ReSOTS: RFID/IoT-enabled Secure Object Tracking Key Exchange for Trustworthy Smart Logistics

doi:10.21203/rs.3.rs-2367457/v1

Download PDF

Research Article

ReSOTS: RFID/IoT-enabled Secure Object Tracking Key Exchange for Trustworthy Smart Logistics

https://doi.org/10.21203/rs.3.rs-2367457/v1

This work is licensed under a CC BY 4.0 License

Journal Publication

published 24 Oct, 2024

Read the published version in Wireless Personal Communications →

You are reading this latest preprint version

Smart logistics is acknowledged as a key propellant for rapid industrialization and economic development of the nations. It not only helps to foster the cost-effective services to the end user but also brings transparency in the whole supply chain management process by creating a communicative ecosystem involving IoT, RFID and other Information Communication Technology (ICT)-enabled objects. Realizing the notion of smart logistics involves the real time communication and tracking through 5G-enabled Internet of Things (IoT) and interconnected devices. However, mere technological innovations are not enough, until all supply chain-based intermediaries are secure and trustworthy. Moreover, the smart devices exchanging bulk of data are power deficient devices requiring energy efficient communication techniques. For this reason the underlying protocol authenticating the supply chain intermediaries must not only be secure but also computationally efficient. Many authenticated key agreement solutions can be witnessed lately, however with many limitations. Considering these limitations we propose a novel RFID/IoT-enabled secure symmetric key-based authentication protocol (ReSOTS) for tracking the objects in smart logistics-based ecosystem, thereby greatly reducing the computational overheads with adequate security. The scheme is formally analyzed and validated under RoR-based random oracle model. The performance results indicate promising results for the contributed scheme over the comparative studies.

Smart logistics

RFID

authentication

object tracking

security

The definition of smart logistics is broadly divergent due to varying outlooks and divided opinions thus far. Nevertheless, smart logistics may refer to well planned and unconventionally managed system of an assortment of logistics operations such as ware-housing, transportation, and customer service. Smart logistics serves as an effective paradigm for meeting the challenges of up-to-date business models as well as ever-changing consumer demands [1]. In the wake of (Information Communication Technology) ICT-oriented industrial 4.0 revolution, the global logistics operations tend to evolve at a frantic pace. The IoT-enabled RFID devices aid the logistics operations through enhancing real-time object tracking and status collection. The notion of smart logistics is to transport the finished product to the right shipper at proper time, favorable price as well as quantity and in appropriate condition. The logistics entail all procedures that start from manufacturing phase and end in the final delivery of goods to the ultimate consumer. There are so many incumbent technologies such as blockchain, cloud, IoT, sensors, RFID including many ICT gadgets that may revolutionize the patterns of logistics [2]. The blend of these technologies can profoundly assist in tracking the inventory objects. However, these incumbent technologies involve many challenges that must be overcome to ensure the selection of best transportation route for the delivery of product, avoid damage of goods, and restore complete customer satisfaction. Those challenges may span lack of end-to-end visibility, lack of efficiency and transparency, lacking security, trust or privacy, lack of appropriate authentication among various stakeholders [3].

The logistics-based procedures involve the exchange of secret information of consumer including personal details such as name, phone and bank account etc. The product information is also exchanged among various logistics stakeholders such as customer, supplier, manufacturer, transporter etc. This may create serious privacy and security concerns since the private information of customer is exchanged across many stakeholders in the whole chain of logistics. The system may face unwanted attempts of illegal access on the part of bad actors. A robust security system could thwart those malicious attempts by ensuring the data integrity through authenticated access, reinforcing the customer satisfaction. The induction of new technologies such as IoT, RFID and many other ICT devices may involve many security risks if not protected with robust underlying communication protocols [4]. On the other hand, there are many low end devices that emphasize on the design of lightweight protocols with less computation. Thus there is a higher need to come up with lightweight authentication protocols for reliable tracking of objects in transit.

Recently, a few authentication protocols for IoT-oriented industrial applications and smart logistics can be witnessed [5–12]. Li et al. [5] presented an authentication protocol for industrial IoT gadgets based on elliptic curve cryptography (ECC). However, it was costly for employing computation-intensive ECC operations. Then, Wazid et al. [6] designed a key exchange protocol in relation to IoT systems; however, this scheme was prone to many threats including forgery attacks [7]. Afterwards, Li et al. [7] presented another privacy-preserving data aggregation technique for mobile edge computing–based IoT applications. Nevertheless, the protocol was vulnerable to man-in-the-middle (MiDM) and forgery attacks. Then, Sidorov et al. [8] demonstrated a lightweight RFID oriented key exchange protocol for smart logistics. Meanwhile, Xie et al. [9] suggested a RFID authenticated key agreement for patient healthcare system. Later, Anandhi et al. [10] designed another key agreement scheme for RFID to trace an object based on cloud computing, however it had many performance-based schemes. Next, Fan et al. [11] presented an ultra-lightweight RFID authentication scheme for mobile commerce. Onwards, Sergi et al. [12] designed a secure authenticated key exchange technique for IoT-based smart logistics system. Then, Zhang et al. [13] put forward a novel lightweight authentication model from drones environment, nevertheless the presented model could not support forward secrecy for the engaged participants. We observe that there are quite less security protocols that could reliably authenticate various entities participating in RFID based logistics environment. In order to counter the discussed security loopholes, we propose a new RFID-based secure object tracking framework in this scheme. The salient contribution points of the proposed work are given as under:

We propose a novel logistics framework for tracking the real-time status of the objects in transport, by the customer.
The proposed authentication scheme commits for generating a mutually established session key between user and the particular tag with the assistance of controlling server.
The demonstrated scheme achieves perfect forward secrecy and resists all known attacks using lightweight symmetric key encryption.
The contributed model is duly analyzed under rigorous formal security analysis, i.e. Real-or-Random oracle model.

The paper is organized as per the following scheme: The related work on previous authentication protocols is described in Section 2. Section 3 deals with the system model of the contributed scheme (ReSOTS). Section 4 demonstrates the proposed methodology for ReSOTS. Section 5 illustrates the formal and informal security analysis. Section 6 presents the performance evaluation analysis of various state-of-the-art schemes. The last section concludes the presented scheme.

