Sage Journals: Discover world-class research

Abstract

With the rapid developments of the IoT (Internet of Things) and the cloud computing, cloud-based RFID systems attract more attention. Users can reduce their cost of deploying and maintaining the RFID system by purchasing cloud services. However, the security threats of cloud-based RFID systems are more serious than those of traditional RFID systems. In cloud-based RFID systems, the connection between the reader and the cloud database is not secure and cloud service provider is not trusted. Therefore, the users have to encrypt their data stored in the cloud database to prevent the leakage of privacy. In addition, the reader's location privacy should be protected to avoid its leak to the cloud provider. In this paper, a cloud-based RFID mutual authentication protocol without leaking location privacy to the cloud is proposed. It provides real-time mutual authentication between the reader and the tag and protects the reader's location privacy by introducing the location privacy cloud. Compared with traditional backend-server-based schemes and serverless schemes, the proposed scheme has obvious advantages in deployment cost, scalability, real-time authentication, and the tag's computational complexity.

1. Introduction

RFID (radio frequency identification) is a key technology of the IoT for identifying the objects in a noncontact way. It is widely used in the fields of manufacture, retail, medical treatment, transportation, tracking, and location because the RFID tag is low in price, small in size, and easy to take. Besides, massive tags can be read simultaneously compared with bar codes. However, once the object is labeled a tag, the data privacy and the owner's location privacy would be threatened. So the owner's location privacy and security protection are the prerequisites for popularizing the RFID technology.

The traditional RFID system is composed of tags, readers, and a backend database, as seen in Figure 1. The reader activates the tag by sending the RF signals to communicate and exchange information with it in a noncontact way and submits the relevant data to the backend database. There are a lot of authentication schemes under this architecture [1–3]. These authentication schemes always assume that there is a secure backend server and the link between the reader and the backend server is reliable. For instance, Wei et al. [1] proposed a mutual authentication protocol based on hash function and Dong et al. [2] proposed a mutual authentication protocol based on SHA-3. In their schemes, the backend server needs to search the matching records by computing hash function; the computing ability of the backend server will be the bottleneck of the system. He et al. [3] proposed an ECC based authentication scheme in which the tag needs to compute scalar multiplication over the elliptic curve, so it does not satisfy the requirements of the lightweight tag. What is worse is that the backend-server-based architecture limits the mobility of the reader and the cost of deploying and maintaining the backend server is high.

Figure 1

The architecture of the backend-server-based schemes.

The serverless architecture consists of three kinds of entities: readers, tags, and a Certificate Authority (CA). Readers authenticate tags via the help of online CA, as seen in Figure 2. Each tag registers in the CA and each authorized reader downloads the Access List (AL) from the CA through a secure channel during the initialization process. For example, Lee et al. [4] proposed a serverless RFID authentication and search protocol. Hoque et al. [5] proposed enhancing privacy and security of RFID system with serverless authentication and search protocols in pervasive environments. Tan et al. [6] proposed a secure and serverless RFID authentication and search protocol. In the serverless system, the reader is able to move, but it only provides offline authentication and the computing ability of the reader is limited. What is worse is that if the reader is stolen, the AL stored in it could be used to forge tags.

Figure 2

The architecture of the serverless schemes.

With the development of the IoT, massive objects need to be identified by using RFID technology, thus forming big data of RFID applications. In the backend-server-based RFID systems, the computing ability of the backend server will be a bottleneck of the whole system when it receives massive authentication requests simultaneously. In the serverless RFID schemes, all the operations are conducted by the reader; the computing ability and storage capacity are more limited than those of the server-based RFID systems.

