an advanced encryption standard powered mutual...

Research ArticleAn Advanced Encryption Standard Powered MutualAuthentication Protocol Based on Elliptic Curve Cryptographyfor RFID Proven on WISP

Alaauldin Ibrahim and Goumlkhan DalkJlJccedil

Computer Engineering Department Dokuz Eylul University 35160 Izmir Turkey

Correspondence should be addressed to Alaauldin Ibrahim devletaladdingmailcom

Received 8 February 2017 Revised 29 June 2017 Accepted 26 July 2017 Published 31 August 2017

Academic Editor Eduard Llobet

Copyright copy 2017 Alaauldin Ibrahim and Gokhan Dalkılıc This is an open access article distributed under the Creative CommonsAttribution License which permits unrestricted use distribution and reproduction in any medium provided the original work isproperly cited

Information in patientsrsquo medical histories is subject to various security and privacy concerns Meanwhile anymodification or errorin a patientrsquos medical data may cause serious or even fatal harm To protect and transfer this valuable and sensitive informationin a secure manner radio-frequency identification (RFID) technology has been widely adopted in healthcare systems and is beingdeployed in many hospitals In this paper we propose a mutual authentication protocol for RFID tags based on elliptic curvecryptography and advanced encryption standard Unlike existing authentication protocols which only send the tag ID securelythe proposed protocol could also send the valuable data stored in the tag in an encrypted pattern The proposed protocol is notsimply a theoretical construct it has been coded and tested on an experimental RFID tag The proposed scheme achieves mutualauthentication in just two steps and satisfies all the essential security requirements of RFID-based healthcare systems

1 Introduction

Radio-frequency identification (RFID) technology is one ofthe most promising advances in pervasive infrastructuresthat allow the contactless identification of tagged objects andpeople RFID systems are composed of a tag reader andback-end database server The reader is used to query the tagidentity which is forwarded to the back-end server

The data in RFID systems can be read without line ofsight through nonconductingmaterials such as cardboard orpaper at a rate of hundreds of tags per second and at a distanceof several meters Tags have readwrite memory capabilitycan store data and are relatively insensitive to adverse condi-tions (dust chemicals and physical damage) Besides replac-ing optical barcode systems the above advantages makeRFID tags applicable in various scenarios including accesscontrol environmental sensing livestock and automobileidentification inventory control and theft detection RFIDtechnology is widely used in healthcare environments whereit has been applied to newborn and patient identification [1]tracking medical assets [2] medical treatment tracking and

validation [3] surgical process management [4] and patientlocation and procedure management [5]

The legacy systems in hospitals could be integrated withmiddleware to provide a lot of smart services such as drugadministration patient identification and asset trackingHowever hospitals are open and unsecure environments inwhich radiowaves are used for connections An eavesdroppercould read modify or even clone the data stored in patientsrsquotags Thus security and privacy are major concerns for theuse of RFID systems in healthcare environments The USFood andDrugAdministration (FDA) declared that ldquoHospiraand an independent researcher confirmed that HospirarsquosSymbiq Infusion System could be accessed remotely througha hospitalrsquos networkThis could allow an unauthorized user tocontrol the device and change the dosage the pump deliverswhich could lead to over- or underinfusion of critical patienttherapiesrdquo [6] In future the FDA may warn about otherdevices or even RFID-based healthcare systems For instanceif the blood groups or laboratory test results weremodified onthe RFID tags attached to blood bags [7] patients could sufferfatal harm To prevent and eliminate these potential hazards

HindawiJournal of SensorsVolume 2017 Article ID 2367312 10 pageshttpsdoiorg10115520172367312

2 Journal of Sensors

Front side

Back side

Figure 1 Front and back sides of WISP5

strict and rigid mutual authentication protocols must beexploited between the tag and the reader using the latestcryptographic technologies

Protocols conforming to the EPC Class 1 Generation2 standard increasingly become inadequate and there is ademand for stronger protocols Furthermore the develop-ment of integrated circuit techniques means that RFID tagscould support the complicated operations of private andpublic key cryptography In this paper using the last revisionof the Wireless Identification and Sensing Platform (WISP5)(Figure 1) [8] we propose a mutual authentication protocolbased on elliptic curve cryptography (ECC) and advancedencryption standard (AES) algorithms WISP5 is an EPCClass 1 Generation 2 UHF passive RFID tag that is embeddedwith AES and sensors and includes a fully programmable 16-bit microcontroller (MSP430 16Mhz CPU 64KB nonvolatilememory 66KB RAM [9]) Integrating passive RFID withsensing technologies is widely applicable in many productivesectors

For instance some application scenarios of the healthcaresystems as WISP have built-in sensors they can easilysend temperature of WISP tagged blood bag to the systemChecking whether the box that contains glass tubes havingspecimens taken from the patients in the laboratory has beenfallen or not or measuring the ambient temperature can beachieved via a WISP tagged to the box Moreover there aremany valuable devices in the hospital and some of thesedevices are portable It is possible to get information aboutthe place of the WISP tagged devices and it can be easilydeterminedwhether aWISP tagged device has beenmoved ornot In the above scenarios if the authentication is providedwe can trust that the tags are the legitimate tags WISP5 ispassively powered obtaining power from the reader ratherthan a battery Hence this is essentially a maintenance-freesystem

Compared with public key algorithms such as RSA ECC-based systems are smaller and faster and consume less power(Table 1) Thus the elliptic curve DiffiendashHellman scheme(ECDH) is used to produce the secret key that will encrypt thetag ID and dataThe elliptic curve digital signature algorithm(ECDSA) is used to prevent man-in-the-middle attacks [10]and to achievemutual authentication between the tag and thereader

2 Related Work

Many ECC-based authentication schemes have been pro-posed to satisfy the security constraints of RFID tags Tuyls

Table 1 Comparable key sizes in terms of computational effort forcryptanalysis [11]

RSA-based asymmetric scheme(modulus size in bits)

ECC-based asymmetric scheme(size of n in bits)