Fan et al. [11] devised a new lightweight RFID-based authenticated key agreement (AKA) protocol for dealing with the security loophole of mobile commerce and logistics. Nonetheless, Fan et al. [11] becomes susceptible to forgery threats initiated on RFID reader and corresponding tags. Also it could not provide mutual authentication to database server and the related reader. Afterwards, Lv et al. [14] presented a secure authentication protocol for RFID-oriented IoT systems with improved cache performance. However this scheme [14] was prone to Denial-of-Service (DoS) threat as the tag needs to essentially respond with proven authenticity of the reader. Thereafter, scheme [15] launches designed another enhanced protocol; however, it had few drawbacks regarding high computational cost since it employs ECC operations which might be heavy operations for low end sensor nodes or tags. Then, Kalra & sood [17] presented another AKA scheme for IoT and cloud servers, though it could not ensure privacy for the device as the device may reveal its contents including its identity. Moreover, the session key did not contain any function of short term random nonce which may let any malicious entity misrepresent on the behalf of server, and initiate DoS attack. Later on, we can witness many object tracking RFID security-based schemes. In [18], Ray et al. designed an enhanced object tracking scheme through AKA between the participants. In this scheme few significant credentials of object owner is stored in the tag which may be utilized for tracking the entities in the supply chain. Practically it is hard to define an absolute path for transported vehicles or objects in transit, yet the engaged partners contributing in the transportation may be settled or defined. Thus it is a noticeable drawback in [18] to bring customization in the procedures of supply chain delivery system. In [19], Ray et al. improved its own scheme yet that scheme rely on established secure communication path among the stakeholders, whereas the scheme bounds that RFID tag must be aware of its partners in advance before the session initiation. Thus this protocol was not scalable in various scenarios, and also carries high operational computations of the tag. The Kibria et al. [20] designed camera-based application for tracking moving objects in IoT-enabled environment with the help of semantic ontology. Likewise, Wu et al. [21] relied on multimedia data for tracking the objects. Nonetheless, both of these schemes [20–21] ignored the real time factors including orientation, pressure or temperature of any entity. In addition these schemes did not consider the element of security for tracking those objects. Yang et al. [22] presented a security solution with the combination of hardware and software for verification of the authenticity of RFID-based IoT nodes. The tags are embedded with a memory module to write the sensor readings. The scheme utilizes symmetric encryption prior to forwarding the sensed data towards RFID reader. Nonetheless, this scheme does not support online tracking. Kim et al. [23] presented another object tracking algorithm with the help of LoRa architecture which aids and enhance IoT-oriented communication. Meanwhile, Tian et al. came with an ultra-lightweight AKA protocol for an RFID system employing the permutation-based functions including XOR and left-rotation operations [24]. The scheme was secure against tango, disclosure, de-synchronization and replay threats. Nevertheless, afterwards Ahmadian et al. [25] demonstrated that Tian et al. does support untraceability for the user, and is also vulnerable to de-synchronization threat. Later, Zheng et al. [26] designed an improved model of [10] to ensure untraceability for the user along the protection against de-synchronization threat. However Zheng et al. could not ensure mutual authenticity to the involved participants. Lately, few IoT and sensor-based authentication schemes [27]-[29] are presented, however suffer from issues such as lacking anonymity and forward secrecy compliance. Also these schemes suffer from forgery attacks. Thereafter, RFID-based authentication schemes [30]-[35] were presented. However most of these schemes were prone to anonymity failure, lacking mutual authentication, and device impersonation threats.

In the contributed system, the transported entities are embedded with RFID-enabled tags bearing sensors that sense the current status of that device and forward to the concerned gateways. These sensors could capture the details regarding orientation, location, temperature etc. of any environment, and store in the tag’s memory. An RFID reader in the vehicle collects information from the tag and sends towards cloud server which may store and further process that information. The user/owner could track and monitor the real-time status of the object once it is authenticated from cloud or controlling server. We may visualize the tracking of objects in two ways: 1) The user initiates the key exchange protocol when it wants to check the status and positioning of the transported entity. 2) An event driven paradigm may be followed with the protocol initiation by the RFID reader, if the transported object becomes lost or de-synchronized with its owner out of some contingency. This approach may be employed to meet the objectives of forensics. We adopt the former use case to track the objects in protocol. We did not witness any reliable security framework to model the former use case. This serves as the motivation to design an IoT/RFID enabled authentication scheme for logistics/supply chain management.

Next we delineate few key requisites for online tracking of entities as given below: The objects in transit must be exclusively identifiable. The collected information out of sensors requires to be submitted to appropriate server for processing. The critical objects may require frequent monitoring. The authenticity of interacting members needs to be validated prior to communication. The sensitive data in the RFID tag may be averted from forgery from possible security measures. The privacy of the members such as tag, reader and user needs to be preserved. The contributed protocol also complies with the privacy requirement for each stakeholder in the system. The Fig. 1 depicts the flow of tracking the entities using IoT-enabled RFID system. The information for the interacting entities in the logistics protocol is given as under:

The transported object is embedded with the tag which is further linked with several sensors that may collect the data in prior to storing in the memory of tag.

The RFID reader installed in the automobile scans the data as stored in the tag and sends to Controlling cloud server (CS).

The CS stores the data received from user, reader, tag or sensor.

Ultimately, the application may approach the stored data on the CS for either tracking the associated objects or further processing on its end.

Table I. Notations with illustrations

Notations	Illustration
U_i, R_m, T_j:	i^th User, m^th RFID reader, j^th RFID-based tag
CS :	Controlling Server
K_c:	CS master secret key
ID_i, PW_i, BIO_i	Identity, password and biometric value of U_i
IDT_j	Identity of j^th tag
k_cr / k_rt	Shared keys between R_m and CS/ R_m and T_j, respectively
r₁, r₂, r₃	Ephemeral random secrets
$GEN(.)/REP(.)$:	Fuzzy Extractor-based Generation and Reproduction
$\mathbb{I}$:	Malicious intruder/Adversary
T₁-T₄, 𝛥T	Timestamps, Permissible threshold for time delay
E_k(.)/ D_k(.):	Symmetric encryption / decryption using key k
⊕, \|\|, h(.)	XOR, Concatenation, One-way hash function

This section exhibits the proposed IoT-enabled RFID authentication protocol for real time tracking of the objects in transit. The scheme comprises four main sub-sections, i.e. 1) initialization phase, 2) Tag registration phase, 3) User registration procedure, and 4) Mutual authentication phase. The user may track the transported objects after having established a mutually agreed session key among the participants involved. The secure session key agreement brings confidentiality as well as integrity into the logistics system. After successful protocol implementation, there is minimal probability for the adversary to disseminate bogus status of the transported entities to the stakeholders, which might be based on mala fide intentions. The detail of the involved procedures is illustrated below:

4.1 Setup phase

In this phase, the trusted Controlling Server CS selects K_c as a private secret key. It shares an agreed key k_cr with R_m. It also initializes the memory of tag T_j as well RFID R_m with agreed key k_rt.

4.2 Tag registration phase

In this phase the RFID tags are registered by the trusted entity CS employing the following steps:

1. Initially the tag T_j chooses its identity IDT_j and a random number t_j. Then it submits {IDT_j, t_j} to CS for getting registered on secure channel.

2. Upon receiving the message, the CS computes TM_j =h(IDT_j || t_j || K_c), N_j= t_j ⊕ TM_j, and stores {IDT_j, t_j} in its repository. Then it sends the message {N_j } to Tj.

3. The T_j computes TM_j=t_j⊕ N_j and stores the parameter {TM_j} safely. The procedure is also depicted in Fig. 2.

4.3 User registration phase

In this phase, the user U_i registers itself with the CS by using the understated steps:

1. First, the user selects its identity ID_i, password PW_i and biometric identity BIO_i. Then it calculates Gen(BIO_i) = ($\delta$_i, $\psi$_i), HPW_i=h($\delta$_i || PW_i || ID_i), UID_i=h(ID_i || $\delta$_i) and sends {HPW_i, UID_i } to CS on secure channel.

2. After receiving the registration request, the CS chooses v, q_i, and computes B₁ = h(q_i || UID_i || K_c), B₂ = B₁⊕ HPW_i, B₃ = h(B₁|| UID_i || HPW_i), and w = E_Kc(v, UID_i ${\prime }$). Then it stores the parameters {B₂, B₃, [IDT_j where 1$\le$j $\le n$ ]} in smart card and issues to the Ui physically on secure channel.

