Improvement of the Eﬃcient Mutual Authentication Protocol for Passive RFID Tags (EMAP)

Radio Frequency Identification (RFID) system is a wireless automatic identification using low-cost RFID tags. Promotion of privacy and security in RFID systems has been considered essential due to their usage in everyday life. In 2012, Guo-Rui Li et al. Proposed a new E ﬃ cient Mutual Authentication Protocol for passive RFID (EMAP), that providing conﬁdentiality, un - traceability, and e ﬃ ciency. In addition to proving the security problems of the EMAP method, this paper has presented a novel method to improve this weak point.


Introduction
Identification technology through radio frequency (RFID) is a new technology that is used to identify objects and living creatures (Mehrabani & Sadegha, 2021). Due to many advantages such as lower costs, increasing speed and large-scale identification, the use of this technology has been increased day by day. The foundation of this technology is similar to barcode technology with the difference that in RFID systems, identification takes place without any physical contact or direct visibility and recognition perform via radio waves (Abugabah et al., 2020). These advantages make this technology attractive for commercial and industrial users, so that today the deployment of RFID systems in various areas such as credit cards, subways and buses, new Passport cards and new electrical barcodes can be seen (Ranasinghe & Yu, 2017) (Frith, 2019). Due to the use of RFID technology in sensitive areas such as access control systems, supply chain management, new passports, non-contact smart cards, and etc., study on the security aspects of this technology and the deployment of security protocols for authentication in this system, is an urgent need for industries and organizations (Nozari et al., 2021).
Authentication protocols are the most important tools to provide security in the highest layer, namely the application layer, in RFID system. They run between the tag and card reader, and during their implementation, the parties review the accuracy of each other's identity to accept. Low cost production in RFID tags is one of the most important features (Namin et al., 2018), so there is no possibility of using encryption separately and the security of the entire system depends directly on the security level of protocols that are used for identification and authentication. In RFID systems, the most important features of a secure identification and authentication protocol are as follows.
• Confidentiality: Ensure that information is only available to those who are authorized to access this information (Kitsos & Zhang, 2008). Confidentiality means that in a secure protocol there shouldn't be any leakage of information to an attacker or eavesdropper. Information that is stored on the tag such as a unique identifier and secret keys that are employed in reconnaissance operations, should be only disposal to tag, and if it's necessary, the server should be final. Besides this, another important point about confidentiality, is privacy and the location privacy of the tag or tag's holder. Location privacy of a tag means that, if an attacker, eavesdrops the session and saves exchanged information during the identification protocol between the tag Ti and an allowed reader at time t, the attacker fails to identify any other transactions related to tag Ti, in the other time. • Data integrity: Maintaining the authenticity and integrity of information and processing methods (Zhuang et al., 2018). It means that no person should be able to alter or manipulate the exchange of information between parties of the protocol. The originality of the message can prevent many attacks that leads to impersonation. • Availability: Assurance that all authorized users can have access to information and other requirements (Burmester & Munilla, 2014). This means that authorized users (tags) at any time and any place need system services, be able to easily use them. • Authentication: The most basic goal that an identifying protocol seeks, is checking the identity of an entity or parties of the protocol (Paise & Vaudenay, 2008).
The new EMAP version, presented in this paper, successfully solved EMAP related data integrity issue (Li et al., 2012). The rest of the article consists of five sections. Section 2 gives a brief introduction of EMAP. Section 3 identifies EMAP security shortcomings. Section 4 is designed to present the improved protocol, and Section 5 evaluates whether or not the protocol is secure and efficient. We give conclusion of the study in section 6.

Review EMAP protocol
In this Section, we review the notations used in EMAP protocol (Li et al., 2012). The detailed information is available in EMAP's protocol. The notation used in EMAP defined as follows: • pk : The public key that is saved in the back end server

Initialization phase
In this phase, the system produces a pair of public keys , private key , secret key , shared key , corresponding tag identification ID, and the encrypted result ( || ) and stores them in the back end server. It also stores a random secret key k for each tag and a shared key S for all tags and ( || ) in the tag. Fig. 1 illustrates the authentication phase of EMAP protocol. The authentication phase consists of three steps described as follows in detail. Round 1.

Authentication phase
The tag receives random number 1 which is made by the reader.
The reader forwards the received authentication message with the generated random value 1 r to the server.
The server first computes the hash function value ( 1 || 2 ) and XORs with the first part of received message to get ( || ). It then decrypts ( || ) using its own private key sk to derive the tag's ID . If the ID is invalid, the server aborts, otherwise, it finds the tag's corresponding secret key k and computes ( ( || )|| 1 || 2 ) to verify the tag. If the hash value equals the last part of the received message, then the tag is authenticated. Otherwise, the server aborts.
Reader → Tag: 〈 ( || +1 )⨁ ( 2 ), ( ( || )|| 2 || 1 )〉 The reader forwards the message to the tag, then the tag computes ( ( || )|| 2 || 1 ) and compares it with the last part of the received message. If two values were equal, the server is authenticated. Otherwise, the tag aborts. Finally, the tag calculates ( ) 2 s frand executes exclusive or (XOR) operation on the first part of the received message to get the new encryption information ( || +1 ) and replaces the old one.

