Intelligent and secure RFID multilevel fuzzy inference system for client to banker profiling

Abstract

In this work, we will be investigating, developing and implementing an intelligent RFID system in conjunction with a fuzzy data classification system, to greatly enhance and secure financial transactions and improve operational efficiency in the banking environment. The innovative part of this research is to provide an efficient solution to the challenge that may arise from the need to expertly and automatically match the profile of customer and banker and solve the vagueness in customer/banking profiling. Our proposal offers an expert, secure, efficient and comprehensive framework, methodology and its application in financial environments to develop customer to banker profile matching and availability via an expert agent multi level fuzzy data classification system. Foremost, according to clients and banking staff members weighted attributes, exact match has been established according to highest degree of relevance by utilizing Matlab fuzzy inference system. Then, to communicate output of a match profile engine from one party to another, to show profiling effectiveness and to do implementation; secure, privacy preserving, and comprehensive intelligent RFID profiling authentication system has been designed and verified by Scyther tool.

Keywords

Authentication system fuzzy inference system intelligent system matlab profiling system RFID Scyther

1 Introduction

The wide deployment of wireless sensing technologies for the monitoring and autonomous identification of financial activities have affected financial institutions in the past decade. However, wider utilization of radio frequency identification (RFID) technologies in the banking sector have introduced challenges, like how to develop and design a framework which not only secure personal or professional financial data but also operate and manage the data efficiently. Thus, a need for an intelligent banking system has arisen that provides safe and seamless operations and reduces the complexity of end users, labour cost, operation cost etc. in such a way that it will in turn increase the return over investment [1]. RFID system has the potential to infiltrate and reduce the cost in numerous areas of personal or commercial banking environments by automatically identifying objects and persons.

Automatic identification, non contact and non line of sight RFID system generally consists of a set of low cost RFID tags, a few RFID readers and a secure back-end server [2 –4]. The tags can be passive, active or semi active depending upon the features like internal battery, transmitter, inbuilt sensors, tag life, etc. The coiled antenna is utilized to release radio waves during tag activation and provides several features to it like read or write financial data. RFID integrated banking system employs low cost RFID tags to communicate in malicious communication environments. Using near field communication [5] or bluetooth, RFID readers communicate with a number of tags which are spread over the whole banking environment [6]. The communication channel between reader and server is generally wired, which is assumed to be secure, while reader and tag or user’s smart device communicates through a radio frequency wireless channel, which is insecure and can be intercepted or modified by an eavesdropper in such a way that legitimate recipient does not detect the manipulation [7, 8].

However, any violation in data security can cause extensive financial and legal ramifications and even affects operations in the financial body. Besides this, it can affect the customer privacy and community trust on such financial systems.

Foremost, Sarma et al. [9] mentioned the scarcity of tag resources as a primary challenge. Weis et al. [10] proposed a hash-based access control approach HAC to protect the tag, which stores the hash of a random key as its metaID. But the scheme allows the tag to be tracked as the same metaID is used repeatedly. Henrici and Muller [11] proposed hash-based ID variation scheme HIDV, which uses one way hash function to protect location privacy by changing the ID after each session. But still after an unsuccessful session, it replied with the same hashed ID, which makes it vulnerable to traceability attack, impersonation attack and backward traceability. Lim and Kwon [12] pioneered the concept of forward untraceability in security authentication protocols, which is similar to backward untraceability, but focuses on issues of tag identification in future sessions of communication. Chien and Chen [13] proposed RFID mutual authentication protocol conforming to EPC Class 1 Generation 2 standards. But Lopez et al. [14] proved that their protocol is vulnerable to denial of service attack, tag as well as server impersonation attacks and suffers forward tracing due to the feature of linearity of cyclic redundancy code function. Wang et al. [15] proved de-synchronization attack and passive disclosure attack via exhaustive search on [16]. In addition, to get rid of these vulnerabilities, [15] gave modified SRP++ protocol in accordance with EPC Class 1 Generation 2 standard which resist disclosure attack via exhaustive search. Kumari et al. [17] proposed an upgraded remote user authentication scheme with key agreement to overcome security weaknesses of [18] and claimed that their scheme is more suitable, secure and efficient for real life applications. Later, Kaul et al. [19] have pointed out that [17] is completely insecure as an adversary can easily obtain not only the security parameters of the protocol but also gets the common session key of future communication between user and the server.

A number of researchers have addressed this issue by proposing new RFID authentication protocols utilizing various symmetric or public key cryptographic methods. But most of the work still has security and privacy breach [20 –23]. However, still RFID applications are utilized to collect personal and financial data of the customers with proper care [24]. RFID technology provides banking industry the means to authenticate their potential customers, customers profile matching to bankers, lock/unlock door of locker, vault operation, track customers file and assets, manage and monitor data and equipment, secure the movement of fixed assets and data center servers, enlarge profitability, resist unauthorized access and other banking zones where the system can be flawlessly incorporated with existing RFID system to support automatic identification [24 –26]. Especially in this work we are using RFID to resolve customers profile matching to bankers, but to resolve this, we have also to deal with profiling vagueness and this can only be possible by utilizing fuzzy system [27].

A fuzzy set A in universal set X = {x} is a set of ordered pairs A = {(x, μ_A (x)) : x ∈ X} where μ_A (x) is the ’membership grade’ of x in A, μ_A : X → [0, 1] [28]. Fuzzy technology has become one of the most successful system for developing and designing sophisticated control systems and it handles such applications in a perfect manner as it has an ability to make precise decision and provide appropriate solutions from the set of approximate or exact data [28, 29]. This is one of the reasons this research utilizes a fuzzy logic system in profile matching as it has the ability to cover the gap between purely mathematical or purely logic based approaches in our designed system [30, 31].

Fuzzy membership function editor in Matlab Fuzzy logic toolbox provides the interactive environment and specifically utilized to design and alter the relevant linguistic variable parameters like shape, size, count, domain, range, etc. This research utilizes the triangular membership function editor for quantification which is characterized by three scalar parameters α₁, α₂ and α₃ such that α₁ ≤ α₂ ≤ α₃, in which height is defined by h and support of A is [α₁, α₃]. Thus, it is defined by $μ_{A} (x) = {\begin{matrix} h (x - α_{1}) / (α_{2} - α_{1}) & for α_{1} \leq x \leq α_{2} \\ h (α_{3} - x) / (α_{3} - α_{2}) & for α_{2} \leq x \leq α_{3} \\ 0 & Otherwise \end{matrix}$

While variables in mathematics usually take numerical values, in fuzzy logic applications, the non-numeric linguistic variables are often used to facilitate the expression of rules and facts [28]. Linguistic variables are characterized by five parameters (σ, T (σ) , X, g, m), in which σ is the linguistic variable, T (σ) is the set of linguistic values σ can take, X is the universe of discourse in which the linguistic variable σ takes its crisp values, g is a syntactic rule for generating linguistic terms and m is a semantic rule that relates each linguistic value in T (σ) with a fuzzy set in X, i.e. m : T (σ) → ϝ (X).

This work provides a framework and implementation of an innovative idea, that describes how to establish profiling in the banking sector. The establishment of a profiling system is extremely helpful in reducing the weighting time or long queues over the banks. It also provides better client acquisition, that helps in knowing the best client and in turn assist to look for prospects with the similar characteristics. In parallel, the proposed work maintains the client’s security and privacy in the network communication process. Further, it helps in improving the client experience while knowing the fact that client’s data is extremely crucial. Thus, it helps in connecting the right people at the right time, that drives better outcomes. Furthermore, it has an ability to tailor communications based on client’s priorities which will enhance experience, commitments and dealing. Hence, the proposed intelligent and secure RFID multilevel fuzzy inference system for client to banker profiling will revolutionize the banking sector by increasing efficiency, decreasing cost and providing more secure and privacy sensitive financial data communication and transactions.