3. In addition, the user stores a crucial parameter $\psi$_i in smart card. Now the smart card contains the parameters as {$\psi$_i, B₂, B₃, [IDT_j where 1$\le$j $\le n$ ]}. The procedure is also depicted in Fig. 2.

4.4 Mutual authentication phase

In this phase, the session key SK is mutually constructed between Ui and Tj with the participation of four entities by adopting the following procedure.

1. In order to seek authenticated access for tag Tj, the Ui inputs ID_i, PW_i, BIO_i into the smart card. Then it calculates $\delta$_i =Rep (BIO_i, $\psi$_i), HPW_i = h($\delta$_i ||PW_i || ID_i), UID_i = h(ID_i || $\delta$_i), B₁ = B₂⊕ HPW_i and B₃ = h(B₁||UID_i || HPW_i). Then it matches the values B₃' ?= B₃ . If it is invalid, it aborts the session. On the other hand, it generates r₁ as well as T₁ and computes D₁ = r₁ ⊕h(B₁|| UIDi), D₂ = IDT_j ⊕h(B₁|| r₁ || T₁), D₃ = h( UID_i || IDT_j || r₁ || T1), UID_i *= UID_i ⊕ r₁, and then submits M₁={ w, UID_i*, D₁, D₂, D₃, T₁ } towards CS to aid the mutual authenticity between the U_i and the intended tag T_j.

2. After receiving the authentication request from Ui, the CS checks |TS₂ – TS₁|<𝛥t. If it is valid, it further calculates (v, UID_i${\prime }$)= D_Kc (w ). Then it finds q_i against UID_i${\prime }$ and further computes B₁=h(qi || UID_i${\prime }$|| K_c), r₁'= D₁⊕h(B₁|| UID_i${\prime }$), UID_i =UID_i*⊕ r₁'. Then it matches the parameters UID_i${\prime }$?= UID_i. If it is invalid, the session is terminated. Otherwise, it computes IDT_j = D₂ ⊕ h(B₁|| r₁ || T₁) and compares the equality D₃ ?=h(UID_i || IDT_j || r₁ || T₁). In case it is true, it further selects a random number r₂ and timestamp T₂. Then it computes TM_j=h(IDT_j || t_j || K_c), D₄= r₂ ⊕h(IDT_j || TM_j || T2), D₅= r₁⊕h(TM_j || r₂), D₆=h(r₁ || r₂ || IDT_j || TM_j || T2) and C₁=E_kcr {IDT_j, D6, T2} . Finally it submits the message M₂={ C₁, D₄, D₅, D₆, T₂ } towards RFID reader R_m.

3. Upon the receipt of M₂, the reader R_m checks the freshness of timestamp by performing |TS₃ - TS₂|<𝛥t, where 𝛥t is the maximum threshold. Then it computes {IDT_j, D6, T2} =D_kcr { C₁},, R_f = h(IDT_j ||D₄|| D₅|| D₆ || ID_R ||T₂|| T₃), inserts its identity and updated timestamp into the message M₃={ M₂, R_f, T₃} and submits to the specified tag T_j.

4. Next the T_j verifies the timestamp and the validity of R_f parameter using R_f ?=h(IDT_j ||D₄|| D₅|| D₆ || ID_R ||T₂|| T₃),. If valid, it computes r₂ = D₄⊕h(IDT_j || TM_j || T₂), r₁ = D₅⊕h(TM_j || r₂). Then it checks the equality for D₆ ?=h(r₁ || r₂ || IDT_j || TM_j || T₂). If invalid, it aborts. On the other hand, it selects a random number r₃ and timestamp T₃. Then it computes SK_t =h(r₁ || r₂ || r₃ || UID_i || IDT_j), D₇ = r₃ ⊕h(r₁ || r₂), D₈ = h(SK_t || TM_j || IDT_j || T₃), R_f1 =h(IDT_j ||D₇|| D₈ || k_rt ||T4|| T5) and sends the message M₄={ R_f1, D₇, D₈, T₄} to R_m.

5. The R_m checks timestamp |TS₅ – TS₄|<𝛥t and computes R_f1 =h(D₇|| D₈ || ID_R ||T4|| T5), C₂= h(k_cr || D₇ ||D₈ ) and sends M₅={ C₂, M₄, T₅} to CS.

6. After receiving M₅, the CS checks the freshness of timestamp using |TS₇ – TS₆|<𝛥t. If valid, it verifies C₂ ?= h(k_cr || D₇ ||D₈ ). If it does not match, the session is aborted. Otherwise, it computes r₃ = D₇ ⊕h(r₁ || r₂), SK_c=h(r₁ || r₂ || r₃ || UID_i || IDT_j) and verifies D₈ ?=h(SK_c || TM_j || IDT_j || T₃). If positive, it selects a random number v' and timestamp T₄ . Then it computes w'= E_Kc (v', UID_i), D₉= r₂ ⊕ h(B₁ || UID_i || r₁ || r₂ || r₃ || T₄), D₁₀ = w'⊕ h(IDT_j || UID_i || B₁ || r₁ || r₂ || r₃ || T₄) and D₁₁ =h(w' || SK_c || B₁ || UID_i || r₁ || r₂ || r₃|| T₄). Finally it submits M₄={ D₇, D₁₀, D₁₁, T4} to the user U_i.

7. The user checks the validity of T₄. Upon successful verification it computes r₂ = D₉ ⊕ h(B1 || UID_i || r₁ || r₂ || r₃ || T₄), r₃ = D₇ ⊕ h(r₁ || r₂), SK_u = h(r₁ || r₂ || r₃ || UID_i || IDT_j) and w'= D₁₀ ⊕ h(IDT_j || UID_i || B1 || r₁ || r₂ || r₃ || T₄). Then it compares the equality for D₁₁ ?= h(w' ||SK_u || B₁ || UID_i || r₁ || r₂ || r₃ || T4). Finally it replaces w with w' in the repository. The procedure is also depicted in Fig. 3.

This section presents informal and formal security analysis as given below:

5.1 Informal security analysis

i) Mutual authentication

The proposed scheme ReSOTS ensures mutual authentication to U_i and T_j participants with the help of controlling server CS. In general all participants authenticate one another in this protocol. The CS authenticates Ui on the basis of three equality checks:1) It checks the freshness of timestamp, 2) It verifies the pseudo-identity as UID_i${\prime }$?= UID_i, 3) It validates the equality for D₃ as D₃ ?=h(UID_i || IDT_j || r₁ || T₁). Using the third check, CS may not only authenticate Ui but also receive the intimation of legitimate Tag, the U_i intends to communicate with. Similarly, the tag Tj authenticates both CS and Ui utilizing the three checks: 1) It checks the freshness of timestamp, 2) It verifies

the validity of Reader R_m using R_f ?=h(IDT_j ||D₄|| D₅|| D₆ || k_rt ||T₂|| T₃), 3) T_j validates U_i and CS by checking the equality of D₆ ?=h(r₁ || r₂ || IDT_j || TM_j || T₂). The T_j validates R_m, CS and Ui with the help of secret k_rt that it shares with R_m. Likewise, U_i mutually authenticate CS as well as T_j by verifying the equality check D₁₁ ?= h(w' ||SK_u || B₁ || UID_i || r₁ || r₂ || r₃ || T₄). U_i knows that a valid CS and T_j can only generate the session key SK_u = h(r₁ || r₂ || r₃ || UID_i || IDT_j) with parameters r₁, UID_i and IDT_j. Thus, all entities support mutual authentication in ReSOTS.

