Anonymous RFID Authentication for Cloud Services

Abstract

Cloud computing is one of the fastest growingsegments of IT industry since the users’ commitments forinvestment and operations are minimized, and costs are in directrelation to usage and demand. In general, cloud services arerequired to authenticate the user and most of the practical cloudservices do not provide anonymity of the users. Namely, cloudprovider can track the users easily, so privacy and authenticityare two critical aspects of security. Anonymous authenticationis a technique enabling users to prove that they have privilegewithout disclosing real identities. This type of authenticationcan be useful especially in scenarios where it is sufficient toensure the server that the claiming parties are indeed registered.Some motivating applications in the cloud for an anonymousauthentication protocol are E-commerce, E-voting, E-library, Ecashand mobile agent applications.Many existing anonymous authentication protocols assumeabsolute trust to the cloud provider in which all private keysare stored. This trust may result in serious security and privacyissues in case of private key leakage from the cloud provider.In this paper, we propose forward secure anonymous andmutual authentication protocols using RFID technology for cloudservices. These protocols avoid the trustworthiness to the cloudprovider. Meaning that, even if the private keys are obtainedfrom the corrupted tags or from the server owners of these tagscannot be traced from the past authentication actions. In fact,anonymity of the users will still be ensured even the private keysof tags are compromised.

Keywords

• —Anonymity, Authentication, Cloud services, RFID, Threshold cryptosystem

References

1. P. Mell and T. Grance, “The nist definition of cloud computing,” 2011.
2. I. Foster, Y. Zhao, I. Raicu, and S. Lu, “Cloud computing and grid computing 360-Degree compared,” ArXiv e-prints, vol. 901, Dec. 2009. [Online]. Available: http://arxiv.org/abs/0901.0131
3. L. M. Kaufman, “Data security in the world of cloud comput- ing,” IEEE Security and Privacy, vol. 7, pp. 61–64, 2009.
4. Z. Chai, Z. Cao, and R. Lu, “Efficient password-based authen- tication and key exchange scheme preserving user privacy,” in Wireless Algorithms, Systems, and Applications, ser. Lecture Notes in Computer Science, X. Cheng, W. Li, and T. Znati, Eds. 477.
5. K. Finkenzeller, RFID Handbook: Fundamentals and Applica- tions in Contactless Smart Cards and Identification, 2nd ed. New York, NY, USA: John Wiley & Sons, Inc., 2003.
6. L. Batina, J. Guajardo, T. Kerins, N. Mentens, P. Tuyls, and I. Verbauwhede, “Public-Key Cryptography for RFID-Tags,” in International Workshop on Pervasive Computing and Commu- nication Security – PerSec 2007, IEEE. York, USA: IEEE Computer Society, March 2007, pp. 217–222. New York City, New
7. M. McLoone and M. J. B. Robshaw, “Public key cryptography and rfid tags,” in Topics in Cryptology - CT-RSA 2007, The Cryptographers’ Track at the RSA Conference 2007, ser. Lecture Notes in Computer Science, vol. 4377. USA: Springer, 2007, pp. 372–384. San Francisco, CA,
8. Y. Yao, J. Huang, S. Khanna, A. Shelat, B. H. Calhoun, J. Lach, and D. Evans, “A Sub-0.5V Lattice-Based Public-Key Encryption Scheme for RFID Platforms in 130nm CMOS,” in Workshop on RFID Security – RFIDSec Asia’11, ser. Cryptol- ogy and Information Security, vol. 6. Wuxi, China: IOS Press, April 2011, pp. 96–113. [9]G. Avoine, “Rfid security & privacy lounge,” http://www.avoine.net/rfid, 2012.