Profiling is basically a rule base matching algorithm between the parties. Profiling in banking environment is an innovative part, however, tremendous work have already been done in various other sectors of profiling like health, schema matching, information extraction, retrieval, etc. [25 , 32] and demonstrate promising output. Bajtos et al. [35] gives network intrusion detection with threat agent profiling system that presents K-means, PAM, and CLARA clustering algorithms for security incident profiling and having focus on grouping similar threat agents based on attributes of security events. Improving data security and privacy based on a fuzzy logic classifier work explores the use of fuzzy logic in classification of data and suggests a method that can determine requirements for data security and privacy in organizations based on organizational needs and government policies imposed on data [30, 31]. Yang et al. [36] presents interest profiling for security monitoring and forensic investigation to automatically generate user interest profiles and then develop a model that can discover and output multi-word phrases to describe topics, which facilitates the human interpretation of unorganized texts. For patient classification, fuzzy logic based warning system has been given by Dmour et al. [33] and they claim to provide the results in agreement with the current modified early warning score system. A detailed survey that describes state-of-the-art, challenges, and solutions in profiling is given in [34]. The proposed architecture is based on vector of weighted parameter attributes and allows client profiling and matching in a time intensive important scenario as described in [31].

1.1 Motivation

Our motivation comes from the question of how to resolve the security while autonomously maintaining the client information system. As, in this system, a client’s tag is automatically scanned by the reader which is distributed within the banking environment, immediately upon his arrival. The notifications about the desired services are communicated to the staff members autonomously by the client information system. During this autonomous acquisition process, client’s data is communicated and managed to satisfy each customer service efficiently and securely on priority basis and any violation in data security can cause extensive harm to the society. Thus, to secure the RFID profiling system expertly, there is a need for a secure and privacy preserving authentication system, in which the server’s computed matching value corresponding to client’s query survey, is communicated securely via client mobile application. This urge of need motivates us to do this research work.

1.2 Contribution

In this paper, we foremost describe the terms that affect the profiling of client and banking staff, but as the defined terms are linguistic or fuzzy, we have to utilize a fuzzy inference system to solve the vagueness. Next, by utilizing Matlab FIS, we are able to develop the system which correctly finds the match between client and banking staff depending upon their defined attributes. Further, an intelligent RFID cloud system has been introduced in which clients can fill the query survey depending upon their service request so that the server can generate a profile matching value. Furthermore, a secure and safe authentication system has been developed to communicate the profile match value from server to client mobile application in RFID network. Finally, the security of the proposed authentication mechanism has been verified by an automatic formal verifier Scyther and as well as informally.

The rest of the paper is organized as follows: In section 2, fuzzy classification system preliminaries have been discussed while in section 3, client to banker agent profiling model has been described. Multilevel fuzzy inference profiling system has been proposed in section 4 which includes the following subsections: linguistic variables in client to banker profiling, rule associated to profile matching and fuzzy inference and defuzzification results. Section 5 presents RFID client to banker profiling scenario describing system architecture, procedure, profile matching authentication system. Formal and informal security verification have been presented in section 6 and performance evaluation in section 7. Finally, the work has been concluded and future directions have been given in section 8.

2 Preliminaries: Fuzzy classification system

In general, client to banker profile matching characteristics are linguistic or vague and depend upon different weighted attributes. To deal with this vagueness, we will be utilizing a fuzzy classification system [29]. Our proposed fuzzy inference mechanism experiment utilizes the Matlab fuzzy logic toolbox to infer the two main components of profiling, i.e. staff profiling parameters and customer priority parameters. The inference results of fuzzy logic toolbox provide better and more accurate match of both the agents and ultimately save operational time cost [37]. As described in Figure 1, fuzzy inference system consists of following functions [32]:

Fuzzifier: Transform the input value into its fuzzy linguistic variable.

Inference engine: Decision making process and use fuzzy rule base to map fuzzy input into fuzzy output.

Defuzzifier: Transfer truth value into crisp conclusion to derive the control mechanism.

Fuzzy knowledge base: Consist of fuzzy rule base and data base where rule base is a set of “If-then” type fuzzy functions.

Fig. 1

Fuzzy Controller Block Diagram.

Our proposed fuzzy inference system (FIS) similar to Matlab FIS workflow, followed the following procedure, as described in Figure 2:

Initially, fuzzification interface modifies and converts the inserted value into its fuzzy linguistic variable via utilizing fuzzy knowledge base membership function so that it’s rule can be defined and compared in the rule base.

The set of related “If-then” type functions are kept in the fuzzy rule base to best control the system. Correspondingly, decision-making fuzzy inference engines utilize that rule to map fuzzy input into fuzzy conclusions.

Finally, the defuzzification interface combines and converts prior activated actions into an equivalent single crisp output to derive the control mechanism.

Fig. 2

FIS work flow in Matlab.

3 Client to banker agent profiling model

The proposed architecture is based on a vector of weighted parameter attributes and allows client profiling and matching in a time intensive important scenario. Further, the architecture utilizes rule base algorithms to find the associated match between the client and banking staff. Customer to banker profiling is mainly based on vector of

Customer weighted priorities

Staff or asset weighted attributes

Then via utilizing an intelligent agent rule base system, the proposed profiling system matches the customer attribute against the banker. The process of profiling is described in Figure 3 which helps in matching a staff member’s specification and access rights according to the need of the customer. Next issue is to define the level of match between client and staff member because it has been infeasible to always provide an exact match between them. Thus, the rules based on this system can be demonstrated in human linguistic terms which are clearly vague and can’t be represented formally. Customer to banker profiling utilizes a fuzzy rule base system to match the profiling between them and to handle such vagueness [27]. Then real-time decision-making agent system using inference results of fuzzy logic toolbox decides the priority of serving a particular customer to automatically match customers with the banker’s profiles and to quickly facilitate appropriate service [1].

Fig. 3

Proposed Client to Banker Agent Profiling Model.

4 Proposed multilevel fuzzy inference profiling system

This research makes inference and prediction of the best match between client and banking staff based on the factors of staff or asset accessibility and client priority affecting the computational and operational time cost using fuzzy logic toolbox [38]. As shown in Figure 4, the whole profiling model is divided into following different terminologies according to [38 –45]:

Banking staff profile agent engine include the level of accessibility scope of 5 input variables: staff availability, staff access rights, staff specification, asset availability, working environment and one output variable.

Client priority profile agent engine include the level of priority according to 4 input variables: service desired by client, client physical condition, premium account status, client arrival time and one output variable.

Matching profile agent engine include the level of match between 2 input variables: output of banking staff profile agent engine, output of client priority profile agent engine and one output variable.

Fig. 4

Proposed Client to Banker Match Profiling Model.

4.1 Linguistic variables in client to banker profiling

In order to obtain the best profile match or a measured match value between client to banker, we initially converted our collected data or required stored database into fuzzy sets via fuzzification. In fuzzification, we have developed membership functions of each and every variable affecting the profiling model and have shown its linguistic variable scope in Table 1. The affecting linguistic variables data obtained from various financial reports and articles [39 –45] are divided and then converted into following membership functions:

Staff Availability (α): Staff member’s on the spot availability to serve any client is the main feature of the banking staff profile agent engine and it’s membership function is splitted into four fuzzy linguistic terms: Low availability (σ_B11), Medium availability (σ_B12), High availability (σ_B13) and Extreme high availability (σ_B14) according to staff active enrollment domain of discourse [1, 10] is divided into four sublevels: less than 4, 3 to 6, 5 to 9, greater than 8 respectively in the banking environment.