512 1121024 1602048 2243072 2567680 38415360 512

and Batina [12] used the Schnorr identification protocolto develop an ECC-based RFID identification scheme Thisscheme claimed to be resistant against tag counterfeitingHowever Lee et al [13] showed that this scheme is vulnerableto location tracking attacks does not achieve forward securityand mutual authentication and lacks scalability Based onOkamotorsquos authentication protocol Batina et al [14] pro-posed an ECC-based RFID authentication protocol that theyclaimed could avoid active attacks Lee et al [13] mentionedthat Batina et alrsquos protocol is vulnerable to location trackingattacks and has scalability and forward secrecy issues Leeet al [13] claimed to solve all the issues mentioned abovebut later studies [15 16] showed that Lee et alrsquos schemeis vulnerable to tracking and forgery attacks and does notprovide mutual authentication In 2010 Lee et al [17] pro-posed an ECC-based RFID authentication scheme to addressthe existing tracking problems [12 14] Only tag-to-readerauthentication has been considered rather than reader-to-tag authentication In 2011 Zhang et al [18] proposed anECC-based randomized key scheme that improved previousschemes Although secure against some relevant attacks thisapproach still does not perform mutual authentication

In 2014 Liao and Hsiao [19] proposed a secure ECC-based RFID authentication scheme with an ID-verifier trans-fer protocol to achieve mutual authentication However theweaknesses of this approach were detailed in three separatestudies First Moosavi et al [20]mentioned that the tag iden-tification of Liao and Hsiaorsquos scheme lacks efficiency in termsof the tagrsquos computation time and its memory requirementsSecond He et al [21] proposed a lightweight ECC-basedRFID authentication integrated with an ID-verifier transferprotocol and pointed out that their proposal performs betterthan that of Liao and Hsiao in terms of computational costand storage requirements Third Zhao [22] showed thatLiao and Hsiaorsquos method enabled an adversary to obtainthe private key stored in the tag Chou [23] proposed anew RFID authentication protocol using ECC and claimedthat it could resist various attacks Later Zhang and Qi [24]pointed out that Choursquos protocol [23] suffers problems withtag information privacy backward traceability and forwardtraceability

In 2015 Jin et al [25] proposed a secure RFID mutualauthentication protocol for healthcare environments usingECC and claimed that their proposal could withstand var-ious attacks while outperforming the protocols detailed

Journal of Sensors 3

in [21 22 24] In the same year Lee and Chien [26] proposedan ECC-based RFID authentication protocol for e-healthand reported that He et alrsquos protocol [21] is vulnerable toactive tracking attacks In 2016 Farash et al [27] proved thatboth Zhaorsquos [22] and Zhang and Qirsquos [24] schemes do notprovide forward privacy Recently in 2017 Benssalah et al[28] proposed a secure RFID authentication protocol basedon elliptic curve signature with message recovery (ECMR)suitable for m-Health environments and claimed that theirproposal can achievemany security requirements withstandsthe well-known attacks and performs better compared to thewell-known authentication protocols in the literature but notapplied and tested on RFID tag hardware

In this point wireless body area networks (WBAN)authentication protocols are worth mentioning In 2013 Liet al [29] proposed the first ECC-based WBAN authentica-tion protocol However because of the limited resource ofwearable devices the scheme was unsuitable To improve theperformance in 2014 Liu et al [30] proposed two certifi-cateless anonymous authentication protocols However Zhao[31] mentioned that protocols of Liu et al [30] are vulnerableto stolen-verifier attacks and proposed an enhanced schemeMeanwhile Xiong [32] pointed that protocols of Liu et al [30]are lack of forward secrecy and scalability and proposed ascalable and anonymous certificateless remote authenticationprotocol In 2015 He and Zeadally [33] showed that Zhaorsquosprotocol [31] cannot provide privacy and proposed authenti-cation protocol beyondWBAN for an ambient assisted livingsystem that authenticates the user to the local server but theauthentication between local server and body sensors wasnot considered In 2016 He et al [34] pointed out that theschemes of Liu et al [30] suffer from impersonation attackand they proposed an anonymous authentication scheme forWBAN In the same year Liu et al [35] presented a 1-roundanonymous authentication protocol However in 2017 Li etal [36] pointed that scheme of Liu et al [35] is vulnerable toimpersonation stolen-verifier and denial-of-service attacksand proposed an enhanced 1-round authentication protocolwith user anonymity Later in the same year Li et al [37]mentioned that the above-reviewed authentication protocolsfor WBAN either present no revocation procedure to revokethe userrsquos privilege or lack anonymity Moreover they pro-posed anonymous mutual authentication and key agreementscheme for wearable sensors in WBAN

3 Contributions and Paper Organization

Unlike other existing schemes the proposed scheme sendstagrsquos ID and the valuable stored data in the tag securely(encrypted by AES) while existing protocols are trying tosend only the tagrsquos ID The schemes that realize the mutualauthentication are achieved at least in 3 steps while in ourwork the mutual authentication is realized in only 2 stepsThe proposed scheme is tested and realized on real devicesUnlike Jin et alrsquos study [25] where precomputing methodis used the private and public keys are not static but theyare refreshing after each communication that strengthens the

security and makes the keys untraceable and unpredictableMoreover contributions can be summarized as follows

(i) ECDH is used to produce the secret key that will beused in AES to encrypt both tagrsquos ID and the valuabledata stored in the tag

(ii) ECDSA is used to prevent man-in-the-middle attackthat ECDH suffers from to realize themutual authen-tication

(iii) AES embedded inWISP5 is used to encrypt both tagrsquosID and tagrsquos valuable data

(iv) ECC almost is not applicable on resource constrainedsystems So the tiny ECC [38] has been used in thisscheme

(v) Shamirrsquos trick optimization is used to compute (1199061119866+11990621198771015840) that is used in ECDSA verification Direct

implementation requires two scalar multiplicationsand a point addition but with Shamirrsquos trick the costis close to one scalar multiplication [39]

(vi) The efficiency of point multiplication has beenincreased by using Montgomeryrsquos ladder with co-119885coordinates [40]

The remainder of this paper is organized as follows AnRFID mutual authentication protocol has been proposedin Section 4 where Section 41 discusses the protocol Thesecurity analysis has been given in Section 42 performanceanalysis in Section 43 and security and performance com-parison in Section 44 Finally conclusion and future worksare explained in Section 5

4 Proposed Protocol

WISP5 built-in random number generator has been usedas the random number generator of our proposed protocolWe assume that communication between the reader and theback-end database server is secure and the communicationbetween the tag and the reader is not secure The readeris fully equipped and connected directly to a power supplyThe proposed scheme uses the WISP5 Impinj Speedwayreader MSP-FET430UIF debugging tool WISP5 program-ming adapter Code Composer Studio and PC

