A realistic lightweight authentication protocol preserving strong anonymity for securing RFID system

Radio Frequency Identification (RFID) system is a contactless automatic identification system using small, low-cost RFID tag to an animate or inanimate object. Because of the advantage of simultaneous recognition of massive amounts of information, it is expected to replace the traditional bar-code system. However, two major issues with an RFID system are: i) an adversary can access the tag information, which may cause privacy and forgery problems; the computational capability of the RFID tags is very limited. Although, to deal with these issues, impressive efforts have been made by designing anonymous authentication schemes with the help of lightweight cryptographic primitives such as one way hash function, symmetric key encryption/decryption, exclusive-OR. However, to the best of our knowledge none has succeeded so far. In this article, we take an initial step to shed light on the rationale underlying this prominent issue. In order to do that, we will first demonstrate that the existing lightweight cryptographic primitive based anonymous authentication protocols in RFID systems are impractical. Subsequently, we propose a realistic lightweight authentication protocol for RFID system, which can ensure various imperative security properties such as anonymity of the RFID tag, untraceability, forward security etc. (C) 2015 Elsevier Ltd. All rights reserved.