Staff Access Rights (β): Staff degree of designated duties and their access rights to perform any operation to serve the client request is one of the main factors affecting staff profiling agent engine. This research categorized the staff access rights linguistic variable level range [1,5, 1,5] into four fuzzy sub terms: No access (σ_B21), Slight access (σ_B22), Average access (σ_B23), Top access (σ_B24) according to it’s value less than 2, lies between 1 to 3, lies between 2 to 4 or greater than 3 respectively.

Staff Specification (γ): Banking staff member’s knowledge to efficiently handle any nominated task undoubtedly affects the output of banking staff profiling. The linguistic variable staff specification divides the level range [1,10, 1,10] into three linguistic terms: Insufficient knowledge (σ_B31), Partial trained (σ_B32), Domain expert (σ_B33) according to it’s fuzzy value is less than 5, lies between 4 to 9 or greater than 8 respectively.

Asset Availability (δ): Banking assets or server availability to upgrade, add or delete any client request in the database affecting operational time and ultimately affecting banking agent profiling; has three linguistic terms: If value of it’s level range [1,5, 1,5] is less than 2, then it has Minimal availability (σ_B41), for level value in between 1 to 4, it has More or Less availability (σ_B42) and for greater than 3 value, it has Ideal availability (σ_B43) to perform any financial task.

Working Environment (η): There are various additional parameters which affect staff profiling and its efficiency like work pressure, willingness to work, staff personal or professional interface, working conditions or any additional responsibility given. Thus working environment linguistic variable is in Not good condition (σ_B51), Normal condition (σ_B52), Acceptable condition (σ_B53) or Healthy condition (σ_B54) for semantic rule value less than 4, lies in the interval [3,6, 3,6], lies in the interval [5,9, 5,9] or greater than 8 respectively corresponding to the linguistic variable domain of discourse [1,10].

Banking Staff Profile Engine Output (θ): The output variable of the membership function indicates the degree of adequacy of a particular staff member as shown in Figure 5. When scope output is less than 5 then the particular staff member is Inadequate to serve client (σ_B1); in the scope output of [2.5,7.5], it indicate linguistic term Moderate to serve client (σ_B2) and finally the scope output greater than 5 has feature Adequate to serve client (σ_B3) for staff member.

Priority According Service Desired (ζ): Any service desired by the clients has already been assigned various grades in the database from [1,10] to deal with the issue of priority. It’s membership function has been categorized priority into three linguistic terms: Utmost important (σ_C11), Important(σ_C12) and Regular service (σ_C13) according to the assigned grade value is less than 4, lies between 3 to 6 or greater than 5 respectively.

Client Physical Condition (μ): The physical urgency of any client is the main factor affecting the client’s priority profile agent engine. The linguistic variable client physical condition divides the domain of discourse [1,10, 1,10] into three linguistic terms: Greatest priority (σ_C21), Good priority (σ_C22) and Ordinary priority (σ_C23) according to it’s fuzzy value less than 2, lies between 1 to 4 or greater than 3 respectively.

Premium Account Status (ν): Financial organization for the sake of its own organizational benefit wants to give high priority to the customer’s having premium account status. Thus the linguistic variable has been categorized grade level [1,10, 1,10] into Highest priority (σ_C31), Above average priority (σ_C32) and Average priority (σ_C33) according to its scope value less than 5, lies between 3 to 7 or greater than 6 respectively.

Client Arrival Time (ξ): First come first serve factor or have an appointment undeniably strongly affects client priority profile engine. High level priority (σ_C41) fuzzy set has been assigned for the grade value less than 3 and Common priority (σ_C42) fuzzy set has been assigned for the grade value greater than 2 corresponding to the universe of discourse [1,5, 1,5].

Client Priority Profile Engine Output (ϑ): The output variable of the membership function indicates the degree of priority to be served any service for any particular client, as shown in Figure 6. When scope output is less than 5 then that particular client has Supreme priority (σ_C1); in the scope output of [2.5,7.5], it indicate linguistic term Good priority (σ_C2) and finally the scope output greater than 5 has feature Moderate priority (σ_C3) for that particular customer.

Matching Profile Engine Output (ω): The comprehensive matching scope is established according to the membership function degree of each and every variable scope of Banking staff profile engine output (θ) and Client priority profile engine output (ϑ), in order to provide the good match between both the entities. The output variable of the membership function indicates the comprehensive degree of match between any particular client with any staff member as shown in Figure 7. When scope output is less than 3 then that particular client and staff has No client to banker profiling match (σ_M1); in the scope output of [2,6], it indicates linguistic term Average client to banker profiling match (σ_M2); the scope output of [5,9], represents Good client to banker profiling match (σ_M3) and finally, the scope output greater than 8 has feature High client to banker profiling match (σ_M4).

Fig. 5

Fuzzy Profiling Inference Rules.

Fig. 6

Fuzzy Profiling Inference Rules.

Fig. 7

Fuzzy Profile Matching Inference Rules.

Table 1

Linguistic Variables Scope

Linguistic Varible(σ)	Semantic Rule	Set of terms of σ
Staff Availability (α)	<4	Low availability (σ_B11)
	3 - 6	Medium availability (σ_B12)
	5 - 9	High availability (σ_B13)
	>8	Extreme High availability (σ_B14)
Staff Access Rights (β)	<2	No Access (σ_B21)
	1 - 3	Slight Access (σ_B22)
	2 - 4	Average Access (σ_B23)
	>3	Top Access (σ_B24)
Staff Specification (γ)	<5	Insufficient Knowledge (σ_B31)
	4 - 9	Partial Trained (σ_B32)
	>8	Domain Expert (σ_B33)
Asset Availability (δ)	<2	Minimal Availability (σ_B41)
	1 - 4	More or Less Availability (σ_B42)
	>3	Ideal Availability (σ_B43)
Working Environment (η)	<4	Not Good Condition (σ_B51)
	3 - 6	Normal Condition (σ_B52)
	5 - 9	Acceptable Condition (σ_B53)
	>8	Healthy Condition (σ_B54)
Banking Staff Profile Engine Output (θ)	<5	Inadequate to Serve Client (σ_B1)
	2.5 - 7.5	Moderate to Serve Client (σ_B2)
	>5	Adequate to Serve Client (σ_B3)
Priority According Service Desired (ζ)	<4	Utmost Important (σ_C11)
	3 - 6	Important(σ_C12)
	>5	Regular Service (σ_C13)
Client Physical Condition (μ)	<2	Greatest Priority (σ_C21)
	1 - 4	Good Priority (σ_C22)
	>3	Ordinary Priority (σ_C23)
Premium Account Status (ν)	<5	Highest Priority (σ_C31)
	3 - 7	Above Average Priority (σ_C32)
	>6	Average Priority (σ_C33)
Client Arrival Time (ξ)	<3	High Level Priority (σ_C41)
	>2	Common Priority (σ_C42)
Client Priority Profile Engine Output (ϑ)	<5	Supreme Priority (σ_C1)
	2.5 - 7.5	Good Priority (σ_C2)
	>5	Moderate Priority (σ_C3)
Matching Profile Engine Output (ω)	<3	No Client to Banker Profiling Match (σ_M1)
	2 - 6	Average Client to Banker Match (σ_M2)
	5 - 9	Good Client to Banker Match (σ_M3)
	>8	High Client to Banker Match (σ_M4)

