A lightweight inter-zonal authentication protocol for moving objects in low powered RF systems

Abstract

Automatic identification systems represent a wide classification of devices used primarily in commercial settings for inventory/logistics control. Familiar examples of such devices are bar codes, magnetic strips, smart cards, RFID (Radio-frequency identification) and biometric and voice recognition. Security is especially lax in low powered radio frequency systems communicating through an unsecured radio wave channel. Security represents a critical component for enabling the large scale adoption of automatic identification systems. Providing an effective security solution for low powered systems is a major area of concern; it directs research towards ‘power consumption aware’ computations in security solutions. This paper proposes a lightweight inter-zonal authentication Protocol for moving objects in low powered radio frequency systems. Formal validation and a thorough analysis of the protocol in SPAN security tool reveal its effectiveness and resiliency to attacks – eavesdropping, reader and tag impersonation, replay and desynchronization.

Keywords

Lightweight radio frequency systems authentication RFID eavesdropping

1 Introduction

Though identification systems may employ smart cards, magnetic strips, RFID (Radio Frequency IDentification), biometrics and voice recognition, they are currently predominantly barcode systems. Technological advancements impose the necessity for real-time data acquisition, compelling systems to become assertive in terms of tracking and monitoring [1]. In recent times, there has been an increased deployment of low powered RF systems for tracking and monitoring of different objects like assets, humans, vehicles etc. Low powered RF devices provide considerable advantages over barcodes- data can be read automatically without the object being in the line of sight of a reader or system authenticator. Moreover, data can be sent at a rate of hundreds of data units per second, and from a distance of several meters (depending on the area of coverage of the RFsystem).

Open wireless communication channels in RF systems are similar to wireless mobile communications. As a result, the system air interface is susceptible to security threats and attacks similar to those in wireless mobile communications. Security issue becomes a key concern and the systems are designed to provide effective security. Reliable security solutions for RF applications demand security requirements with respect to authentication, integrity, privacy, anonymity, session freshness, synchronization. Interesting threads of research in this direction have been the focus of [6 , 28–31]. As RF systems are chiefly low-powered, It is important that the security solutions take into consideration computing overheads. Lightweight schemes become the focus of securing RF systems [4 , 18].

A survey in [5 –21] examines and bring out several aspects related to low powered RF system security. Security threats to RF systems can be put into several classes [22 –24]. Any form of unauthorized access to the objects falls under the category of eavesdropping/sniffing. A rogue authenticator may read confidential data, record it and use it to breach authentication data exchanges. The highest level of security risk to a low powered RF systems network is sniffing/eavesdropping attack [22]. Spoofing attacks involve rogue entities not only secretly scanning and recording data transmissions from a legitimate object but also copying the object’s ID and making itself appear to be valid. Replay attack involves using an object’s response to an authenticator’s challenge to impersonate the object [25]. It can be countered by providing privacy and authentication [1–4 , 6].

RF systems use low-cost tag/label for identifying objects and obviously are restricted in terms of storage capacity and computational power. Low powered RF systems need to benefit from lightweight solutions to security. Use of simple operations and limited cryptographic functionalities permit minimum levels of computations and energy consumptions, while at the same time supporting cryptographic goals of security. Security solutions for RF systems can be classified by the weight of cryptographic primitives used- Middle-weight, light-weight and ultra-lightweight solutions. Middleweight solutions [8, 9] for higher security applications (finance, military) use symmetric/asymmetric encryption. Lightweight solutions use cyclic redundancy code (CRC) operator, message authentication code (MAC) and hash function. While research has focused on lightweight solutions for RF systems security, the studies from [13 –15] suggest the use of bitwise logical operations, shift operations and pseudo-random number generator (PRNG) which support the least computationally demanding class, the ultra-lightweight.

