Privacy Protection Method Based on Two-Factor Authentication Protocol in FRID Systems

With the rapid development of Internet of things (IoT), Radio Frequency Identification (RFID) has become one of the most significant information technologies in the 21st century. However, more and more privacy threats and security flaws have been emerging in various vital RFID systems. Traditional RFID systems only focus attention on foundational implementation, which lacks privacy protection and effective identity authentication. To solve the privacy protection problem this paper proposes a privacy protection method with a Privacy Enhancement Model for RFID (PEM4RFID). PEM4RFID utilizes a “2+2” identity authentication mechanism, which includes a Two-Factor Authentication Protocol (TFAP) based on “two-way authentication”. Our TFAP employs “hardware information + AES-ECC encryption”, while the ”“two-way authentication” is based on improved Combined Public Key (CPK). Case study shows that our proposed PEM4RFID has characteristics of untraceability and nonrepeatability of instructions, which realizes a good trade-off between privacy and security in RFID systems.