Weaknesses of EMAP protocol
In this section, we show that EMAP has the following security problem.

Data integrity problem:
We will show that EMAP is vulnerable to de-synchronization attack. In the third round an attacker can change first part of the message ( || +1 )⨁ ( 2 ), by executing XOR operation with arbitrary random number ′ to generate ( || +1 )⨁ ( 2 )⨁ ′ and send 〈 ( || +1 )⨁ ( 2 )⨁ ′ , ( ( || )|| 2 || 1 )〉 to tag. When tag receives the message, computes ( ( || )|| 2 || 1 ) and compares it with the last part of the received message. Since second part of the message has not changed, tag will authenticate the server. Now, tag calculates ( 2 ) and executes XOR operation on the first part of the received message ( || +1 )⨁ ( 2 )⨁ ′ . It will extract a massage ( || +1 )⨁ ′ and replace the old one. So the Desynchronization between the tag and the server will occur. Even the attacker can send r instead of ( || +1 )⨁ ( 2 ). In this case tag will XOR it with ( 2 ) and obtains ′ ⨁ ( 2 ) and replaces it instead of ( || +1 ). We can see that the XORed result is not equal to the original which is sent by database, therefore, EMAP has DATA integrity problem.

Improved EMAP (EMAP+)
This section proposes EMAP + that is an improvement of the EMAP. EMAP + can eliminate the above described security problem. The information kept within respective devices is the same as EMAP. Notation used in EMAP + is just like EMAP. EMAP + consists of two phases: the initialization phase, and the authentication phase.

Initialization phase
In this phase, the system produces a pair of public keys , private key , secret key , corresponding tag identification ID, then the encrypted result ( || ) therefore shared key , and stores them in the backend server. It also stores a random secret key k for each tag and a shared key S for all tags and ( || ) in the tag.

The authentication phase
In the following, the improved authentication phase steps are explained in detail and indicated in Fig. 2 Round 1.
The tag receives random number 1 which is made by the reader.
Reader forwards the received authentication message with the generated random value 1 r to server. The server first computes hash function value ( 1 || 2 ) and XORS it with the first part of received message to get ( || ). It then decrypts ( || ) by using its own private key sk to derive tag's ID . If the ID is invalid, the server aborts, otherwise, it finds the tag's corresponding secret key k and computes ( ( || )|| 1 || 2 ) to verify the tag. If the hash value equals to the last part of the received message, then the tag is authenticated. Otherwise, the server aborts.

.1 Confidentiality
The ID information of RFID in this protocol will remain secret just like the EMAP protocol. In fact, the only difference between our protocol and EMAP is in the third round where in our protocol the reader sends ( || +1 ), instead of ( || +1 )⨁ ( 2 ). In fact, adversary would never be able to obtain the ID information because it is protected by encryption.

Untraceability
EMAP + can provide un-traceability just like EMAP, due to ( || +1 ) in the third round, which is changing every phase.

Data integrity
The EMAP + Protocol unlike EMAP that was vulnerable to de-synchronization attack supplies data integrity and this is because of changes in the last round of the EMAP protocol. Suppose that in the third round the adversary A can change ( || +1 ) and sends it to tag. When Tag receives the message, starts to compute the hash function ( ( || )|| ( || +1 )|| 2 ) and compare it with the last part of the received message. Because ( || +1 ) has been changed by adversary, the tag will abort.

Mutual authentication
EMAP + provides two-way mutual authentication just like EMAP. The tag is authenticated in the second round by ( ( || )|| 1 || 2 ) . On the other side the reader proves its identity to the tag by ( ( || )|| ( || +1 )|| 2 ) . So EMAP + can prevent the impersonation attack and authenticate reader or tag and vice versa.

Efficiency
EMAP + is exactly the same as EMAP. On the reader side, The time of finding tag's ID, and the space requirement is equal to O(1). On tag side, the two factors mentioned above are equals to O(1). As claimed in (Li et al., 2012) these features relieve the constraints on the RFID tag in real applications in comparison with the other protocols.

Conclusions
It observed that with a little change in the EMAP we could promote this protocol and have an efficient mutual authentication protocol for passive RFID tags that provides data integrity, confidentiality, un-traceability, mutual authentication, and efficiency, while EMAP + has all features of the EMAP in time complexity, space complexity, and communication cost.