Cloud-based rFID Authentication Wei Xie'Lei Xie2,Chen Zhang Quan Zhang',Chaojing Tang School of Electronic Science and Engineering,National University of Defense Technology,Changsha,China State Key Laboratory for Novel Software Technology,Nanjing University,Nanjing,China xiewei@nudt.edu.cn,Ixie@nju.edu.cn,zhan9chen@hotmail.com,(quanzhang,cjtang)@nudt.edu.cn Abstract-Along with the development of cloud computing, privacy-revealing of reader holders.To the best of our cloud-based RFID is receiving more and more attentions of knowledge,there is only one work,which is a server-less researchers and engineers.However,there is no research in searching protocol,specially designed to preserve privacy of which cloud computing is applied to RFID authentication mobile reader holders [5].There are,however,three shortages schemes.Most current works lay emphasis on functionalities, of the work.(1)Symmetric encryption,which is expensive to a lacking considerations about security and privacy.Classical passive tag's limited resource,is required.(2)No server-less RFID authentication schemes fail to meet the special security and privacy requirements of cloud-based RFID.The basic postulates authentication protocol is proposed besides the searching protocol.(3)A specially-structured AL is used,making the of traditional backend-sever-based RFID authentication,i.e. secure backend channel and entirely trustworthy database,are method inapplicable to enhance other server-less protocols. no longer natively tenable in cloud-based RFID scenarios.In this Along with the development of cloud computing,cloud- paper,a virtual private network agency is suggested to build based RFID becomes a new promising architecture [7-14]. secure backend channels and to provide readers with anonymous Data storage and processing is moved from the backend server access to the cloud.The cloud database is structured as an to a cloud offering pervasive RFID services.It is accessible encrypted hash table.The first cloud-based RFID authentication using fixed or mobile readers over the internet whenever and protocol preserving tag/reader privacy to database keepers is wherever needed.There are three advantages of the cloud- proposed.Comparing with classical schemes,the proposed based architecture.(1)A verifier with a cloud account is scheme has advantages in deployment cost saving,pervasiveness enabled to authenticate its tagged objects using any reader of authentication,scalability of O(1)complexity to verify a tag, mobile reader holders'privacy preserving,and database security. device whenever and wherever the pervasive and customized RFID service is accessible.(2)The pay-on-demand resource Keywords-RFID;cloud computing;authentication deployment greatly fits the needs of medium and small size enterprises.(3)The cloud is more robust than the backend I.INTRODUCTION server to serve large-scale applications due to resource RFID (Radio Frequency Identification)is a wireless sufficiency. technology using radio signals to identify tagged objects Present works addressed on cloud-based RFID are automatically and remotely.It has been widely used in supply insufficient in three aspects.(1)Most current works are chain management,inventory control,contactless credit card, focused on functionalities,lacking of considerations about and so on. security and privacy.(2)There is no research in which cloud RFID authentication is a primary approach to secure an computing is applied to RFID authentication.(3)There is no RFID system and make it privacy-friendly.Identifying a tag research in which classical RFID schemes are enhanced to without authenticating it causes serious security issues. meet the special security and privacy requirements of cloud- Attackers may intercept,manipulate,replay messages from the based systems [15].For instance,the backend server is truly tag to pretend to hold the tagged object (like an ID smartcard). trusted by readers in traditional RFID schemes.Secrets of tags are stored on the backend server without any encryption;and There is an extensive literature addressed RFID the backend server is knowledgeable about from which reader authentication schemes (see e.g.[1],[2]).Most of them are and to which tag a session is started.This is unacceptable in a backend-server-based,in which architecture a reader relays cloud-based application,because the cloud provider is rarely signals from tags to a backend server;and the backend server completely-trusted by its clients who use the cloud service.In helps the reader to verify tags according to the backend other words,reader holders and tag owners need to utilize the database.A basic assumption of the architecture is a reliable cloud robustness without losing access anonymity or data and always accessible connection between the reader and the privacy.None of current RFID authentication protocols meets backend server,which limits the reader's mobility. the requirements of cloud-based RFID applications. Server-less is another RFID architecture,which is designed The main contributions of this paper include:(1)Cloud to identify and verify tags using offline mobile readers [3-6]. computing is first applied to RFID authentication scenarios,the The simple idea of offline authentication is to download an AL first cloud-based RFID authentication scheme is proposed.It (Access List)from a CA(Certification Agency)into an mobile inherits pay-on-demand resource deployment,great scalability reader.So the reader is enabled to offline authenticate tags and pervasively-accessibility from cloud computing,without anywhere according to the AL without helps of a backend lacking considerations to protect security and to preserve server.A common weakness in server-less protocols isCloud-based RFID Authentication Wei Xie1 , Lei