ii) Anonymity and unlinkability

The stakeholders need to be anonymous throughout the supply chain process in logistics system. An attacker may infuse false information into the delivery and supply chain process to promote an environment of distrust. The ReSOTS provides anonymity to the user. The exchanged messages, either by the user i.e. M₁={w, UID_i*, D₁, D₂, D₃, T₁ }, or by other legitimate entities such as M₂ - M₆, do not contain any intimation regarding the identity of user. An intruder cannot guess or recover the identity from any message M₁ - M₆, intercepted on public channel. At the same time, the malicious attacker cannot distinguish the exchanged messages M₁ - M₆, in a session from the similar messages of other session since there is no message that remains constant across multiple sessions. For this purpose, the CS updates the parameter w'= E_Kc (v', UID_i) using its private secret key each time it finalizes the session and sends to the user for replacement. Thus, the ReSOTS scheme supports untraceability or unlinkability for the user.

iii) Offline-password guessing attack

The proposed scheme ReSOTS is protected from offline-password guessing threat as even if the adversary intercepts all communication messages M₁ - M₆ on public channel. The attacker I may steal the smart card and its contents including {B₂, B₃ and $\psi$_i}. However, it needs a biometric value BIO_i and identity ID_i to guess the valid HPW_i and UID_i parameters. Then only it may recover a valid B₁ parameter from smart card to further guess the B₃. Without valid BIO_i, it is hard to guess the B₃ parameter in polynomial amount of time.

iv) Perfect forward secrecy

This feature ensures that compromising the long term secret of the trust party by the adversary should not expose the previous session keys established among the members. In the proposed scheme, even if the private secret key K_c is exposed to the malicious intruder I, still the later will not be able to compute previous session keys. For instance, assume that K_c is compromised and is attempting to compute previous session keys by intercepting all communication messages on public channel. However, in this case the adversary requires q_i as well to compute r₁ which is an integral factor in the computation of SK_c=h(r₁ ||r₂ ||r₃ ||UID_i || IDT_j). Thus, the adversary must compromise the repository beside K_c to compute the session keys.

v) DoS/ De-synchronization attack

In the proposed scheme, the adversary may attempt to replay the message M₁ towards CS. However, the latter may counter the Denial of Service (DoS) attack by checking the freshness of timestamp |TS₂ – TS₁| <𝛥t. Moreover, if an attacker attempts to de-synchronize the legal communicating members by holding the message M₆, the adversary will not be able to attain its malicious objectives. This is because, the CS encrypts {v', UID_i } using its secret key w'= E_Kc (v', UID_i), where v' is a random integer. In this manner, the synchronizing parameter UID_i remains constant on both ends, and even if an adversary holds the message during communication, it will not have any effect on synchronizing the communicating parties.

vi) CS impersonation attack

In proposed scheme, if an attacker attempts to impersonate as CS towards other legitimate members of the system, i.e. U_i and T_j by crafting M₂ and M₆ messages, it may not be possible to initiate such an attack. This is because; the T_j may ensure that the parameters D₄, D₅ and D₆ in M₂ are not constructed without TM_j, which is only held with a trusted CS. Moreover, the parameter C₁ = E_kcr {IDT_j, D6, T₂} is encrypted with a shared parameter k_cr which can only be decrypted with a legal RFID reader R_m. Similarly, Ui may prevent CS impersonation attack by verifying the equality check for D₁₁ ?= h(w' ||SK_u || B₁ || UID_i || r₁ || r₂ || r₃ || T₄). U_i knows that a valid CS can only generate the session key SK_u = h(r₁ || r₂ || r₃ || UID_i || IDT_j) with access to parameters r₁, UID_i and IDT_j.

vii) Tag impersonation attack

In ReSOTS, if an adversary attempts to impersonate as a tag towards CS or R_m, it may not be able to initiate this attack. This is because; the reader R_m confirms the validity of tag using the shared key k_rt. Similarly, the CS after receiving M₅ may verify the authenticity of T_j using the equality check for D₈ ?=h(SK_c || TM_j || IDT_j || T₃). The CS knows that no adversary can construct this session key SK_c=h(r₁ || r₂ || r₃ || UID_i || IDT_j) other than a legitimate tag T_j because only a legal tag having access to TM_j and IDT_j may recover r₂ and construct SK_c and D₈ parameters.

viii) Session-specific temporary information attack

Assume even if ephemeral secrets such as r₁, r₂ or r₃ is revealed to any adversary one at a time, it will not be able to compute current or previous sessions by using those short term secret. Besides, it require r₂, r₃ and IDT_j as well to compute the valid session key SK_c=h(r₁ || r₂ || r₃ || UID_i || IDT_j), however it would be improbable for the adversary to access those short term secrets simultaneously, until the long term private keys of the members are not compromised. Thus the proposed scheme ReSOTS is protected from session specific temporary information attack.

ix) Stolen device attack

If an attacker steals the Ui’s smart card along with its information including {B₂, B₃ and $\psi$_i}, the former will not be able to compute previous session keys as constructed between Ui and CS or different tags T_j. These contents of the smart card may not help the adversary in computing the previous session keys since an attacker has no access to parameters that are employed in the construction of a session key, i.e. SK_c=h(r₁ || r₂ || r₃ || UID_i || IDT_j).

x) Man-in-the-middle attack

The proposed scheme ReSOTS is immune to MiTM attack that may be initiated on the part of crafty intruder $\mathbb{I}$, since it supports mutual authenticity to all participants in the system. In addition it is protected from forgery and impersonation threats as discussed earlier. This is because, the security of the protocol is relying on registration credentials as provided to the participants on secure channel. At the same time, there are many shared secrets among the entities, i.e. k_cr between CS and R_m, and k_rt between R_m and T_j. The entities Ui, CS and T_j verify the other legal participating members on the basis of verifying D₁₁ ?= h(w' ||SK_u || B₁ || UID_i || r₁ || r₂ || r₃ || T₄), D₃ ?=h(UID_i || IDT_j || r₁ || T₁), and D₆ ?=h(r₁ || r₂ || IDT_j || TM_j || T₂), respectively.

