Ultra-Lightweight Mutual Authentication Protocol to Prevent Replay Attacks for Low-Cost RFID Tags

The most recent ultra-lightweight mutual authentication protocol (UMAP) adopts a mechanism for key updating to keep the security forward and backward. The back-end server updates the secret keys immediately after sending the final message. Certainly, an adversary can intercept the final messages so...

Full description

Saved in:
Bibliographic Details
Published inIEEE access Vol. 12; pp. 50925 - 50934
Main Authors Alhasan, Ahmed Qasim Abd, Rohani, Mohd Foad, Abu-Ali, Mohammed Sabri
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 2024
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Authentication
Authentication protocols
Costs
Cryptography
Lightweight
Low cost
low-cost RFID tags
Messages
mutual authentication
Performance evaluation
Privacy
Protocol verification
Protocols
Radio frequency identification
replay attacks
RFID protocol
RFID tags
Security
security analysis
Servers
Tags
UMAPs
Online AccessGet full text

Cover

Abstract The most recent ultra-lightweight mutual authentication protocol (UMAP) adopts a mechanism for key updating to keep the security forward and backward. The back-end server updates the secret keys immediately after sending the final message. Certainly, an adversary can intercept the final messages so that the back-end server updates the secret keys while the RFID tag does not. The replay attack can send the last messages by continuing to render the back-end server and RFID tags unauthorized. The major problem faced by existing protocols, when using high cryptographic operations on low-cost RFID tags, requires more memory, and computational power makes them unusable for these types of tags. In addition, there are weaknesses in the design of the existing protocols that lead to the emergence of desynchronization, secret disclosure, and replay attacks. Therefore, this paper proposes the design and development of an ultra-lightweight mutual authentication protocol that overcomes the weaknesses in earlier protocols and builds by implementing the rotation operator, mechanism of the secret keys, T-function, and timestamp technique. The informal and formal analysis results using security protocol verification official tools (Scythe and AVISPA) show that the proposed protocol has the ability to prevent attacks, especially replay attacks. Experimental analyses of our protocol to measure the performance shows that the proposed protocol involves a lower overhead than previous protocols. The total execution time in milliseconds of the processes of the proposed protocol with the existing protocols is 0.031ms, and it achieves an average of 78.51% over other protocols. In addition, this paper provides a comparison with the most recent protocols on performance, privacy and security requirements. Our proposed protocol storage space requirement is lowest than the existing protocols, the cryptographic requirement is ultra-lightweight and efficient and shows that the communication messages for authentication in our protocol are lowest than existing protocols and our protocol fulfills the privacy and security requirements.
AbstractList The most recent ultra-lightweight mutual authentication protocol (UMAP) adopts a mechanism for key updating to keep the security forward and backward. The back-end server updates the secret keys immediately after sending the final message. Certainly, an adversary can intercept the final messages so that the back-end server updates the secret keys while the RFID tag does not. The replay attack can send the last messages by continuing to render the back-end server and RFID tags unauthorized. The major problem faced by existing protocols, when using high cryptographic operations on low-cost RFID tags, requires more memory, and computational power makes them unusable for these types of tags. In addition, there are weaknesses in the design of the existing protocols that lead to the emergence of desynchronization, secret disclosure, and replay attacks. Therefore, this paper proposes the design and development of an ultra-lightweight mutual authentication protocol that overcomes the weaknesses in earlier protocols and builds by implementing the rotation operator, mechanism of the secret keys, T-function, and timestamp technique. The informal and formal analysis results using security protocol verification official tools (Scythe and AVISPA) show that the proposed protocol has the ability to prevent attacks, especially replay attacks. Experimental analyses of our protocol to measure the performance shows that the proposed protocol involves a lower overhead than previous protocols. The total execution time in milliseconds of the processes of the proposed protocol with the existing protocols is 0.031ms, and it achieves an average of 78.51% over other protocols. In addition, this paper provides a comparison with the most recent protocols on performance, privacy and security requirements. Our proposed protocol storage space requirement is lowest than the existing protocols, the cryptographic requirement is ultra-lightweight and efficient and shows that the communication messages for authentication in our protocol are lowest than existing protocols and our protocol fulfills the privacy and security requirements.
