e-ISSN: 2455-5703
Pravin Kumar
PG Student Associate Professor
1,2
Department of Computer Science & Engineering
1,2
K.L.N College of Engineering Pottapalayam, Sivagangai 630612, India
1
Abstract
RFID is a transformative technology in the healthcare industry. By applying RFID tags in healthcare environments, for locating
and tracking of staff, equipments and patients made easy. However the potential security and running time of the systems are
remains, challengeable in RFID system. In this thesis, a new design called mutual authentication protocol for RFID, based on
Hyper elliptic curve cryptosystem was introduced. This methodology provides same level of security compared to the existing
scheme with lower number of bits. The protocol can provide better efficiency, because it uses pre-computing method within tags
communication. In terms of security, the protocol can achieve confidentiality, unforgetability, mutual authentication, tags
anonymity, availability and forward security. The protocol can overcome the weakness of the existing protocols .It also reduce the
computation cost and communication overhead.
Keyword- Hyper elliptic curve, Mutual Authentication, Pre-Computing, Security, Running Time
__________________________________________________________________________________________________
I. INTRODUCTION
Internet of Things (IoT) has emerged as most powerful paradigms. It provides the unique identifiers to people and objects. That
allows them to communicate with other objects without requiring human to human or human to computer interaction. Atzori et al
(2010) Proposed in the IoT environment, all the objects in our daily life become part of the internet because of their communication
and computing capabilities that allows them to communicate with other objects. IoT extends the concept of the Internet and makes
it more pervasive.
Weinstein (2005) proposed Radio-frequency identification (RFID) is one of the most important technologies used in the
IoT, as it can store sensitive data, provides wireless communication with other objects, and to identify/track objects automatically.
Compared to the traditional barcode, RFID could be applied to objects with rough surfaces, can do both read/write capability,
requires no line-of-sight contact with RFID readers, and can read many RFID tags simultaneously. All these benefits make RFID
a superior technology compared to the traditional barcode system.
187
A Time Efficient RFID Mutual Authentication Protocol for HealthCare Environments using Hyper Elliptic curve Cryptosystem
(GRDJE / CONFERENCE / ICIET - 2016 / 031)
against replay attack. Lee et al. (2008) proposed a provably secure ECC based RFID authentication scheme. However, Bringer et
al.(2008) found that Lee et al.s scheme cannot withstand tracking attack (the adversary could track the tags action) and the tag
impersonation attack (where the adversary can impersonate the tag to the server). To withstand those two attacks, Bringer et
al.(2008) proposed a new RFID authentication scheme called randomized Schnorr scheme. Later, Lee et al.(2009) also proposed
an ECC-based RFID authentication scheme to withstand the tracking attack and the tag impersonation attack against their previous
schemes [36]. However, Deursen and Radomirovi (2009) pointed out that all of Lee et al.s(2009) schemes cannot withstand the
man-in-the-middle attack and the tracking attack. Liao and Hsiao (2013) proposed a new efficient ECC-based RFID authentication.
However, Zhao et al. (2014) pointed out that Liao and Hsiaos scheme suffered from the key compromise problem, i.e., the
adversary could get secret information stored in the tag. Zhao et al.(2014) also proposed an improved scheme to overcome such a
weakness. Zhang and Qi (2014) proposed an improved scheme to solve the key compromise problem in Chous scheme. Jin et al.
(2015) proposed that elliptic curve based protocol suitable for healthcare environments. As described earlier, several ECC-based
RFID authentication schemes have been proposed for different applications recently. Some of these schemes use only elliptic curve
operations. Using elliptic curve the running time is high. So in this thesis, we use hyper elliptic curve cryptosystem it reduces the
running time, computational cost.
In above Literature review, the authors proposed the different type of protocol, that protocols are suffered from different
attacks and key- compromise problem. The above schemes has longer running time because number of bits is more.
