A secure and efficient authentication protocol for mobile RFID systems

The design of a secure communication scheme for Radio Frequency Identification (RFID) systems has been extensively studied in recent years in view of the awareness of individual privacy and the requirement of robust system security. Most of previous works assume the communication channel between an RFID reader and its backend server is secure and concentrate on the security enhancement between an RFID tag and an RFID reader. However, once RFID reader modules are extensively deployed in consumer's handheld devices, the security violation problems at reader side will be deeply concerned by individuals and organizations. In this paper, it is assumed that the future communication environment for RFID systems will be all wireless and insecure. Under such infrastructure, handheld device suchas mobile phone, embedded with RFID reader modules will be situated everywhere and operated with many RFID tags in various RFID application systems. Hence in this paper, an authentication protocol in mobile RFID environment is proposed which effectively achieves forward security with preventing replay, eavesdropping, and counterfeit tag attacks. Based on the security analyses, it has been shown that the scheme can enhance data security and provide privacy protection at reader side even in the presence of an active adversary under insecure mobile RFID environment.