Author Abu-Ali, Mohammed Sabri
Rohani, Mohd Foad
Alhasan, Ahmed Qasim Abd
Author_xml – sequence: 1
  givenname: Ahmed Qasim Abd
  orcidid: 0000-0003-1528-5523
  surname: Alhasan
  fullname: Alhasan, Ahmed Qasim Abd
  email: aalcorejy@gmail.com
  organization: School of Computing, Faculty of Engineering, Universiti Teknologi Malaysia, Johor Bahru, Malaysia
– sequence: 2
  givenname: Mohd Foad
  surname: Rohani
  fullname: Rohani, Mohd Foad
  organization: School of Computing, Faculty of Engineering, Universiti Teknologi Malaysia, Johor Bahru, Malaysia
– sequence: 3
  givenname: Mohammed Sabri
  orcidid: 0009-0004-7580-2283
  surname: Abu-Ali
  fullname: Abu-Ali, Mohammed Sabri
  organization: School of Computer and Communication Engineering, Universiti Malaysia Perlis, Kangar, Perlis, Malaysia
BookMark eNp9UU1P3DAQtSqQSoFfAAdLnLOMY28SH1cptCstAvFxtsaOs2QJ8dZ2ivj39RKQUA_44BnNzHt6M-8H2RvcYAk5YTBjDOT5oq4v7u5mOeRixnlVMIBv5CBnhcz4nBd7n_Lv5DiEDaRXpdK8PCD40EeP2apbP8YXu_vp1RhH7OlijI92iJ3B2LmB3ngXnXE9jS7l9m9q0Vu77fGVLmJE8xRo6zxduZesdiH1Lpc_6T2uwxHZb7EP9vg9HpKHy4v7-ne2uv61rBerzAiQMTMAHGBuhTaF1LLAvOEFGq0ZlpXFqsRWsFY0rDQibc1y2TJh9RxAl6gF8EOynHgbhxu19d0z-lflsFNvBefXCn1ap7eqzU1ZMVaY1qKwiVpDYXSTooRSyiZxnU1cW-_-jDZEtXGjH5J8xUEkmULwPE3Jacp4F4K3rTJdfLtWOmnXKwZqZ5CaDFI7g9S7QQnL_8N-KP4adTqhOmvtJ4SQgnPB_wHcAp47
CODEN IAECCG
CitedBy_id crossref_primary_10_1186_s42400_024_00252_6
Cites_doi 10.1109/ARES.2007.159
10.1109/TIT.1983.1056650
10.1007/s10916-015-0260-0
10.1007/978-0-387-72367-9_10
10.1109/TDSC.2008.33
10.1007/11833529_93
10.1155/2019/3295616
10.1109/C-CODE.2017.7918896
10.1007/978-3-642-16822-2_5
10.1109/ACCESS.2019.2896641
10.1002/sec.1314
10.1007/11513988_27
10.1109/ACCESS.2022.3140475
10.1002/dac.3837
10.1109/TDSC.2007.70226
10.1016/j.comcom.2022.01.014
10.1007/s11227-016-1849-x
10.1016/j.ins.2019.08.006
10.1504/IJSN.2014.059325
10.1007/s11276-016-1323-y
10.1109/TDSC.2009.26
10.1177/1550147718795120
10.1155/2016/9648971
10.1007/s12083-023-01467-z
10.1007/11915034_59
10.1109/ACCESS.2018.2875973
10.1109/LCOMM.2012.031212.120237
10.1016/j.ipl.2013.01.003
10.1007/978-3-540-70545-1_38
10.1007/s12652-018-1088-5
10.1007/s12083-016-0443-6
10.1007/s11277-017-4895-7
10.1007/s11277-016-3647-4
10.3390/s23239500
ContentType Journal Article
Copyright Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2024
Copyright_xml – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2024
DBID 97E
ESBDL
RIA
RIE
AAYXX
CITATION
7SC
7SP
7SR
8BQ
8FD
JG9
JQ2
L7M
L~C
L~D
DOA
DOI 10.1109/ACCESS.2024.3386100
DatabaseName IEEE Xplore (IEEE)
IEEE Xplore Open Access Journals
IEEE All-Society Periodicals Package (ASPP) 1998–Present
IEEE Electronic Library (IEL)
CrossRef
Computer and Information Systems Abstracts
Electronics & Communications Abstracts
Engineered Materials Abstracts
METADEX
Technology Research Database
Materials Research Database
ProQuest Computer Science Collection
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
DOAJ Directory of Open Access Journals
DatabaseTitle CrossRef
Materials Research Database
Engineered Materials Abstracts
Technology Research Database