41 Discussion The scheme has two participants the trustedtag and the trusted reader which is connected to the back-end database server (Figure 2) Our protocol consists of twophases setup phase and authentication phase The notationused in this protocol is as follows

(i) Domain parameters of prime field (119865119901) elliptic curve(119864 1199102 = 1199093 + 119886119909 + 119887 mod 119901) are

119901 big prime number defined for finite field 119865119901a b defining the elliptic curve 119864(119865119901)119866 generator point119899 order of 119866 (order of the curve)ℎ cofactor = 119864(119865119901)119899 where 119864(119865119901) is numberof points on elliptic curve 119864(119865119901)


Insecure communication

Secure communication

(i) (ii) (iii)

Figure 2 Our studyrsquos scheme (WISP5 (i) reader (ii) and back-enddatabase server (iii))

(ii) 119870119879119877 the produced secret key by ECDH key exchangethat will be used inAES to encryptdecrypt tag ID andthe sentreceived data

(iii) t T private and public keys (at the same timeconsidered as a message during signing 119879 in ECDSA)of a tag used in ECDHkey exchange to produce secretkey 119870119879119877

(iv) 1199051015840 1198791015840 private and public keys of the tag used inECDSA

(v) (ℎ 119892) signature pair of T (the tagrsquos public key)(vi) 119903 119877 private and public key (at the same time consid-

ered as a message during signing 119877 in ECDSA) of areader used in ECDH key exchange to produce secretkey 119870119879119877

(vii) (119911 119904) signature pair of R (the readerrsquos public key)(viii) 1199031015840 1198771015840 private and public keys of the reader used in

ECDSA(ix) ID119894 ID of the 119894th tag(x) 119896 a random integer used during119877 (the readerrsquos public

key) signing in ECDSA(xi) 119897 a random integer used during T (the tagrsquos public

key) signing in ECDSASetup Phase In this phase both the reader and tag agree on acurve with elliptic curve domain parameters 119901 119886 119887119866 119899 andℎ Elliptic curve secp160r1 recommended byNIST is used forthe domain parameter values [41]

(1) All tagsrsquo identifiers (ID119894) are stored in the back-end-database server

(2) The tag selects an integer 1199051015840 at random as its privatekey for ECDSA where 1 le 1199051015840 le 119899 minus 1 and computesits public key 1198791015840 that will be used in ECDSA where1198791015840 = 1199051015840119866 Then the public key 1198791015840 of the tag is storedin the back-end-database server

(3) The reader selects an integer 1199031015840 at randomas its privatekey for ECDSA where 1 le 1199031015840 le 119899 minus 1 and computesits public key 1198771015840 that will be used in ECDSA where1198771015840 = 1199031015840119866 Then the public key 1198771015840 of the reader is seton all the tags manually

Authentication Phase At the end of this phase the public keys119877 and 119879 are produced 119877 and 119879 are signed and verified and

119877 and 119879 are exchanged The secret key 119870119879119877 is produced andmutual authentication is achieved in two steps as follows

(1) The reader picks an integer random number r as itsprivate key used in ECDH where 1 le 119903 le 119899 minus1 and computes its public key R (at the same timeconsidered as a message for ECDSA) that will be usedin ECDH where R = rG

(2) Before starting ECDH key exchange and sending R tothe tag the reader signs R using ECDSA as follows

(a) 119890 = Hash(119877) where the hashing algorithm isSHA-3 (256)

(b) Select a random integer 119896 [1 119899 minus 1](c) Calculate 119911 = 1199091mod 119899 where (1199091 1199101) = 119896119866 If119911 = 0 go to (b)

(d) Calculate 119904 = 119896minus1(119890 + 1199031015840119911) mod 119899 If 119904 = 0 go to(b)

(e) Signature pair is (119911 119904)

(3) The reader sends 119877 and its signature pair (119911 119904) to thetag

(4) Once the tag receives 119877 and its signature (119911 119904) itverifies 119877 as follows

(a) Check whether 119911 and 119904 are integers in the range[1 119899 minus 1] If not the signature is invalid and thesession is rejected

(b) 119890 = Hash(119877) where the hash algorithm is SHA-3 (256)

(c) Calculate 119908 = 119904minus1mod 119899(d) Calculate 1199061 = 119890119908 mod 119899 and 1199062 = 119911119908 mod 119899(e) Calculate (1199091 1199101) = 1199061119866 + 1199062119877

1015840(f) The reader is authenticated if 1199091 = 119911 mod 119899

otherwise the tag rejects the session

(5) If the reader is authenticated the tag picks a randominteger t as its private key used in ECDH where 1 le119905 le 119899 minus 1 and computes its corresponding public key119879 = 119905119866

(6) Before starting ECDH key exchange and sending 119879 tothe reader the tag signs 119879 using ECDSA as follows



(d) Calculate ℎ = 119897minus1(119890 + 1199051015840119892) mod 119899 If ℎ = 0 go to(b)

(e) Signature pair is (119892 ℎ)

(7) The tag computes the secret key 119870119879119877 = 119905119877 = 119905(119903119866) =119905119903119866

(8) The tag encrypts its ID using AES 119862 = AES119870119879119877(ID)(9) The tag sends its public key 119879 and its signature pair(119892 ℎ) and 119862 to the reader


(10) Once the reader receives 119879 and its signature (119892 ℎ) itverifies 119879 as follows(a) Check whether 119892 and ℎ are integers in the range[1 119899 minus 1] If not the signature is invalid and thesession is rejected


(c) Calculate 119894 = ℎminus1mod 119899(d) Calculate 1198951 = 119890119894mod 119899 and 1198952 = 119892119894mod 119899(e) Calculate (1199092 1199102) = 1198951119866 + 1198952119879

1015840(f) 1199092 = 119892 mod 119899 otherwise the reader rejects the

session

(11) The reader computes the secret key 119870119879119877 = 119903119879 =119903(119905119866) = 119903119905119866

(12) To get the tag ID the reader decrypts AES by ID =AESminus1119870119879119877(119862)

(13) The server will compare the ID with ID119894 from itsdatabase If 1199092 = 119892 mod 119899 and ID = ID119894 the tag isauthenticated otherwise it is not and reader rejectsthe session

As shown in Table 2 the mutual authentication has beenachieved in only two steps If sensing properties of WISPwanted to be exploited data related to the sensorsrsquo readingscan be sent with the tag ID

