RFID Authentication Against an Unsecure Backend Server

TL;DR

This paper introduces a novel RFID authentication scheme designed to operate securely even when the backend server is untrusted, addressing a critical gap in practical RFID security scenarios.

Contribution

It proposes the first RFID authentication protocol that ensures security and privacy against untrusted backend servers, using hash chains, encrypted data search, and coprivacy techniques.

Findings

Resistant to desynchronization attacks

Provides mutual authentication in three steps

Suitable for cloud-based RFID systems with untrustworthy servers

Abstract

This paper address a new problem in RFID authentication research for the first time. That is, existing RFID authentication schemes generally assume that the backend server is absolutely secure, however, this assumption is rarely tenable in practical conditions. It disables existing RFID authentication protocols from being safely applied to a reallife scenario in which the backend server is actually vulnerable, compromised or even malicious itself. We propose an RFID authentication scheme against an unsecure backend server. It is based on hash chain, searching over encrypted data, and coprivacy, defending against the privacy revealing to the backend server. The proposed scheme is scalable, resistant to desynchronization attacks, and provides mutual authentication in only three frontend communication steps. Moreover, it is the first scheme meeting the special security and privacy requirement for a cloud-based RFID authentication scenario in which the backend server is untrustworthy to readers held by cloud clients.