5.2 Formal security analysis

This section demonstrates the formal security analysis of the proposed AKA technique in Real-or-Random model [36]. This model involves four participating entities in the system, i.e. user U_i, controlling server CS, RFID reader / RFID tag T_j. We employ${\prod }_{{U}_{i}}^{{t}_{p}}$, ${\prod }_{{T}_{j}}^{{t}_{q}}$, ${\prod }_{{CS}_{ }}^{{t}_{r}}$to represent the ${t}_{p}$, ${t}_{q}$, ${t}_{r}$ instances of Ui, CS, and Tj, respectively. Next we assume that attacker $\mathbb{I}$ has the capability to launch the understated queries. It is worthy to note that ${\mathcal{Q}}_{A}$={${\prod }_{{U}_{i}}^{{t}_{p}}$, ${\prod }_{{T}_{j}}^{{t}_{q}}$, ${\prod }_{{CS}_{ }}^{{t}_{r}}$}.

i) Execute (${\mathcal{Q}}_{A}$): Upon the execution of this query, the attacker $\mathbb{I}$ may get all communication content on the insecure public channel.

ii) Send (${\mathcal{Q}}_{A}$, M_sg): Upon the execution of the send query, $\mathbb{I}$ may send M_sg to ${\mathcal{Q}}_{A}$ and get the response in return from the same entity${\mathcal{Q}}_{A}$.

iii) Hash_${\mathcal{Q}}_{A}$ (String): Using this query, an attacker may input a random string to receive hash digest value.

iv) Corrupt (${\mathcal{Q}}_{A}$): Upon the execution of Corrupt query, the attacker may recover some secret credentials of an entity which might be stored in smart card as long term or short term secrets.

v) Test (${\mathcal{Q}}_{A}$): With the execution of Test query, an attacker flips an unbiased coin $Ḉ$. If it gets $Ḉ$ = 1, it will confirm the correct session key SK; however if it gets $Ḉ$ =0, the attacker only gets a random string for the same length as SK.

Theorem 1

In the RoR model, we assume that an attacker may employ hash, send, execute query, corrupt and test queries. Thus, the advantage of the adversary to compromise the contributed protocol in polynomial amount of time ȶ is (ȶ) + +, where shows the number of times for executing send queries, q_hdf characterize the number of times a hash query is executed, C_t and s' being two constants, and b the length of bit-string for biological information.

Proof

The above theorem may be proved using the under-stated sequence of games with five rounds, i.e. G_R0 - G_R5. We define (ȶ) as the probability for the success of G_Rn in case =1. The Table 2 illustrates the simulated game queries for factual attacks. The description of these games is given below:

G_R0

The coin is flipped to initiate the game G_R0. This game is played without queries. Thus the probability of malicious intruder for effectively compromising the protocol ReSOTS as

${ Adv}_{\mathbb{I}}^{ReSOTS}$ (t) $=|2 \text{P}\text{r}[{Sucs}_{\mathbb{I}}^{{G}_{R0}}\left(\text{t}\right)]$ -1| (1)

G_R1

The game G_R0 is transformed with the addition of Execute query, the resultant game is termed as G_R1. In this game, the intruder receives the messages M₀-M₄. Once this game is over, the intruder uses Test oracle to query the session key, however the short term factors r₁, r₂ and r₃ are not held by the attacker. Thus the probability of G_R1 and G_R0 stands equivalent to each other, i.e

$$\text{P}\text{r}\left[{Sucs}_{\mathbb{I}}^{{G}_{R1}}\right(\text{t}\left)\right]=\text{P}\text{r}\left[{Sucs}_{\mathbb{I}}^{{G}_{R0}}\right(\text{t}\left)\right]$$

G_R2: The game G_R1 is transformed with the addition of Add query, the ensuing game is called as G_R2. In accordance with Zipf’s law [49], we have

|$\text{P}\text{r}\left[{Sucs}_{\mathbb{I}}^{{G}_{R2}}\right(\text{t}\left)\right]-\text{P}\text{r}\left[{Sucs}_{\mathbb{I}}^{{G}_{R1}}\right(\text{t}\left)\right]\le \frac{{q}_{{s}_{d}}^{ }}{{2}^{b}}$ (3)

G_R3: G_R3 is the consequent game that is transformed with the addition of Hash and deletion of Send query in G_R2. Now we refer to the birthday paradox, and get

$\text{ }|\text{Pr}\left[{Sucs }_{\mathbb{I}}^{{G}_{R3}}\left(\text{t}\right)\right]- \text{Pr}\left[{Sucs }_{\mathbb{I}}^{{G}_{R2}}\left(\text{t}\right)\right]$ | $\le \frac{{{q}^{2}}_{{hd}_{f}}^{ }}{{2}^{b+1}}$ (4)

G_R4: This game discusses the security of the established session key by applying two cases: The first case assumes the revelation of high entropy long term private secret K_c of ${\prod }_{{CS}_{ }}^{{t}_{r}}$to the intruder $\mathbb{I}$ for verifying the compliance to perfect forward secrecy. The second case assumes the revelation of ephemeral credential for verifying the resistance of the protocol to known session specific temporary information threat.

1) Perfect forward secrecy: The malicious intruder $\mathbb{I}$ may employ ${\prod }_{{CS}_{ }}^{{t}_{r}}$ for recovering the private secret K_c of CS, or engage ${\prod }_{{U}_{i}}^{{t}_{p}}$ or ${\prod }_{{T}_{j}}^{{t}_{q}}$ for attempting to get the credentials exchanged at the time of registration.

2) Known session specific temporary information threat: The malicious intruder may engage ${\prod }_{{U}_{i}}^{{t}_{p}}$ or ${\prod }_{{T}_{j}}^{{t}_{q}}$or ${\prod }_{{CS}_{ }}^{{t}_{r}}$for attempting to recover the ephemeral secrets of the corresponding entity.

Using hash and send queries, the intruder$\mathbb{I}$ may compute the session key in both cases. In the former case, if $\mathbb{I}$ is able to get the private secret key K_c of CS, or secret credentials of ${\prod }_{{U}_{i}}^{{t}_{p}}$ or ${\prod }_{{T}_{j}}^{{t}_{q}}$exchange during registration time, it may not recover the variables r₁, r₂ and r₃ in the designed session key SK = h(r₁ || r₂ || r₃ || UID_i || IDT_j). In the later case, if the malicious intruder I recovers r₁, however r₂ and r₃ remain confidential, or otherwise, either r₂ or r₃ is revealed with protected r1 parameter, the session key cannot be computed by $\mathbb{I}$. Thus we get

$\text{Pr}\left[{Sucs }_{\mathbb{I}}^{{G}_{R4}}\left(\text{t}\right)\right]- \text{Pr}\left[{Sucs }_{\mathbb{I}}^{{G}_{R3}}\left(\text{t}\right)\right]$ | $\le \frac{{q}_{{s}_{d}}^{ }}{{2}^{b}}$ + $\frac{{q}_{{hd}_{f}}^{2}}{{2}^{b+1}}$ (5)

GR5: This game employs corrupt (${\prod }_{{U}_{i}}^{{t}_{p}}$) to recover the {B₂, B₃,$\psi$_i } parameters as stored in the memory of smart card, and initiates the attempt for stolen smart card attack as well as offline-password guessing assault. Presumably, in case the intruder I recovers UIDi considering the message M1, and calculates $\delta$_i =Rep (BIO_i, $\psi$_i), HPW_i = h($\delta$_i ||PW_i || ID_i), UID_i = h(ID_i || $\delta$_i), B₁ = B₂⊕ HPW_i and B₃ = h(B₁||UID_i || HPW_i) until B₃' is equal to B₃. Nonetheless, BIO_i, PW_i, and ID_i remain secret for the adversary I. The probability of $\mathbb{I}$ in guessing the biometric information with b size in bit can be shown as 1/2^b [37]. According to the Zipf’s law [38], the winning probability to guess the password is higher than ½ when q_sd $\le$ 10⁶. Thus, we have

$\text{Pr}\left[{Sucs }_{\mathbb{I}}^{{G}_{R5}}\left(\text{t}\right)\right]- \text{Pr}\left[{Sucs }_{\mathbb{I}}^{{G}_{R4}}\left(\text{t}\right)\right]$ | $\le \text{m}\text{a}\text{x}\{{{C}_{t} }^{{\prime }}. {q}_{{\text{s}}_{\text{d}}}^{{s}^{{\prime }}}, \frac{{q}_{{s}_{d}}^{ }}{{2}^{b}}\}$ (6)

Where Ct' and s' show the constants depending on the length of the password.