A lightweight mutual authentication and ownership management schemes are proposed by using limited cryptographic functionality [1]. Rahman et al. [4] presents a lightweight mutual authentication protocol to achieve basic security goals, i.e. confidentiality, integrity and authentication using a unique choice of pseudorandom numbers. Authentication process in [6] introduces timestamps to protect tag privacy and prevent tracking. On the other hand, [2] Osaka et al. propose a lightweight security method that achieves the security requirements using hash functions, symmetric cryptography, and the XOR operation. It achieves distinguishability, forward security, security against the replay attack, and security against the tag killing. The proposed method is reasonably efficient, but vulnerable to tracking and DoS attacks brought out by [16]. Moreover, as brought out in [17], an attacker can add noise to the final message exchange of [2] resulting in the tag holding incorrect secret information, due to which any subsequent authentication wouldfail.

While [1, 2] have not considered mobile RF systems, [3] implements a lightweight authentication for mobile RF system with grouped tags to identify objects. The authentication for tags is based on PRNG. The protocol provides security against reader impersonation/ impersonation attack and tracking. The RF system in Weis et al. [19] hides the object’s identification using random numbers in the object’s responses to avoid its reuse. It is vulnerable to impersonation attacks. Yu et al.’s [20] protocol use a 128-bit key set that is dynamically updated by the server. It uses the LSB 30 bits of the tag ID for authentication. However, this results in the possibility of compromising the security of the system as a whole.

This paper proposes a Light-weight Inter-zonal Authentication Protocol for moving objects in low powered RF systems. The protocol is designed for ‘power consumption aware’ computations in security solutions. The work presented in this paper is divided into 3 phases: System registration phase, zonal authentication phase and a mutual authentication phase. In phase 1, the object must register itself to the system authenticator (SA). The RFID network is partitioned into various zones based on the coverage of the authenticator of the RF system in a particular area. In phase 2 and phase 3, several events of handshakes are performed between both the object and ZA, object and IZA to mutually authenticate each other and start communicating. This protocol can be adopted by object monitoring and tracking systems for providing secure and reliable data exchanges. The protocol has been verified against security attacks which include eavesdropping, spoofing, authenticator and object impersonation, replay and desynchronization by using the SPAN security tool for formal validation of the protocol.

The contributions of the work are: (i) A multi-zonal authentication schema resilient to eavesdrop, replay, authenticator and impersonation and desynchronization (ii) An inter-zonal authentication protocol that mutually verifies the tracked object and the authenticator / reader (iii) A light-weight authentication schema performing PRNG, XOR, and XTEA with very less computation overhead.

The work presented in this paper contributes to ‘power consumption aware’ computations in security solutions. A lightweight inter-zonal authentication protocol for moving objects in low powered RF systems is proposed. The protocol uses ultra-lightweight XOR and PRNG functions for passing and decoding random numbers. Time stamps are used in interactive sessions between an object and an authenticator to keep the freshness of the challenge-response information in each communication round. Two or more handshakes between the communicating devices are defined as an event. Logical Clock (LC) value presents in the communicating devices increments simultaneously on verification of every event. Each communicating device maintains its own LC value. A mismatch in LC value between communicating devices terminates the communication between them. XTEA (Extended Tiny Encryption Algorithm) is used for both encryption and decryption. Wheeler and Needham in [27] made an extension to TEA algorithm (XTEA) which is a lightweight blockcipher.

The rest of the paper is organized as the proposed work, a 3-phase Light-weight Inter-zonal Authentication scheme is discussed in length in section 2. Analysis of the proposed protocol in terms of resiliency to security attacks and performance is presented in sections 3. Formal validation of the protocol using the SPAN security tool is presented in section 3.5. The conclusion is in Section 4.

2 Research method

2.1 RF system architecture

RF systems largely consist of authenticator and objects; both of which are responsible for verifying the identity of each other invariably ensuring communication with only the intended parties. This paper proposes a Light-weight Inter-zonal Authentication Protocol for moving objects in low powered RF systems. The protocol uses a ticket based authentication approach using cryptographic operations-XOR, PRNG (Pseudo Random Number Generation) and XTEA (Extended Tiny Encryption Algorithm).

