Ultra-Lightweight Mutual Authentication Protocol to Prevent Replay Attacks for Low-Cost RFID Tags

The most recent ultra-lightweight mutual authentication protocol (UMAP) adopts a mechanism for key updating to keep the security forward and backward. The back-end server updates the secret keys immediately after sending the final message. Certainly, an adversary can intercept the final messages so that the back-end server updates the secret keys while the RFID tag does not. The replay attack can send the last messages by continuing to render the back-end server and RFID tags unauthorized. The major problem faced by existing protocols, when using high cryptographic operations on low-cost RFID tags, requires more memory, and computational power makes them unusable for these types of tags. In addition, there are weaknesses in the design of the existing protocols that lead to the emergence of desynchronization, secret disclosure, and replay attacks. Therefore, this paper proposes the design and development of an ultra-lightweight mutual authentication protocol that overcomes the weaknesses in earlier protocols and builds by implementing the rotation operator, mechanism of the secret keys, T-function, and timestamp technique. The informal and formal analysis results using security protocol verification official tools (Scythe and AVISPA) show that the proposed protocol has the ability to prevent attacks, especially replay attacks. Experimental analyses of our protocol to measure the performance shows that the proposed protocol involves a lower overhead than previous protocols. The total execution time in milliseconds of the processes of the proposed protocol with the existing protocols is 0.031ms, and it achieves an average of 78.51% over other protocols. In addition, this paper provides a comparison with the most recent protocols on performance, privacy and security requirements. Our proposed protocol storage space requirement is lowest than the existing protocols, the cryptographic requirement is ultra-lightweight and efficient and shows that the communication messages for authentication in our protocol are lowest than existing protocols and our protocol fulfills the privacy and security requirements.