Document Type : Original Research Paper


1 Department of Computer Engineering, Science and Research Branch, Islamic Azad University, Tehran, Iran

2 Health Management and Economics Research Center, Iran University of Medical Sciences, Tehran, Iran

3 N. Bagheri Electrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran, Iran Postal code: 16788-15811, Tel/fax:+98-21-2297006

4 Iran Telecom Research Center


Background and Objectives: Search protocols are among the main applications of RFID systems. Since a search protocol should be able to locate a certain tag among many tags, not only it should be secure against RFID threats but also it should be affordable.
Methods: In this article, an RFID-based search protocol will be presented. We use an encryption technique that is referred to as authenticated encryption in order to boost the security level, which can provide confidentiality and integrity, simultaneously.
Results: Furthermore, since the proposed protocol belongs to the lightweight protocols category, it is appropriate for applications that require many tags and costs must be low. In terms of the security, the analysis results give a satisfactory security level and it is robust against different RFID threats like replay, traceability and impersonation attacks. Using Ouafi-Phan model, BAN and AVISPA, we also checked the security correctness of the suggested protocol.
Conclusion: In this paper, we presented a scalable lightweight RFID  search protocol. We employed an encryption technique called Authenticated Encryption (A.E.) to improve the security level of the suggested protocol.

©2018 The author(s). This is an open access article distributed under the terms of the Creative Commons Attribution (CC BY 4.0), which permits unrestricted use, distribution, and reproduction in any medium, as long as the original authors and source are cited. No permission is required from the authors or the publishers.


Main Subjects

[1] N. Kumar, K. Kaur, S. C. Misra, R. Iqbal, “An intelligent RFID-enabled authentication scheme for healthcare applications in vehicular mobile cloud,” Peer-to-Peer Networking and Applications, 9(5): 824–840, 2016.

[2] A. Tewari, B. Gupta, “Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags,” The Journal of Supercomputing, 73(3): 1085–1102, 2017.

[3] X. Lin, H. Wang, Y. Kwok, B. Chen, M. Dai, L. Zhang, “Exploiting the prefix information to enhance the performance of FSA-based RFID systems,” Computer Communications, 56: 108–118, 2015.

[4] D. Litian, W. Zizhong, D. Fu, “An identification algorithm in grouping and paralleling for data-intensive RFID systems,” in Proc. International Conference on Big Data Computing and Communications: 337–346, 2015.

[5] Y. C. Lai, L. Y. Hsiao, B. S. Lin, “Optimal slot assignment for binary tracking tree protocol in RFID tag identification,”  IEEE/ACM Transactions on Networking, 23(1): 255–268, 2015.

[6] X. Yan, Y. Liu, B. Li, X. Liu, “A memoryless binary query tree based successive scheme for passive RFID tag collision resolution,” Information Fusion, 22: 26–38, 2015.

[7] C. Jin, C. Xu, X. Zhang, F. Li, “A secure ECC-based RFID mutual authentication protocol to enhance patient medication safety,” Journal of medical systems, 40(1): 1-6, 2016.

[8] H. Niu, E. Taqieddin, S. Jagannathan, “EPC GEN2v2 RFID standard authentication and ownership management protocol,” IEEE Transactions on Mobile Computing, 15(1): 137–149, 2016.

[9] H. Chien, “SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity,” IEEE Transactions on Dependable and Secure Computing, 4(4): 337–340, 2007.

[10] J. Kang, “Lightweight mutual authentication RFID protocol for secure multi-tag simultaneous authentication in ubiquitous environments,” The Journal of Supercomputing, DOI:10.1007/s11227-016-1788-6, 2016.

[11] P. Lopez, J. Castro, J. Estévez-Tapiador, A. Ribagorda, “LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags,” in Proc. Workshop on RFID security: 12–14, 2006.

[12] P. Lopez, J. Castro, J. Tapiador, A. Ribagorda,  “EMAP: An efficient mutual-authentication protocol for low-cost RFID tags,”  in Proc. OTM Confederated International Conferences, OTM 2006 Workshops: 352–361, 2006.

[13] K. Wang, C. Chen, W. Fang, T. Wu, “On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags,” The Journal of Supercomputing, 74(1): 65-70, 2017.

[14] P. Arco and A. Santis, “On ultralight weight RFID authentication protocols,” IEEE Transactions on Dependable and Secure Computing, 8(4): 548–563, 2011.

[15] G. Avoine, X. Carpent, B. Martin, “Strong authentication and strong integrity (SASI) is not that strong,” in Proc. International Workshop on Radio Frequency Identification: Security and Privacy: 50–64, 2010.

[16] K. Fan, N. Ge, Y. Gong, H. Li, R. Su, Y. Yang, “An ultra-lightweight RFID authentication scheme for mobile commerce,” Peer-to-Peer Networking and Applications, 10(2): 368–376, 2016.