The multizonal architecture of the proposed protocol is shown in Fig. 1. The architecture includes one SA (System Authenticator) for the entire system. On the onset, the SA registers all the objects to be identified to the system – 1 as shown in Fig. 1. It is structured to encompass many zones, where each zone defines a geographical region of authentication. The system is partitioned into multiple zones, each employing a ZA (Zonal Authenticator) to authenticate inbound registered objects - 2. Each zone allows communication between objects and inter-zonal authenticator (IZA) only after mutual authentication - 3 as shown in Fig. 1. The proposed mutual authentication protocol is organized to operate in three phases System Registration phase, Zonal Authentication and Mutual Authentication phase. System registration of an object with the SA generates an encrypted system ticket and sets the identification of the source zone (ID_ZONE-S), identification of tag (ID_OBJECT) and LC value for the object. The Zonal Authentication of an object with the ZA verifies the system ticket and generates an encrypted zonal ticket. The zonal ticket is used for further authentication of the object by an inter-zonal authenticator. The entities and their roles of the multizonal RF system are explicated in Table 1.

Fig.1

Multizonal Architecture.

Table 1

Entities and roles

Entity	Role	Data/Information stored and handled
SA	Registers an unregistered object to the RF networked system	•A list of registered objects with their identification (ID_OBJECT) and default zone identification (ID_ZONE)
		•System ticket
ZA	Authenticates the object for the zone	•A list of access passwords and LC values for all the registered objects.
		•A list of registered objects and their identification.
		•A list of ticket keys (k_ZA-IZA) used between the ZA and IZA.
ZR	Communicates with the object after mutual authentication	•A list of LC values for the entire registered object.
		•A list of registered object and their identification
		ID_ZONE, ID_OBJECT, LC, System Ticket, Zone Ticket
Object	The entity to be authenticated	•Ticket_SYSTEM - (ID_OBJECT, ID_ZONE-S, T₀, T_max, Timestamp, R + S) k_ZA-IZA
		•Ticket_ZONE, T₀, T_max, Timestamp, R + S) k_ZA-IZA

2.2 Proposed light-weight inter-zonal authentication protocol

The assumptions made in designing the protocol are:

All entities in the RF system namely, object and authenticators trust the System Authenticator (SA) and Zonal authenticator (ZA).

The Authenticators (SA and ZA) maintains the list of ticket keys of all the inter-zonal authenticators in the setup.

Only the Authenticators (SA and ZA) can access the memory contents of the object to be identified.

The proposed protocol is a three-phase mutual authentication protocol. The first phase is the System Registration Phase that registers an object with the RF networked System, generating a System Ticket. The subsequent phase is the Zonal Authentication phase. It authenticates a registered object when it is inbound into a zone, generating a Zonal Ticket. The last phase of the protocol is the Mutual Authentication phase. It mutually authenticates the object in a zone and the inter-zonal authenticator before any application processing is performed by the reader. Notations and terms used in the proposed protocol are given in Table 2.

Table 2
Notation and terms

Notation Description

ID_ZONE Identification number of zone

ID_OBJECT Identification number of object

PRNG () Pseudo Random Number function

R, S, U 16-bit random numbers

TICKET_ZONE Ticket for a particular zone

K_ZA-IZA Key shared by zonal and interzonal authenticators

LC Logical clock 16-bit integer value

T₀ Time of connection establishment

T_max Max time - connection holds without disconnecting

ZA Zonal authenticator

IZA Interzonal authenticator

RN Random number

SA System authenticator

Notation	Description
ID_ZONE	Identification number of zone
ID_OBJECT	Identification number of object
PRNG ()	Pseudo Random Number function
R, S, U	16-bit random numbers
TICKET_ZONE	Ticket for a particular zone
K_ZA-IZA	Key shared by zonal and interzonal authenticators
LC	Logical clock 16-bit integer value
T₀	Time of connection establishment
T_max	Max time - connection holds without disconnecting
ZA	Zonal authenticator
IZA	Interzonal authenticator
RN	Random number
SA	System authenticator