42 Security Analysis Our proposed protocol is resistant tothe known attacks detailed in Table 2 This section analyzesthe security of our proposed protocol

Mutual Authentication Using the signature pair (119911 119904) andthe readerrsquos public key used in ECDSA (1198771015840) the tag canverify the signed public key (119877) herewith the reader can beauthenticated Tag authentication passes through two stagesstage one using the signature pair (119892 ℎ) and the tagrsquos publickey used in ECDSA (1198791015840) the reader can verify the signedpublic key (119879) and hence authenticate the tag stage twosince (1) the unique IDs of all tags are stored formerly inthe back-end-database server (2) the tag IDs are sent in anAES encrypted form (3) each session uses a different secretkey 119870119879119877 (4) the reader could decrypt AES and gets the ID(5) the received ID matches the stored ID119894 and the readerauthenticates the tag Hence the proposed protocol providesmutual authentication

Tracking Attack Traceability Location and Information Pri-vacy Because the ID and confidential information on thetag are encrypted by AES using 119870119879119877 an attacker has tobreak AES or obtain 119870119879119877 to access the ID or confidentialinformation which is computationally infeasible Moreover119870119879119877 is dynamic meaning that after each session a newand different key is produced Accordingly the tag cannotbe tracked and the attacker cannot obtain the location andprivate information stored in the tag Hence it cannot betraced

Desynchronization Attack Denial-of-Service (DoS) Attackand Availability In the proposed scheme neither the tag

ID nor any critical data that can cause desynchronizationis updated after each execution Therefore the proposedprotocol can withstand desynchronization attacks and boththe tag and reader remain synchronized and available tocommunicate Thus DoS attacks can be withstood andavailability is maintained

Tag Anonymity An adversary who intercepts R z s T 119892 hand C between the reader and the tag and attempts to obtainthe tag ID cannot get the session key119870119879119877 because this is com-putationally infeasible under the DiffiendashHellman problemand the elliptic curve discrete logarithm problem (ECDLP)Thus the proposed protocol protects tag anonymity

Eavesdropping and Man-in-the-Middle Even if an adversaryeavesdrops messages transmitted between the reader and thetag the data are useless without the private keys (119905 and 119903)When trying to obtain 119905 119903 or any valuable informationthe attacker faces the computational DiffiendashHellman problemand ECDLP Any modification on the messages will bedetected because 119877 and 119879 are signed by private keys 1199031015840 and 1199051015840respectively and the received ID is compared with the storedID119894Thus the proposed protocol is resistant to eavesdroppingand man-in-the-middle attacks

Tag Impersonation andReader SpoofingAttacks To imperson-ate a tag an attacker must produce119870119879119877 or break AES whichis computationally infeasible under the DiffiendashHellman prob-lem and ECDLP As the public key of the tag (119879) is signed bythe private key 1199051015840 and verified by the public key1198791015840 of the tag anattacker cannot impersonate the tag Similarly attackers can-not spoof the reader because this would require the signaturepair (119911 119904) and to produce 119870119879119877 all of which are unattainablewithout knowing 119905 and 119903 Thus the proposed protocol canovercome tag impersonation and reader spoofing attacks

Cloning Attacks To clone a tag attackers must obtain theID of the tag they wish to clone Obtaining the tag IDrequires the computation of 119870119879119877 which is computationallyinfeasible under the DiffiendashHellman problem and ECDLP orthe breaking ofAESHence the proposed protocol is resistantto cloning attacks

Full Disclosure Attacks The sent messages R z s T 119892 h andC do not disclose any secrets Hence even if an adversarycould intercept thesemessages it would be unable to progresswithout the random private keys t and r Furthermore anyattempt to calculate 119905 and 119903 will encounter the computationalDiffiendashHellman problem and ECDLP or AES Thus thescheme resists full disclosure attacks

Replay Attacks Intercepting 119877 119911 and 119904 and replaying themto the tag will not produce 119870119879119877 from the previous sessionbecause the tag chooses a new private key that is used to formthe new session key 119870119879119877 Similarly replaying 119879 119892 ℎ and 119862from the previous sessionwill not cause the reader to produce119870119879119877 from the previous session

Confidentiality As the tag ID is transmitted as ciphertext and119870119879119877 changes for every session an attacker cannot achieve


Table 2 Proposed scheme

Tag ReaderSetup phase(i) Both reader and tag agree on a curve on ellipticcurve domain parameters 119901 119886 119887 119866 119899 and ℎ(ii) (1198771015840) is setmanually on all the tags(iii) Pick 1199051015840 randomly as the private key then the public key will be1198791015840 = 1199051015840119866

Setup phase(i) Both reader and tag agree on a curve on elliptic curve domainparameters 119901 119886 119887 119866 119899 and ℎ(ii) Pick 1199031015840 randomly as the privatekey then the public key will be 1198771015840 = 1199031015840119866

Authentication phase Authentication phase(1) Computing public key 119877

Pick 119903 randomly as private key then 119877 = 119903119866(2) Signing 119877(a) 119890 = Hash(119877)(b) Select 119896 randomly(c) 119911 = 1199091 mod 119899 if 119911 = 0 go to (b)(d) 119904 = 119896minus1(119890 + 1199031015840119911) mod 119899 if 119904 = 0 go to (b)(e) Signature pair is (119911 119904)

(3) Send 119877 119911 119904larr997888997888997888997888997888997888997888997888997888997888997888

(4) Verifying 119877(a) Check if 119911 and 119904 are integers in range [1 119899 minus 1] If notthe signature is invalid and rejects the session(b) 119890 = Hash(119877)(c) 119908 = 119904minus1 mod 119899(d) 1199061 = 119890119908 mod 119899 and 1199062 = 119911119908 mod 119899(e) (1199091 1199101) = 1199061119866 + 1199062119877

1015840

(f) If 1199091 = 119911 mod 119899 reader is authenticatedotherwise it is not and rejects the session

(5) In case of authentication pick 119905 as private key and computepublic key 119879 = 119905119866(6) Signing 119879

(a) 119890 = Hash(119879)(b) Select 119897 randomly(c) 119892 = 1199092 mod 119899 if 119892 = 0 go to (b)(d) ℎ = 119897minus1(119890 + 1199051015840119892) mod 119899 if ℎ = 0 go to (b)(e) Signature pair is (119892 ℎ)