[17] D. L. Lin, S. Tsaur, K. Chang, “Lightweight and serverless RFID authentication and search protocol,” in Proc. Second International Conference on Computer and Electrical Engineering: 95–99, 2009.

[18] Q. U. Ain, U. Mujahid, M. Najam-ul-islam, “Hardware implementation of ultralight weight cryptographic protocols,” presented at the 2015 International Conference on Computing, Communication and Security (ICCCS), Pamplemousses, Mauritius, 2015.

[19] Y. Liao, C. Hsiao, “A secure ECC-based RFID authentication scheme integrated with id-verifier transfer protocol,” Ad Hoc Networks, 18: 133-146, 2014.

[20] B. Wang, M. Niset, Y. Ma, H. Nguyen, R. Paul, “Scaling tunneling oxide to 50å in floating-gate logic NVM at 65nm and beyond,” in Proc. 2007 IEEE International Integrated Reliability Workshop Final Report: 48–51, 2007.

[21] Y. Ki Lee, L. Batina, D. Singelée, I. Verbauwhede, “Low-cost untraceable authentication protocols for RFID,” in Proc. of the third ACM conference on Wireless network security: 55–64, 2010.

[22] C. Tan, B. Sheng, Q. Li, “Secure and serverless RFID authentication and search protocols,” IEEE Transactions on Wireless Communications, 7(4): 1400–1407, 2008.

[23] S. Dhal, I. Sengupta, “A new object searching protocol for multi-tag RFID,” Wireless Personal Communications, 97(3): 3547-3568, 2017.

[24] M. Safkhani, P. Peris-Lopez, N. Bagheri, M. Naderi, J. Castro, “On the security of tan et al. serverless RFID authentication and search protocols,” in Proc. International Workshop on Radio Frequency Identification: Security and Privacy Issues: 1–19, 2013.

[25] Z. Kim, J. Kim, K. Kim, I. Choi, T. Shon, “Untraceable and serverless RFID authentication and search protocols,” in Proc. 2011 IEEE Ninth International Symposium on Parallel and Distributed Processing with Applications Workshops: 278–283, 2011.

[26] M. Hoque, F. Rahman, S. Ahamed, J. Park, “Enhancing privacy and security of RFID system with serverless authentication and search protocols in pervasive environments,” Wireless Personal Communications, 55(1): 65–79, 2010.

[27] Y. Zuo, “Secure and private search protocols for RFID systems,” Information Systems Frontiers, 12(5): 507–519, 2010.

[28] X. Yin, W. Li, “LP0: A RFID authentication protocol for low-cost tags without back-end database,” presented at 2012 International Conference on Computer Distributed Control and Intelligent Environmental Monitoring, Hunan, China, 2012.

[29] L. Kulseng, Z. Yu, Y. Wei, Y. Guan, “Lightweight secure search protocols for low-cost RFID systems,” presented at the 2009 29th IEEE International Conference on Distributed Computing Systems, Montreal, Canada, 2009.

[30] C. Lv, H. Li, J. Ma, B. Niu, “Vulnerability analysis of lightweight secure search protocols for low-cost RFID systems,” International Journal of Radio Frequency Identification Technology and Applications, 4(1): 3–12, 2012.

[31] H. Jialiang, X. Youjun, X. Zhiqiang, “Secure and private protocols for server-less RFID systems,” International Journal of Control and Automation, 7(2): 131–142, 2014.

[32] S. Sundaresan, R. Doss, W. Zhou, “A serverless ultra-lightweight secure search protocol for EPC class-1 GEN-2 UHF RFID tags,” in Proc. 2012 International Conference on Computer & Information Science (ICCIS), 2: 580–585, 2012.

[33] H. Yoon, H. Youm, “An anonymous search protocol for RFID systems,” Journal of Convergence Information Technology, 6(8): 44-50, 2011.

[34] T. Won, J. Chun, D. Lee, “Strong authentication protocol for secure RFID tag search without help of central database,” in Proc. 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, 2: 153–158, 2008.

[35] W. Xie, L. Xie, C. Zhang, Q. Wang, J. Xu, Q. Zhang, C. Tang, “RFID seeking: Finding a lost tag rather than only detecting its missing,” Journal of Network and Computer Applications, 42: 135–142, 2014.

[36] S. Jeon, E. Yoon, “An ultra-lightweight RFID seeking protocol for low-cost tags,” Applied Mathematical Sciences, 8(125): 6245–6255, 2014.

[37] C. Mtita, M. Laurent, J. Delort, “Efficient serverless radio-frequency identification mutual authentication and secure tag search protocols with untrusted readers,” IET Information Security, 10(5): 262–271, 2016.