2.3 Phase I: System registration phase

This phase writes significant data in the memory of the object for authentication to be performed by ZA and IZA. The SA writes ID_ZONE-s - Identificationnumber of start zone, ID_OBJECT- Identification number of object and LC – Logical clock (16-bit integer value, initially zero) into the object’s memory. The SA then sends the system ticket to the object thus registering it in the RF networked system. A registered tag contains the following after the system registration phase:

ID_ZONE-S Identification number of the start zone

ID_OBJECT- Identification number of object

LC – Logical clock (16-bit integer value, initially zero)

Ticket_SYSTEM - (ID_OBJECT, ID_ZONE T₀, T_max, Timestamp, R + S)K_ZA-IZA

A ticket in the proposed protocol is encrypted using the shared secret key K_ZA-IZA, between ZA and IZR of a Zone.

The encryption with K_ZA-IZA is performed to prevent alteration of the contents by any unauthorized entity. ID_OBJECT and ID_ZONE allow verification of the object and zone. The values T₀, T_max and Timestamp permit verification of ticket validity. A ticket is valid only if (Current timestamp – Timestamp in the ticket)< (T_max - T₀). The value (R + S) are 16-bit random numbers generated by ZA. (R + S) serves as one of the components for mutual authentication and is available to IZA via the ticket. LC is a logical clock that keeps track of the number of times handshakes have been performed for an object in a zone.

2.4 Phase II: Zonal authentication phase

The RF networked system is partitioned into a number of zones based on the coverage of the RF authenticators, each zone defining a geographical region of authentication. A zone consists of one ZA and multiple IZA’s as illustrated in Fig. 1. Zonal authentication refers to the authentication of inbound registered objects into any one of the zones in RF networked system.

The ZA of a zone accesses an inbound object by accessing its memory and checks for ID_Zone written in the object at registration or any previous zonal authentication. If the ID_Zone in the object does not match the current zone, then the ZA sets the appropriate ID_Zone, issues a zonal ticket for that zone and resets LC for the registered object. If the ID_Zone matches the current zone, then ZA stores a 16-bit random number S and stores it in the object’s memory. It then queries the object for a ticket; this may be a system ticket or a zonal ticket. ZA checks for the ticket’s validity and authenticates the object. In case a ticket’s validity has expired (invalid ticket), the ticket is renewed at the ZA. After the Zonal Registration Phase, the registered object contains the following:

ID_ZONE - Identification number of the zone.

ID_OBJECT- Identification number of the object.

LC – Logical clock (16-bit integer value).

Ticket_ZONE - (ID_OBJECT, ID_ZONE, T₀, T_max, Timestamp, R + S) k_ZA-IZA

R ∧ S

As depicted in Fig. 2, a zonal ticket is issued by ZA along with R ∧ S, the XOR of 16-bit random numbers R and S. XOR operation is commutative and associative in nature. An important property of the XOR operation is as follows,

Fig.2

Phase II – Zonal authentication phase.

$((A) \land (B)) \land B = A$ (1)

ZA generates S and stores it in the object’s memory. It generates R and sends R ∧ S to the object. The value of R can be obtained from R ∧ S only if the value of S is known and vice versa. As a result, the object can obtain the value of R from R ∧ S using the value of S stored in it. Using R and S, the object computes (R + S), which serves as one of the components for mutual authentication. It is not possible for an unauthorized entity to obtain R or S from R ∧ S. This property prevents unauthorized/illegal entities from obtaining R and S in order to successfully impersonate as system registered object/authenticator.

2.5 Phase III: Mutual authentication phase

XOR and PRNG (Pseudo Random Number Generator) are the main cryptographic operations used in the proposed protocol. The contribution of XOR operation towards securing the proposed authentication scheme has been highlighted in Phase II discussion. PRNG () function generates a random number using a seed. An important property of PRNG () function is that it is a one-way function – the seed cannot be obtained from the random number. This process is detailed in Fig. 3.

Fig.3

Phase III – Mutual Authentication phase.

