RFID Authentication Against an Unsecure Backend Server
It addresses a critical security gap for RFID systems in real-world scenarios where backend servers are vulnerable, compromised, or malicious, enabling safer deployment in cloud-based environments.
The paper tackles the problem of RFID authentication when the backend server is insecure, proposing a scheme that defends against privacy revealing to the server and provides mutual authentication in three frontend steps.
This paper address a new problem in RFID authentication research for the first time. That is, existing RFID authentication schemes generally assume that the backend server is absolutely secure, however, this assumption is rarely tenable in practical conditions. It disables existing RFID authentication protocols from being safely applied to a reallife scenario in which the backend server is actually vulnerable, compromised or even malicious itself. We propose an RFID authentication scheme against an unsecure backend server. It is based on hash chain, searching over encrypted data, and coprivacy, defending against the privacy revealing to the backend server. The proposed scheme is scalable, resistant to desynchronization attacks, and provides mutual authentication in only three frontend communication steps. Moreover, it is the first scheme meeting the special security and privacy requirement for a cloud-based RFID authentication scenario in which the backend server is untrustworthy to readers held by cloud clients.