An Enhanced Ultra-Lightweight Mutual Authentication Protocol for RFID: Securing Against Vulnerabilities with Optimized Performance

Using wireless methods, radio frequency identification (RFID) is an identifying technology that allows for object tracking and identification. RFID technology is now widely employed in a variety of fields, including security and healthcare. Governmental organizations and businesses were encouraged to use this technology into their applications due to its affordability and versatility.

An RFID system is made up of three primary parts: an RFID tags, an RFID reader, and a back-end server. An antenna is used to communicate between the RFID tags and readers, and integrated circuits (IC) is used for storage and computing. The RF module, control unit, and antenna are all part of the RFID reader. The reader or transceiver's job is to give the tag the energy it needs to function as well as the communication signals it needs to carry out particular tasks. The back-end server can handle hundreds of RFID tag queries since it has fast processing power and ample storage [1].

There are three categories for RFID tags: semi-active, active, and inactive. The semi-active tags have their own battery, but it is only used for the computing function; the active tags have their own battery, which is used for both transmission and computation. The passive tags, also known as low-cost RFID tags, do not have their own battery [2].

Due to their limited computational power and storage capacity, low-cost RFID tags are unable to carry out traditional security cryptography tasks. The computational capabilities of low-cost RFID tags are surpassed by the exorbitant power and memory needs of classic encryption algorithms and primitives. In order to improve the security of the RFID system with these obstacles, most researchers are tackling these issues by introducing UMAPs that simply employ basic bitwise operations.

1.1 RFID challenges

Among all automated identification systems (AIDs), RFID is the most widely used technology and maybe the most ubiquitous in history. Similar to other kinds of systems, RFID systems provide a number of dangers that make this technology very vulnerable to security breaches. A few elements of security threats are as follows:

1. Wireless channel: The RFID tags and readers' usage of radio waves as a communication channel leaves them open to eavesdropping and other types of malicious attack. As a result, encryption is used as a countermeasure to protect the information.
2. Bidirectional communication: The communication mechanism in RFID technology is bidirectional; RFID tags and readers are two parties that communicate with one another, and a certain protocol predetermines the communication channel. In contrast to other optical identification systems that use a specific identification sign, such as a barcode or QR code, etc., the protocol guarantees the secrecy and anonymity of the transactions. Furthermore, as noted by the previous studies [3, 4], there are numerous advantages of employing RFID technology in various sectors. Unauthorized readers have the ability to interact with RFID tags and retrieve information. To prevent assaults, researchers and developers provide mutual authentication mechanisms, allowing only authorized RFID readers to communicate with a specific tag.
3. Resources limitation: As previously indicated, RFID technology has become extensively utilized in recent times since it is less expensive than other automatic identifying technologies. As a result, RFID has a number of security problems. Therefore, it is essential to suggest secure, lightweight, or extremely lightweight alternatives for RFID technology.
4. Dense environment: There is a chance of a collision occurring when many RFIDs are transmitting signals to the reader concurrently on the same frequency. A dense reader environment results from the presence of several RFID readers in one area. The likelihood of a collision increases in this type of setting. The dense reader environment weakens system performance by reducing network throughput and increasing the likelihood of tag identification errors.
5. RFID attacks: Although the data exchanged between the reader and the tag is safe in most RFID systems, attacks can still occur. To prevent these attacks, the reader and tag authenticate one another using secret keys. It is possible for attackers to target RFID systems. Numerous attack types, including Desynchronization, Replay, Full-Disclosure, Denial of Service (DoS), and Eavesdropping attacks, can target RFID devices [5].

Since each of those difficulties raises a different kind of security risk, safe RFID authentication procedures must be implemented utilizing cryptography. In the past ten years, more than a thousand RFID authentication protocols have been presented [6].

1.2 Classification of UMAPs

The procedure of authentication involves an RFID tag demonstrating, through some indicator such as tag ID and secret keys, that it is an alleged identity for the RFID reader and back-end server. Physical solutions cannot facilitate this procedure; only RFID protocols may be used. There are two stages to the authentication process for RFID systems. In order to ensure that they are communicating with a valid partner, the RFID tags and RFID readers must first authenticate themselves before starting any connection. In order to verify the authenticity of the data received, the RFID tags and RFID readers exchange data during the second phase [7].

Two parties can verify each other's identities using mutual authentication. When the RFID reader and the RFID tag are both verifying each other, this happens. Before sharing any data or keys, the RFID tag and the RFID reader should conduct mutual authentication.