[38] S. Sundaresan, R. Doss, S. Piramuthu, W. Zhou, “Secure tag search in RFID systems using mobile readers,” IEEE Transactions on Dependable and Secure Computing, 12(2): 230–242, 2015.

[39] M. Eslamnezhad Namin, M. Hosseinzadeh, N. Bagheri, A. Khademzadeh, “A secure search protocol for lightweight and low-cost RFID systems,” Telecommunication Systems, 67(4): 539–552, 2018.

[40] S. Sundaresan, R. Doss, S. Piramuthu, W. Zhou, “A secure search protocol for low cost passive RFID tags,” Computer Networks, 122): 70–82, 2017.

[41] L. Bolotnyy, G. Robins, “Physically unclonable function-based security and privacy in RFID systems,” presented at the Fifth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom'07), White Plains, NY, USA, 2007.

[42] C. Mtita, M. Laurent, D. Sauveron, R. Akram, K. Markantonakis, S. Chaumette, “Serverless protocols for inventory and tracking with a UAV,” in Proc. 2017 IEEE/AIAA 36th Digital Avionics Systems Conference (DASC): 1–11, 2017.

[43] Y. Li, J. XIE, Z. MAO, “Secure RFID system based on des encrypt algorithm,” Modern Electronics Technique.

[44] M. Feldhofer, S. Dominikus, J. Wolkerstorfer, “Strong authentication for RFID systems using the AES algorithm,” in Proc. International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2004): 357–370, 2004.

[45] T. Pham, M. Hasan, H. Yu, “A RFID mutual authentication protocol based on AES algorithm,” in Proc. 2012 UKACC International Conference on Control: 997–1002. IEEE, 2012.

[46] R. Doss, W. Zhou, S. Yu, “Secure RFID tag ownership transfer based on quadratic residues,” IEEE Transactions on Information Forensics and Security, 8(2): 390–401, 2013.

[47] Y. Huang, C. Yuan, M. Chen, W. Lin, H. Teng, “Hardware implementation of RFID mutual authentication protocol,” IEEE Transactions on Industrial Electronics, 57(5): 1573–1582, 2010.

[48] L. Batina, J. Guajardo, T. Kerins, N. Mentens, P. Tuyls, I.  Verbauwhede, “An elliptic curve processor suitable for RFID-tags," in Proc. 1st Benelux Workshop on Information and System Security: 1-17, 2006.

[49] A. Juels, S. Weis, “Authenticating pervasive devices with human protocols,” in Proc. Annual International Cryptology Conference: 293–308, 2005.

[50] Y. Ki Lee, K. Sakiyama, L. Batina, I. Verbauwhede, “Elliptic-curve-based security processor for RFID,” IEEE Transactions on Computers, 57(11): 1514–1527, 2008.

[51] P. Urien, S. Piramuthu, “Elliptic curve-based RFID/NFC authentication with temperature sensor input for relay attacks,” Decision Support Systems, 59): 28–36, 2014.

[52] Y. Liao and C. Hsiao, “A secure ECC-based RFID authentication scheme integrated with id-verifier transfer protocol,” Ad Hoc Networks, 18: 133–146, 2014.

[53] M. Feldhofer, C. Rechberger, “A case against currently used hash functions in RFID protocols,” in Proc. In OTM Confederated International Conferences: 372–381, 2006.

[54] M. Bellare, C. Namprempre, “Authenticated encryption: Relations among notions and analysis of the generic composition paradigm,” in Proc. International Conference on the Theory and Application of Cryptology and Information Security: 531–545, 2000.

[55] A. Adomnicai, J. Fournier, L. Masson, “Masking the lightweight authenticated ciphers acorn and ASCON in software,” Cryptography and Information Security in the Balkans.

[56] H. Groß, E. Wenger, C. Dobraunig, and C. Ehrenhöfer, “Suit up!–made-to-measure hardware implementations of ASCON,” in Proc. 2015 Euromicro Conference on Digital System Design: 645–652, 2015.

[57] G. Zhou, H. Michalik, L. Hinsenkamp, “Efficient and high-throughput implementations of AES-GCM on FPGAs,” in Proc. 2007 International Conference on Field-Programmable Technology: 185–192, 2007.

[58] M. Dworkin, “Recommendation for block cipher modes of operation: The CCM mode for authentication and confidentiality,” National Institute of Standards and Technology, U.S. department of commerce, Technical report, 2004.

[59] D. McGrew, J. Viega, “The security and performance of the galois/counter mode (GCM) of operation,” in Proc. International Conference on Cryptology in India: 343–355, 2004.

[60] S. Cogliani, D. Maimuţ, D. Naccache, R. Canto, R. Reyhanitabar, S. Vaudenay, D. Vizár, “OMD: A compression function mode of operation for authenticated encryption,” in Proc. International Conference on Selected Areas in Cryptography: 112–128, 2014.

