A quadratic residue-based RFID authentication protocol with enhanced security for TMIS

Telecare medicine information system (TMIS) is one of most important RFID applications in the healthcare field. Li et al. proposed a RFID tag authentication protocol with privacy preserving in TMIS. They claimed that the protocol can resist many existing attacks and possess the advantages of high efficiency. However, we demonstrate that this protocol still have replay attack, strong forward traceability attack, de-synchronization attack, unguaranteed data integrity and the problem of tag/reader anonymity. Aiming to efficiently improve the security of Li et al.’s protocol, we propose a more secure and effective authentication protocol based on quadratic residue theory, which is suitable for TMIS with the requirements of strong privacy protection. In order to resist replay attack, the timestamp generated by the reader is used to compute reader request message sent to the server and the message is encrypted by hash function and quadratic residue theory. The improved protocol does not transmit reader and tag identifier in plaintext to guarantee anonymity and the data integrity is ensured by means of encrypting tag data using hash function. To guarantee strong forward untraceability, random number is introduced in tag key update operation and is encrypted by quadratic residue theory. Using the feature of public key cryptography of quadratic residual theory can meet the purpose of constant time identification. Our security analysis and Performance comparisons proves that our scheme has higher security and better performance to be applicable to TMIS.