(7) 119870119879119877 = 119905119877 = 119905(119903119866) = 119905119903119866(8) 119862 = AES119870119879119877 (ID)

(9) Send 119879 119892 ℎ 119862997888997888997888997888997888997888997888997888997888997888997888997888997888rarr

(10) Verifying 119879(a) Check if 119892 and ℎ are integers in the range [1 119899 minus 1] If notthe signature is invalid and rejects the session(b) 119890 = Hash(119879)(c) 119894 = ℎminus1 mod 119899(d) 1198951 = 119890119894 mod 119899 and 1198952 = 119892119894 mod 119899(e) (1199092 1199102) = 1198951119866 + 1198952119879

1015840

(f) If 1199092 = 119892 mod 119899 then the reader rejects the session(11)119870119879119877 = 119903119879 = 119903(119905119866) = 119903119905119866(12) ID = AESminus1119870119879119877 (119862)(13) If 1199092 = 119892 mod 119899 and ID = ID119894 the tag is authenticatedotherwise it is not and rejects the session


Table 3 Communication cost

Communication Cost (bit)Reader-tag 640Tag-reader 768Total 1408

any progress Thus unauthorized users cannot obtain the tagID or other valuable information without computing 119870119879119877 orbreaking of AES

Integrity Modification Attack and Unforgeability SinceECDSA is used by reader modifications to the signature pair(119911 119904) will be detected by the tag and any modifications to 119879119892 and ℎ will cause the verification to fail and cause wrong119870119879119877 and accordingly wrong IDHence the proposed protocolprovides integrity rejects any modifications and providesunforgeability

ForwardBackward Security An adversary cannot compro-mise the previouscurrent confidential information becausethe transferred messages 119877 119911 119904 119879 119892 ℎ and 119862 change aftereach execution according to the random private keys 119905 and119903 Adversaries cannot obtain the tag ID because it is sent asciphertext with a different119870119879119877 in each session

43 Performance Analysis The performance of the proposedmethod is analyzed in terms of code size communicationcost and tag response time (the reader is assumed to be fullyequipped) The results are obtained based on the secp160r1curve A total of 29450 (code) and 3296 (data) bytes arewritten to the tag FLASHFRAM and RAM usage is 1595bytes The communication cost (Table 3) from reader-to-tag involves transmitting the 320-bit reader public key and320-bit reader signature (=640 bits) and the communicationcost from tag-to-reader involves transmitting the 320-bit tagpublic key 320-bit tag signature and 128-bit encrypted tagID (=768 bits) Unlike the proposal in [25] which usedthe pairing-based cryptography library with an embeddingdegree of 2 on an Intel Pentium(R) Dual-Core processorwith 269GHz and 2048MB of RAM and the proposal in[21] which assumed a hardware platform of a Pentium-IV3GHz processor with 512MB memory and Windows XP[42] our proposed protocol is realized on a passive tagwith a 16MHz MSP430 64KB nonvolatile memory and66KB RAM As shown in Table 4 computing 119870119879119877 requires14578926250 s (=23326282CPU cycles16MHz) Howeveradopting the same system used by Jin et al [25] com-puting 119870119879119877 would require 000867148 s (=23326282CPUcycles269GHz) Previous ECC-based protocols have beenadopted under simulation scenarios whereas the proposedprotocol has been realized on a real device

Although the proposed scheme uses the tiny ECC [38]and has AES embedded in the WISP5 platform its heavinessis apparent from the results However taking the algorithmsused in the proposed protocol the results reported by Marinet al [43] indicate that each point addition and pointdoubling on MSP430 require 2298105 and 2574313 CPU

Table 4 Response times

Operation Resp time (s) Resp time(CPU cycles)

Resp timeadopting systemused in [25] (s)

Generating16-bit RNG 00001356875 2171 00000008070

Hashing 119877 00185743125 297189 00000001104Verification of 119877 18052265625 28883625 00107374070Generating 119905 00121121250 193794 00000720423Computing 119879 14709932500 23535892 00087494022Signing 119879 16268456250 26029530 00096764452Computing 119870119879119877 14578926250 23326282 00086714802Encrypting tagID (AES) 00000471875 755 00000002806

cycles respectively Marin et al [44] found that producinga signature tiny ECC requires 19308 bytes ROM and 1510bytes RAM generating a signature requires 2 s and verifyingthe signature requires 243 s Considering these facts ourresults are reasonable Indeed some enhancements have beenachieved In worst case according to Moorersquos law [45] usingthe same codes the response times may decrease to halfwithin maximum two years

44 Security and Performance Comparison In this section aperformance and functionality comparison is made betweenthe proposed and some related ECC-based RFID authenti-cation schemes Table 5 shows the communication cost ofour proposed and related schemes Although our proposalachieves mutual authentication in just two steps its com-munication cost is less than study [23] and very close tothe other compared schemes In terms of security servicesand attacks Table 6 lists the security comparisons amongour proposed scheme and other ECC-based schemes It isvisible that our protocol has additional security features thanthe related schemes and withstands the common attacks andsatisfies the essential security requirements of RFID-basedhealthcare systems which make it more suitable than otherhealthcare related protocols in the field of healthcare systems

5 Conclusion and Future Works

Following the FDArsquos declaration efficient and rigid mutualauthentication protocols are needed between the tag and thereader to prevent and eliminate potential hazards relatedto healthcare environments Accordingly this paper hasproposed a stable and powerful mutual authentication pro-tocol applied on WISP5 Both symmetric and asymmetricalgorithms have been exploited The protocol has beencoded and tested and its security has been thoroughlyanalyzed The code size RAM usage and response time ofthe scheme are clearly not optimal However considering thatMSP430 is being used with the SHA3 ECDH and ECDSAalgorithms this is to be expected ECC includes numeroustime-consuming point multiplications The cost of theseoperations could be reduced using methods to increase the


Table 5 Performance comparison

Communicationcost

Liao andHsiao [19] Zhao [22] Chou [23] Zhang and Qi

[24] Our study

Number of steps 3 3 3 3 2Bytes 168 168 184 160 176

Table 6 Security comparison (radic provide X do not provide and mdash not mentioned)

