New mutual agreement protocol to secure mobile RFID-enabled devices

The design of a secure communication scheme for Radio Frequency IDentification (RFID) systems has been extensively studied in recent years in view of the awareness of individual privacy and the requirement of robust system security. Most of previous works assume the communication channel between an RFID reader and its backend server is secure and concentrate on the security enhancement between an RFID tag and an RFID reader.

However, once RFID reader modules are extensively deployed in consumers' handheld devices, the privacy violation problems at reader side will be deeply concerned by individuals and organizations. In this paper, we assume the future communication environment for RFID systems will be all wireless and insecure. Under such infrastructure, handheld device, such as mobile phone, embedded with RFID reader modules will be situated everywhere and operated with many RFID tags in various RFID application systems.

In the meantime, it is more difficult to secure the privacy of a mobile RFID-enabled device than before without novel communication protocol. Hence, we propose a new mutual agreement protocol to secure the authenticity and privacy of engaged mobile RFID readers while constructing a secure session key between a server and a reader. Based on our security analyses, we show that our scheme can enhance data security and provide privacy protection at reader side even in the presence of an active adversary under insecure mobile RFID environment.