G_R6: The objective of game G_R6 is to validate whether the protocol is protected from forgery threats including impersonation attack. The intruder employs this query to guess the factors in the session key SK = h(r₁ || r₂ || r₃ || UID_i || IDT_j) and finally terminate the game.

$\text{Pr}\left[{Sucs }_{\mathbb{I}}^{{G}_{R6}}\left(\text{t}\right)\right]- \text{Pr}\left[{Sucs }_{\mathbb{I}}^{{G}_{R5}}\left(\text{t}\right)\right]$ | $\le \frac{{q}_{{\text{h}}_{\text{d}\text{f}}}^{2}}{{2}^{b+1}}$ (7)

The chances of game G_R6 regarding success or failure remains equal, i.e. the probability of intruder for rightfully guessing SK is

$\text{Pr}\left[{Sucs }_{\mathbb{I}}^{{G}_{R6}}\left(\text{t}\right)\right]=$ 1/2 (8)

Using the equations (1)-(8), we have

1/2${Adv}_{\mathbb{I}}^{ReSOTS}$(t) $=|2 \text{P}\text{r}[{Sucs}_{\mathbb{I}}^{{G}_{R0}}]$ -1/2|

=$\text{Pr}\left[{Sucs }_{\mathbb{I}}^{{G}_{R0}}\left(\text{t}\right)\right]- \text{Pr}\left[{Sucs }_{\mathbb{I}}^{{G}_{R6}}\left(\text{t}\right)\right]$

$$\text{Pr}\left[{Sucs }_{\mathbb{I}}^{{G}_{R1}}\left(\text{t}\right)\right]- \text{Pr}\left[{Sucs }_{\mathbb{I}}^{{G}_{R6}}\left(\text{t}\right)\right]$$

$$\le \sum _{m=0}^{5}|\text{Pr}\left[{Sucs }_{\mathbb{I}}^{{G}_{{R}_{m+1}}}\left(\text{t}\right)\right]- \text{Pr}\left[{Sucs }_{\mathbb{I}}^{{G}_{{R}_{m}}}\left(\text{t}\right)\right]|$$

= $\frac{{q}_{{s}_{d}}^{ }}{{2}^{b-1}}$ + $3\frac{{q}_{{\text{h}}_{\text{d}\text{f}}}^{2}}{{2}^{b}}$ $\text{m}\text{a}\text{x}\{{{C}_{t} }^{{\prime }}. {q}_{{\text{s}}_{\text{d}}}^{{s}^{{\prime }}}, \frac{{q}_{{s}_{d}}^{ }}{{2}^{b}}\}$ (9)

Hence, we get

${Adv}_{\mathbb{I}}^{ReSOTS}$ (t) $\le$ $\frac{{q}_{{s}_{d}}^{ }}{{2}^{b-2}}$ + $3\frac{{q}_{{\text{h}\text{d}}_{\text{f}}}^{2}}{{2}^{b-1}}$ $+ 2\text{m}\text{a}\text{x}\{{{C}_{t} }^{{\prime }}. {q}_{{\text{s}}_{\text{d}}}^{{s}^{{\prime }}}, \frac{{q}_{{s}_{d}}^{ }}{{2}^{b}}\}$ (10)

In this section the performance of various authentication schemes either based on RFID/tag-enabled smart logistics [10], [30]-[35], or smart sensors [27]-[29] is analyzed against the performance of proposed scheme. All of these schemes seek to authenticate the mobile users carrying smart cards, either directly with servers or RFID-tags/sensors with the help of servers. The performance evaluation benchmarks are based on number of computational operations with latency, communicational cost, and compliance to security traits besides resistance to known attacks. The maximum support to up-to-date security features, minimum number of computational and communicational cost render the authentication schemes compatible for the realistic environmental fields. As it can be seen in Table V that the mutual authentication, a critical security feature, is not supported by the schemes [10][30][32]. The anonymity and unlinkability features are not supported [27], [29] and [10], while privacy is another crucial security trait for the current protocols. Similarly, [27] and [28] are vulnerable to offline password guessing attacks. [27] and [29] does not support perfect forward secrecy. [31] and [35] are susceptible to DoS and de-synchronization attacks. The scheme [10] may not resist forgery attacks. Similarly [34] is vulnerable to server/CS impersonation attack, while [29], [10], [30] and [33] cannot resist RFID reader/tag impersonation attack. [29] is prone to session-specific temporary information threat. [27] could not resist stolen device attack. [32] and [33] does are vulnerable to key-compromise impersonation attack. Likewise, [10], [30] and [31] are prone to MiTM attacks.

The computational costs of schemes [10], [27]-[35] constitute cryptographic primitives such as fuzzy extractor T_f, hash function T_h, ECC-based scalar point multiplication T_ECP, symmetric operation T_ed and point addition T_pa for various schemes. According to Kilinc and Yanic [39], the schemes [10], [27]-[35] and our scheme takes 2.313ms, 2.285ms, 2.299ms, 0.0598ms, 0.0345ms, 13.35ms, 15.58ms, 22.27ms, 17.8ms, 8.96ms and 2.324ms, respectively. We can witness that the schemes [10], [30] bear quite low computational cost as compared to proposed scheme, however on the other side, both schemes do not support mutual authentication and also suffer from impersonation attacks. Similarly [27], [28] and [29] bear almost an equivalent amount of computational cost as our scheme; however these schemes have many security problems as shown in Table IV. The schemes [31]-[35] have high computational cost in comparison with the contributed scheme. In addition there are many security drawbacks in those schemes such as lacking mutual authentication as well as susceptibility for DoS, tag and server impersonation attacks.

For communication cost, we assume that the identity and hash function takes 160-bit, and timestamp takes 32-bit to traverse the public channel. It is evident from Table III that most of the schemes [10], [27]-[35] have high communicational cost as compared to proposed scheme except [30]. However, it is worthy to note that although the above mentioned schemes bear low communication overhead, yet these schemes have many drawbacks in the their protocols which render the protocol inapplicable for practical deployments. Though, the proposed scheme carry a bit higher communication cost against other comparative studies yet it is immune to most of the known attacks and has low computational overhead as well in comparison with several contemporary schemes as shown in Table II. The Fig. 4 depicts that the proposed scheme bears an average computational cost, i.e. there are many other schemes bearing higher computational cost due to utilization of costly ECC operations. The proposed scheme engages lightweight symmetric operations to design the protocol. Besides the average computational overhead, our scheme supports more number of security features as well evidently.