With the rapid development of cloud computing, cloud-based RFID systems attract more attention. There are several schemes which addressed the cloud-based RFID system [7–11]. Dabas and Gupta [7] proposed an architecture framework for the existing RFID systems melded with the cloud computing paradigm. Yuan and Li [8] built a cube model of RFID middleware data processing based on cloud computing. Chattopadhyay et al. [9] proposed a web based RFID asset management solution established on cloud services. Chu and Wu [10] designed a hybrid building fire evacuation system (HBFES) on a mobile phone using RFID techniques and cloud computing. However, most of them are focused on their functionalities rather than the security. Actually the security threats of cloud-based RFID systems are more serious than those of traditional RFID systems. In cloud-based RFID systems, the connection between the reader and the cloud database is not secure and cloud service provider is not trusted. To solve these problems, Xie et al. [12] proposed a cloud-based RFID authentication protocol in 2013. Abughazalah et al. [13] proposed a secure improved cloud-based RFID authentication protocol. Lin et al. [14] proposed a cloud-based authentication protocol for RFID supply chain systems. In all the above schemes, the computational complexity of the tag is high and they do not protect the reader's location privacy.

In this paper, a lightweight cloud-based RFID mutual authentication protocol without leaking location privacy to the cloud is proposed. A global encrypted hash table (EHT) corresponding to the encrypted RFID tags' information is stored in the cloud database. It provides real-time mutual authentication between the reader and the tag and protects the reader's location privacy by introducing the location privacy cloud which is not able to read the RFID data. Compared with traditional backend-server-based schemes and serverless schemes, the proposed scheme has obvious advantages in deployment cost, scalability, real-time authentication, and the tag's computational complexity.

The rest of the paper is organized as follows. Section 2 reviews the cloud-based RFID authentication schemes. The proposed authentication framework is given in Section 3. In Section 4, the proposed cloud-based RFID mutual authentication protocol is given. In Section 5, the security and the performance of the proposed protocol are analyzed. Section 6 concludes the paper.

2. Related Work

In this section, we will briefly review the cloud-based RFID authentication schemes and point out some disadvantages of them. Usually, the cloud-based RFID system is composed of a cloud server (cloud database), readers, and tags, where the reader is able to move and the RFID data is stored in the cloud database. There are several cloud-based RFID systems.

Xie et al. [12] proposed a cloud-based RFID authentication protocol. They used a Virtual Private Network (VPN) agency to guarantee the reliable connection between the reader and the cloud database. However, the cost of deploying and maintaining the VPN agency is high and this architecture is not suitable for SMEs (Small and Medium Enterprises). If the VPN agency is not maintained by the user, it is likely to expose the business information of the enterprise to the VPN agency. The protocol works as follows: (i)

The tag sends $H (R ∥ T ∥ S)$ and a request to the reader.

(ii)

The reader reads the cipher text $E (R ∥ T ∥ S)$ indexed by $H (R ∥ T ∥ S)$ from the cloud, decrypts it, and gets T and S. Then the reader generates a random number $N r$ as a challenge to the tag.

(iii)

The tag calculates $H (R ∥ T ∥ N r)$ as a response and a random nonce $N t$ as its challenge to the reader.

(iv)

The reader verifies $H (R ∥ T ∥ N r)$ , sends queries to the cloud, and checks answers, until finding the last valid record, assuming its SID is M. Then the reader computes $H (R ∥ T ∥ M^{'})$ and $E (R ∥ T ∥ M^{'})$ to notify the cloud to begin the update, where $M^{'} = M + 1$ .

(v)

The cloud adds the new record into the EHT, computes $H (R ∥ T ∥ M^{'}) \oplus H (E (R ∥ T ∥ M^{'}))$ , and sends it to the reader.

(vi)

The reader confirms the updating is successful and computes $H (R ∥ T ∥ N t) \oplus M^{'}$ and $H (T ∥ R ∥ M^{'})$ to notify the tag to begin the update.

(vii)

The tag calculates $H (R ∥ T ∥ N t)$ XOR with the received $H (R ∥ T ∥ N t) \oplus M^{'}$ to obtain $M^{'}$ , and then it calculates and verifies $H (T ∥ R ∥ M^{'})$ .

The weakness of Wei's cloud-based RFID authentication protocol was pointed out by Abughazalah et al. [13]. The authors find that Wei's authentication protocol suffers from reader impersonate attack and tag's location tracking attack. And the authors proposed a secure improved cloud-based RFID authentication protocol. They assume that the communication channel between the reader and the cloud server is secure, but this assumption is not suitable for the mobile readers.

