Industrial Engineering and Engineering Management (IEEM), 2014 IEEE International Conference, 2014, pp. 302–306.

10.

Jialiang

, Dantong

and Youjun

, An efficient RFID authentication protocol supporting tag ownership transfer, Advancements in Computing Technology4 (2012), 244–253.

11.

Sarma

S.E.

, Weis

S.A.

and Engels

D.W.

, RFID System and Security and Privacy Implications, Proc of 4th International Workshop on Cryptographic Hardware and Embedded Systems, Berlin, Germany: Spring-Verlag, 2003, pp. 454–469.

12.

Jiang

, Ying

, Han

et al., Collaborative multi-hop routing in cognitive wireless networks[J], Wireless Personal Communications86(2) (2016), 901–923.

13.

Weis

S.A.

, Sarma

S.E.

, Rivest

R.L.

et al., Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems, Proc of the 1st International Conference on Security in Pervasive Computing, Berlin, Germany: Spring-Verlag, 2004, pp. 201–212.

14.

Ohkubo

, Suzuki

and Kingships

, Hash-Chain Based Forward Secure Privacy Protection Scheme for Low-Cost RFID, Proc Of Symposium on Crytography and Information Security, Sendai, Japan, 2004, pp. 719–724.

15.

Wang

Y.D.

and Shu

N.N.

, Formal Analysis of Cryptographic Protocols, Beijing: China Machine Press, 2006.

16.

Lin

, Yang

, Lv

et al., A self-assessment stereo capture model applicable to the internet of things[J], Sensors15(8) (2015), 20925–20944.

17.

, Xu

and Xu

, Secure and private protocols for server-less RFID systems, International Journal of Control and Automation2 (2014), 131–142.

18.

Liu

M.Y.

, Wang

and Zhao

X.S.

, Research on RFID security authentication protocol based on hash function, Chinese Journal of Sensors and Actuators9 (2011), 1317–1321.

19.

, Chirivella

and Gagliardo

, Bigdata oriented multimedia mobile health applications[J], Journal of Medical Systems40(5) (2016), 1–10. MLA.

20.

Yang

, Zhou

, Lv

et al., A real-time monitoring system of industry carbon monoxide based on wireless sensor networks[J], Sensors15(11) (2015), 29535–29546.