Table II. RFID computational cost

Participating Entities ◊	Tag/sensor	Reader	Cloud Server	User	Total
[27]	9T_h	-	12T_h	T_f + 17T_h	T_f +38T_h ≈ 2.313ms
[28]	T_ed + 5T_h	-	2T_ed + 3T_h	T_f + T_ed + 10T_h	T_f + 4T_ed +18T_h ≈ 2.285ms
[29]	4T_h	-	15T_h	T_f + 13T_h	T_f + 32T_h ≈ 2.299ms
[10]	2T_h	8T_h + 2T_ed	7T_h	5T_h	22T_h + 2T_ed ≈ 0.0598ms
[30]	6T_h	5T_h	4T_h	-	15T_h ≈ 0.0345ms
[31]	3T_EPM	-	3T_EPM	-	6T_EPM ≈ 13.35ms
[32]	4T_EPM	-	3T_EPM	-	7T_EPM ≈ 15.58m
[33]	5T_EPM + 2T_h	-	5T_EPM + 2T_h	-	10T_EPM + 4T_h ≈ 22.27ms
[34]	4T_EPM	-	4T_EPM	-	8T_EPM ≈ 17.8ms
[35]	1T_EPM + 1T_pa + 1T_h	-	3T_EPM + 1T_pa + 1T_h	-	4T_EPM + 2T_pa + 2T_h ≈ 8.96ms
Ours.	8T_h	3T_h + 1T_ed	15T_h + 2T_ed	T_f + 11T_h	T_f + 37T_h + 3T_ed ≈ 2.324ms

Table III. Communication cost

Schemes	[27]	[28]	[29]	[10]	[30]	[31]	[32]	[33]	[34]	[35]	Ours
	1824	1248	2912	3808	3040	1440	1280	960	1280	1280	3232

Table IV: Functionality Comparison

	[27]	[28]	[29]	[10]	[30]	[31]	[32]	[33]	[34]	[35]	[Ours]
ST₁	✓	✓	✓	×	×	✓	×	✓	✓	✓	✓
ST₂	×	✓	×	×	✓	✓	✓	✓	✓	✓	✓
ST₃	×	×	✓	×	✓	✓	✓	✓	✓	✓	✓
ST₄	×	✓	×	✓	✓	✓	✓	✓	✓	✓	✓
ST₅	✓	✓	✓	✓	✓	×	✓	✓	✓	×	✓
ST₆	✓	✓	✓	×	✓	✓	✓	✓	✓	✓	✓
ST₇	✓	✓	✓	✓	✓	✓	✓	✓	×	✓	✓
ST₈	✓	✓	×	×	×	✓	✓	×	✓	✓	✓
ST₉	✓	✓	✓	✓	✓	✓	✓	✓	✓	✓	✓
ST₁₀	✓	✓	×	✓	✓	✓	✓	✓	✓	✓	✓
ST₁₁	×	✓	✓	✓	✓	✓	✓	✓	✓	✓	✓
ST₁₂	✓	✓	✓	✓	✓	✓	×	×	✓	✓	✓
ST₁₃	✓	✓	✓	✓	✓	✓	✓	✓	✓	✓	✓
ST₁₄	✓	✓	✓	×	×	×	✓	✓	✓	✓	✓
ST₁₅	✓	✓	✓	×	×	✓	×	✓	✓	✓	✓
ST₁: Sustains mutual authentication, ST₂: Sustains anonymity and unlinkability, ST₃: Defies offline password guessing attack, ST₄: Sustains perfect forward secrecy, ST₅: Defies DoS/de-synchronization threat, ST₆: Defies forgery threats, ST₇: Defies CS impersonation attack, ST₈: Defies tag/reader impersonation attack, ST₉: Defies tag physical capture threat, ST₁₀: Protected from session specific temporary information threat, ST₁₁: Protected from stolen user device threat, ST₁₂: Defies key compromise threat, ST₁₃: Defies known session key threat, ST₁₄: Defies man in the middle attack, ST₁₅: Sustains session key agreement, ✓: Security trait supported, ×: Security trait not supported

Smart logistics optimizes the involved processes across the whole supply chain. The use of RFID/IoT technologies to track the objects in transit may greatly help the owner to minimize the risk associated with its transportation. However the tracking of transported objects using sophisticated technology without security and appropriate communication protocols might turn the system into a fiasco. In recent years we can witness many authentication protocols for RFID-based smart logistics and supply management schemes, however with security loopholes and performance inefficiencies. In this scheme, we propose a new RFID/IoT-enabled secure authentication protocol ReSOTS for smart logistics that can withstand all known attacks as posed to the previous protocols designed for the same application. The scheme is formally analyzed under RoR-based random oracle model. The performance results show promising findings for the ReSOTS as compared with the previous RFID-based protocols.

Declarations

Statements and Declarations

Funding

Declarations

Competing Interests

We declare that there are no competing financial interests of authors for this paper. Further, the authors have no relevant financial or non-financial interests to disclose.”

Author contributions

All authors contributed to the study conception and design. Abstract, Introduction, Related work, System model, Proposed methodology, Formal analysis and performance evaluation were performed by Abdullah Mujawib Alashjaee, Azeem Irshad, Ali Daud, Ahmed Alhomoud, Saleh M. Altowaijri and Abdulrahman A. Alshdadi. All authors read and approved the final manuscript.