Lin et al. [14] proposed a cloud-based authentication protocol for RFID supply chain systems. In their scheme, the system is composed of tags, readers, a cloud server, and a trust party. The authentication protocol cannot resist old key compromise attack. Its key update used a simple XOR operation, ${K e y}_{n e w} = K e y \oplus h (r_{T})$ , where $h ()$ is a hash function and $r_{T}$ is a random number. When the adversaries obtained the old key, they can impersonate and track the key update. Therefore, this scheme does not achieve the forward security.

Furthermore, all the above schemes do not protect the reader's location privacy; the leakage of the reader's location privacy will expose the business information of the company.

3. Our Authentication Framework

In this section, we describe our authentication framework. It provides the location privacy protection for the reader to access the cloud database.

3.1. System Components

The framework is illustrated in Figure 3.

Figure 3

The authentication framework.

Tag. The tag is used to label the object. Its identity, ${i d}_{T}$ , and secret key, Key, are stored in the tag, and it is able to generate random numbers and conduct the bitwise XOR and hash operation.

Reader. The reader can move freely. In the reader, its identity $i d_{R}$ and the key $k R C$ shared by the reader and the cloud server are stored. The reader is able to generate random numbers and conduct the bitwise XOR, hash operation, and symmetric encryption and decryption.

Location Privacy Cloud. Location privacy cloud is an infrastructure of IoT. It is maintained by a trusted third party or an organization that provides privacy service like the public platform of IoT. It is composed of several public access points; one of them is called edge access point which connects to the cloud database directly, and the others are called general access points. The edge access point needs to support random numbers generation and symmetric encryption and decryption.

Cloud Server. The cloud server needs to provide service on demand. It stores the new EHT pairs and the old EHT pairs in the cloud database. The cloud server needs to support query and update of the RFID tag records and have the ability to calculate message authentication code (MAC).

3.2. The Location Privacy Mechanism of the Reader to the Cloud Database

In the following, we suppose the user $U_{A}$ is a small company and $U_{A}$ manages the sales of goods using RFID technology. In order to save maintenance costs, $U_{A}$ purchases cloud database service from the cloud service provider and applies for accessing the cloud database via the location privacy cloud in which there are some general access points that provide public access services for RFID readers. Generally, a company has one or more mobile readers to identify their tags with the help of the cloud database.

The mobile reader belongs to the user and its IP address is denoted by $I P_{R}$ . When the user purchases cloud database service, the cloud server shares a key $k R C$ with the reader. And the reader needs to store the IP address $I P_{C l o u d A}$ of the cloud server. The cloud database which provides cloud service for the user $U_{A}$ is called CloudA, and the IP address is $I P_{C l o u d A}$ .

In order to protect the location privacy of the reader, we design the following message transmission mechanism between the reader and the cloud database.

3.2.1. The Reader Sends Message $m_{1}$ to the Cloud Server

As shown in Figure 3, assume that the reader registers to the general access point AP₁ (its corresponding IP Address is IP₁); it will send the message $m_{1}$ to the cloud server by IP packets, where each IP packet is like the structure shown in Figure 4.

Figure 4

IP packet.

Under this structure, the reader's packet can be denoted by ${I P}_{R} ∥ I P_{C l o u d A} ∥ \dots ∥ m_{1}$ . When AP₁ receives the packet, it adds its IP address IP₁ to the loose source route field of the packets, namely, ${I P}_{R} ∥ I P_{C l o u d A} ∥ {I P}_{1} ∥ \dots ∥ m_{1}$ , and then AP₁ sends the packets to the cloud server by other general access points. When the packet routes to the edge access point AP₂, AP₂ adds its IP address IP₂ to the loose source route field of the packets, namely, ${I P}_{R} ∥ I P_{C l o u d A} ∥ {I P}_{1} ∥ {I P}_{2} ∥ \dots ∥ m_{1}$ . Then AP₂ generates a random number r and encrypts ${I P}_{R}$ and IP₁, respectively. Hence, the packet is $E (r ∥ {I P}_{R}) ∥ I P_{C l o u d A} ∥ E (r ∥ {I P}_{1}) ∥ {I P}_{2} ∥ \dots ∥ m_{1}$ . If the reader registers to the edge access point AP₂ directly, in order to protect the location privacy, AP₂ will construct the packets like $E (r ∥ {I P}_{R}) ∥ I P_{C l o u d A} ∥ E (r ∥ {I P}_{2}) ∥ {I P}_{2} ∥ \dots ∥ m_{1}$ . Finally, AP₂ sends packets to the CloudA.

