08-09-2014, 04:28 PM
Cloud-based RFID Authentication
Cloud-based RFID.pdf (Size: 593.58 KB / Downloads: 12)
Abstract
Along with the development of cloud computing,
cloud-based RFID is receiving more and more attentions of
researchers and engineers. However, there is no research in
which cloud computing is applied to RFID authentication
schemes. Most current works lay emphasis on functionalities,
lacking considerations about security and privacy. Classical
RFID authentication schemes fail to meet the special security and
privacy requirements of cloud-based RFID. The basic postulates
of traditional backend-sever-based RFID authentication, i.e.
secure backend channel and entirely trustworthy database, are
no longer natively tenable in cloud-based RFID scenarios. In this
paper, a virtual private network agency is suggested to build
secure backend channels and to provide readers with anonymous
access to the cloud. The cloud database is structured as an
encrypted hash table. The first cloud-based RFID authentication
protocol preserving tag/reader privacy to database keepers is
proposed. Comparing with classical schemes, the proposed
scheme has advantages in deployment cost saving, pervasiveness
of authentication, scalability of O(1) complexity to verify a tag,
mobile reader holders’ privacy preserving, and database security
INTRODUCTION
RFID (Radio Frequency Identification) is a wireless
technology using radio signals to identify tagged objects
automatically and remotely. It has been widely used in supply
chain management, inventory control, contactless credit card,
and so on.
RFID authentication is a primary approach to secure an
RFID system and make it privacy-friendly. Identifying a tag
without authenticating it causes serious security issues.
Attackers may intercept, manipulate, replay messages from the
tag to pretend to hold the tagged object (like an ID smartcard).
There is an extensive literature addressed RFID
authentication schemes (see e.g. [1], [2]). Most of them are
backend-server-based, in which architecture a reader relays
signals from tags to a backend server; and the backend server
helps the reader to verify tags according to the backend
database. A basic assumption of the architecture is a reliable
and always accessible connection between the reader and the
backend server, which limits the reader’s mobility.
REVIEW AND REQUIREMENT
Traditional RFID authentication schemes are reviewed to
show their inapplicability to cloud-based applications in this
section. There are mainly two architectures of current schemes:
the backend-server-based, and the server-less
Reviews of Traditional RFID
The backend-server-based RFID is illustrated in Figure 1. It
is composed of tags, readers, and a backend server. The readers
are generally fixed. They identify and verify tags by querying
the backend server. Communications between readers and tags
are on frontend channels using public radio signals, thus,
considered to be insecure. Communications between readers
and the backend server are on backend channels which is
generally on private intranet, thus, considered to be secure.
Backend-server-based protocol designers only need to pay
attention to protect frontend communications without worrying
about the backend security. However, A major disadvantage of
the backend-server-based architecture is the limited mobility of
readers because of using private intranet connection to build a
secure and always accessible backend channel. It makes the
backend-server-based architecture inapplicable to the scenarios
in which readers are required to move across cities or even
countries.
Requirements of Cloud-based RFID
The rising cloud-based RFID is illustrated in Figure 3. It is
offered as a service of cloud computing to individuals and
organizations. It is composed of tags, readers, and a serving
cloud. The readers can be fixed or mobile, accessing the cloud
by wired or wireless connections. Backend servers are replaced
with a pervasive cloud which provides readers with data
storing and querying. Comparing with the traditional, the
cloud-based RFID has many advantages, meanwhile, is
challenged by special concerns over security and privacy.
Existing RFID authentication protocols are inapplicable to
cloud-based applications because of lacking two primary
capabilities.
THE PROPOSED SCHEME
The proposed cloud-based RFID authentication scheme is
illustrated in Figure 4. Readers anonymously access the cloud
through wired or wireless VPN connections. An encrypted
hash table is utilized to prevent clients’ (readers and tags)
secrets from revealing to the cloud. The first RFID
authentication protocol preserving readers and tags privacy
against an untrusted database keeper is proposed
VPN Agency
There are four kinds of participants in the proposed
scheme: i.e. tag owner, verifier, VPN agency, and cloud
provider. The order of connections is illustrated in Figure 5.
The tag owner and the verifier are frontend participants of
the proposed scheme. Tag owners are those own tagged items.
Verifiers are reader owners or holders. A tag owner and a
verifier can be identical sometimes. For instance, the tag owner
is also the verifier in a scenario that a person uses a PDA to
identify his/her tagged personal belongings. On the other hand,
in a scenario that a club identifies its members by
authenticating their smart ID cards, the tag owner is the
member to be identified, and the verifier is the club. The
security and privacy requirement of a tag-owner/verifier is the
infeasibility either to sniff out the TID/RID or to forge the tag's
/reader's messages.
COMPARISON, ANALYSIS, AND EVALUATION
The proposed scheme is analyzed and evaluated in this
section, comparing with two classical RFID authentication
schemes. One is Chien et al.'s backend-server-based protocol
using tags of EPC C1G2 (Class 1 Generation 2) standard [16].
The other is the first RFID server-less authentication protocol
proposed by Tan et al. [3]. These two protocols are very
representative, attracting lasting attention till today