Golpîra, H., Khan, S. A. R., & Safaeipour, S. (2021). A review of logistics internet-of-things: Current trends and scope for future research. Journal of Industrial Information Integration, 100194
Li, X., Gong, L., Liu, X., Jiang, F., Shi, W., Fan, L., and Xu, J. (2020). Solving the last mile problem in logistics: A mobile edge computing and blockchain-based unmanned aerial vehicle delivery system. Concurrency and Computation: Practice and Experience, e6068
Ding, Y., Jin, M., Li, S., & Feng, D. (2020). Smart logistics based on the internet of things technology: an overview. International Journal of Logistics Research and Applications, 1-23
Bander A. Alzahrani, Azeem Irshad. An Improved IoT/RFID-Enabled Object Tracking and Authentication Scheme for Smart Logistics. Wireless Personal Communications. 2022, 1-24.
X. Li, J. Niu, M. Z. A. Bhuiyan, F. Wu, M. Karuppiah, and S. Kumari, “A robust ECC-based provable secure authentication protocol with privacy protection for industrial internet of things,” IEEE Trans. Ind. Informat., vol. 14, no. 8, pp. 3599–3609, Aug. 2018
M. Wazid, A. K. Das, V. Odelu, N. Kumar, M. Conti, and M. Jo, “Design of secure user authenticated key management protocol for generic IoT networks,” IEEE Internet Things J., vol. 5, no. 1, pp. 269–282, Feb. 2018
X. Li, S. Liu, F. Wu, S. Kumari, and J. J. P. C. Rodrigues, “Privacy preserving data aggregation scheme for mobile edge computing assisted IoT applications,” IEEE Internet Things J., vol. 6, no. 3, Jun. 2019
M. Sidorov, M. T. Ong, R. V. Sridharan, J. Nakamura, R. Ohmura, and J. H. Khor, “Ultralightweight mutual authentication RFID protocol for blockchain enabled supply chains,” IEEE Access, vol. 7, pp. 7273–7285, 2019
Xie, S., Zhang, F., & Cheng, R. (2020). Security Enhanced RFID Authentication Protocols for Healthcare Environment. Wireless Personal Communications, 1-16
Anandhi, S., Anitha, R., & Sureshkumar, V. (2020). An Authentication Protocol to Track an Object with Multiple RFID Tags Using Cloud Computing Environment. Wireless Personal Communications, 113(4), 2339-2361
Fan, K., Ge, N., Gong, Y., Li, H., Su, R., & Yang, Y. (2017). An ultra-lightweight rfid authentication
scheme for mobile commerce. Peer-to-Peer Networking and Applications, 10(2), 368–376.
Sergi, I., Montanaro, T., Benvenuto, F. L., & Patrono, L. (2021). A smart and secure logistics system based on IoT and cloud technologies. Sensors, 21(6), 2231
Zhang, Y., He, D., Li, L., & Chen, B. (2020). A lightweight authentication and key agreement scheme for internet of drones. Computer Communications, 154, 455-464
Lv, C., Li, H., Ma, J., & Zhang, Y. (2012). Vulnerability analysis of elliptic curve cryptography-based
rfid authentication protocols. Transactions on Emerging Telecommunications Technologies, 23(7)
Ye, N., Zhu, Y., Wang, R. C., & Lin, Q. M. (2014). An efficient authentication and access control
scheme for perception layer of internet of things. Applied Mathematics and Information Sciences, 8,
1617–1624.
Kalra, S., & Sood, S. K. (2015). Secure authentication scheme for iot and cloud servers. Pervasive and
Mobile Computing, 24, 210–223.
Ray, B., Howdhury, M., Abawajy, J., & Jesmin, M. (2015). Secure object tracking protocol for networked RFID systems. In 2015 16th IEEE/ACIS international conference on software engineering, artificial intelligence, networking and parallel/distributed computing (SNPD) (pp. 1–7). IEEE.
Ray, B. R., Chowdhury, M. U., & Abawajy, J. H. (2016). Secure object tracking protocol for the internet of things. IEEE Internet of Things Journal, 3(4), 544–553.
Kibria, M. G., Kim, H. S., & Chong, I. (2016). Tracking moving objects for intelligent iot service
provisioning in web objects enabled iot environment. In 2016 International conference on information
and communication technology convergence (ICTC) (pp. 561–563). IEEE.
Wu, Y., Lim, J., & Yang, M. H. (2015). Object tracking benchmark. IEEE Transactions on Pattern
Analysis and Machine Intelligence, 37(9), 1834–1848.
Yang, K., Forte, D., & Tehranipoor, M. M. (2017). Cdta: A comprehensive solution for counterfeit
detection, traceability, and authentication in the iot supply chain. ACM Transactions on Design Automation of Electronic Systems (TODAES), 22(3), 42.
Kim, D. H., Park, J. B., Shin, J. H., & Kim, J. D. (2017). Design and implementation of object tracking system based on lora. In 2017 International conference on information networking (ICOIN) (pp. 463–467). IEEE.
Tian, Y., Chen, G., & Li, J. (2012). A new ultralightweight RFID authentication protocol with permutation. IEEE Communications Letters, 16, 702–705. doi:10.1109/LCOMM.2012.031212. 120237.
Ahmadiana, Z., Salmasizadehb, M., & Arefa, M. R. (2013). Desynchronization attack on RAPP ultralightweight authentication protocol. Information Processing Letters, 113(7), 205–209. doi:10.1016/j.ipl.2013.01.003.
Zheng, X., Chen, C. M., & Wu, T. Y. (2014). Another improvement of RAPP: An ultra-lightweight authentication protocol for RFID. Intelligent Data Analysis and its Applications, I, 145–153.
A. K. Das, M. Wazid, N. Kumar, A. V. Vasilakos, and J. J. Rodrigues, “Biometrics-based privacy-preserving user authentication scheme for cloud-based industrial internet of things deployment,” IEEE Internet of Things Journal, vol. 5, no. 6, pp. 4900–4913, 2018
Y. Chen, Y. Ge, Y. Wang, and Z. Zeng, “An improved three factor user authentication and key agreement scheme for wireless medical sensor networks,” IEEE Access, vol. 7, pp. 85440–85451, 2019.
F. Wu, X. Li, L. Xu, P. Vijayakumar, and N. Kumar, “A novel three-actor authentication protocol for wireless sensor networks with IoT notion,” IEEE Systems Journal, vol. 15,pp. 1120–1129, 2020.
Anandhi, S., Anitha, R., & Sureshkumar, V. (2019). Iot enabled RFID authentication and secure object
tracking system for smart logistics. Wireless Personal Communications, 104(2), 543–560
Dinarvand, N., & Barati, H. (2019). An efficient and secure RFID authentication protocol using elliptic curve cryptography. Wireless Networks, 25(1), 415-428.
Jin, C., Xu, C., Zhang, X., & Li, F. (2016). A secure ECC-based RFID mutual authentication protocol to enhance patient medication safety. Journal of Medical Systems, 40, 1–6
M. Naeem, S. A. Chaudhry, K. Mahmood, M. Karuppiah, and S. Kumari,‘‘A scalable and secure RFID mutual authentication protocol using ECC for Internet of Things,’’ Int. J. Commun. Syst., vol. 33, no. 13, Oct. 2019,
Art. no. e3906.
L. Zheng, Y. Xue, L. Zhang, and R. Zhang, ‘‘Mutual authentication protocol for RFID based on ECC,’’ in Proc. 7 IEEE Int. Conf. Comput. Sci. Eng. (CSE) IEEE Int. Conf. Embedded Ubiquitous Comput. (EUC), Jul. 2017,
pp. 320–323
H. L. Alaoui, A. El Ghazi, M. Zbakh, A. Touhafi, and A. Braeken,‘‘A highly efficient ECC-based authentication protocol for RFID,’’ J. Sensors, vol. 2021, pp. 1–16, Jul. 2021.
O. Goldreich and S. Halevi, “The random oracle methodology, revisited,” in Proc. 30th ACM Symp. Theory of Computing, pp. 209–218, Dallas, TX, USA, 1998.
V. Odelu, A. K. Das, and A. Goswami, “A secure biometricsbased multi-server authentication protocol using smart cards,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 9, pp. 1953–1966, 2015.
D. Wang, H. Cheng, P. Wang, X. Huang, and G. Jian, “Zipf’s law in passwords,” IEEE Transactions on Information Forensics and Security, vol. 12, no. 11, pp. 2776–2791, 2017.
Kilinc, H. H., & Yanik, T. (2014). A survey of SIP authentication and key agreement schemes. Communications Surveys & Tutorials, IEEE, 16(2), 1005-1023.

Download PDF

Journal Publication

published 24 Oct, 2024

Read the published version in Wireless Personal Communications →

Editorial decision: Major revisions
24 Jul, 2024
Reviewers agreed at journal
16 Aug, 2023
Reviewers invited by journal
15 Dec, 2022
Editor assigned by journal
11 Dec, 2022
First submitted to journal
11 Dec, 2022

You are reading this latest preprint version

ReSOTS: RFID/IoT-enabled Secure Object Tracking Key Exchange for Trustworthy Smart Logistics

Status:

Journal Publication

Version 1

Abstract

Figures

1. Introduction

2. Related Work

3. System Model

4. Proposed Scheme

4.1 Setup phase

4.2 Tag registration phase

4.3 User registration phase

4.4 Mutual authentication phase

5. Security Analysis

5.1 Informal security analysis

5.2 Formal security analysis

6. Performance Evaluation

7. Conclusion

Declarations

Declarations

Declarations

Author contributions

References

Status:

Journal Publication

Version 1