3.2.2. The Cloud Server Sends Message $m_{2}$ to the Reader

Firstly, the cloud server sends the response packet $I P_{C l o u d A} ∥ E (r ∥ {I P}_{R}) ∥ {I P}_{2} ∥ E (r ∥ {I P}_{1}) ∥ \dots ∥ m_{2}$ to AP₂, where $E (r ∥ {I P}_{1})$ may be $E (r ∥ {I P}_{2})$ if the reader registers to the edge access point AP₂ directly. AP₂ retrieves the loose source route field and destination ${I P}_{R}$ by decrypting $E (r ∥ {I P}_{1})$ , $E (r ∥ {I P}_{R})$ and then sends the packet to the mobile reader through the registered general access point AP₁.

Through the above process, the location privacy of the mobile reader is protected because the cloud server cannot obtain the information which the routing packet comes from. So it provides the location privacy protection transmission for the reader to access the cloud database.

4. The Proposed Cloud-Based RFID Mutual Authentication Protocol

The location privacy mechanism provides a privacy channel for the mobile reader to the cloud server. We propose an RFID mutual authentication protocol based on the above channel.

4.1. Notations

The notations are listed in the Notations.

4.2. Initial Phase

The tag stores its identity, $i d_{T}$ , and secret key, Key, and calculates $H (K e y ∥ i d_{T})$ . The cloud database stores the EHT ${H_{o l d} (i d_{T} ∥ K e y), E_{o l d} (i d_{T} ∥ K e y)}$ , ${H_{n e w} (i d_{T} ∥ K e y), E_{n e w} (i d_{T} ∥ K e y)}$ in the cloud database. And the old record and the new record are set to the same value. The reader shares the key $k R C$ with the cloud server.

4.3. The Authentication Phase

The proposed RFID mutual authentication is illustrated in Figure 5. The authentication process is as follows.

Figure 5

The proposed RFID mutual authentication.

(1) R→T: $R e q u e s t ∥ r_{1}$ .

The mobile reader generates a random number $r_{1}$ and sends $R e q u e s t ∥ r_{1}$ to the tag.

(2) T→R: $r_{2} ∥ H^{'} (K e y ∥ {i d}_{T}) ∥ M_{1}$ .

The tag generates a random number $r_{2}$ , calculates $H^{'} (K e y ∥ {i d}_{T})$ and $M_{1} = H (K e y ∥ {i d}_{T} ∥ r_{1})$ , and sends $r_{2} ∥ H^{'} (K e y ∥ {i d}_{T}) ∥ M_{1}$ to the reader.

(3) R→C: $U_{A} ∥ {i d}_{R} ∥ H^{'} (K e y ∥ {i d}_{T}) ∥ {M A C}_{k R C}$ .

The reader stores $M_{1}$ and sends $U_{A} ∥ {i d}_{R} ∥ H^{'} (K e y ∥ i d_{T}) ∥ {M A C}_{k R C}$ to the cloud server.

$U_{A}$ denotes the identity of the user with which the cloud server only needs to search for the data belonging to the user, which is able to improve the efficiency of the searching operation. $M A C_{k R C}$ denotes the message authentication code with the shared key $k R C$ .

(4) C→R: $E_{k} (K e y ∥ {i d}_{T}) ∥ {M A C}_{k R C}$ .

If ${M A C}_{k R C}$ is authenticated by the cloud with $k R C$ , the cloud server extracts $H^{'} (K e y ∥ {i d}_{T})$ and searches the record stored in the cloud database. The results include three possible cases as follows.

Case 1. There is no matching record; the authentication is failed.

Case 2. If $H (K e y ∥ {i d}_{T})$ equals $H^{'} (K e y ∥ {i d}_{T})$ , it indicates that both the cloud server and the tag carried out the update normally last time. Then the cloud server sends $E_{k} (K e y ∥ {i d}_{T}) ∥ {M A C}_{k R C}$ to the reader.

