srfid: a hash-based security scheme for low cost rfid systems

Radio Frequency Identification (RFID) technology is a promising technology. It uses radio waves to identify objects. Through automatic and real-time data acquisition, this technology can give a great benefit to various industries by improving the efficiency of their operations. However, this ubiquitous technology has inherited problems in security and privacy, due to the powerful tracking capability of the tags. This paper proposes a new simple, low cost, and scalable security scheme relying on one-way hash functions and synchronized secret information. The proposed scheme provides a two steps mutual authentication between the backend server and the tag which does not require a secure channel between the tag reader and the backend server to complete the authentication process. The proposed scheme meets the requirements for tag delegation and secure tag ownership transfer. The general idea is to change the ID of a tag on every read attempt in a secure and synchronized manner. This means that attempts like eavesdropping, replay attacks, tag cloning, tag tracing, denial of service attack, or man-in-the-middle attacks cannot compromise the scheme. Our analysis results show that the proposed scheme outperforms existing schemes in terms of security and performance.