4.2 Rules associated to profile matching

To control the fuzzy inference system in a best manner, a fuzzy rule base holds all the knowledge of a profile matching system in the form of a set of well-defined rules. We utilize Matlab fuzzy rules editor to design and modify 176 “If-then” type fuzzy rules and collection of these ’if-then’ type fuzzy rules express the combination of all possible states of membership functions which further helps us to divide the match profiling fuzzy base into three different bases: Banking staff profile agent engine, Client priority profile agent engine and Matching profile agent engine to obtain the best match surface value [38]. Fuzzy inference rule base described below is based on the related literature references and the ability to make considered decisions or intelligence of this research:

Banking staff profile agent rule base is a set of 113 “If-then” type fuzzy rules which is based on combination of five membership functions α, β, γ, δ and η. Rule base lead low staff profiling component like σ_B11, σ_B21, σ_B31,σ_B41, σ_B51 to inadequate to serve client output. As all these five membership functions α, β, γ, δ, η are equally likely important for profiling so the combination of any 3 or higher top staff profiling component σ_B13, σ_B14, σ_B23, σ_B24, σ_B33, σ_B43, σ_B53, σ_B54 lead staff fuzzy profiling towards adequate to serve clients or otherwise for 2 or less components present in the combination of rule base of staff profiling out of these 8 components σ_B13, σ_B14, σ_B23, σ_B24, σ_B33, σ_B43, σ_B53, σ_B54 will lead the inference system towards moderate to serve clients.

Client priority profile agent rule base is a set of 54 “If-then” type fuzzy rules which is based on combination of 4 membership functions ζ, μ, ν and ξ. Rule base lead combination of regular priority component σ_C13, σ_C23, σ_C33 and σ_C42 towards moderate priority output and client physical condition greatest priority function (σ_C21) towards supreme priority profiling output. As all the remaining 6 components σ_C11, σ_C12, σ_C22, σ_C31, σ_C32 and σ_C41 are equally likely important so fuzzy combination of any 3 or more lead the system towards supreme client priority output and any 2 or 1 variable present in the combination of rule base out of these linguistic terms σ_C11, σ_C12, σ_C22, σ_C31, σ_C32 and σ_C41 generate the good client priority fuzzy output.

Matching profile agent rule base is a set of 9 “If-then” type fuzzy rules which controls the whole system by combination of 2 membership functions θ and ϑ, as described in Table 2:

Table 2
Matching profile agent rule base

Matching output ω σ _C1 σ _C2 σ _C3

σ _B1 σ _M1 σ _M1 σ _M2

σ _B2 σ _M2 σ _M3 σ _M4

σ _B3 σ _M4 σ _M3 σ _M3

Matching output ω	σ _C1	σ _C2	σ _C3
σ _B1	σ _M1	σ _M1	σ _M2
σ _B2	σ _M2	σ _M3	σ _M4
σ _B3	σ _M4	σ _M3	σ _M3

4.3 Fuzzy inference and defuzzification results

In this research, we established a defuzzified match profiling system on the staff profiling and client priority fuzzy base and allow the system to predict and make decisions regarding their match using mobile Application or RFID system. Defuzzification in our research utilizes the gravity method and can be made by adjusting the red line of the input variable as shown in Figure 5, 6, 7. Fuzzy inference results of the system are as follows:

Inference results of banking staff profile agent engine θ are described in Figure 5 and it can be generalized for any particular case via adjusting the values of input variables: α, β, γ, δ and η. For instance, as described in Table 3, three scenarios have been considered and the output value yield by these values indicates staff member inadequacy, moderate and adequacy to serve any client corresponding to case 1, 2 and 3 respectively.

Inference results of client priority agent engine ϑ are described in Figure 6 and it can be generalized for any particular case via adjusting the values of input variables: ζ, μ, ν and ξ. For instance, as described in Table 4, three scenarios have been considered and the output value yielded by these values indicates client supreme, moderate and good priority corresponding to case 1, 2 and 3 respectively.

Inference results of matching profile agent engine ω are described in Figure 7 and it can be generalized for any value of banking staff profile agent engine output (θ) and client priority profile agent engine output (ϑ). For instance, as described in Table 5 the previous cases output have been considered and the output value yield by these scenarios indicates the following match defuzzified value between client and staff member:

Table 3
Case study results of θ

α β γ δ η θ

Case 1 3 2 4 2 5 2.09

Case 2 4 3 6 2 5 5

Case 3 9 4 8 5 7 7.98

	α	β	γ	δ	η	θ
Case 1	3	2	4	2	5	2.09
Case 2	4	3	6	2	5	5
Case 3	9	4	8	5	7	7.98

Table 4

Case study results of ϑ

	ζ	μ	ν	ξ	ϑ
Case 1	3.5	5.5	4	2	3.52
Case 2	5	6	7	3	5
Case 3	9	8	9.5	5	8.26

Table 5

Case study results of ω

Match Value	ϑ₁ = 3.52	ϑ₂ = 5	ϑ₃ = 8.26
θ₁ = 2.09	ω₁₁ = 1.19	ω₁₂ = 1.1	ω₁₃ = 4
θ₂ = 5	ω₂₁ = 5.7	ω₂₂ = 7	ω₂₃ = 9
θ₃ = 7.98	ω₃₁ = 7.47	ω₃₂ = 7	ω₃₃ = 7

The inputs which we obtained are validated with MATLAB fuzzy inference system to have the matching result. All the linguistic variable that we define in 1 pass through FIS engine and can be made by adjusting red line of input variable as shown in Figure 5, 6 and 7. Then, in Figure 8, fuzzy profile matching inference surface view for each linguistic variable utilized in our research have been demonstrated, which shows the interconnection of linguistic variables and their effects on the corresponding output variable. From top to bottom and left to write 17 inference surfaces in Figure 8, describes the interconnection of linguistic variable, (θ, α, β), (θ, γ, α), (θ, δ, α), (θ, η, α), (θ, β, γ), (θ, δ, β), (θ, η, β), (θ, γ, δ), (θ, γ, η), (θ, η, δ), (ϑ, ζ, μ), (ϑ, ν, ζ), (ϑ, ξ, ζ), (ϑ, μ, ν), (ϑ, ξ, μ), (ϑ, ξ, ν), (ω, θ, ϑ) respectively. As for instance, inference results of matching profile agent engine is ω and it can be generalized for any value of banking staff profile agent engine output (θ) and client priority profile agent engine output (ϑ). Last surface view in Figure 8, fuzzy profile matching inference surface view has been demonstrated, which shows the interconnection of linguistic variables and their effects on the corresponding output variable. Surface view indicates the impact on match profiling corresponding to both grids input fields: staff profiling and client priority and provide robust and reliable match control.

Fig. 8

Fuzzy Profile Matching Inference Surfaces.

5 Implementation: RFID client to banker profiling Scenario

In this section, we implement our proposed profiling system for RFID cloud network environment. Generally, banking sectors utilized fixed as well as handheld RFID readers for collecting and managing customers data. RFID chips are embedded on staff ID cards, IT equipment, bank cards, passbooks, banking record files and assets such that tracking of assets, equipment, data or individuals will be done in a matter of minutes without interrupting any bank operations [24]. For example, Wells Fargo and Bank of America have hundreds of data centers that need IT fixed asset tracking software in order to ensure labor savings [5]. Even RFID is utilized to collect customers data upon their arrival in the banking environment via providing RFID chip enabled cards to customers [6]. Banking staff member’s netbooks, computer systems or tablets are equipped with RFIDs and virtual private networks and similarly the client’s mobile APP is also linked with the corresponding user RFID tag. This implementation is divided into following subsections: System architecture, System procedure and Authentication system.