Security services and attacks Liao andHsiao [19] Zhao [22] Chou [23] Zhang and

Qi [24] Our study

Mutual authentication X radic X radic radic

Tracking attack X mdash mdash mdash radic

Traceability X mdash X mdash radic

Location privacy X radic X mdash radic

Information privacy X mdash X radic radic

Desynchronization attack mdash mdash mdash radic radic

Denial-of-service (DoS) attack radic radic radic radic radic

Availability radic radic mdash mdash radic

Tag anonymity radic X mdash radic radic

Eavesdropping mdash mdash mdash mdash radic

Man-in-the-middle mdash mdash X radic radic

Impersonation attack X radic X radic radic

Reader spoofing attack X radic mdash radic radic

Cloning attacks radic radic mdash mdash radic

Full disclosure attacks mdash mdash mdash mdash radic

Replay attacks radic radic radic radic radic

Confidentiality radic mdash mdash mdash radic

Integrity mdash mdash mdash mdash radic

Modification attack mdash mdash mdash radic radic

Unforgeability attack mdash mdash mdash mdash radic

Forward security X X X X radic

Backward security X X X X radic

efficiency of point multiplication Regardless the proposedprotocol which achieves mutual authentication in only twosteps withstands almost all common attacks and satisfiesthe essential security requirements of RFID-based healthcaresystems

Reducing the code size and decreasing the tag responsetime will be considered in future work Additionally as moststudies on WISP have involved only a single unit we willintend to use the sensing features of WISP5 to integratemultiple WISPs thus enabling the exploration of a newbattery-free form of wireless sensor networking in the fieldof healthcare systems

Conflicts of Interest

The authors declare that they have no conflicts of interest

References

[1] Y K Hung ldquoThe study of adopting RFID technology inmedicalinstitute with the perspectives of cost benefitrdquo in Proceedings

of the International Medical Informatics Symposium in Taiwan2007

[2] P Najera J Lopez and R Roman ldquoReal-time location andinpatient care systems based on passive RFIDrdquo Journal ofNetwork and Computer Applications vol 34 no 3 pp 980ndash9892011

[3] J E Katz andR E Rice ldquoPublic views ofmobilemedical devicesand services A US national survey of consumer sentimentstowards RFID healthcare technologyrdquo International Journal ofMedical Informatics vol 78 no 2 pp 104ndash114 2009

[4] C Yu C Chen P Liao and Y Lee ldquoRFID-based operationroom and medicare system for patient safety enhancementacase study of keelung branchrdquo J Inf Manag vol 15 pp 97ndash1222008

[5] J G Leu The benefit analysis of RFID use in the healthmanagement centerThe experience in Shin Kong Wu Ho-SuMemorial Hospital National Taiwan University 2010

[6] httpwwwfdagovMedicalDevices[7] Blood bags with RFID chips (2010 picturesphotonews2010

pn201005php Accessed vol 23 compressenpresspicture2015 httpwwwsiemens


[8] WISP5Wiki ldquoWelcome to theWISP 5Wikirdquo httpwisp5wik-ispacescomWISP+Home 2015

[9] T Instruments ldquoMSP430FR59xxMixed Signal MicrocontrollerDatasheetrdquo Accessed vol 08 2015 httpwwwticomlitdsslas704eslas704epdf

[10] I F Blake G Seroussi and N P Smart Elliptic curves incryptography vol 265 of London Mathematical Society LectureNote Series Cambridge University Press Cambridge 2000

[11] H Tipton and M KrauseBoca Raton Information SecurityManagement Handbook Four Volume Set Auerbach Publica-tions 2000

[12] P Tuyls and L Batina ldquoRFID-tags for anti-counterfeitingrdquo inTopics in cryptologymdashCT-RSA 2006 vol 3860 of Lecture Notesin Comput Sci pp 115ndash131 Springer Berlin 2006

[13] Y Lee L Batina and I Verbauwhede ldquoEC-RAC (ECDLP basedrandomized access control) provably secure RFID authen-tication protocolrdquo in Proceedings of the IEEE InternationalConference on RFID pp 97ndash104 Las Vegas Nev USA April2008

[14] L Batina J Guajardo T Kerins N Mentens P Tuyls andI Verbauwhede ldquoPublic-key cryptography for RFID-tagsrdquo inProceedings of the 5th Annual IEEE International Conference onPervasive Computing and Communications Workshops PerComWorkshops 2007 pp 217ndash222 March 2007

[15] T Van Deursen and S Radomirovic Attacks on RFID ProtocolsIACR Cryptology ePrint Archive 2009

[16] J Bringer H Chabanne and T Icart ldquoCryptanalysis of EC-RAC a RFID identification protocolrdquo in Cryptology and Net-work Security 7th International Conference CANS 2008 Hong-Kong China December 2ndash4 2008 Proceedings vol 5339 ofLecture Notes in Computer Science pp 149ndash161 Springer BerlinGermany 2008

[17] Y K Lee L Batina D Singelee B Preneel and I VerbauwhedeldquoAnti-counterfeiting Untraceability and Other Security Chal-lenges for RFID Systems Public-Key-Based Protocols andHardwarerdquo in Towards Hardware-Intrinsic Security Informa-tion Security and Cryptography pp 237ndash257 Springer BerlinHeidelberg Berlin Germany 2010

[18] X Zhang L Li Y Wu and Q Zhang ldquoAn ECDLP-basedrandomized key RFID authentication protocolrdquo in Proceedingsof the 2011 International Conference on Network Computing andInformation Security NCIS 2011 pp 146ndash149 May 2011

[19] Y-P Liao and C-M Hsiao ldquoA secure ECC-based RFID authen-tication scheme integrated with ID-verifier transfer protocolrdquoAd Hoc Networks vol 18 pp 133ndash146 2014

[20] S RMoosavi E Nigussie S Virtanen and J Isoaho ldquoAn ellipticcurve-based mutual authentication scheme for RFID implantsystemsrdquo Procedia Computer Science vol 32 pp 198ndash206 2014

[21] D He N Kumar and N Chilamkurti ldquoLightweight ECC basedRFID authentication integrated with an ID verifier transferprotocolrdquo Journal of Medical Systems vol 38 article 116 2014

[22] Z Zhao ldquoA secure RFID authentication protocol for healthcareenvironments using elliptic curve cryptosystemrdquo Journal ofMedical Systems vol 38 no 5 pp 1ndash7 2014

[23] J-S Chou ldquoAn efficient mutual authentication RFID schemebased on elliptic curve cryptographyrdquo Journal of Supercomput-ing vol 70 no 1 pp 75ndash94 2014