188
A Time Efficient RFID Mutual Authentication Protocol for HealthCare Environments using Hyper Elliptic curve Cryptosystem
(GRDJE / CONFERENCE / ICIET - 2016 / 031)
The set of all divisors is denoted by Divc(L). Given two divisors D = pCp[P] and D = PCP[P] the sum D + D is defined as D +
D = P(CP + CP)[P]. This gives Divc(L) a group structure.
2) Hash Function
A hash function H is a one-way function, which accepts a large input m, and produces a small fixed-size output h. The purpose of
hash function is to generate hash value of file, message and other data blocks. It can be mainly applied in message authentication
and digital signature.
3) Hyper Elliptic Curve Discrete Logarithm Problem (HECDLP)
Hyperelliptic curve of genus g over a finite field Fq, a point P J C(K) of order n, a point Q < P >, find an integer l [0, n-1]
such that Q = lP.
4) Computational Diffie-Hellman Problem (CDHP)
Given an elliptic curve E defined over a finite field Fq, a point P E(Fq ) of order n. The computational Diffie-Hellman problem
is to compute abP given (P, aP, bP) with a, b Zn*.
V. MODULES
A. Patient Identification Tracking
Hospitals are complex institution in nature. Instead of names to prevent any misidentification with already existing patient names.
Here we implement the patient identifier using RFID tag. Before the messages can be encrypted, these messages need to be
embedded on the points over the hyper elliptic curve .Here, we use map- to-point algorithm which converts the arbitrary bit string
into hyper elliptic curve point.
1) The Proposed Protocol
In this protocol have three participants, tag issuer I, tag Ti and a reader R and it is connected to the backend server. Here we
assume that tag and readers is not secure, and then also assume that connection between reader and database are secure.
Notations used in the protocol:
q, n:
Two large prime numbers.
P:
A Generator with order n.
F(q):
Finite field
E:
Hyper Elliptic curve
D:
Divisor operation
IDTi:
Identity of the tag i.
(SR, PR):
The private/public key of reader
(STi,,PTi):
The private/public key of tag
H1,H2 :
Hash functions
In RFID mutual authentication protocol has two phases: First, Setup phase and Second is Authentication phase. These
phases are explained detail as follows,
B. Setup Phase
In this Phase, The key is generated for both tag and Reader.
1) For Reader R,The issuer` selects a random value SR Zn* as its private key and computes PR=sR D as its public key.
2) For each tag Ti, the issuer chooses a random value sTi Zn* as its private key and computes PTi= sTi D as its public key.
3) Scalar multiplication is the main cryptographic operation in HECC. Due to the limited computational capabilities of tag, in
order to reduce the amount of computations to be performed by tag, I pre-computes r = kP, K = kPR.
189
A Time Efficient RFID Mutual Authentication Protocol for HealthCare Environments using Hyper Elliptic curve Cryptosystem
(GRDJE / CONFERENCE / ICIET - 2016 / 031)
Tag Ti
(STi,PTi,IDTi,PR)
Reader R
(SR,PR)
t Z*
z=tP
z
kZ*n
r=kP
K=kPR
e=H1(r,z)
s=(STi e+k)mod n
C=EK(IDTi ||r||s||z)
(r,C)
K=SRr
(ID Ti || r ||s ||z )= DK (C)
If z z or r r
R reject the session
Other
e =H1(r,z )
if r =s P+(-e )PTi
The tag is authenticated
Then e1=H2(IDTi,r,C,z )
S1e1sR+t mod n
S1
e1=H2(IDTi,r,C,z)
If s1Pe1PR + z mod n
The reader is authenticated
Fig. 2: The RFID Mutual Authentication Protocol
VII.
The RFID Mutual authentication protocol for the healthcare environment was designed. Compared to existing protocols, the Hyper
elliptic curve based protocol reduces the running time of the system. Therefore the communication cost is also reduced. In this
thesis, we also compare our result with the result of Zhao et al. (2014), Zhang and Qi(2014) and He et al.(2012) proposed protocols.