5.1 System architecture

Proposed intelligent RFID match profiling system has the following main components:

Server is configured to provide acquisition, management and communication of user’s data via RFID scanners or via Web portal. Central server stores user’s data in its database in an organized manner and responds to requests from all other components like RFID reader, Web application and Mobile application. Further, user’s database information will be refreshed periodically once new crisp readings are accessible only after successful authentication.

RFID Reader communicates with a number of RFID tags using Near field communication or Bluetooth. The communication channel between RFID reader and server is secure, while RFID reader and tag or user’s smart device communicates through a radio frequency wireless channel.

Web Application has been designed in such a way that legitimate clients can register to the RFID profile matching system and have access rights to utilize its features. The web application is developed to access data in the server database and its user interface feature correspondingly allows users to retrieve data via the internet.

Mobile Android Application has been designed to authenticate and quickly serve legitimate client service. The Android App controls and communicates expert match profiling via Bluetooth and simultaneously access the server’s data and logs via internet.

RFID Tags have limited resources and storage capacity and are connected to the reader via wireless insecure network. Moreover, any tag linked to a particular user is also linked with the corresponding user mobile APP.

5.2 System procedure

As described in Figure 9, proposed intelligent RFID client to banker match profiling system follows the following procedure on the entrance of any customer to the bank:

After that via mobile android application, client authenticates them and input the query survey regarding service desired request only if their RFID tag status has been activated. That is, when the customer is in the banking environment only, then he can input the service desired request via his mobile APP.

Further via web portal, App sends client request information along with time stamp and identity to the server.

After that the server accumulates, manages and compares data to find any abnormality in the transaction. Hence, an intelligent system along with RFID is required to verify the unusual pattern and make suitable decisions to satisfy each customer service efficiently and securely on priority basis.

After successful user authentication, an expert fuzzy profile match algorithm runs and finds the suitable match corresponding to the client and sends the final output regarding staff information to the client mobile.

Then, for normal financial transactions, service is provided immediately to the clients and correspondingly update their database.

Fig. 9

RFID Profiling Expert Authentication System.

5.3 RFID Profile matching authentication system

In this section, we have designed a framework of authentication systems required for profile matching. Notations used in the authentication process are described in Table 6. At the time of registration of any tag, its identity TID and secret K_T is kept on tag side. Further, mobile App having client identity CID and secret K_A is linked with tag TID and all these parameters TID, CID, K_T and K_A are stored securely in the server database. In general, proposed algorithm communicate the profile match value from server to client mobile application in RFID network and it is described in 10. Server, tag and mobile App follow the following step by step procedure, as described in Table 7, to mutually authenticate each other:

Foremost server sends the Hello message to tag to start communication.

Tag generates random number r₁ and sends messages {M₁, M₂} along with current time t₁ to the server where M₁ = r₁ ⊕ h (TID ∥ K_T) and M₂ = h (TID ∥ K_T ∥ r₁ ∥ t₁).

Upon receiving the message, server first verify the time frame by verifying $(t_{1}^{'} - t_{1}) \leq δ t_{1}$ , where δt₁ < ε (Very small). Then obtain $r_{1}^{*}$ by calculating $r_{1}^{*} = M_{1}^{*} \oplus h (TID ∥ K_{T})$ and verify computed $M_{2}^{*} = h (TID ∥ K_{T} ∥ r_{1}^{*} ∥ t_{1})$ with the received M₂. Thus, after verifying tag authentication, server generates random number r₂ and sends the message {M₃, M₄} to the tag for tag mutual authentication purpose, where M₃ = r₂ ⊕ h (TID ⊕ K_T) and M₄ = h (TID ∥ K_T ∥ r₂ ∥ t₁). Simultaneously, the server sends the ’Tag Activated’ message to the mobile application so that the mobile application is ready for query survey from the user.

After receiving message from server, tag computes $r_{2}^{*} = M_{3}^{*} \oplus h (TID \oplus K_{T})$ and then verify the correctness of communicated message by checking $M_{4}^{*} = h (TID ∥ K_{T} ∥ r_{2}^{*} ∥ t_{1})$ with the received one.

In the mobile application user inputs his credentials CID, PW_C and authenticates himself. Android app verifies user’s authenticity by computing confidence is less than or equal to threshold value. After verification, the mobile application sends the message ’Verified’ to the server via internet and then further server sends the message ’Tag Activated’ to App, which makes users possible to insert or input query survey QS as per their need for service. Now app generates random number r₃ and sends message {M₅, M₆, M₇, t₂} to the server, where M₅ = r₃ ⊕ h (TID ∥ CID ∥ K_A), M₆ = QS ⊕ h (TID ⊕ CID ⊕ K_A) and M₇ = h (TID ∥ CID ∥ K_A ∥ r₃ ∥ QS ∥ t₂).

After receiving the message, server checks the time stamp by verifying $(t_{2}^{'} - t_{2}) \leq δ t_{2}$ and then obtains $r_{3}^{*} = M_{5}^{*} \oplus h (TID ∥ CID ∥ K_{A})$ and ${QS}^{*} = M_{6}^{*} \oplus h (TID \oplus CID \oplus K_{A})$ . Successful verification of computed $M_{7}^{*} = h (TID ∥ CID ∥ K_{A} ∥ r_{3}^{*} ∥ {QS}^{*} ∥ t_{2})$ guarantees that the received query survey regarding client request has fully authenticated and sent only by the legitimate user at particular time t₂. Finally, the server runs an expert fuzzy profile client to banker matching algorithm to find the correct match value ω. Similarly to send the message ω to App via radio waves server sends the message {M₈, M₉, M₁₀} via generating random number r₄, where M₈ = r₄ ⊕ h (TID ∥ CID ∥ K_A ∥ r₃), M₉ = ω ⊕ h (TID ⊕ CID ⊕ K_A ⊕ r₃) and M₁₀ = h (TID ∥ CID ∥ K_A ∥ r₄ ∥ ω ∥ t₂).

Again RFID chip equipped mobile application obtains $r_{4}^{*} = M_{8}^{*} \oplus h (TID ∥ CID ∥ K_{A} ∥ r_{3})$ and $ω^{*} = M_{9}^{*} \oplus h (TID \oplus CID \oplus K_{A} \oplus r_{3})$ from M₈ and M₉ respectively and verifies match value ω by verifying $M_{10}^{*} = h (TID ∥ CID ∥ K_{A} ∥ r_{4}^{*} ∥ ω^{*} ∥ t_{2})$ with the communicated one. Thus, users get the best profile match value ω using its QS. Finally, computes and sends the message M₁₁ = h (r₃, r₄, ω) to the server.

Eventually, for mutual authentication purposes, the server computes and verifies the message $M_{11}^{*} = h (r_{3}, r_{4}, ω)$ with the received one.