It is not possible for an illegal/unauthorized authenticator to obtain the seed (U) and authenticate itself as a legal IZA of the zone. The properties of both XOR and PRNG are exploited to provide a secure authentication protocol that is resilient to eavesdropping attack, authenticator and object impersonation attack, replay attack and desynchronization attack.

3 Security analysis and results

The resiliency of the proposed protocol with respect to different types of attacks is analyzed in this section.

3.1 Eavesdropping attack

Eavesdropping attack is an unauthorised real-time interception of the communication between an object and an authenticator. An adversary A may acquire R ∧ S, PRNG (R + S + LC) ticket, PRNG (U) and (U ∧ (R + S)) from the communication (Phase II and Phase III) between an authenticator and an object. A successful attack can be performed on the RF networked system if A can perform the following from the intercepted contents:

Decrypt the encrypted system/zonal ticket to obtain its contents.

Obtain 16-bit random numbers R, S and U.

Obtain LC and compute R+S+LC.

The proposed protocol is secure against eavesdropping:

The ticket is encrypted using K_ZA-IZA– The eavesdropper cannot gain any valuable information from a ticket without knowing the shared secret key (K_ZA-IZR)

It is not possible for an eavesdropper to obtain R or S from R ∧ S or U from (U ∧ (R + S)) due to the XOR property in (Equation 1).

PRNG () function is a one-way function, as a result of this property, the eavesdropper cannot obtain the values of (R + S + LC), U from PRNG (R + S + LC) and PRNG (U)

3.2 Authenticator/object impersonation attack

Authenticator-impersonation refers to a process in which an adversary-authenticator A deceives a registered object to authenticate it as a valid authenticator. Whereas, object-impersonation is the process in which an adversary - object A, deceives a genuine authenticator to authenticate it as a valid object. For authenticator/object-impersonation attacks to be successful, A performs the following:

Access memory contents of an object.

Obtain contents of system/zonal ticket.

The proposed protocol is secure against authenticator/object-impersonation:

Only the SA and ZA can access the memory contents of the objects as assumed in the protocol. Therefore an adversary A cannot access the memory contents of the object.

Tickets in the proposed protocol are encrypted using the secret key (K_ZA-IZA), shared between the zonal authenticator and inter-zonal authenticators in a zone. An impersonating authenticator A has to obtain (K_ZA-IZA), in order to decrypt the ticket and extract the data needed for authentication.

3.3 Replay attack

A replay attack is performed when an adversary (object or authenticator) A, attempts to reuse the authentication component used in a handshake. A captures the authentication component PRNG (R + S + LC) in Phase III and attempts to replay it (later on) in another authentication session with an authenticator. Logical Clock LC is incrementing software counter maintained in each process by which the happened-before ordering can be captured numerically [26]. LC is used in the protocol to resist replay attacks. LC values are updated for each authentication by both the object and IZA. For replay attack to be successful, A must have the correct LC value of a particular authentication session. This is not possible as the LC value is updated after every handshake in phase III. In Fig. 4, LC is updated to LC’ by both the object and IZA after handshake in phase III. It illustrates a replay attack, where A replays TICKET_ZONE, PRNG (R + S + LC) captured from the session #n during session # (n + i) Since LC ≠ LC, the authentication fails.

Fig.4

Replay Attack.

3.4 Desynchronization attack

An adversary A performs a desynchronization attack with intent to disrupt the authenticationprocess.

A desynchronization attack on the RF system forces the object and authenticator to update their common values to different values. In the proposed protocol, LC is a logical clock that keeps track of the number of times handshakes have been performed for an object in a zone. The LC values are updated by the object and the IZA only after a successful handshake in Phase III. A desynchronization attack can be successful if the LC updation is desynchronized; LC in the proposed protocol is not updated if the handshake in Phase III is unsuccessful. As a result, the adversary cannot perform a desynchronization attack to disrupt the authentication process of the proposed protocol.

3.5 Performance analysis

The man-in-the-middle attack is possible when an intruder tries to monitor and turns the trusted packet into the malicious one in the communication medium. In the proposed scheme, the communication is secured by encrypting the message with the help of the recipient’s public key and applying cryptographic hashing. The packet can be decrypted using the recipient’s private key which is kept a secret among anyone in the network (see step 6 and 8). Thus, the man-in-the-middle attack is impossible between the communicants mentioned in the proposed scheme.