Case 3. If $H ({K e y}_{o l d} ∥ {i d}_{T})$ equals $H^{'} (K e y ∥ {i d}_{T})$ , it indicates that the cloud server carried out the update normally, while the tag did not renew its key last time. Then the cloud server sends $E_{k} ({K e y}_{o l d} ∥ {i d}_{T}) ∥ {M A C}_{k R C}$ to the reader.

(5) R→C: $H ({K e y}_{n e w} ∥ {i d}_{T}) ∥ E_{k} ({K e y}_{n e w} ∥ {i d}_{T}) ∥ H (K e y ∥ {i d}_{T}) ∥ E_{k} (K e y ∥ {i d}_{T}) ∥ {M A C}_{k R C}$ .

The reader decrypts $E_{k} (K e y ∥ {i d}_{T})$ to get Key and ${i d}_{T}$ , and it checks whether $H (K e y ∥ {i d}_{T} ∥ r_{1})$ equals $M_{1}$ . If it succeeds, the tag is authenticated by the reader. Then it calculates ${K e y}_{n e w} = H (K e y ∥ r_{1} ∥ r_{2})$ , $H ({K e y}_{n e w} ∥ {i d}_{T})$ , and $E_{k} ({K e y}_{n e w} ∥ {i d}_{T})$ . And it sends $H ({K e y}_{n e w} ∥ {i d}_{T}) ∥ E_{k} ({K e y}_{n e w} ∥ {i d}_{T}) ∥ H (K e y ∥ {i d}_{T}) ∥ E_{k} (K e y ∥ {i d}_{T}) ∥ {M A C}_{k R C}$ to the cloud server.

(6) C→R: ACK message.

The cloud server checks ${M A C}_{k R C}$ and updates the corresponding records. Then it sends the ACK message to the reader.

(7) R→T: $H ({i d}_{T} ∥ {K e y}_{n e w}) ∥ H (K e y ∥ r_{2}) \oplus {K e y}_{n e w}$ .

When the reader receives the ACK message, it calculates $H ({i d}_{T} ∥ {K e y}_{n e w})$ and $H (K e y ∥ r_{2}) \oplus {K e y}_{n e w}$ to the tag.

(8) The tag extracts ${K e y}_{n e w}$ and verifies $H ({i d}_{T} ∥ {K e y}_{n e w})$ . If it holds, the reader is authenticated by the tag. Then the tag updates $K e y = {K e y}_{n e w}$ and stores $H ({i d}_{T} ∥ {K e y}_{n e w})$ for the next run.

5. Analysis of the Proposed Scheme

In this section, we will analyze the security and performance of the proposed protocol. We use AVISPA tool to verify the security and compare the security and performance of the proposed protocol with those of the other two cloud-based authentication protocols.

5.1. Analysis of the Security Goals

Our protocol provides mutual authentication between the tag and the reader, which achieves the following security goals.

Tag Tracking. In each time of the authentication, the tag and reader generate random numbers $r_{2}$ and $r_{1}$ , respectively. The tag's responses are changed in each session using the updated tag's secret and fresh random numbers. After receiving the request, $R e q u e s t ∥ r_{1}$ , the tag computes $M_{1} = H (K e y ∥ {i d}_{T} ∥ r_{1})$ , $H (K e y ∥ {i d}_{T})$ and sends $r_{2}, M_{1}, H (K e y ∥ {i d}_{T})$ to the reader; thus the attacker obtains new different responses every time when he/she eavesdrops on a session. So he/she cannot track the tag.

Mutual Authentication. Mutual authentication means that the tag and the reader could authenticate each other in the execution of the authentication. In the proposed scheme, the reader authenticates the tag by checking the correctness of $M_{1}$ and the tag authenticates the reader by checking the correctness of $H ({i d}_{T} ∥ {K e y}_{n e w})$ .

Forward Security. Forward security means that an adversary cannot obtain previous key by an entity even if he/she compromises it. In the proposed protocol, the Key begins the update by computing hash function of the random numbers and ${K e y}_{o l d}$ , and the adversary cannot impersonate the process of the update. So the adversary cannot figure out the previous Key even if he/she intercepts a lot of messages.

