DOI: 10.3390/electronics15132885 ISSN: 2079-9292

A New Authentication Protocol for Serverless RFID in IoT

Chia-Hui Wei, Nan-I Wu, Cheng-Ying Yang, Min-Shiang Hwang

Radio Frequency Identification (RFID) is a fundamental enabling technology for the Internet of Things (IoT), providing automatic identification and data retrieval capabilities for various applications. With the increasing prevalence of ubiquitous and mobile computing, serverless RFID systems have attracted significant attention due to their elimination of the need for continuous connection to a centralized backend database. However, most existing RFID authentication protocols either rely on backend server involvement or are unable to simultaneously withstand denial-of-service (DoS) attacks, tracking attacks, reader intrusion attacks, and desynchronization attacks. To overcome these limitations, this paper proposes a lightweight authentication protocol suitable for serverless RFID environments. This scheme utilizes dynamic key updates, random numbers, and one-way hash functions to achieve bidirectional authentication between RFID tags and portable readers without the need for a backend server during the authentication process. Furthermore, this paper introduces a dual-key synchronization mechanism to maintain consistency between communicating entities and effectively prevent desynchronization attacks caused by message interception, loss, or replay. Security analysis shows that the proposed protocol meets all major RFID security requirements, including resistance to eavesdropping, tag cloning, identity impersonation, tracking, privacy breaches, denial-of-service attacks, reader intrusion attacks, and desynchronization attacks. Compared to typical RFID authentication protocols, this scheme is the only one that can simultaneously support serverless RFID operation and resist DoS attacks and reader intrusion attacks. Furthermore, the protocol requires only lightweight hash calculations and three rounds of communication, significantly reducing communication overhead compared to traditional four-round RFID authentication protocols. Performance analysis shows that the scheme maintains low computational complexity, storage requirements, and communication costs, making it suitable for resource-constrained RFID tags. The results demonstrate that the proposed protocol achieves an effective balance between security, efficiency, and deployment flexibility, making it a practical solution for next-generation serverless RFID applications in the IoT environment.

More from our Archive