Cloud-Based RFID Mutual Authentication Protocol without Leaking Location Privacy to the Cloud

Abstract

With the rapid developments of the IoT (Internet of Things) and the cloud computing, cloud-based RFID systems attract more attention. Users can reduce their cost of deploying and maintaining the RFID system by purchasing cloud services. However, the security threats of cloud-based RFID systems are more serious than those of traditional RFID systems. In cloud-based RFID systems, the connection between the reader and the cloud database is not secure and cloud service provider is not trusted. Therefore, the users have to encrypt their data stored in the cloud database to prevent the leakage of privacy. In addition, the reader’s location privacy should be protected to avoid its leak to the cloud provider. In this paper, a cloud-based RFID mutual authentication protocol without leaking location privacy to the cloud is proposed. It provides real-time mutual authentication between the reader and the tag and protects the reader’s location privacy by introducing the location privacy cloud. Compared with traditional backend-server-based schemes and serverless schemes, the proposed scheme has obvious advantages in deployment cost, scalability, real-time authentication, and the tag’s computational complexity.