A Cloud-based RFID Authentication Protocol with Insecure Communication Channels

Radio Frequency Identification (RFID) has become a widespread technology to automatically identify objects and with the development of cloud computing, cloud-based RFID systems attract more research these days. Several cloud-based RFID authentication protocols have been proposed to address privacy and security properties in the environment where the cloud provider is untrusted therefore the tag's data are encrypted and anonymously stored in the cloud database. However, most of the cloud-based RFID authentication protocols assume secure communication channels between the reader and the cloud server. To protect data transmission between the reader and the cloud server without any help from a third party, this paper proposes a cloud-based RFID authentication protocol with insecure communication channels (cloud-RAPIC) between the reader and the cloud server. The cloud-RAPIC protocol preserves tag privacy even when the tag does not update its identification. The cloud-RAPIC protocol has been analyzed using the UPriv model and AVISPA verification tool which have proved that the protocol preserves tag privacy and protects data secrecy.