Computer and Information Systems Abstracts – Academic
Electronics & Communications Abstracts
ProQuest Computer Science Collection
Computer and Information Systems Abstracts
Advanced Technologies Database with Aerospace
METADEX
Computer and Information Systems Abstracts Professional
DatabaseTitleList Materials Research Database
Database_xml – sequence: 1
  dbid: DOA
  name: DOAJ Directory of Open Access Journals
  url: https://www.doaj.org/
  sourceTypes: Open Website
– sequence: 2
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
EISSN 2169-3536
EndPage 50934
ExternalDocumentID oai_doaj_org_article_f2c78116cfea4e87ab06cbd7ab90799d
10_1109_ACCESS_2024_3386100
10494334
Genre orig-research
GroupedDBID 0R~
4.4
5VS
6IK
97E
AAJGR
ABAZT
ABVLG
ACGFS
ADBBV
AGSQL
ALMA_UNASSIGNED_HOLDINGS
BCNDV
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
EBS
EJD
ESBDL
GROUPED_DOAJ
IPLJI
JAVBF
KQ8
M43
M~E
O9-
OCL
OK1
RIA
RIE
RNS
AAYXX
CITATION
RIG
7SC
7SP
7SR
8BQ
8FD
JG9
JQ2
L7M
L~C
L~D
ID FETCH-LOGICAL-c409t-c003005e4bc69b96a2d36acbb1a78ea87af41f4d17c4109129f14eb500b7ab403
IEDL.DBID DOA
ISSN 2169-3536
IngestDate Wed Aug 27 01:31:47 EDT 2025
Sun Jun 29 16:24:30 EDT 2025
Thu Apr 24 23:09:28 EDT 2025
Tue Jul 01 04:14:29 EDT 2025
Wed Aug 27 02:17:04 EDT 2025
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Language English
License https://creativecommons.org/licenses/by-nc-nd/4.0
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c409t-c003005e4bc69b96a2d36acbb1a78ea87af41f4d17c4109129f14eb500b7ab403
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ORCID 0000-0003-1528-5523
0009-0004-7580-2283
OpenAccessLink https://doaj.org/article/f2c78116cfea4e87ab06cbd7ab90799d
PQID 3040054432
PQPubID 4845423
PageCount 10
ParticipantIDs crossref_citationtrail_10_1109_ACCESS_2024_3386100
proquest_journals_3040054432
crossref_primary_10_1109_ACCESS_2024_3386100
doaj_primary_oai_doaj_org_article_f2c78116cfea4e87ab06cbd7ab90799d
ieee_primary_10494334
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate 20240000
2024-00-00
20240101
2024-01-01
PublicationDateYYYYMMDD 2024-01-01
PublicationDate_xml – year: 2024
  text: 20240000
PublicationDecade 2020
PublicationPlace Piscataway
PublicationPlace_xml – name: Piscataway
PublicationTitle IEEE access
PublicationTitleAbbrev Access
PublicationYear 2024
Publisher IEEE
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Publisher_xml – name: IEEE
– name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
References ref13
ref35
ref12
ref34
ref37
ref14
ref36
ref31
ref30
ref33
ref10
ref32
ref2
ref1
ref17
ref16
ref38
ref19
ref18
Peris-Lopez (ref11)
Safkhani (ref23) 2016; 2016
ref24
ref26
ref25
Hernandez-Castro (ref15) 2008
ref22
ref21
ref28
ref27
ref29
ref8
ref7
ref9
ref4
ref3
ref6
ref5
Shao-Hui (ref20) 2012
References_xml – ident: ref12
  doi: 10.1109/ARES.2007.159
– ident: ref37
  doi: 10.1109/TIT.1983.1056650
– ident: ref31
  doi: 10.1007/s10916-015-0260-0
– ident: ref13
  doi: 10.1007/978-0-387-72367-9_10
– ident: ref16
  doi: 10.1109/TDSC.2008.33
– ident: ref9
  doi: 10.1007/11833529_93
– start-page: 27
  volume-title: Proc. 2nd Workshop RFID Secur.
