Skip to main content

Advertisement

SpringerLink
Log in

A Secure RFID Authentication Protocol for Healthcare Environments Using Elliptic Curve Cryptosystem

  • Systems-Level Quality Improvement
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

With the fast advancement of the wireless communication technology and the widespread use of medical systems, the radio frequency identification (RFID) technology has been widely used in healthcare environments. As the first important protocol for ensuring secure communication in healthcare environment, the RFID authentication protocols derive more and more attentions. Most of RFID authentication protocols are based on hash function or symmetric cryptography. To get more security properties, elliptic curve cryptosystem (ECC) has been used in the design of RFID authentication protocol. Recently, Liao and Hsiao proposed a new RFID authentication protocol using ECC and claimed their protocol could withstand various attacks. In this paper, we will show that their protocol suffers from the key compromise problem, i.e. an adversary could get the private key stored in the tag. To enhance the security, we propose a new RFID authentication protocol using ECC. Detailed analysis shows the proposed protocol not only could overcome weaknesses in Liao and Hsiao’s protocol but also has the same performance. Therefore, it is more suitable for healthcare environments.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Juels, A., RFID security and privacy: a research survey. IEEE J. Sel Areas Commun 24:381–394, 2006.

    Article  Google Scholar 

  2. Wang, S. W., Chen, W. H., Ong, C. S., Liu, L., and Chuang, Y. W., RFID application in hospitals: a case study on a demonstration RFID project in a Taiwan hospital. In: Hawaii International Conference on System Sciences. IEEE, pp. 184–194, 2006.

  3. Najera, P., Lopez, J., and Roman, R., Real-time location and inpatient care systems based on passive RFID. J. Netw. Comput. Appl. 34(3):980–989, 2011.

    Article  Google Scholar 

  4. Hung, Y. K., The study of adopting RFID technology in medical institute with the perspectives of cost benefit. International Medical Informatics Symposium in Taiwan, Taiwan, 2007.

    Google Scholar 

  5. Katz, J. E., and Rice, R. E., Public views of mobile medical devices and services: A US national survey of consumer sentiments towards RFID healthcare technology. Int. J. Med. Inform. 78(2):104–114, 2009.

    Article  Google Scholar 

  6. Leu, J. G., The benefit analysis of RFID use in the health management center—the experience in Shin Kong Wu Ho-Su Memorial Hospital: National Taiwan University, 2010.

  7. Yu, C., Chen, C., Liao, P., and Lee, Y., RFID-based operation room and medicare system for patient safety enhancement—a case study of keelung branch. J. Inf. Manag. 15:97–122, 2008.

    Google Scholar 

  8. Juels, A., Rivest, R. L., and Szudlo, M., The blocker tag: selective blocking of rfid tags for consumer privacy. The 8th ACM Conference on Computer and Communications Security, 103–111, 2003.

  9. Weis, S. A., Sarma, S. E., Rivest, R. L., and Engles, D. W., Security and privacy aspects of low-cost radio frequency identification systems. Security in Pervasive Computing - SPC 2003, Springer-Verlag. 2802:201–212, 2003.

  10. Okhubo, M., Suzuki, K., and Kinoshita, S., Cryptographic approach to privacy friendly tags. RFID Privacy Workshop, 2003.

  11. Henrici, D., and Muller, P., Hash based enhancement of location privacy for radio frequency identification devices using varying identifiers. International Workshop on Pervasive Computing and Communication Security—PerSec 2004, IEEE Computer Society, 149–153, 2004.

  12. Lim, C., and Kwon, T., Strong and robust rfid authentication enabling perfect ownership transfer. Information and Communications Security, Lecture Notes in Computer Science, Springer, 4307:1–20, 2006.

  13. Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., and Ribagorda, A., EMAP, an efficient mutual authentication protocol for low cost rfid tags. In: Proc. of IS’06: Springer Verlag. 4277:352–361, 2006.

  14. Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., and Ribagorda, A. LMAP: a real lightweight authentication protocol for low cost rfid tags. In Hand of Workshop on RFID and Lightweight Crypto, 2006.

  15. Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., and Ribagorda, A., M2AP, A minimalist mutual authentication protocol for low cost rfid tags. In: Proc. of UIC’06: Springer Verlag. 4159:912–923, 2006.

  16. Chien, H. Y., SAS1: A new ultralightweight rfid authentication protocol providing strong authentication and strong integrity. IEEE Trans. Dependable Secure Comput. 4(4):337–340, 2007.

    Article  Google Scholar 

  17. Juels, A., “yoking proofs” for rfid tags. First International Workshop on Pervasive Computing and Communication Security, IEEE Computer Society, 138–143, 2004.

