A Trust-Third-Party Based Key Management Protocol for Secure Mobile RFID Service

The mobile radio frequency identification (MRFID) system, defined as a special type of mobile service using RFID tag packaging object and RFID readers attached to mobile RFID terminals, has been studied actively in recent years. While the mobile RFID system has many advantages, the privacy violation problems at reader side, consumer tracking with malicious purpose and the sensitive information transmission problems among tag, reader and server, are deeply concerned by individuals and scholars. Most of previous works utilize the principle of cryptography to solve these problems. Although the heart of any security schemes is the key management protocol responsible for the distribution of secret keys, as we know, few studies address this fundamental issue in the research of secure RFID. In this paper, we assume that all the communication channels among tag, reader, and server are insecure. We propose a trust-third-party based key management protocol to construct a secure session key among the tag, reader and server. The proposed protocol has the following four advantages: First, the communication between reader and server is anonymous, which provides the privacy of reader. Second, the dynamic tag identity can prevent the tag owner being tracked. Third, the secure session key construction among tag, reader and server can ensure the security of information transmission. Last, the system performance is ensured by the application of privacy-protection-policy based access control mechanism in the M-RFID system.