  ident: ref11
  article-title: LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags
– ident: ref5
  doi: 10.1155/2019/3295616
– year: 2008
  ident: ref15
  article-title: Cryptanalysis of the SASI ultralightweight RFID authentication protocol with modular rotations
  publication-title: arXiv:0811.4257
– ident: ref24
  doi: 10.1109/C-CODE.2017.7918896
– ident: ref18
  doi: 10.1007/978-3-642-16822-2_5
– ident: ref36
  doi: 10.1109/ACCESS.2019.2896641
– ident: ref32
  doi: 10.1002/sec.1314
– ident: ref30
  doi: 10.1007/11513988_27
– ident: ref1
  doi: 10.1109/ACCESS.2022.3140475
– ident: ref34
  doi: 10.1002/dac.3837
– ident: ref14
  doi: 10.1109/TDSC.2007.70226
– ident: ref6
  doi: 10.1016/j.comcom.2022.01.014
– ident: ref25
  doi: 10.1007/s11227-016-1849-x
– ident: ref26
  doi: 10.1016/j.ins.2019.08.006
– ident: ref38
  doi: 10.1504/IJSN.2014.059325
– ident: ref22
  doi: 10.1007/s11276-016-1323-y
– ident: ref17
  doi: 10.1109/TDSC.2009.26
– ident: ref7
  doi: 10.1177/1550147718795120
– ident: ref2
  doi: 10.1155/2016/9648971
– volume: 2016
  start-page: 905
  year: 2016
  ident: ref23
  article-title: Generalized desynchronization attack on UMAP: Application to RCIA, KMAP, SLAP and SASI+ protocols
  publication-title: Cryptol. ePrint Arch.
– ident: ref28
  doi: 10.1007/s12083-023-01467-z
– volume-title: Cryptol. ePrint Arch
  year: 2012
  ident: ref20
  article-title: Security analysis of RAPP an RFID authentication protocol based on permutation
– ident: ref10
  doi: 10.1007/11915034_59
– ident: ref4
  doi: 10.1109/ACCESS.2018.2875973
– ident: ref19
  doi: 10.1109/LCOMM.2012.031212.120237
– ident: ref21
  doi: 10.1016/j.ipl.2013.01.003
– ident: ref29
  doi: 10.1007/978-3-540-70545-1_38
– ident: ref35
  doi: 10.1007/s12652-018-1088-5
– ident: ref33
  doi: 10.1007/s12083-016-0443-6
– ident: ref8
  doi: 10.1007/s11277-017-4895-7
– ident: ref3
  doi: 10.1007/s11277-016-3647-4
– ident: ref27
  doi: 10.3390/s23239500
SSID ssj0000816957
Score 2.3200438
Snippet The most recent ultra-lightweight mutual authentication protocol (UMAP) adopts a mechanism for key updating to keep the security forward and backward. The...
SourceID doaj
proquest
crossref
ieee
SourceType Open Website
Aggregation Database
Enrichment Source
Index Database
Publisher
StartPage 50925
SubjectTerms Authentication
Authentication protocols
Costs
Cryptography
Lightweight
Low cost
low-cost RFID tags
Messages
mutual authentication
Performance evaluation
Privacy
Protocol verification
Protocols
Radio frequency identification
replay attacks
RFID protocol
RFID tags
Security
security analysis
Servers
Tags
UMAPs
SummonAdditionalLinks – databaseName: IEEE Electronic Library (IEL)
  dbid: RIE
