AUTHENTICATION PROTOCOL FOR INTERNET OF THINGS DEVICES USING RFID TAGS
DOI:
https://doi.org/10.28925/2663-4023.2026.32.1205Keywords:
IoT, RFID tag, authentication protocol, one-time parameters, data integrity, hash function, cryptography.Abstract
The rapid growth of the Internet of Things and the widespread adoption of RFID tags have intensified the need for authentication protocols that also ensure data integrity. Most existing RFID authentication protocols provide mutual authentication and resistance to common network attacks, but they generally do not address the integrity of the data stored on and transmitted by the RFID tag. In many practical scenarios, tag authentication must be complemented by verification of the integrity of the transmitted data, which creates the need for a specialized protocol capable of solving both tasks simultaneously under severe hardware constraints. This paper proposes a mutual authentication protocol for communication between an RFID tag and a system server. On the tag side, the protocol requires only a cryptographic hash function with hardware complexity not exceeding 2000 GE, a simple pseudo-random number update function, and a concatenation operation. Mutual authentication is achieved using one-time parameters that are updated independently after each session, with their initial values distributed between the RFID tag and the system during the initialization phase. A single authentication session on the RFID tag side requires only three hash computations and one execution of the pseudo-random number update function, while the number of message exchanges between the RFID tag and the system is reduced to two. The paper shows that the proposed protocol is resistant to reader impersonation, tag impersonation, replay, active man-in-the-middle, and desynchronization attacks, while also providing forward secrecy and RFID tag data integrity control. The obtained results indicate that the proposed protocol is suitable for systems in which RFID tag data are not confidential but require integrity assurance, particularly in logistics, supply chain management, and related IoT applications.
Downloads
References
Atzori, L., Iera, A., & Morabito, G. (2010). The Internet of Things: A survey. Computer Networks, 54(15), 2787–2805. https://doi.org/10.1016/j.comnet.2010.05.010
Want, R. (2006). An introduction to RFID technology. IEEE Pervasive Computing, 5(1), 25–33. https://doi.org/10.1109/MPRV.2006.2
Scott, D. (2024). A survey of RFID authentication protocols. TechRxiv. https://doi.org/10.36227/techrxiv.171216642.23764824/v1
Zhu, F., Li, P., Xu, H., & Wang, R. (2019). A lightweight RFID mutual authentication protocol with PUF. Sensors, 19(13), 2957. https://doi.org/10.3390/s19132957
Baashirah, R., & Abuzneid, A. (2018). Survey on prominent RFID authentication protocols for passive tags. Sensors, 18(10), 3584. https://doi.org/10.3390/s18103584
EPCglobal. (2015). EPC radio-frequency identity protocols Class-1 Generation-2 UHF RFID specification (Version 2.0.1). GS1. https://www.gs1.org/sites/default/files/docs/epc/Gen2_Protocol_Standard.pdf
Caballero-Gil, P., Caballero-Gil, C., & Molina-Gil, J. (2022). RFID authentication protocol based on a novel EPC Gen2 PRNG. arXiv. https://doi.org/10.48550/arXiv.2208.05345
Abd Alhasan, A. Q., Rohani, M. F., & Abuali, M. S. (2024). Ultra-lightweight mutual authentication protocol to prevent replay attacks for low-cost RFID tags. IEEE Access, 12. https://doi.org/10.1109/ACCESS.2024.3386100
Mudra, G., Cui, H., & Johnstone, M. N. (2023). Survey: An overview of lightweight RFID authentication protocols suitable for the maritime Internet of Things. Electronics, 12(13), 2990. https://doi.org/10.3390/electronics12132990
Shariq, M., Singh, K., Maurya, P. K., Ahmadian, A., & Ariffin, M. R. K. (2021). URASP: An ultralightweight RFID authentication scheme using permutation operation. Peer-to-Peer Networking and Applications, 14, 3737–3757. https://doi.org/10.1007/s12083-021-01192-5
Shariq, M., Singh, K., Lal, C., Conti, M., & Khan, T. (2022). ESRAS: An efficient and secure ultra-lightweight RFID authentication scheme for low-cost tags. Computer Networks, 217, 109360. https://doi.org/10.1016/j.comnet.2022.109360
Chien, H.-Y. (2007). SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing, 4(4), 337–340. https://doi.org/10.1109/TDSC.2007.70226
Hernandez-Castro, J. C., Tapiador, J. M. E., Peris-Lopez, P., & Quisquater, J.-J. (2008). Cryptanalysis of the SASI ultralightweight RFID authentication protocol with modular rotations. arXiv. https://doi.org/10.48550/arXiv.0811.4257
Phan, R. C. W. (2009). Cryptanalysis of a new ultralightweight RFID authentication protocol—SASI. IEEE Transactions on Dependable and Secure Computing, 6(4), 316–320. https://doi.org/10.1109/TDSC.2008.33
Sun, H.-M., Ting, W.-C., & Wang, K.-H. (2011). On the security of Chien’s ultralightweight RFID authentication protocol. IEEE Transactions on Dependable and Secure Computing, 8(2), 315–317. https://doi.org/10.1109/TDSC.2009.26
Lim, T.-L., Li, T., & Gu, T. (2008). Secure RFID identification and authentication with triggered hash chain variants. In 2008 IEEE International Conference on Parallel and Distributed Systems (ICPADS) (pp. 583–590). https://doi.org/10.1109/ICPADS.2008.46
Dass, P., & Om, H. (2016). A secure authentication scheme for RFID systems. Procedia Computer Science, 78, 100–106. https://doi.org/10.1016/j.procs.2016.02.017
Kumar, V., Kumar, R., Khan, A. A., Kumar, V., Chen, Y.-C., & Chang, C.-C. (2022). RAFI: Robust authentication framework for IoT-based RFID infrastructure. Sensors, 22(9), Article 3110. https://doi.org/10.3390/s22093110
Seleznov, V., & Luzhetskyi, V. (2023). Method of low-resource hashing type “data–generator”. Cybersecurity: Education, Science, Technique, 28, 84–95. https://doi.org/10.28925/2663-4023.2023.22.8495
Luzhetskyi, V., & Seleznov, V. (2025). Hardware implementation of the HDG hash function. Bulletin of Cherkasy State Technological University, 30(2), 10–21. https://doi.org/10.62660/bcstu/2.2025.22
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Володимир Лужецький, Віталій Селезньов, Юлія Хохлачова
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