An analysis of the proposed protocol in terms of resiliency requirements against eavesdropping, impersonation, replay, and desynchronization is illustrated in Table 3.

Table 3
Comparison of related protocols

Security Methods Eavesdropping Impersonation Replay Desynchronization

[1] Yes Yes Yes Yes

[2] Yes No Yes No

[7] Yes No Yes No

[3] Yes Yes No No

Proposed Yes Yes Yes Yes

Security Methods	Eavesdropping	Impersonation	Replay	Desynchronization
[1]	Yes	Yes	Yes	Yes
[2]	Yes	No	Yes	No
[7]	Yes	No	Yes	No
[3]	Yes	Yes	No	No
Proposed	Yes	Yes	Yes	Yes

The performance of the proposed protocol is analyzed for the time complexity of the operations (TXOR - time complexity of the XOR operation, TRNG - time complexity of the random number generation operation, TPRNG - time complexity of pseudorandom number function, TEDC - time complexity of the encryption/decryption cryptosystem) used in mutual authentication. Table 4 projects the total time complexity at an object and anauthenticator.

Table 4

Analysis of the proposed protocol

Object	Authenticators (ZA and IZA)
2T_XOR + 2T_PRN	2T_XOR + 2T_PRNG + 1T_EDC + 2T_RNG

The proposed protocol performs 2 XOR operations at the object in Phase II and III, 2 XOR operations at the authenticator in phase II and III. Accounting for a total of 4 XOR operations performed by the object and authenticator at the end of phase II and phase III. The total of 2 PRNG operations is performed by the object in phase III, 2 PRNG operations at the authenticator in phase III. Accounting for a total of 4 PRNG operations performed by the object and authenticator at the end of phase II and phase III. Two random number generation operations are performed at the authenticator in phase II. Only one encryption/decryption operation is performed at the authenticator in phase II and phase III. Therefore, a successful mutual authentication in a zone requires a time complexity of 2T_XOR + 2T_PRNG at the object and 2T_XOR + 2T_PRNG + 1T_EDC + 2T_RNG at the authenticator. Object’s data/information may be required to be processed by more than one authenticator in a zone, accounting for multiple authentications. The number of times (x) an object is authenticated in a zone accounts for a total of x * (4T_XOR + 4T_PRNG + 1T_EDC + 2T_RNG).

The performance Analysis of MKT phase (mutual authentication, key update and ticket computation) in [1] is analysed.for the time complexity of the operations (T_XOR - time complexity of the XOR operation, T_RNG - time complexity of the random number generation operation, T_PRNG - time complexity of pseudo-random number function, T_PER - time complexity of permutation operation, T_MOD - time complexity of modulus operation) used in mutual authentication.

Table 5 shows the total time complexity at a tag identifying the object and a reader (authenticator). The protocol in [1] performs 75 XOR operations at the tag in MKT phase, 63 XOR operations at the Reader in MKT phase. Accounting for a total of 138 XOR operations performed by the tag and reader at the end of MKT phase. The total of 72 PRNG operations is performed by the tag in MKT phase, 36 PRNG operations at the Reader in MKT phase. Accounting for a total of 36 PRNG operations performed by the tag and reader at the end of MKT phase. 12 permutation operations, 2 Random number generation operations are performed at the reader in the mutual authentication phase. 6 modulus operations are performed at the tag in the mutual authentication phase. Therefore, a successful mutual authentication requires a time complexity of 75T_XOR + 36T_PRNG + 12T_PER + 6T_MOD at the tag and 63T_XOR + 2T_RNG + 36T_PRNG at the reader. The performance analysis in Tables 4 and 5 infers that the proposed protocol in this paper functions with a lesser time complexity compared to the MKT phase of the protocol proposed in [1].