  link: http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3fb9MwELbYnuCBn0MUxuQHHnFx4ktSP5ZCtU3bxMMq7c2yHYcHqga1rib467lz3GqAmHhKlNiKrbuz7y7-vmPsHSioK9-2wjVKCcAtREywoQBtuwCVck4SOPnyqj5dwPlNdZPB6gkLE0JIh8_CmG7Tv_y291tKlaGFgwal4IAdYOQ2gLX2CRWqIKGrJjMLFVJ_mM5mOAmMAUsYYySGjoL8bfdJJP25qspfS3HaX-ZP2NVuZMOxkm_jbXRj__MP0sb_HvpT9jh7mnw6qMYz9iCsnrNHd_gHXzC7WMa1FRcUoN-mHCm_3BKghFPmjM4RDQk9_mXdxx5VhseeZ9Injq770v7g0xgJps_R-eUX_a2Y9Rt8Nz_7xK_t180RW8w_X89ORa65IDxGelF4snpZBXC-1k7XtmxVbb1zhW0mwU4a20HRQVs0HohTtNRdAcFVUrrGOpDqJTtc9avwinF0JAkgJFtnJbgyOF2AbZQOuMQ4W9gRK3eyMD4TklNdjKVJgYnUZhCgIQGaLMARe7_v9H3g47i_-UcS8r4pkWmnBygck23TdKUnvG3tu2Ah4BSdrL1r8aplo3U7Ykck0DvfG2Q5Ysc7nTHZ8jdG0apIpILl6390e8Me0hCHPM4xO4zrbXiLnk10J0mjfwGROvRo
  priority: 102
  providerName: IEEE
Title Ultra-Lightweight Mutual Authentication Protocol to Prevent Replay Attacks for Low-Cost RFID Tags
URI https://ieeexplore.ieee.org/document/10494334
https://www.proquest.com/docview/3040054432
https://doaj.org/article/f2c78116cfea4e87ab06cbd7ab90799d
Volume 12
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV1LS8QwEA7iSQ_iE9cXOXg0mjbTdnNcVxcVFQ8ueAtJmnpZtrJbEf-9M22UFUEvngptQpqZybzIfMPYMSjIM1-WwhVKCUATIvo4UIC2VYBMOSepOPnuPr8aw81T9rTQ6ovuhHXwwB3hzqrUUzFk7qtgIfQL62TuXYlPDOu0Lkn7os1bCKZaHdxPcp0VEWYokfpsMBzijjAgTOEUwzL0GuQ3U9Qi9scWKz_0cmtsRutsLXqJfND93QZbCtNNtrqAHbjF7HjSzKy4peD6rc1v8rtXKgbhlPWiO0BdMo4_zOqmRnbzpuYRsImj2z2x73zQNFRiz9Fx5bf1mxjWc_w2ur7gj_Z5vs3Go8vH4ZWI_RKExyitEZ5OrMwCOJ9rp3Obliq33rnEFv1gkXYVJBWUSeGB8EBTXSUQXCalQ3KCVDtseVpPwy7j6ARScY8snZXg0uB0ArZQOqB6cDaxPZZ-ks74CCZOPS0mpg0qpDYdvQ3R20R699jJ16SXDkvj9-HnxJOvoQSE3b5A8TBRPMxf4tFj28TRhfVAg1LQYwefLDbx1M6NIo1GgIDp3n-svc9WaD9dwuaALTez13CILkzjjlppPWqrDT8A0MDsrQ
linkProvider Directory of Open Access Journals
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3Nb9MwFLdgHIDD-BqibAMfOJLixC9JfSxlVQdtxaGVdrNsx-FA1aA21bT99bznuNUAgTglSmzF1nvP7yP-_czYO5BQ5K6qEltKmQC6kGSADRNQpvaQS2sFgZNn82KyhM9X-VUEqwcsjPc-bD7zfboN__Krxu2oVIYWDgqkhPvsATr-PO3gWoeSCp0hofIycgulQn0YjkY4DcwCM-hjLoahgvjF_wSa_niuyh-LcfAw4ydsvh9bt7Hke3_X2r67_Y228b8H_5Qdx1iTDzvleMbu-fVz9vgOA-ELZpardmOSKaXo16FKymc7gpRwqp3RTqKupMe_bpq2QaXhbcMj7RPH4H1lbviwbQmozzH85dPmOhk1W3w3vvzEF-bb9oQtxxeL0SSJpy4kDnO9NnFk9yL3YF2hrCpMVsnCOGtTUw68GZSmhrSGKi0dEKtopuoUvM2FsKWxIORLdrRu1v4V4xhKEkRIVNYIsJm3KgVTSuVxkbEmNT2W7WWhXaQkp5MxVjqkJkLpToCaBKijAHvs_aHTj46R49_NP5KQD02JTjs8QOHoaJ26zhwhbgtXewMep2hF4WyFVyVKpaoeOyGB3vleJ8seO9vrjI62v9WS1kWiFcxe_6XbW_ZwsphN9fRy_uWUPaLhdlWdM3bUbnb-HOOc1r4J2v0TdQH3sQ
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Ultra-Lightweight+Mutual+Authentication+Protocol+to+Prevent+Replay+Attacks+for+Low-Cost+RFID+Tags&rft.jtitle=IEEE+access&rft.au=Alhasan%2C+Ahmed+Qasim+Abd&rft.au=Rohani%2C+Mohd+Foad&rft.au=Abu-Ali%2C+Mohammed+Sabri&rft.date=2024&rft.pub=IEEE&rft.eissn=2169-3536&rft.volume=12&rft.spage=50925&rft.epage=50934&rft_id=info:doi/10.1109%2FACCESS.2024.3386100&rft.externalDocID=10494334
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2169-3536&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2169-3536&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2169-3536&client=summon