Mutual authentication protocol for role-based access control using mobile RFID

Abstract

The Internet has become the main transmission media in modern information systems due to the popularization of information technology and the rapid development of network technology. To use the Internet, we need complete security mechanisms which include requirements such as integrity, security and privacy to ensure the legal user can login to a remote server to get the service and resources they need. The radio frequency identification (RFID) is a very convenient technology with the property of non-contact reading. It uses the tag embedded in the object to identify the information quickly. Now, more and more devices are equipped with the RFID reader. Hence, the user can use the RFID reader embedded in the mobile device through a wireless network to read the information on the tag and then use the service which is called Mobile RFID. Compared to traditional RFID, the characteristic of mobility makes the reading more flexible. It can deal with the events in real-time and undertake the process faster and more efficiently. The major security problem of Mobile RFID is privacy, which is also a consideration when constructing a Mobile RFID Mechanism. In this paper, we propose a secure authentication mechanism which uses the authenticated delegating mechanism in Mobile RFID to enable the reader to get the specific role authority through a back-end database server. The reader has to undertake mutual authentication with the back-end database server and the tag. Then, it can protect the information and limit the access times of the reader to achieve privacy.