Xie2 , Chen Zhang1 , Quan Zhang1 , Chaojing Tang1 1 School of Electronic Science and Engineering, National University of Defense Technology, Changsha, China 2 State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing, China xiewei@nudt.edu.cn, lxie@nju.edu.cn, zhan9chen@hotmail.com, {quanzhang, cjtang}@nudt.edu.cn Abstract—Along with the development of cloud computing, cloud-based RFID is receiving more and more attentions of researchers and engineers. However, there is no research in which cloud computing is applied to RFID authentication schemes. Most current works lay emphasis on functionalities, lacking considerations about security and privacy. Classical RFID authentication schemes fail to meet the special security and privacy requirements of cloud-based RFID. The basic postulates of traditional backend-sever-based RFID authentication, i.e. secure backend channel and entirely trustworthy database, are no longer natively tenable in cloud-based RFID scenarios. In this paper, a virtual private network agency is suggested to build secure backend channels and to provide readers with anonymous access to the cloud. The cloud database is structured as an encrypted hash table. The first cloud-based RFID authentication protocol preserving tag/reader privacy to database keepers is proposed. Comparing with classical schemes, the proposed scheme has advantages in deployment cost saving, pervasiveness of authentication, scalability of O(1) complexity to verify a tag, mobile reader holders’ privacy preserving, and database security. Keywords—RFID; cloud computing; authentication I. INTRODUCTION RFID (Radio Frequency Identification) is a wireless technology using radio signals to identify tagged objects automatically and remotely. It has been widely used in supply chain management, inventory control, contactless credit card, and so on. RFID authentication is a primary approach to secure an RFID system and make it privacy-friendly. Identifying a tag without authenticating it causes serious security issues. Attackers may intercept, manipulate, replay messages from the tag to pretend to hold the tagged object (like an ID smartcard). There is an extensive literature addressed RFID authentication schemes (see e.g. [1], [2]). Most of them are backend-server-based, in which architecture a reader relays signals from tags to a backend server; and the backend server helps the reader to verify tags according to the backend database. A basic assumption of the architecture is a reliable and always accessible connection between the reader and the backend server, which limits the reader’s mobility. Server-less is another RFID architecture, which is designed to identify and verify tags using offline mobile readers [3-6]. The simple idea of offline authentication is to download an AL (Access List) from a CA (Certification Agency) into an mobile reader. So the reader is enabled to offline authenticate tags anywhere according to the AL without helps of a backend server. A common weakness in server-less protocols is privacy-revealing of reader holders. To the best of our knowledge, there is only one work, which is a server-less searching protocol, specially designed to preserve privacy of mobile reader holders [5]. There are, however, three shortages of the work. (1) Symmetric encryption, which is expensive to a passive tag's limited resource, is required. (2) No server-less authentication protocol is proposed besides the searching protocol. (3) A specially-structured AL is used, making the method inapplicable to enhance other server-less protocols. Along with the development of cloud computing, cloud￾based RFID becomes a new promising architecture [7-14]. Data storage and processing is moved from the backend server to a cloud offering pervasive RFID services. It is accessible using fixed or mobile readers over the internet whenever and wherever needed. There are three advantages of the cloud￾based architecture. (1) A verifier with a cloud account is enabled to authenticate its tagged objects using any reader device whenever and wherever the pervasive and customized RFID service is accessible. (2) The pay-on-demand resource deployment greatly fits the needs of medium and small size enterprises. (3) The cloud is more robust than the backend server to serve large-scale applications due to resource sufficiency. Present works addressed on cloud-based RFID are insufficient in three aspects. (1) Most current works are focused on functionalities, lacking of considerations about security and privacy. (2) There is no research in which cloud computing is applied to RFID authentication. (3) There is no research in which classical RFID schemes are enhanced to meet the special security and privacy requirements of cloud￾based systems [15]. For instance, the backend server is truly trusted by readers in traditional RFID schemes. Secrets of tags are stored on the backend server without any encryption; and the backend server is knowledgeable about from which reader and to which tag a session is started. This is unacceptable in a cloud-based application, because the cloud provider is rarely completely-trusted by its clients who use the cloud service. In other words, reader holders and tag owners need to utilize the cloud robustness without losing access anonymity or data privacy. None of current RFID authentication protocols meets the requirements of cloud-based RFID applications. The main contributions of this paper include: (1) Cloud computing is first applied to RFID authentication scenarios, the first cloud-based RFID authentication scheme is proposed. It inherits pay-on-demand resource deployment, great scalability and pervasively-accessibility from cloud computing, without lacking considerations to protect security and to preserve