Table 6
Notations

TID Unique identity of tag

K _T Tag secret key

CID Client or user identity

K _A Secret of mobile Application

PW _C Client mobile application password

QS Query survey regarding client service request

r _i Random strings generated by pseudo random generator for 1 ≤ i ≤ 4

M _i Communicated messages for 1 ≤ i ≤ 11

h Secure one way keyed hash function h (.) : {0, 1} ^* → {0, 1} ^l

t _i Current time stamp for 1 ≤ i ≤ 2

ST Communication channel from server to tag

TS Communication channel from tag to server

SA Communication channel from server to mobile application

AS Communication channel from mobile application to server

Table 7

RFID Authentication Procedure for Profiling

RFID Tag	Server	Mobile APP
	$\leftarrow_{ST}^{Hello}$
Generate r₁
M₁ = r₁ ⊕ h (TID ∥ K_T)
M₂ = h (TID ∥ K_T ∥ r₁ ∥ t₁)
$⟶_{TS}^{M_{1}, M_{2}, t_{1}}$
	Verify $(t_{1}^{'} - t_{1}) \leq δ t_{1}$
	$r_{1}^{} = M_{1}^{} \oplus h (TID ∥ K_{T})$
	$M_{2}^{} = h (TID ∥ K_{T} ∥ r_{1}^{} ∥ t_{1})$
	Verify
	Generate r₂
	M₃ = r₂ ⊕ h (TID ⊕ K_T)
	M₄ = h (TID ∥ K_T ∥ r₂ ∥ t₁)
	$\leftarrow_{ST}^{M_{3}, M_{4}}$
$r_{2}^{} = M_{3}^{} \oplus h (TID \oplus K_{T})$
$M_{4}^{} = h (TID ∥ K_{T} ∥ r_{2}^{} ∥ t_{1})$
Verify
	$⟶_{SA}^{TagActivated}$
		User input query survey QS
		Generate r₃
		M₅ = r₃ ⊕ h (TID ∥ CID ∥ K_A)
		M₆ = QS ⊕ h (TID ⊕ CID ⊕ K_A)
		M₇ = h (TID ∥ CID ∥ K_A ∥ r₃ ∥ QS ∥ t₂)
		$\leftarrow_{AS}^{M_{5}, M_{6}, M_{7}, t_{2}}$
	$(t_{2}^{'} - t_{2}) \leq δ t_{2}$
	$r_{3}^{} = M_{5}^{} \oplus h (TID ∥ CID ∥ K_{A})$
	${QS}^{} = M_{6}^{} \oplus h (TID \oplus CID \oplus K_{A})$
	$M_{7}^{} = h (TID ∥ CID ∥ K_{A} ∥ r_{3}^{} ∥ {QS}^{*} ∥ t_{2})$
	Verify
	Run Expert Profile Match Algorithm
	Obtain Match Value ω
	Generate r₄
	M₈ = r₄ ⊕ h (TID ∥ CID ∥ K_A ∥ r₃)
	M₉ = ω ⊕ h (TID ⊕ CID ⊕ K_A ⊕ r₃)
	M₁₀ = h (TID ∥ CID ∥ K_A ∥ r₄ ∥ ω ∥ t₂)
	$⟶_{SA}^{M_{8}, M_{9}, M_{10}}$
		$r_{4}^{} = M_{8}^{} \oplus h (TID ∥ CID ∥ K_{A} ∥ r_{3})$
		$ω^{} = M_{9}^{} \oplus h (TID \oplus CID \oplus K_{A} \oplus r_{3})$
		$M_{10}^{} = h (TID ∥ CID ∥ K_{A} ∥ r_{4}^{} ∥ ω^{*} ∥ t_{2})$
		Verify $M_{10}^{*} = ? M_{10}$
		M₁₁ = h (r₃, r₄, ω)
		$\leftarrow_{AS}^{M_{11}}$
	$M_{11}^{*} = h (r_{3}, r_{4}, ω) = ? M_{11}$

6 Security analysis RFID client to banker profiling authentication system

In this section, we describe the security verification of our proposed work from several active or passive attacks informally as well as formally by Scyther tool.

6.1 Informal verification

Informal verification of proposed work from various known security and privacy attacks is as described below:

Resist replay attack: It is infeasible for an adversary, to replay any authentication message of protocol such as {M₁, M₂, t₁}, {M₃, M₄}, {M₅, M₆, M₇, t₂}, {M₈, M₉, M₁₀}, {M₁₁} of one session into another session. The authenticity of the communicated messages is verified by the messages M₂, M₄, M₇, M₁₀ and M₁₁ respectively. Each of these messages incorporates fresh random numbers and current time stamps which help to keep our protocol safe from replay attack.

Provide user anonymity: For the sake of user anonymity client identity CID is not transmitted in any of the transactions in plain text format. Also to provide security, client password PW_C is not utilized or communicated in any of the wireless messages, but it’s verified internally by the application.

Resist traceability attack: To resist tag traceability, tag identity TID is not sent directly in the communication channel. Thus, utilization of irrevertible hash function and random numbers makes adversary probability to trace any tag negligible.

Provide mutual authentication: In proposed protocol, tag to server mutual authentication has been achieved by verifying communicated messages M₂ and M₄. Also mobile application and server mutually authenticate each other by ensuring the correctness of messages M₁₀ and M₁₁.

Provide data integrity Random numbers are generated by each entity in the communication so that randomness and freshness are provided to the communicated messages. Moreover, M₂, M₄, M₇ and M₁₀ are verified not only to provide mutual authentication but also to check the correctness of received random numbers r₁, r₂, r₃ and r₄ respectively. Hence, for an adversary, it is impossible to modify any communication and every little change will tend to enormous change in the verification messages.

Resist fully disclosure attack Secret parameters in the protocol are TID, CID, K_T and K_A. Each transmitted message M_i for 1 ≤ i ≤ 11 is hidden with two or more secret parameters and their combinations. Each message is generated by a hash function and it is infeasible to invert the hash function in a polynomial time frame window. Thus, an adversary is unable to even find the approximation of the internal secrets.

Resist impersonation attack If an adversary wants to impersonate the server then its authenticity is verified by the tag by verifying M₄ and mobile application verify server authenticity by verifying M₁₀. Further, if an adversary wants to impose a tag, then the server verifies tag authenticity by verifying M₂. Furthermore, application correctness of transaction messages is verified by M₇. Thus, to impose any player role, an adversary must have to guess the secret parameters TID, CID, K_T and K_A. The probability to guess these parameters is negligible, which makes proposed work secure from impersonation attack.

Hence, as per technical report [4], our proposed authentication protocol provides data integrity, confidentiality, user anonymity, mutual authentication and resistance to various attacks like replay, traceability, impersonation and full disclosure attack.

6.2 Formal verification

In this section, we have described the formal verification of security analysis of our protocol by Scyther tool which is the formal verification tool of Python and designed particularly for an automatic verification of security of any authentication protocol [46]. We have utilized scyther version v1.1.3 and compromise-0.9.2 for Windows and a 32-bit package of graphical user interface over Python 2.7 background. To do the verification of the authentication protocol, each specification like communication, messages, secrets, claim, random generation, entity roles, etc. has been written in spdl language (Security Protocol Description Language) as described in Appendix 2. Then claim of authenticity, synchronization, secrecy, weakness, alive and confidentiality has been evaluated depending upon each entity communication role. The result as shown in Figure 11, demonstrates that the proposed protocol is secure against all the known active and passive attacks. The Scyther tool box gives ’OK’ output everywhere to indicate that the designed system is secure.

Fig. 10

Proposed Profiling Authentication Algorithm.

Fig. 11

Formal Verification.

7 Performance and efficiency evaluation

Let t_h denotes the time complexity for hash operation, t_p denotes the time complexity for PUF evaluation, t_xor denotes the time complexity for xor operation, t_rot denotes the time complexity for rotation function and t_rec denotes the time complexity for reconstruction function. Since the time complexity for xor operation is negligible, thus we ignore the computational complexity for xor operation. W.l.o.g we assume that the random numbers and the time stamp are as long as the output of one way hash function say, l and the identity message ID_j is padded with zero bits to make the bit size of ID_j as long as l. Efficiency of our authentication protocol with the related [47 –52] schemes in terms of storage, tag computation and communication cost has been analyzed, evaluated, compared and described in table 8. Then proposed protocol performance has been evaluated and compared with the related research works [22 , 52]. Performance has been evaluated on various types of active and passive security as well as privacy attacks and it is shown in table 9.

