A Lightweight Authentication Scheme for RFID with Permutation Operation on Passive Tags

Rapid and ever-increasing Internet of things (IoT) developments have brought about great hopes of improving the quality of human life. Radio-frequency identification (RFID) employed as a backup technology in the IoT is widely used in different aspects of life. Therefore, high priority should be given to security problems and user privacy protection. However, limited computational power and storage resources in passive tags have made the implementation of security measures difficult in RFID. In other words, the design of lightweight authentication protocols for RFID systems is still a major challenge in RFID security. A lightweight authentication protocol has been recently proposed for passive tags by Liu et al. Using specific inverse operations in the IOLAS protocol, they claimed that the lightweight bitwise operations would make this protocol resistant against known and potential attacks in RFID systems. This study aimed to show that the same inverse operations pose the main problem so that this protocol fails to guarantee backward security. It was also indicated that the IOLAS protocol is vulnerable to replay, reader impersonation, tag tracking attacks, and secret disclosure attack. Finally, we improved the IOLAS protocol and proposed the POLAS protocol, which is resistant to the currently known attacks. We analyze the security level of the proposed protocols and prove the security of the proposed design using BAN (Burrows-Abadi-Needham) logic. We also formally confirmed the security of the proposal using the Scyther simulation tool. According to security analysis, we can observe that this protocol have a high level of security. A comparison of the performance of the POLAS protocol shows that this protocol is comparable to similar protocols in terms of computational costs, storage costs, and communication costs.