Novel ECC-Based RFID Mutual Authentication Protocol for Emerging IoT Applications

The implementation of RFID technology has globally impacted several industries and this revolution has improved the aspects of service delivery in many sectors, such as logistics, supply chain visibility, access control, military, and agri-food sector. RFID provides several security services to protect the data transmitted between a tag and a reader in the IoT environment. However, these advantages do not prevent an attacker to access this communication and remaining various security and privacy issues in these systems. Furthermore, with the rapid growth of IoT, there is an urgent need of security authentication and confidential data protection. Authentication protocols based on cryptographic primitives were widely investigated and implemented to guarantee protection against various attacks that can suffer an RFID system. Among those cryptosystems is the Elliptic Curve Integrated Encryption Scheme (ECIES), which can be found in several cryptographic standards. It offers mutual authentication and data integrity that has become highly employed in RFID applications. In this paper, we present a novel secure ECC-based RFID authentication protocol that meets the security needs of existing published protocols and ensures data confidentiality and privacy. Beforehand, we present an overview of some ECC-based RFID authentication protocols and highlight their security weaknesses against server spoofing, tracking, and impersonation attacks.. After that, a comparative study with existing protocols in terms of computational performance and security strength is performed. Finally, our protocol is analyzed and verified with the Automated Validation of Internet Security Protocols and Applications (AVISPA) analysis tool after being modeled in High Level Protocol Specification Language (HLPSL).