Cryptographic techniques must be used by RFID systems in order to establish safe RFID authentication protocols. RFID tags are not able to perform classical security cryptography operations like stream ciphers, AES, and hash functions due to their low processing capability and storage capacity [8].

Luo et al. [9] categorized RFID authentication protocols into four types according on the tags' capabilities:

1. Full-fledged: pertains to protocols that need to be supported by traditional cryptographic features, such as symmetric encryption [8, 10].
2. Simple: for protocols that enable random number generators on the tag and one-way hashing methods.
3. Light-weight: for protocols that do not allow hashing functions but do support simple functions like the Cyclic Redundancy Code checksum (CRC) and random numbers generator [2, 9, 11].
4. Ultra-lightweight: describes protocols that don't use anything more complicated than basic bitwise operations (like OR, AND, XOR, etc.) on tag [1, 12, 13].

In spite of the limitations of passive RFID tags (low-cost tags), the hash functions have been used by most of the proposed protocols [14-16], therefore, engineers are confronted by non-trivial problem when trying to implement cryptographic hash functions with only 250-4K gates [17, 18].

Because of their extremely limited capabilities and the extensive use that is anticipated of them, ultra-lightweight protocols provide a challenging security problem. Because using an RFID tag that uses a protocol based on basic bitwise operations to safeguard sensitive data, such as credit card numbers, health information, or e-passport information, may be difficult. This problem has drawn attention from researchers, and as a result, numerous novel ultra-lightweight techniques are put forth annually. The current Ultra-Lightweight protocol is insufficiently secured, despite the fact that numerous additional protocols are being developed [19].

1.3 Problem statement

The widespread of radio frequency identification (RFID) systems is significantly hindered by serious security and privacy vulnerabilities, especially in low-cost RFID tags. Traditional security mechanisms often unsuitable for low-cost RFID tags due to limited processing power and memory capacity. As attackers exploit these weaknesses, there is an urgent need for effective ultra-lightweight mutual authentication protocols that can operate within such limitations. Current ultra-lightweight mutual authentication protocols, specifically designed for resource-constrained environments, demonstrate considerable shortcomings. These include vulnerabilities to desynchronization, full-disclosure attacks, and inadequate defenses against tracking and impersonation. These flaws stem from reliance on weak cryptography functions, inefficient use of random nonces, and lack of robust alternative methods and consequently, these protocols many of them fail to provide effective mutual trust or provide excessive demands on RFID tags, compromising their feasibility in real-world applications.

1.4 Contributions

This article’s main contributions are as follows:

• Security analysis of existing UMAPs: In this paper, we conducted a comprehensive review of existing UMAPs, to identify their weaknesses and vulnerabilities. Our analysis emphasized issues such as de-synchronization attacks, which undermine the reliability and security of these protocols. By examining the structural and operational aspects of current UMAPs, we highlighted the critical areas where these protocols fail to provide robust protection, thereby paving the way for the development of more secure solutions.
• Mutual authentication: The proposed protocol ensures mutual authentication between legitimate entities, including the back-end server, RFID readers, and RFID tags, by utilizing indicators such as tag IDs and secret keys.
• Privacy: The proposed protocol ensures anonymity for RFID tags, keeping their data secure from unreliable third parties during transmission. It also guarantees untraceability by avoiding static or linked data that could allow tracking across sessions.
• Security: The proposed protocol is designed to resist desynchronization attacks, addressing vulnerabilities in the wireless communication channel between RFID readers and tags.
• Performance: The proposed protocol is optimized for RFID tags by minimizing storage space requirements, employing ultra-lightweight cryptographic functions, and reducing the number of communication messages needed for authentication.

The rest of the paper is structured as follows: In Section 1, we explain the most important challenges that is faced by this technology and summarization of the classification of authentication protocols based on the ability of tags is provided. In Section 2, the security analysis of several RFID UMAPs is presented. Section 3 describes the design of a new ultralight-weight mutual authentication protocol. The assumptions that we assumed, the new protocol’s features, the notation used, and the description of the proposed protocol are explained. Section 4 describes the security analysis for the proposed protocol in terms of formal and informal analysis to prove the authenticity, privacy, and secrecy between the RFID tags and the back-end server by using official tools Scythe and AVISPA. Performance analysis of the proposed protocol depending on the storage cost, communication messages, and resistance to de- synchronization attacks is presented in Section 5. Section 6 describes the conclusion of this paper.