190
A Time Efficient RFID Mutual Authentication Protocol for HealthCare Environments using Hyper Elliptic curve Cryptosystem
(GRDJE / CONFERENCE / ICIET - 2016 / 031)
Chatterjee et al. (2013) Compared to the elliptic curve based protocol, Hyper elliptic curve based mutual authentication
protocol use less number of bits to achieve the same level of security.
VIII. CONCLUSION
The Mutual authentication protocol for RFID using Hyper elliptic curve cryptography is designed. Here the pre-computing concept
within the tags communication process was used, to avoid the timeconsuming scalar multiplication. Since the tag has limited
computational capabilities. Thus the proposed protocol has better efficiency. In terms of security, this protocol has achieved lot of
security properties such as confidentiality, availability, Mutual authentication ,Tags anonymity, etc and withstand many common
attacks . This protocol overcome the weakness in existing protocol and also reduces the communication cost and computational
overhead. This protocol is more suitable for healthcare environments.
REFERENCES
[1] Atzori.L, Iera.A, and Morabito.G(2010), The Internet of Things: A survey, Computer Network, vol. 54, no. 15, pp. 2787
2805.
[2] Bringer.J, Chabanne .H, and Icart .T,(2008) Cryptanalysis of EC-RAC, a RFID identification protocol, in Proc. 7th
International Conference on Cryptgraphica. Network Security(CNS08), pp. 149161.
[3] Chunhua Jin , Chunxiang Xu , Xiaojun Zhang ,Jining Zhao (2015), A Secure RFID Mutual Authentication Protocol for
Healthcare Environments Using Elliptic CurveCryptography, Journal of medical system ,39: 24,pp.1-8.
191
A Time Efficient RFID Mutual Authentication Protocol for HealthCare Environments using Hyper Elliptic curve Cryptosystem
(GRDJE / CONFERENCE / ICIET - 2016 / 031)
[4] Deursen .T and Radomirovic .S(2009), Untraceable RFID protocols are not trivially composable: Attacks on the revision of
EC-RAC, Cryptology ePrint Archive, Report, 2009/332.
[5] He D., Chen Y., and Chen, J.(2012), Cryptanalysis and improvement of an extended chaotic mapsbased key agreement
protocol. Nonlinear Dynamics. 69(3):11491157.
[6] Jonathan Sangoro, Waweru Mwangi, Michael Kimwele (2014), Enhancement of Security in RFID using RSA Algorithm,
Vol 5,no.10,pp. 2222-2871.
[7] Kakali Chatterjee, Asok De, and Daya Gupta,(2013) Mutual Authentication Protocol Using Hyperelliptic Curve
Cryptosystem in Constrained Devices, International Journal of Network Security, Vol.15, No.1, PP.9-15.
[8] Lee Y., Batina L., and Verbauwhede I.(2008), EC-RAC (ECDLP based randomized access control): Provably secure RFID
authentication protocol,iProc. IEEE Inernational. Conference on RFID, pp. 97104.
[9] Liao ,Y and Hsiao .C(2014), A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol,
Ad Hoc Network, vol. 18,pp. 133146.
[10] Ohkubo M. , Suzuki K. , and Kinoshita S. (2003), Cryptographic Approachto Privacy-Friendly Tags, Proc. Radio
Frequency Identification (RFID)Privacy Workshop.
[11] Tuan Anh Pham, Mohammad S. Hasan and HongnianYu (2012), A RFID mutual authentication protocol based on AES
Algorithm, IEEE, pp. 997-999.
[12] Weinstein .R(2005), RFID: A technical overview and its application to the enterprise, IEEE IT Prof., vol. 7, no. 3, pp. 27
33.
[13] Zhang .Z and Qi .Q(2014), An efficient RFID authentication protocol to enhance patient medication safety using elliptic
curve cryptography, Journal of Medical System., vol. 38, no. 5, doi: 10.1007/s10916-014-0047-8.
[14] Zhao .Z(2014), A secure RFID authentication protocol for healthcare environments using elliptic curve cryptosystem,
Journal of Medical System., vol. 38, no. 5, doi: 10.1007/s10916-014-0046-9.
192