Paper 2016/649

Game-Based Privacy Analysis of RFID Security Schemes for Confident Authentication in IoT

Behzad Abdolmaleki, Karim Baghery, Shahram Khazaei, and Mohammad Reza Aref


Recently, Radio Frequency Identification (RFID) and Near Field Communication systems are found in various user-friendly services that all of us deal with in our daily lives. As these systems are ubiquitously deployed in different authentication and identification applications, inferring information about our behavior will be possible by monitoring our use of them. In order to provide privacy and security requirements of RFID users in novel authentication applications, lots of security schemes have been proposed which have tried to provide secure and untraceable communication for end-users. In this paper, we investigate the privacy of three RFID security schemes which have been proposed recently. For privacy analysis, we use the well-known RFID formal privacy model proposed by Ouafi and Phan. We show that all the studied protocols have some privacy drawbacks, making them vulnerable to various traceability attacks. Moreover, in order to overcome all the reported weaknesses and prevent the presented attacks, we apply some modifications in the structures of the studied protocols and propose an improved version of each one. Our analyses show that the modified protocols are more efficient than their previous versions and new modifications can omit all the existing weaknesses on the analyzed protocols. Finally, we compare the modified protocols with some new-found RFID authentication protocols in the terms of security and privacy.

Note: This is the final version of paper which it published recently. there were some comments and we updated it.

Available format(s)
Publication info
Published elsewhere. Journal of Wireless Personal Communications
RFID authentication protocolsTraceability attacksInternet of thingsEPC C1 G2 standardHash functions
Contact author(s)
abdolmaleki behzad @ yahoo com
2017-05-20: revised
2016-06-24: received
See all versions
Short URL
Creative Commons Attribution


      author = {Behzad Abdolmaleki and Karim Baghery and Shahram Khazaei and Mohammad Reza Aref},
      title = {Game-Based Privacy Analysis of {RFID} Security Schemes for Confident Authentication in {IoT}},
      howpublished = {Cryptology ePrint Archive, Paper 2016/649},
      year = {2016},
      doi = {10.1007/s11277-017-4145-z},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.