1.png

Identification phase

• Step 1. Reader: The authentication protocol starts with the RFID reader’s side by generates random number n1 and computes message M1 then send M1 to the RFID tag.

$M 1=(S D \oplus n 1)$                 (1)

• Step 2. Tag: From the message M1, the tag will obtain the random number n1 and computes two messages as follows:

$T_{S 1}^{\prime}=\left(n 1 \oplus T_{S 1}\right) \wedge(n 1 \oplus S I D)$                 (2)

$M 2=\left(S I D \oplus T_{S 1}^{\prime}\right)$                    (3)

$M 3=\left(I D S_{\text {new }} \oplus T_{S 1}^{\prime}\right)$                       (4)

$M 4={Rot}\left(K 1_{\text {new }} \oplus T_{S 1}^{\prime}, K 2_{\text {new }}\right)$                  (5)

And sends M2, M3, and M4 to the RFID reader.

• Step 3. Reader: After received M2, M3 and M4 the reader forwards these messages to the server.

Server authentication and update phase

• Step 1. The server XORs its local value SID with the received M2 to get T_S1.
• Step 2. For all the stored IDS, the server computes M3′ = IDS $\oplus$ TS1 until it finds the matching with received M3:

- If IDS=IDS_new then st=new, (IDS_new, K1_new, K2_new) and re-computes M4′=Rot (K1_new $\oplus$ T_S1, K2_new) in order authenticate the RFID tag.

- If IDS=IDS_old then st=old, (IDS_old, K1_old, K2_old) and re-computes M4′=Rot(K1_old $\oplus$ T_S1, K2_old) in order authenticate the RFID tag.

- Else if the server doesn’t find any match with IDS in the database or M4′, M4, then the server sends an ending notification to the reader in order to terminate this session.

• Step 3. The server computes M5 as follows:

$K 1^{\prime}={Rot}\left(K 1_{s t} \oplus n 1, I D S_{s t}\right)$                   (6)

$K 2^{\prime}={Rot}\left(K 2_{s t} \oplus T_{s 1}, I D S_{s t}\right)$                  (7)

$M 5={Rot}\left(K 1_{s t} \oplus K 2^{\prime}\right) \wedge\left(K 1^{\prime} \oplus K 2_{s t}\right)$                     (8)

• Step 4. The server transmits M5 to the reader, in turn sends M5 to the tag.
• Step 5. The server’s data updates as follows:

- If st=new

$I D S_{\text {old }}=I D S_{\text {new }}$                  (9)

$I D S_{\text {new }}=(I D S \oplus I D) \vee\left(n 1 \oplus T_{s 1}\right)$                   (10)

$K 1_{ {OLD }}=K 1_{ {new }}, K 1_{ {new }}=K 1^{\prime}$                (11)

$K 2_{{OLD }}=K 2_{ {new }}, K 2_{ {new }}=K 2^{\prime}$                (12)

- Else if st=old where the IDS is found in $IDS_{old}$: No update

Tag authentication and update phase

• Step 1. After received M5 the RFID tag checks if received M5=M5′

$K 1^{\prime}={Rot}\left(K 1_{\text {new }} \oplus n 1, I D S_{n e w}\right)$                    (13)

$K 2^{\prime}={Rot}\left(K 2_{\text {new }} \oplus T_{s 1}, I D S_{\text {new }}\right)$                    (14)

$M 5^{\prime}=\left(K 1_{\text {new }} \oplus K 2^{\prime}\right) \wedge\left(K 1^{\prime} \oplus K 2_{\text {new }}\right)$                      (15)

• Step 2. If the RFID tag find matching between received M5 and computed M5′, then the RFID tag authenticated the back-end server and updates its values to:

$I D S_{\text {new }}=(I D S \oplus I D) \vee\left(n 1 \oplus T_{s 1}\right)$                       (16)

$K 1_{\text {new }}=K 1^{\prime}, K 2_{\text {new }}=K 2^{\prime}, T_{S 1}=T_{S 1}^{\prime}$                   (17)

Else if M5 is not received, or the computed M5′ is not equal to the received M5, the RFID tag neglects all previous steps and keeps all current values unchanged.

Table 4. Comparison of communication and storage metrics for UMAPs and our proposed protocol

Table 5. Execution times of operations

Table 6. Comparison of protocols' computational overhead and execution time