[61] Y. Niwa, K. Ohashi, K. Minematsu, T. Iwata, “CM security bounds reconsidered,” in Proc. International Workshop on Fast Software Encryption: 385–407, 2015.

[62] P. Rogaway, T. Shrimpton, “A provable-security treatment of the key-wrap problem,” in Proc. Annual International Conference on the Theory and Applications of Cryptographic Techniques: 373–390, 2006.

[63] M. Saarinen, “Cycling attacks on GCM, GHASH and other polynomial macs and hashes,” in Proc. International Workshop on Fast Software Encryption: 216–225, 2012.

[64] S. Neves J. Aumasson, P. Jovanovic, “NORX V2.0,”.

[65] H. Wu, “ACORN: A lightweight authenticated cipher,”.

[66] C. Dobraunig, M. Eichlseder, F. Mendel, M. Schläffer, “ASCON v1. 2,” Submission to the CAESAR Competition.

[67] T. Peyrin, J. Jean, I. Nikolic. 2015, Joltik v1.3, CAESAR Round 2 submission.

[68] J. Guo, T. Peyrin, A. Poschmann, “The photon family of lightweight hash functions,” in Proc. Advances in Cryptology (CRYPTO 2011): 222–239, 2011.

[69] G. Leander, C. Paar, A. Poschmann, K. Schramm, “New lightweight DES variants,” in Proc. International Workshop on Fast Software Encryption: 196–210, 2007.

[70] K. Ouafi, R. Phan, “Privacy of recent RFID authentication protocols,” in Proc. International Conference on Information Security Practice and Experience:  263–277, 2008.

[71] S. Mandal, S. Mohanty, B. Majhi, “Universally verifiable certificateless signcryption scheme for MANET,” in Proc. International Conference on Microelectronics, Computing & Communication Systems: 77–89, 2018.

[72] Y. Boichut, P. Héam, and O. Kouchnarenko, “Automatic approximation for the verification of cryptographic protocols,” in Proc. AVIS, 2004.

[73] D. Basin, S. Mödersheim, L. Vigano, “OFMC: A symbolic model checker for security protocols,” International Journal of Information Security, 4(3): 181–208, 2005.

[74] A. Armando, L. Compagna, “An optimized intruder model for SAT-based model-checking of security protocols,” Electronic Notes in Theoretical Computer Science, 125(1): 91–108, 2005.

[75] M. Turuani, “The CL-ATSE protocol analyzer,” in Proc. International Conference on Rewriting Techniques and Applications: 277–286, 2006.

[76] M. Burrows, M. Abadi, R. M Needham, “A logic of authentication,” in Proc. Royal Society of London A: Mathematical, Physical and Engineering Sciences, 426: 233–271, 1989.

[77] H. Martn, E. Millán, L. Entrena, P. Lopez, J. Castro, “AKARI-x: a pseudorandom number generator for secure lightweight systems,” presented at the 2011 IEEE 17th International On-Line Testing, Athens, Greece, 2011.

[78] S. Sundaresan, R. Doss, S. Piramuthu, W. Zhou, “Secure tag search in RFID systems using mobile readers,” IEEE Transactions on Dependable and Secure Computing, 12(2): 230-242, 2014.

[79] R. Wessel, “Airbus signs contract for high-memory RFID tags,” RFID Journal: 1-2 2010.

[80]  D. Dressen, “Large memory RFID system solutions,” ATMEL Applications Journal: 48–49.

[81] M. Hossain. S. Ahamed, “Towards a simple secured searching protocol for future RFID applications,” presented at the 12th IEEE International Workshop on Future Trends of Distributed Computing Systems, Kunming, China, 2008.

[82] J. Chun, J. Hwang, D. Hoon Lee, “RFID tag search protocol preserving privacy of mobile reader holders,” IEICE Electronics Express, 8(2): 50–56, 2011.



Journal of Electrical and Computer Engineering Innovations (JECEI) welcomes letters to the editor for the post-publication discussions and corrections which allows debate post publication on its site, through the Letters to Editor. Letters pertaining to manuscript published in JECEI should be sent to the editorial office of JECEI within three months of either online publication or before printed publication, except for critiques of original research. Following points are to be considering before sending the letters (comments) to the editor.

[1] Letters that include statements of statistics, facts, research, or theories should include appropriate references, although more than three are discouraged.

[2] Letters that are personal attacks on an author rather than thoughtful criticism of the author’s ideas will not be considered for publication.

[3] Letters can be no more than 300 words in length.

[4] Letter writers should include a statement at the beginning of the letter stating that it is being submitted either for publication or not.

[5] Anonymous letters will not be considered.

[6] Letter writers must include their city and state of residence or work.

[7] Letters will be edited for clarity and length.