Three Party Authentication Scheme for RFID Systems in IoT
Soothar, Virlla Devi
MetadataShow full item record
Radio Frequency Identification (RFID) systems have become a significant part of Internet of Things(IoT) ever since its emergence. RFID systems have been used for identifying objects, tracking assets and remote monitoring in various application areas of IoT such as healthcare, automated homes, and smart retail management. Before being deployed in IoT, traditional RFID systems were mainly used in supply chain management where the RFID reader and server had a secure connection. Hence the reader was always considered legitimate and there was no need of authentication between the reader and server. However, in IoT, the RFID reader can be any mobile device like a cell phone or a smart object which do not necessarily have a secure connection with the server. The primary objective of this thesis is to introduce a three-party authentication scheme in which the reader and server authenticate each other followed by the mutual authentication between the tag and server via the reader. For achieving this goal, we have used a lightweight hash function and a binary tree traversal based key derivation approach. We have also considered basic security goals for RFID systems in IoT in general. We have evaluated security of our authentication scheme using protocol analyzing tool ‘Scyther’ and randomness of our key generation scheme is tested on Statistical Test Suite(STS) by National Institute of Standards and Technology(NIST). Our test results illustrate that the proposed authentication scheme is secure and keys generated are random.