[24] Z Zhang and Q Qi ldquoAn efficient RFID authentication protocolto enhance patient medication safety using elliptic curve cryp-tographyrdquo Journal ofMedical Systems vol 38 no 5 pp 1ndash7 2014

[25] C Jin C Xu X Zhang and J Zhao ldquoA secure RFID mutualauthentication protocol for healthcare environments usingelliptic curve cryptographyrdquo Journal of Medical Systems vol 39no 3 pp 1ndash8 2015

[26] C Lee and H Chien ldquoAn Elliptic Curve Cryptography-BasedRFID Authentication Securing E-Health Systemrdquo InternationalJournal of Distributed Sensor Networks vol 11 no 12 p 6424252015

[27] M S Farash O Nawaz K Mahmood S A Chaudhry andM K Khan ldquoA Provably Secure RFID Authentication ProtocolBased on Elliptic Curve for Healthcare Environmentsrdquo Journalof Medical Systems vol 40 no 7 article no 165 2016

[28] M BenssalahMDjeddou andKDrouiche ldquoA provably secureRFID authentication protocol based on elliptic curve signaturewith message recovery suitable for m-Health environmentsrdquoTransactions on Emerging Telecommunications Technologies pe3166 2017

[29] M Li S Yu J D Guttman W Lou and K Ren ldquoSecure ad hoctrust initialization and key management in wireless body areanetworksrdquo ACM Transactions on Sensor Networks vol 9 no 2article no 18 2013

[30] J Liu Z Zhang X Chen and K S Kwak ldquoCertificatelessremote anonymous authentication schemes for wireless bodyarea networksrdquo IEEE Transactions on Parallel and DistributedSystems vol 25 no 2 pp 332ndash342 2014

[31] Z Zhao ldquoAn efficient anonymous authentication scheme forwireless body area networks using elliptic curve cryptosystemrdquoJournal of Medical Systems vol 38 article 13 7 pages 2014

[32] H Xiong ldquoCost-effective scalable and anonymous certificate-less remote authentication protocolrdquo IEEE Transactions onInformation Forensics and Security vol 9 no 12 pp 2327ndash23392014

[33] D He and S Zeadally ldquoAuthentication protocol for an ambientassisted living systemrdquo IEEECommunicationsMagazine vol 53no 1 pp 71ndash77 2015

[34] D He S Zeadally N Kumar and J-H Lee ldquoAnonymousauthentication for wireless body area networks with provablesecurityrdquo IEEE Systems Journal 2016

[35] J W Liu L Zhang and R Sun ldquo1-RAAP An efficient 1-round anonymous authentication protocol for wireless bodyarea networksrdquo Sensors (Switzerland) vol 16 no 5 article no728 2016

[36] X Li J Peng S Kumari F Wu M Karuppiah and K Ray-mond Choo ldquoAn enhanced 1-round authentication protocol forwireless body area networks with user anonymityrdquo Computersamp Electrical Engineering 2017

[37] X Li M H Ibrahim S Kumari A K Sangaiah V Guptaand K R Choo ldquoAnonymous mutual authentication and keyagreement scheme for wearable sensors in wireless body areanetworksrdquo Computer Networks 2017

[38] A Liu and P Ning ldquoTinyECC a configurable library for ellipticcurve cryptography in wireless sensor networksrdquo in Proceedingsof the 7th International Conference on Information Processing inSensor Networks (IPSN rsquo08) pp 245ndash256 St Louis Mo USAApril 2008

[39] D Hankerson S Vanstone and A J Menezes Guide to EllipticCurve Cryptography Springer New York NY USA 2004

[40] M Rivain ldquoFast and Regular Algorithms for Scalar Multi-plication over Elliptic Curvesrdquo in Rivain M (2011) Fast andRegular Algorithms for ScalarMultiplication over Elliptic CurvesIACRCryptology ePrint Archive p 338 IACRCryptology ePrintArchive 2011


[41] D Brown ldquoSEC 2 Recommended Elliptic Curve DomainParametersrdquo Certicom Research Accessed vol 8 2010 httpwwwsecgorgSEC2-Ver-10pdf

[42] X Cao W Kou and X Du ldquoA pairing-free identity-basedauthenticated key agreement protocol with minimal messageexchangesrdquo Information Sciences An International Journal vol180 no 15 pp 2895ndash2903 2010

[43] L Marin A Jara and A Skarmeta Gomez ldquoShifting primesOptimizing elliptic curve cryptography for 16-bit devices with-out hardware multiplierrdquo Mathematical and Computer Mod-elling vol 58 no 5-6 pp 1155ndash1174 2013

[44] L Marin A J Jara and A F G Skarmeta ldquoShifting primesExtension of pseudo-mersenne primes to optimize ECC forMSP430-based future internet of things devicesrdquo Lecture Notesin Computer Science (including subseries Lecture Notes in Artifi-cial Intelligence and Lecture Notes in Bioinformatics) vol 6908pp 205ndash219 2011

[45] Moore ldquoMoorersquos Lawrdquo httpwwwmooreslaworg 2017

RoboticsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Active and Passive Electronic Components

Control Scienceand Engineering

Journal of


International Journal of

RotatingMachinery


Hindawi Publishing Corporation httpwwwhindawicom

Journal of

Volume 201

Submit your manuscripts athttpswwwhindawicom

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics


Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

SensorsJournal of


Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation



DistributedSensor Networks



Front side

Back side

Figure 1 Front and back sides of WISP5

strict and rigid mutual authentication protocols must beexploited between the tag and the reader using the latestcryptographic technologies

Protocols conforming to the EPC Class 1 Generation2 standard increasingly become inadequate and there is ademand for stronger protocols Furthermore the develop-ment of integrated circuit techniques means that RFID tagscould support the complicated operations of private andpublic key cryptography In this paper using the last revisionof the Wireless Identification and Sensing Platform (WISP5)(Figure 1) [8] we propose a mutual authentication protocolbased on elliptic curve cryptography (ECC) and advancedencryption standard (AES) algorithms WISP5 is an EPCClass 1 Generation 2 UHF passive RFID tag that is embeddedwith AES and sensors and includes a fully programmable 16-bit microcontroller (MSP430 16Mhz CPU 64KB nonvolatilememory 66KB RAM [9]) Integrating passive RFID withsensing technologies is widely applicable in many productivesectors

