A new security and privacy framework for RFID in cloud computing

Official URL: http://dx.doi.org/10.1109/CloudCom.2013.30

RFID is a leading technology that has been rapidly deployed in several daily life applications that require strong security and privacy mechanisms. However, RFID systems commonly have limited computational capacity and inefficient data management. There is a demanding urge to address these issues in the light of some mechanism which can make the technology excel. Cloud computing is one of the fastest growing segments of IT industry that provides cost effective solutions for handling and using data collected with RFID. As more and more information on companies and individuals is placed in the cloud, concerns are beginning to escalate about just how safe an environment it is. Therefore, while integrating RFID into the cloud, the security and privacy of the tag owner must be considered. Motivated by this, we first provide a new security and privacy model for RFID technology integrated to the cloud computing. In this model, we define the capabilities of the adversary and give the formal definitions. After that we propose a cloud-based RFID authentication protocol to illustrate our model. The protocol utilizes symmetric-key based cryptography. We prove that the protocol achieves destructive privacy according to our model.