Table 5

Analysis - mutual authentication, key update and ticket computation in [1]

Object	Reader (Authenticator)
75T_XOR + 36T_PRNG +12T_PER + 6T_MOD	63T_XOR + 2T_RNG + 36T_PRNG

3.6 Formal validation of the proposed protocol

SPAN is a security protocol animator for HLPSL and CAS+ specifications that are similar AVISPA (Automated Validation of Internet Security Protocols and Applications). It facilitates the analysis of large-scale Internet security-sensitive protocols and applications. SPAN implements an active intruder that allows interactively finding and building attacks over protocols. SPAN automatically builds an attack message sequence chart on HLPSL and CAS+ specification of the protocol using the AVISPA verification tools. CL-AtSe is one such AVISPA verification tool. It is an efficient versatile automatic analyzer for the security of the cryptographic protocols. State-based security property like secrecy, authentication and fairness can be modeled using the CL-AtSe tool and the algebraic properties of operators like XOR or exponentiation are taken into account with fewer limitations compared to other tools, thanks to a modular unification algorithm.

The intruder simulation of the proposed protocol is done using SPAN. The protocol was found to safe from intruder attacks. In addition to the intruder simulation, CL-AtSe tool verification for the proposed protocol was performed. The proposed protocol was found to be secure against attacks simulated by CL-AtSe tool.

4 Conclusion

In this paper, a light-weight inter-zonal authentication Protocol for moving objects in low powered RF systems. This was done by employing the ultra-lightweight the PRNG function and XOR operation. Such use of a simple operation adds a minimal level of computation and energy consumption for low-powered RF systems while, at the same time, supports the cryptographic goals of the protocol. The proposed protocol was verified for security attacks and was formally validated using the SPAN security tool. Analysis of the proposed protocol and comparison with previous works in Section 5 and 6 indicate the following: (i) no disclosure of secret information (ii) no dependency on previously used secret data/information (ii) resiliency against sniffing/eavesdropping, and replay attacks is guaranteed (iv) the protocol is free from desynchronization issues (v) lower computational complexity (vi) lower time complexity.

References

Niu ,

Taqieddin and

Jagannathan , EPC Gen2v2 RFID standard authentication and ownership management protocol, IEEE Transactions on Mobile Computing 15(1) (2016), 137–149.

Osaka ,

Takagi ,

Yamazaki and

Takahashi , An Efficient and Secure RFID Security Method with Ownership Transfer, in Proc Int Conf Comput Intell Security, vol. 2, 2006, pp. 1090–1095.

Litian ,

Fu and

W.J.

Zizhong , A Mixed and Batching Authentication Protocol Grouped Tags in mobile RFID System, 2015 IEEE International Conference on Data Science and Data Intensive Systems, 2015.

Rahman ,

R.V.

Sampangi and

Sampalli , Lightweight Protocol for Anonymity and Mutual Authentication in RFID Systems, 2015 IEEE 12th Consumer Communications and Networking Conference: CCNC 2015 Workshops – IEEE CCAN, 2015.

Juels , RFID security and privacy: A research survey, IEEE J Sel Areas Commun 24(2) (2006), 381–394.

Zhang ,

Zhang and

Mu , A Mutual Authentication Security RFID Protocol Based on Time Stamp, 2015 First International Conference on Computational Intelligence Theory, Systems and Applications (CCITSA), 2015.

Y.Q.

Gui ,

Zhang and

H.K.

Choi , An improved RFID security method with ownership transfer, in ICT Convergence, International Conference on, 2011, pp. 594–596.

Jiang ,

Cheng and

Du , Group-based key array authentication protocol in radio frequency identification systems, IET Inf Secur 8(6) (2014), 290–296.

Lu ,

Han ,

Hu and

L.M.

Ni , Dynamic key-updating: Privacy-preserving authentication for RFID systems, Int J Distrib Sens Netw (2012), 1–12.

10.

Mathi and

Dharuman , Prevention of desynchronization attack in 4G LTE networks using double authentication scheme, Procedia Computer Science 89 (2016), 170–179, Twelfth International Multi-Conference on Information Processing-2016 (IMCIP-2016).