For instance some application scenarios of the healthcaresystems as WISP have built-in sensors they can easilysend temperature of WISP tagged blood bag to the systemChecking whether the box that contains glass tubes havingspecimens taken from the patients in the laboratory has beenfallen or not or measuring the ambient temperature can beachieved via a WISP tagged to the box Moreover there aremany valuable devices in the hospital and some of thesedevices are portable It is possible to get information aboutthe place of the WISP tagged devices and it can be easilydeterminedwhether aWISP tagged device has beenmoved ornot In the above scenarios if the authentication is providedwe can trust that the tags are the legitimate tags WISP5 ispassively powered obtaining power from the reader ratherthan a battery Hence this is essentially a maintenance-freesystem

Compared with public key algorithms such as RSA ECC-based systems are smaller and faster and consume less power(Table 1) Thus the elliptic curve DiffiendashHellman scheme(ECDH) is used to produce the secret key that will encrypt thetag ID and dataThe elliptic curve digital signature algorithm(ECDSA) is used to prevent man-in-the-middle attacks [10]and to achievemutual authentication between the tag and thereader

2 Related Work

Many ECC-based authentication schemes have been pro-posed to satisfy the security constraints of RFID tags Tuyls

Table 1 Comparable key sizes in terms of computational effort forcryptanalysis [11]

RSA-based asymmetric scheme(modulus size in bits)

ECC-based asymmetric scheme(size of n in bits)

512 1121024 1602048 2243072 2567680 38415360 512

and Batina [12] used the Schnorr identification protocolto develop an ECC-based RFID identification scheme Thisscheme claimed to be resistant against tag counterfeitingHowever Lee et al [13] showed that this scheme is vulnerableto location tracking attacks does not achieve forward securityand mutual authentication and lacks scalability Based onOkamotorsquos authentication protocol Batina et al [14] pro-posed an ECC-based RFID authentication protocol that theyclaimed could avoid active attacks Lee et al [13] mentionedthat Batina et alrsquos protocol is vulnerable to location trackingattacks and has scalability and forward secrecy issues Leeet al [13] claimed to solve all the issues mentioned abovebut later studies [15 16] showed that Lee et alrsquos schemeis vulnerable to tracking and forgery attacks and does notprovide mutual authentication In 2010 Lee et al [17] pro-posed an ECC-based RFID authentication scheme to addressthe existing tracking problems [12 14] Only tag-to-readerauthentication has been considered rather than reader-to-tag authentication In 2011 Zhang et al [18] proposed anECC-based randomized key scheme that improved previousschemes Although secure against some relevant attacks thisapproach still does not perform mutual authentication

In 2014 Liao and Hsiao [19] proposed a secure ECC-based RFID authentication scheme with an ID-verifier trans-fer protocol to achieve mutual authentication However theweaknesses of this approach were detailed in three separatestudies First Moosavi et al [20]mentioned that the tag iden-tification of Liao and Hsiaorsquos scheme lacks efficiency in termsof the tagrsquos computation time and its memory requirementsSecond He et al [21] proposed a lightweight ECC-basedRFID authentication integrated with an ID-verifier transferprotocol and pointed out that their proposal performs betterthan that of Liao and Hsiao in terms of computational costand storage requirements Third Zhao [22] showed thatLiao and Hsiaorsquos method enabled an adversary to obtainthe private key stored in the tag Chou [23] proposed anew RFID authentication protocol using ECC and claimedthat it could resist various attacks Later Zhang and Qi [24]pointed out that Choursquos protocol [23] suffers problems withtag information privacy backward traceability and forwardtraceability

In 2015 Jin et al [25] proposed a secure RFID mutualauthentication protocol for healthcare environments usingECC and claimed that their proposal could withstand var-ious attacks while outperforming the protocols detailed















4 Proposed Protocol








(i) (ii) (iii)










































session























(3) Send 119877 119911 119904larr997888997888997888997888997888997888997888997888997888997888997888


1015840




(7) 119870119879119877 = 119905119877 = 119905(119903119866) = 119905119903119866(8) 119862 = AES119870119879119877 (ID)

(9) Send 119879 119892 ℎ 119862997888997888997888997888997888997888997888997888997888997888997888997888997888rarr


1015840





















Communicationcost


[24] Our study




Qi [24] Our study



























References

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation























4 Proposed Protocol








(i) (ii) (iii)










































session























(3) Send 119877 119911 119904larr997888997888997888997888997888997888997888997888997888997888997888


1015840




(7) 119870119879119877 = 119905119877 = 119905(119903119866) = 119905119903119866(8) 119862 = AES119870119879119877 (ID)

(9) Send 119879 119892 ℎ 119862997888997888997888997888997888997888997888997888997888997888997888997888997888rarr


1015840





















Communicationcost


[24] Our study




Qi [24] Our study



























References

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation












(i) (ii) (iii)










































session























(3) Send 119877 119911 119904larr997888997888997888997888997888997888997888997888997888997888997888


1015840




(7) 119870119879119877 = 119905119877 = 119905(119903119866) = 119905119903119866(8) 119862 = AES119870119879119877 (ID)

(9) Send 119879 119892 ℎ 119862997888997888997888997888997888997888997888997888997888997888997888997888997888rarr


1015840





















Communicationcost


[24] Our study




Qi [24] Our study



























References

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation














session























(3) Send 119877 119911 119904larr997888997888997888997888997888997888997888997888997888997888997888


1015840




(7) 119870119879119877 = 119905119877 = 119905(119903119866) = 119905119903119866(8) 119862 = AES119870119879119877 (ID)

(9) Send 119879 119892 ℎ 119862997888997888997888997888997888997888997888997888997888997888997888997888997888rarr


1015840





















Communicationcost


[24] Our study




Qi [24] Our study



























References

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation















(3) Send 119877 119911 119904larr997888997888997888997888997888997888997888997888997888997888997888


1015840




(7) 119870119879119877 = 119905119877 = 119905(119903119866) = 119905119903119866(8) 119862 = AES119870119879119877 (ID)

(9) Send 119879 119892 ℎ 119862997888997888997888997888997888997888997888997888997888997888997888997888997888rarr


1015840





















Communicationcost


[24] Our study




Qi [24] Our study



























References

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation




























Communicationcost


[24] Our study




Qi [24] Our study



























References

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation

















































RoboticsJournal of





Journal of



RotatingMachinery



Journal of

Volume 201


VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation









an advanced encryption standard powered mutual...

Documents