Cryptology ePrint Archive: Report 2021/144

\(\chi\)perbp: a Cloud-based Lightweight Mutual Authentication Protocol

Morteza Adeli and Nasour Bagheri and Sadegh Sadeghi and Saru Kumari

Abstract: Alongside the development of cloud computing and Internet of Things(IoT), cloud-based RFID is receiving more attention nowadays. Cloud-based RFID system is specifically developed to providing real-time data that can be fed to the cloud for easy access and instant data interpretation. Security and privacy of constrained devices in these systems is a challenging issue for many applications. To deal with this problem, we propose \(\chi\)perbp, a lightweight authentication protocol based on \(\chi\)per component. \(\chi\)per is a hardware/software friendly component that can be implemented using bit-wise operations. To evaluate the performance efficiency of our proposed scheme, we implement the \(\chi\)perbp scheme on a FPGA module Xilinx Kintex-7 using the hardware description language VHDL. Our security and cost analysis of the proposed protocol shows that the proposed protocol provides desired security against various attacks, in a reasonable cost. Also, formal security evaluation using BAN logic and Scyther tool indicates its security correctness. Besides, we analyse the security of a related protocol which has been recently proposed by Fan \textit{et al.} It is a cloud-based lightweight mutual authentication protocol for RFID devices in an IoT system. Although they have claimed security against active and passive adversaries, however, our detailed security analysis in this paper demonstrates major drawbacks of this protocol. More precisely, the proposed attack disclose the tag's secrets efficiently. Given the tag's secrets, any other attack will be trivial.

Category / Keywords: cryptographic protocols / IoT; Authentication; Security analysis; Desynchronization Attack; Tag Impersonation Attack; Reader Impersonation Attack

Date: received 10 Feb 2021

Contact author: na bagheri at gmail com,m adeli@sru ac ir,s sadeghi khu@gmail com,Saryusiirohi@gmail com

Available format(s): PDF | BibTeX Citation

Version: 20210212:073357 (All versions of this report)

Short URL: ia.cr/2021/144


[ Cryptology ePrint archive ]