Location Privacy of the Reader. In our scheme, we introduce a location privacy cloud which can protect the reader's location information from leaking to the cloud server and the adversary.

Replay Attack. Having intercepted previous communication, the attacker can replay the same message of the receiver or the sender to pass the verification of the system. However, the random numbers and the secret key are different in each session and there is no regular pattern to follow for the adversary. The replay attack will fail in the proposed protocol.

Desynchronization Attack. During a successful tag query, both the reader and the tag are in synchronization. In fact, the adversary can hamper the communication between the reader and the tag so that the keys stored in the database and the tag will be out of sync. In the proposed protocol, the cloud database stores ${H_{o l d} ({i d}_{T} ∥ K e y), E_{o l d} ({i d}_{T} ∥ K e y)}, {H_{n e w} ({i d}_{T} ∥ K e y), E_{n e w} ({i d}_{T} ∥ K e y)}$ pairs. So when the adversary interrupts the update process of the session, it will recover to synchronization in the next run.

5.2. The Formal Security Verification under the AVISPA Tool

In our analysis, we have used a formal verification tool called AVISPA (Automated Validation of Internet Security Protocols and Applications) [15]. It is considered the best suitable one for verifying security properties [16]. It provides a modular and expressive formal language for specifying protocols and their security properties and integrates different backends that implement a variety of automatic protocol analysis techniques. AVISPA requires the protocol specification to be written in HLPSL (High Level Protocol Specification Language), which is then provided as an input to the tool. User establishes a secure analysis model by inputting participant identification, operating environment, attacker's ability, and goals of the protocol.

We describe the interactive process of the proposed protocol in HLPSL and define the ability of the adversary. The specification of the proposed protocol contains three basic roles: the tag, the reader, and the cloud database. Each role contains a list of global and local variables and it defines transitions that usually describe the receipt of a message and the sending of a reply. Once roles are defined, we have added the protocol session, the environment section, and the list of declarations goals for security properties. The adversary can obtain the hash function and all the random numbers in our definition.

We verify the security of the proposed protocol and the result shows that it is safe. The HLPSL code and the result are shown in the appendix.

5.3. Security Comparisons

Security comparisons between the proposed protocol and the other schemes are listed in Table 1.

Table 1

Security comparisons.

	[12]	[13]	[14]	The proposed protocol
Tag tracking	No	Yes	Yes	Yes
Mutual authentication	Yes	Yes	Yes	Yes
Forward security	Yes	Yes	No	Yes
Location privacy of the reader	No	No	No	Yes
Replay attack	Yes	Yes	Yes	Yes
Desynchronization attack	Yes	Yes	Yes	Yes

5.4. Performance and Cost Comparisons

We analyze the performance of our method in terms of tag's computation cost, tag's storage spaces, tag's communication message, the efficiency of the cloud database, and so forth. Performance comparisons between the proposed protocol and the other existing schemes are listed in Table 2.

Table 2

Performance comparisons.

	[12]	[13]	[14]	The proposed protocol
Tag's computation cost	$4 h + 1 r + 1 xor$	$5 h + 1 r + 2 xor$	$4 h + 2 r + 7 xor$	$3 h + 1 r + 1 xor$
Tag's storage spaces	$3 L$	$2 L$	$4 L$	$2 L$
Tag's communication message	3l	3l	3l	3l
Efficiency of the cloud database	Low	Low	Medium	High
Deployment cost	High	Medium	Medium	Low

h: the computing cost of a hash function; r: the computing cost of generating a random number; L: the length of the tag's identity and secret; l: the length of the hash output; xor: the computing cost of a bitwise XOR operation.

By analyzing and comparing these schemes in security and performance, our method not only meets the security requirements, but also has advantages in deployment cost, tag's computation cost, and the efficiency of the cloud database.

6. Conclusion

In this paper, we proposed an RFID mutual authentication protocol based on location privacy cloud. Our scheme not only protects the reader's location privacy, but also has advantages in security and performance. Compared with the existing cloud-based RFID systems, our proposed scheme is more efficient in terms of communication overhead and memory requirement while offering higher level of security. We proved that our proposed scheme is secure against the relevant attacks and also ensures a higher security level and good performance compared with the existing similar schemes. In the future work, we will expand the location privacy cloud to an RFID public access platform to provide more services.