Table 8
Efficiency Evaluation

Protocols Storage Cost Tag Computation Cost Tag and Server Communication Cost

Molnar [47] 2l t_h + t_p 4l

Bassil [48] 10l 7t_rot + t_p 7l + 6 *5byte

Kardas [49] 3l 4t_h + 2t_p 6l

Zhuang [50] 5l 10t_rec + 4t_rot 6l

Dekhordi [51] 3l 2t_h 5l

Akgün [52] 4l 4t_h + 2t_p 5l

Ours 2l 4t_h 5l

Protocols	Storage Cost	Tag Computation Cost	Tag and Server Communication Cost
Molnar	[47]	2l	t_h + t_p	4l
Bassil	[48]	10l	7t_rot + t_p	7l + 6 *5byte
Kardas	[49]	3l	4t_h + 2t_p	6l
Zhuang	[50]	5l	10t_rec + 4t_rot	6l
Dekhordi	[51]	3l	2t_h	5l
Akgün	[52]	4l	4t_h + 2t_p	5l
Ours		2l	4t_h	5l

Table 9

Performance Evaluation

Protocols	Dekhordi	Akgün	Luo	Kumar	Our
	[51]	[52]	[22]	[23]
Provide Intelligent System	No	No	No	Yes	Yes
Mutual Authentication	Yes	Yes	Yes	No	Yes
Resist Traceability Attack	Yes	Yes	Yes	Yes	Yes
Resist Impersonation Attack	No	No	Yes	Yes	Yes
Linked &verify mobile App	No	No	No	No	Yes
Resist Replay Attack	Yes	Yes	Yes	Yes	Yes
Provide Confidentiality	No	No	Yes	No	Yes
Resist Active &Passive attack	No	No	No	No	Yes
Provide Match Profiling	No	No	No	No	Yes

8 Conclusion and future work

In this work, an innovative and new idea of profiling in the banking zone is proposed by conjunction of various already existing technology enhancements like RFID technology, intelligent system and fuzzy classification system. An expert RFID system utilizing Matlab fuzzy inference system has been designed for profile matching. The vagueness in profiling is compared according to customers attributes distinctions and match with the one having the highest degree of extent using knowledge of domain experts in real time. Further, we proposed a RFID based comprehensive authentication intelligent framework to show profiling implementation. To secure the RFID profiling system expertly, an authentication system has been described, in which the server’s computed matching value corresponding to users query survey, is communicated to the user securely via his mobile application. Moreover, the proposed protocol security from several active and passive attacks is verified by utilizing Scyther tool. Thus, we can demonstrate that the proposed innovations and technological developments will revolutionize the banking sector by increasing efficiency, decreasing cost and providing more secure and privacy sensitive financial data communication and transactions.

Profiling in the banking zone and its vagueness is compared in this work according to customer’s attributes distinctions and match with the one having the highest degree of extent using knowledge of domain experts in real time. In future, this will give a scope of utilizing machine learning algorithms along with intelligent RFID systems so that client’s data is managed and compared to find any abnormality in the transaction. If there is some unusual pattern, then the system will take suitable decisions to satisfy each customer service efficiently and securely on priority basis. In this way, by analyzing client’s records, intelligent software agents will provide the active vehicle in the interpretation profiling of the data and reporting capacity while the RFID system will provide the passive vehicle to obtain the data via its monitoring capabilities.

Footnotes

Acknowledgment

This research is supported by Royal Bank of Canada, Mitacs Elevate Program and University of Toronto.

References

Mohammadian

and Jentzsch

, Intelligent agent framework for secure patient-doctor profiling and profile matching, Developments in Healthcare Information Systems and Technologies: Models and Methods (2010), 195.

Liao

and Hsiao

, A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol, Ad Hoc Networks (2014), 133–146.

Chou

J.S.

, An efficient mutual authentication RFID scheme based on elliptic curve cryptography, J Supercomput, Springer 70 (2014), 75–94.

Deursen

and Radomirovic

, Attacks on RFID protocols (version 1.1), Technical Report (2009).

Tagging fixed assets, http://fixedassetsoftware.net/rfid-byindustry/rfid-in-banks/.

Kumar

, Kaur

, Misra

S.C.

and Iqbal

, An intelligent RFID-enabled authentication scheme for healthcare applications in vehicular mobile cloud, Peer-to-Peer Networking and Applications 9(5) (2016), 824–840.

Rahman

, Bhuiyan

M.Z.A.

and Ahamed

S.I.

, A privacy preserving framework for RFID based healthcare systems, Future Generation Computer Systems 72 (2017), 339–352.

Kaul

S.D.

and Awasthi

A.K.

, Privacy model for threshold RFID system based on PUF, Wireless Personal Communications 95(3) (2017), 2803–2828.

Sarma

, Weis

and Engles

, Radio frequency identification: Security risks and challenges, Cryptobytes 6(1) (2003), 2–9.

10.

Weis

S.A.

, Sarma

S.E.

, Rivest

R.L.

and Engels

D.W.

, Security and privacy aspects of low-cost radio frequency identification systems, In Security in Pervasive Computing (2004), 201–212.

11.

Henrici

and Muller

, Hash based enhancement of location privacy for radio frequency identification devices using varying identifiers, International Workshop on Pervasive Computing and Communication Security, IEEE Computer Society (2004), 149–153.

12.

Lim

and Kwon

, Strong and robust rfid authentication enabling perfect ownership transfer, Information and Communications Security, Lecture Notes in Computer Science 4307 (2006), 1–20.

13.

Chien

H.Y.

and Chen

C.H.

, Mutual authentication protocol for rfid conforming to epc class 1 generation 2 standards, Computer Standards Interfaces 29(2) (2007), 254–259.

14.

Peris-Lopez

, Hernandez-Castro

J.C.

, Estevez-Tapiador

J.M.

and Ribagorda

, Cryptanalysis of a novel authentication protocol conforming to epc-c1g2 standard, Computer Standards Interfaces 31(2) (2009), 372–380.

15.

Wang

, Liu

and Chen

, Security analysis and improvement on two rfid authentication protocols, Wireless Personal Communications (2014), 1–13.

16.

Pang

, He

, Pei

and Wang

, Secure and efficient mutual authentication protocol for rfid conforming to the epc c-1 g-2 standard, In Wireless Communications and Networking Conference (WCNC), 2013 IEEE, (2013), 1870–1875.

17.

Kumari

, Khan

M.K.

and Li

, An improved remote user authentication scheme with key agreement, Computers and Electrical Engineering 40(6) (2014), 1997–2012.

18.

Chang

Y.F.

, Tai

W.L.

and Chang

H.C.

, Untraceable dynamicidentity-based remote user authentication scheme with verifiable password update, International Journal of Communication System 27(11) (2014), 3430–3440.

19.

Kaul

S.D.

and Awasthi

A.K.

, Security enhancement of an improved remote user authentication scheme with key agreement, Wireless Personal Communications 89(2) (2016), 621–637.

20.

Alagheband

M.R.

and Aref

M.R.

, Simulation-based traceability analysis of RFID authentication protocols, Wireless Personal Communications (2013), 1–20.

21.

Alavi

S.M.

, Baghery

and Abdolmaleki

, Security and privacy flaws in a recent authentication protocol for EPC C1 G2 RFID tags, Advances in Computer Science: an International Journal 3(5) (2014), 44–52.

22.

Luo

, Wen

, Su

and Huang

, SLAP: Succinct and lightweight authentication protocol for low-cost RFID system, Wireless Networks (2016), 1–10. DOI: https://doi.org/10.1007/s11276-016-1323-y.

23.

Kumar

, Iqbal

, Misra

, Rodrigues

and Obaidat

M.S.

