LAUSR

An RFID system is a contactless automatic identification technology and a solution to many business and personal applications. However, the privacy threats to RFID systems cause significant concerns in real RFID applications. Among the privacy issues in RFID systems, we are particularly interested in designing an RFID authentication protocol that achieves strong indistinguishability-based privacy (ind-privacy) and possesses the zero-knowledge property for active tags. In this article, a zero-knowledge authentication protocol (ZKAP) using quadratic residues is proposed. Then, an indistinguishability-based experiment using random oracles is modeled to prove that the proposed scheme achieves strong ind-privacy against active eavesdroppers. The zero-knowledge property is defined with respect to the tags’ private information against dishonest readers, and that property of our ZKAP is proven by constructing a polynomial time simulator that generates a transcript with the same distribution as that of ZKAP. Finally, the proposed protocol is implemented in a Raspberry Pi and a PC, and the performance is evaluated in terms of authentication time. The experimental results demonstrate that our ZKAP achieves its design goals.