11.

H.Y.

Chien and

C.H.

Chen , Mutual authentication protocol for RFID conforming to EPC class 1 gen 2 stds, Comput Standards Interfaces 29(2) (2007), 254–259.

12.

David and

Prasad , Providing strong security and high privacy in low-cost RFID networks, Security Privacy Mobile Inf Commun Syst (2009), 172–179.

13.

Peris-Lopez ,

Hernandez-Castro ,

Tapiador and

Ribagorda , Advances in ultra-lightweight cryptography for low-cost RFID tags: Gossamer protocol, in Proc 9th Int Workshop Inf Security Appl, 2009, pp. 56–68.

14.

D’Arco and

De Santis , On ultra-lightweight RFID authentication protocols, IEEE Trans Dependable Secure Comput 8(4) (2011), 548–563.

15.

Tian ,

Chen and

Li , A new ultra lightweight RFID authentication protocol with permutation, IEEE Commun Lett 16(5) (2012), 702–705.

16.

Kapoor and

Piramuthu , Single RFID tag ownership transfer protocols, IEEE Trans Syst, Man, Cybern, Part C: Appl Rev 42(2) (2012), 164–173.

17.

H.-B.

Chen ,

W.-B.

Lee ,

Y.-H.

Zhao and

Y.-L.

Chen , Enhancement of the RFID security method with ownership transfer, in Proc 3rd Int Conf Ubiquitous Inf Manage Commun, 2009, pp. 251–254.

18.

E.G.

Ahmed ,

Shaaban and

Hashem , Lightweight mutual authentication protocol for low-cost RFID tags, in International Journal of Network Security & Its Applications (IJNSA) 2(2) (2010).

19.

Juels and

Weis , Authenticating pervasive devices with human protocols, In CRYPTO’05, volume 3126 of LNCS, IACR, Springer-Verlag, 2005, pp. 293–308.

20.

Lu , et al., Dynamic keyupdating: Privacy-preserving authentication for RFID systems, International Conference on Pervasive Computing and Communications (PerCom ’07), IEEE Press, 2007, pp. 13–22.

21.

Williamson , et al., Solutions for RFID smart tagged card security vulnerabilities, AASRI Procedia 4 (2013), 282–287.

22.

Grover and

Berghel , A survey of RFID deployment and security issues, Journal of Information Processing Systems 7(4) (2011).

23.

Grimaila , RFID Security Concerns. Retrieved March 2013, 2007.

24.

Shih ,

Lin and

Lin , Privacy and Security Aspects of RFID Tags, Soutwest Region Decision Sciences Institute, 2005.

25.

Burmester and

B.D.

Medeiros , RFID Security: Attacks, Countermeasures and Challenges, 5th RFID Academic Convocation, RFID Journal Conference, 2007.

26.

Time, Clocks, and the Ordering of Events in a Distributed System Leslie Lamport Massachusetts Computer Associates, Inc., http://amturing.acm.org/p558-lamport.pdf.

27.

Wheeler and

Needham , TEA Extensions. October 1997. (Also Correction to XTEA. October 1998) Available via: www.ftp.cl.cam.ac.uk/ftp/users/djw3/

28.

J.-P.

Kaps , Chai-tea, Cryptographic Hardware Implementations of xTEA, Volgenau School of IT\&E, George Mason University, Fairfax, VA, USA.

29.

Dharuman and

Mathi , A time-invariant scheme for handover key management using identity based encryption in 4G LTE networks, IJCTA 8(5) (2015), 1823–1830. International Science Press.

30.

S.K.

Mathi ,

Kalyaan ,

Kanimozhi and

Bhuvaneshwari , Integrating non-linear and linear diffusion techniques to prevent fault attacks in AES to enhance security of 4G-LTE networks, Defence Science Journal 67(3) (2017), 276.

31.

Hermans ,

Peeters and

Preneel , Proper RFID privacy: Model and protocols, IEEE Trans Mob Comput 13(12) (2014), 2888–2902.