, Bayesian cooperative coalition game as a service for RFIDbased secure QoS management in mobile cloud, IEEE Transactions on Emerging Topics in Computing 6(1) (2018), 58–71.

24.

Naccache

, Method for securing transactions, Transaction Device Bank Server Mobile Terminal and Corresponding Computer Programs U.S. Patent 9697511, July 4, (2017).

25.

H.H.

and Rahm

, COMA: a system for flexible combination of schema matching approaches, Proceedings of the 28th international conference on Very Large Data Bases, VLDB Endowment, (2002), 610–621.

26.

Doan

A.H.

, Lu

, Lee

and Han

, Profile-based object matching for information integration, IEEE Intelligent Systems 18(5) (2003), 54–59.

27.

Zadeh

L.A.

, Fuzzy sets, Information and Control 8(3) (1965), 338–353.

28.

Kaufmann

, Introduction to the theory of fuzzy subset, New York: Academic Press, (1975).

29.

Sarode

M.V.

, Ladhake

S.A.

and Deshmukh

P.R.

, Fuzzy system for color image enhancement, World Academy of Science, Engineering and Technology, (2008).

30.

Mohammadian

and Hatzinakos

, Data classification process for security and privacy based on a fuzzy logic classifier, International Journal of Electronic Finance 3(4) (2009), 374–386.

31.

Mohammadian

and Hatzinakos

, An adaptive intelligent fuzzy logic classifier for data security and privacy in large databases, Smart Data: Privacy Meets Evolutionary Robotics by Harvey, Springer, (2013), 161–172.

32.

Adeli

and Neshat

, A fuzzy expert system for heart disease diagnosis, Proceedings of the International Multi Conference of Engineers and Computer Scientists, (2010).

33.

Dmour

, Jumanah

, Sagahyroon

, Al-Ali

A.R.

and Abusnana

, A fuzzy logicâćĂŞbased warning system for patients classification, Health Informatics Journal 25(3) (2019), 1004–1024.

34.

Eke

C.I.

, Norman

A.A.

, Shuib

and Nweke

H.F.

, A survey of user profiling: state-of-the-art, challenges, and solutions, IEEE Access 7 (2019), 144907–144924.

35.

Bajtos

, Gajdos

, Kleinova

, Lucivjanska

and Sokol

, Network intrusion detection with threat agent profiling, Security and Communication Networks (2018).

36.

Yang

, Xu

and Chow

, Interest profiling for security monitoring and forensic investigation, In Australasian Conference on Information Security and Privacy, Springer, (2016), 457–464.

37.

Narayana

E.V.

, Bonu

V.S.

and Rao

G.M.

, PID Versus Fuzzy Logic Based Intelligent Controller Design for a Non Linear Satellites Attitude Control: Performance Analysis using MATLAB/Simulink, International Journal of Advanced Engineering Sciences and Technologies 11(1) (2011), 190–195.

38.

Chiang

T.C.

and Chen

C.H.

, Intelligent Three-High Diseases Home Warning System Based on Fuzzy Theory, Journal of Medical and Biological Engineering (2018), 1–16.

39.

Kotarba

, New factors inducing changes in the retail banking customer relationship management (CRM) and their exploration by the Fin Tech industry, Foundations of Management 8(1) (2016), 69–78.

40.

Pennathur

and Vishwasrao

, The financial crisis and bankâĂŞclient relationships: Foreign ownership, transparency, and portfolio selection, Journal of Banking Finance 42 (2014), 232–246.

41.

Novokreshchenova

A.O.

, Novokreshchenova

A.N.

and Terehin

E.S.

, Improving BankâĂŹs Customer Service on the Basis of Quality Management Tools, European Research Studies Journal 19(3) (2016), 19–38.

42.

Agarwal

, Chomsisengphet

, Liu

, Song

C.C.

and Souleles

N.S.

, Benefits of relationship banking: Evidence from consumer credit markets, Journal of Monetary Economics (2018).

43.

Tadic

, Aleksandar

, Predrag

, Hrvoje P

and Mirjana

, A model for evaluation of customer satisfaction with banking service quality in an uncertain environment, Total Quality Management Business Excellence 29(11) (2018), 1342–1361.

44.

Darzi

M.A.

and Suhail

A.B.

, Personnel capability and customer satisfaction as predictors of customer retention in the banking sector:Amediated-moderation study, International Journal of Bank Marketing (2018).

45.

Moliner

M.A.

, Monferrer

and Estrada

, Consequences of customer engagement and customer self-brand connection, Journal of Services Marketing (2018).

46.

Cremers

, The scyther tool, www.cs.ox.ac.uk/people/cas.cremers/scyther, (2016).

47.

Molnar

and Wagner

, Privacy and security in library RFID: Issues, practices, and architectures, Proceedings of the 11th ACM conference on Computer and Communications security, ACM, (2004), 210–219.

48.

Bassil

, El-Beaino

, Itani

, Kayssi

and Chehab

, PUMAP: A PUF-based ultra-lightweight mutual-authentication RFID protocol, International Journal of RFID Security and Cryptography (2012), 58–66.

49.

Kardas

, Celik

, Yildiz

and Levi

, PUF-enhanced offline RFID security and privacy, Journal of Network and Computer Applications 35(6) (2012), 2059–2067.

50.

Zhuang

, Zhu

and Chang

C.C.

, A New Ultralightweight RFID Protocol for Low-Cost Tags: R2AP, Wireless Personal Communications 79(3) (2014), 1787–1802.

51.

Dehkordi

M.H.

and Farzaneh

, Improvement of the hashbased RFID mutual authentication protocol, Wireless Personal Communications 75(1) (2014), 219–232.

52.

Akgn

and Alayan

M.U.

, Providing destructive privacy and scalability in RFID systems using PUFs, Ad Hoc Networks 32 (2015), 32–42.

TID	Unique identity of tag
K _T	Tag secret key
CID	Client or user identity
K _A	Secret of mobile Application
PW _C	Client mobile application password
QS	Query survey regarding client service request
r _i	Random strings generated by pseudo random generator for 1 ≤ i ≤ 4
M _i	Communicated messages for 1 ≤ i ≤ 11
h	Secure one way keyed hash function h (.) : {0, 1} ^* → {0, 1} ^l
t _i	Current time stamp for 1 ≤ i ≤ 2
ST	Communication channel from server to tag
TS	Communication channel from tag to server
SA	Communication channel from server to mobile application
AS	Communication channel from mobile application to server

Intelligent and secure RFID multilevel fuzzy inference system for client to banker profiling

Abstract

Keywords

1 Introduction

1.1 Motivation

1.2 Contribution

2 Preliminaries: Fuzzy classification system

Table 2 Matching profile agent rule base Matching output ω σ C1 σ C2 σ C3 σ B1 σ M1 σ M1 σ M2 σ B2 σ M2 σ M3 σ M4 σ B3 σ M4 σ M3 σ M3

Table 3 Case study results of θ α β γ δ η θ Case 1 3 2 4 2 5 2.09 Case 2 4 3 6 2 5 5 Case 3 9 4 8 5 7 7.98

5.1 System architecture

5.2 System procedure

6.1 Informal verification

6.2 Formal verification

Footnotes

Acknowledgment

References

Table 2
Matching profile agent rule base

Matching output ω σ _C1 σ _C2 σ _C3

σ _B1 σ _M1 σ _M1 σ _M2

σ _B2 σ _M2 σ _M3 σ _M4

σ _B3 σ _M4 σ _M3 σ _M3

Table 3
Case study results of θ

α β γ δ η θ

Case 1 3 2 4 2 5 2.09

Case 2 4 3 6 2 5 5

Case 3 9 4 8 5 7 7.98