Footnotes

Notations

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgment

This work is supported by the National Natural Science Foundation of China (nos. 61373172,61402353).

References

Wei

C.-H.

Hwang

M.-S.

Chin

A. Y.-H.

A mutual authentication protocol for RFID

IT Professional 2011 13 2 20 24

5735591

10.1109/MITP.2011.17

2-s2.0-79953083437

Dong

Zhang

Wei

A SHA-3 based RFID mutual authentication protocol and its implementation

Proceedings of the IEEE International Conference on Signal Processing, Communications and Computing (ICSPCC ′13)

August 2013

Kunming, China

10.1109/icspcc.2013.6663868

2-s2.0-84892523539

Kumar

Chilamkurti

Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol

Journal of Medical Systems 2014 38, article 116

10.1007/s10916-014-0116-z

Lee

C.-F.

Chien

H.-Y.

Laih

C.-S.

Server-less RFID authentication and searching protocol with enhanced security

International Journal of Communication Systems 2012 25 3 376 385

10.1002/dac.1246

2-s2.0-84857647179

Hoque

M. E.

Rahman

Ahamed

S. I.

Park

J. H.

Enhancing privacy and security of RFID system with serverless authentication and search protocols in pervasive environments

Wireless Personal Communications 2010 55 1 65 79

10.1007/s11277-009-9786-0

2-s2.0-78149282448

Tan

Sheng

Secure and server-less RFID authentication and search protocols

IEEE Transactions on Wireless Communications 2008 7 4 1400 1407

10.1109/twc.2008.061012

Dabas

Gupta

J. P.

A cloud computing architecture framework for scalable RFID

Proceedings of the International Multi-Conference of Engineers and Computer Scientists (IMECS ′10)

March 2010

Hong Kong, China

441 444

Yuan

Z.-W.

Research on data processing of RFID middleware based on cloud computing

Proceedings of the 5th International Conference on Rough Set and Knowledge Technology (RSKT ′10)

2010

Beijing, China

663 671

Chattopadhyay

Prabhu

B. S.

Gadh

Web based RFID asset management solution established on cloud services

Proceedings of the IEEE International Conference on RFID-Technologies and Applications, Collocated with the IEEE MTT-S International Microwave Workshop Series on Millimeter Wave Integration Technologies (RFID-TA-IMWS ′11)

September 2011

Sitges, Spain

IEEE

292 299

10.1109/RFID-TA.2011.6068652

10.

Chu

S.-J.

An integrated building fire evacuation system with RFID and cloud computing

Proceedings of the 7th International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIHMSP ′11)

October 2011

Dalian, China

IEEE

17 20

10.1109/iihmsp.2011.65

2-s2.0-83455230653

11.

Guinard

Floerkemeier

Sarma

Cloud computing, REST and mashups to simplify RFID application development and deployment

Proceedings of the 2nd International Workshop on the Web of Things (WoT ′11) in Conjunction with the 9th International Conference on Pervasive Computing

June 2011

San Francisco, Calif, USA

12.

Xie

Zhang

Tang

Cloud-based RFID authentication

Proceedings of the IEEE International Conference on RFID

May 2013

168 175

10.1109/rfid.2013.6548151

2-s2.0-84881348074

13.

Abughazalah

Markantonakis

Mayes

Secure improved cloud-based RFID authentication protocol

Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance 2015

Springer International Publishing

147 164

14.

Lin

I.-C.

Hsu

H.-H.

Cheng

C.-Y.

A cloud-based authentication protocol for RFID supply chain systems

Journal of Network and Systems Management 2014

10.1007/s10922-014-9329-1

15.

The AVISPA Project, http://www.avispa-project.org/

16.

Vishesh

Verma

Formal verification of authenticated AODV protocol using AVISPA

International Journal of Computer Applications 2012 50 19 38 43

10.5120/7914-1179

Cloud-Based RFID Mutual Authentication Protocol without Leaking Location Privacy to the Cloud