  18. Sandlin, D., Surgichip—new technology for prevensions of wrong site, wrong procedure, wrong person surgery. J. Perianesth Nurs. 20(2):144–146, 2005.

    Article  Google Scholar 

  19. Wu, F., Kuo, F., and Liu, L. W., The application of rfid on drug safety of inpatient nursing healthcare. ICEC’05 Proceedings of the 7th international conference on Electronic commerce, 85–92, 2005.

  20. Sun, P. R., Wang, B. H., and Wu, F., A new method to guard inpatient medication safety by the implementation of rfid. J. Med. Syst. 32(4):327–332, 2008.

    Article  MathSciNet  Google Scholar 

  21. Lo, N. W., and Yeh, K. H., Anonymous coexistence proofs for rfid tags. J. Inf. Sci. Eng. 26(4):1213–1230, 2010.

    Google Scholar 

  22. Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., and Ribagorda, A., LMAP: a real lightweight authentication protocol for low cost rfid tags. In: Hand of Workshop on RFID and Lightweight Crypto, 2006.

  23. Chen, Y., Chou, J. S., and Sun, H. M., A novel mutual authentication scheme based on quadratic residues for RFID systems. Comput. Netw. 52(12):2373–2380, 2008.

    Article  MATH  Google Scholar 

  24. Yeh, T. C., Wu, C. H., and Tseng, Y. M., Improvement of the RFID authentication scheme based on quadratic residues. Comput. Commun. 34(3):337–341, 2011.

    Article  Google Scholar 

  25. Doss, R., Sundaresan, S., and Zhou, W., A practical quadratic residues based scheme for authentication and privacy in mobile RFID systems. Ad Hoc Netw. 11(1):383–396, 2013.

    Article  Google Scholar 

  26. Tuyls, P., and Batina, L., RFID-tags for anti-counterfeiting. Lect. Notes Comput. Sci 3860:115–131, 2006.

    Article  MathSciNet  Google Scholar 

  27. Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., and Verbauwhede, I., Public-key cryptography for RFID-tags. In: Fifth IEEE International Conference on Pervasive Computing and Communications Workshops, pp. 217–222, 2007.

  28. Lee, Y. K., Batina, L., and Verbauwhede, I., EC-RAC (ECDLP Based Randomized Access Control): Provably Secure RFID Authentication Protocol, IEEE International Conference on RFID, pp. 97–104, 2008.

  29. Bringer, J., Chabanne, H., and Icart, T., Cryptanalysis of EC-RAC, a RFID identification protocol. In: International Conference on Cryptology and Network Security—CANS’08, Lecture Notes in Computer Science: Springer-Verlag, 2008.

  30. Liao, Y. P., and Hsiao, C. M., A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol, Ad Hoc Networks, 2013. doi:10.1016/j.adhoc.2013.02.004.

    Google Scholar 

  31. He, D., Chen, J., and Zhang, R., A More Secure Authentication Scheme for Telecare Medicine Information Systems. J. Med. Syst. 36(3):1989–1995, 2012.

    Article  Google Scholar 

  32. He, D., Chen, Y., and Chen, J., Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dyn. 69(3):1149–1157, 2012.

    Article  MATH  MathSciNet  Google Scholar 

  33. Hao, X., Wang, J., Yang, Q., Yan, X., and Li, P., A chaotic map-based authentication scheme for telecare medicine information systems. doi: 10.1007/s10916-012-9919-y, 2013.

  34. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3833–3838, 2012.

    Article  Google Scholar 

  35. Zhao, Z., An efficient anonymous authentication scheme for wireless body area networks using elliptic curve cryptosystem. J. Med. Syst. 38(2):13, 2014.

    Article  Google Scholar 

Download references

Acknowledgments

The authors thank Prof. Jesse Ehrenfeld and anonymous reviewers for their valuable comments. This study was supported by the International S&T Cooperation Program from the Ministry of Science and Technology of China (No. 2012DFA91530), the “Twelfth 5-year-plan” Support Plan Projects (No. 2011BAD25B01), the introduction of high-level Talents Foundation of North China University of Water Resources and Electric Power (No. NCWU201248) and the Key Technique Program of the Education Department of Henan Province (13A570704).

Conflict of interest

The author declares that he has no conflict of interest.

Author information

Authors and Affiliations

  1. School of Water Conservancy, North China University of Water Resources and Electric Power, Zhengzhou, China

    Zhenguo Zhao

Authors
  1. Zhenguo Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhenguo Zhao.

Additional information

This article is part of the Topical Collection on Systems-Level Quality Improvement

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhao, Z. A Secure RFID Authentication Protocol for Healthcare Environments Using Elliptic Curve Cryptosystem. J Med Syst 38, 46 (2014). https://doi.org/10.1007/s10916-014-0046-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-014-0046-9

Keywords

Search

Navigation