9. A. Juels, “Rfid security and privacy: A research survey,” Journal of Selected Areas in Communication (J-SAC), vol. 24, no. 2, pp. 381–395, 2006.
10. A. S. T. Melanie R. Rieback and, Bruno Crispo and, “The evolution of rfid security,” IEEE Pervasive Computing, vol. 5, no. 1, pp. 62–69, 2006.
11. H. Li, Y. Dai, L. Tian, and H. Yang, “Identity-Based Au- thentication for Cloud Computing,” in Proceedings of the 1st International Conference on Cloud Computing, ser. CloudCom ’09.
12. Berlin, Heidelberg: Springer-Verlag, 2009, pp. 157–166.
13. R. Chow, M. Jakobsson, R. Masuoka, J. Molina, Y. Niu, E. Shi, and Z. Song, “Authentication in the clouds: a framework and its application to mobile users,” in Proceedings of the 2010 ACM workshop on Cloud computing security workshop, ser. CCSW ’10.
14. New York, NY, USA: ACM, 2010, pp. 1–6.
15. P. K. Tysowski and M. A. Hasan, “Towards Secure Communi- cation for Highly Scalable Mobile Applications in Cloud Com- puting Systems,” Centre for Applied Cryptographic Research, University of Waterloo, Tech. Rep. CACR 2011-33,, 2011.
16. T. S. Heydt-benjamin, H. jin Chae, B. Defend, and K. Fu, “K.: Privacy for public transportation,” in In: Proceedings of Privacy Enhancing Technologies workshop (PET, 2006.
17. E.-O. Blass, A. Kurmus, R. Molva, and T. Strufe, “Psp: private and secure payment with rfid,” in Proceedings of the 8th ACM workshop on Privacy in the electronic society. pp. 51–60. ACM, 2009,
18. P. Bichsel, J. Camenisch, T. Groß, and V. Shoup, “Anonymous credentials on a standard java card,” in Proceedings of the 16th ACM conference on Computer and communications security, ser. CCS ’09.
19. ACM, 2009, pp. 600–610.
20. C. Chatmon, T. van Le, and M. Burmester, “Secure anonymous rfid authentication protocols,” no. Technical Report TR-060112, pp. 1–10, 2006.
21. T. V. Le, M. Burmester, and B. de Medeiros, “Universally com- posable and forward-secure rfid authentication and authenticated key exchange,” in Proceedings of the 2nd ACM symposium on Information, computer and communications security, ser. ASIACCS ’07.
22. ACM, 2007, pp. 242–252.
23. M. Burmester, T. V. Le, B. D. Medeiros, and G. Tsudik, “Universally composable rfid identification and authentication protocols,” ACM Trans. Inf. Syst. Secur., vol. 12, 2009.
24. A. Sadighian and R. Jalili, “Afmap: Anonymous forward-secure mutual authentication protocols for rfid systems,” Emerging Security Information, Systems, and Technologies, The Interna- tional Conference on, SECURWARE’09, pp. 31–36, 2009.
25. M. Burmester, B. de Medeiros, and R. Motta, “Robust, anony- mous rfid authentication with constant key-lookup,” in Proceed- ings of the 2008 ACM symposium on Information, computer and communications security, ser. ASIACCS ’08. USA: ACM, 2008, pp. 283–291. New York, NY,
26. B. Liang, Y. Li, C. Ma, T. Li, and R. Deng, “On the untraceabil- ity of anonymous rfid authentication protocol with constant key- lookup,” in Proceedings of the 5th International Conference on Information Systems Security, ser. ICISS ’09. Springer-Verlag, 2009, pp. 71–85.
27. F. Armknecht, L. Chen, A.-R. Sadeghi, and C. Wachsmann, “Anonymous authentication for rfid systems,” in Workshop on RFID Security (RFIDSec), ser. LNCS, vol. 6370. 2010, pp. 158–175. Springer,
28. Threshold Cryptosystems, ser. Lecture Notes in Computer Sci- ence, vol. 435. Springer, 1990.
29. T. E. Gamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” in Proceedings of CRYPTO 84 on Advances in cryptology. 1985, pp. 10–18.
30. P. Paillier, “Public-key cryptosystems based on composite de- gree residuosity classes,” in Advances in Cryptology - EU- ROCRYPT ’99, International Conference on the Theory and Application of Cryptographic Techniques, ser. Lecture Notes in Computer Science.
31. Springer, 1999, pp. 223–238.