An Authentication Protocol Based on Combined RFID-Biometric System RFID-Biometric System

Radio Frequency Identification (RFID) and biometric technologies saw fast evolutions during the last years and which are used in several applications, such as access control. Among important characteristics in the RFID tags, we mention the limitation of resources (memory, energy, …). Our work focuses on the design of a RFID authentication protocol which uses biometric data and which confirms the secrecy, the authentication and the privacy. Our protocol requires a PRNG (Pseud-Random Number Generator), a robust hash function and Biometric hash function. The Biometric hash function is used to optimize and to protect biometric data. For Security analysis of protocol proposed, we will use AVISPA and SPAN tools to verify the authentication and the secrecy.

💡 Research Summary

The paper proposes a novel authentication protocol that tightly integrates Radio‑Frequency Identification (RFID) technology with biometric verification, targeting environments where RFID tags are severely constrained in memory, computational power, and energy. Recognizing that traditional cryptographic primitives (e.g., public‑key operations) are infeasible on such lightweight tags, the authors design a protocol that relies only on a pseudorandom number generator (PRNG) and a single robust hash function (H) on the tag side, while delegating the bulk of the processing to the RFID reader and the back‑end server.

The core idea is to protect biometric data by means of a “biometric hash function” (BHash). Instead of storing raw biometric templates (fingerprint, iris, face, etc.), the system stores only the hash of the biometric sample. This approach provides two major benefits: (1) privacy – even if the stored hash is compromised, the original biometric cannot be reconstructed; (2) efficiency – the hash can be compared directly without costly template matching on the tag.

Protocol flow:

1. Challenge Generation – The reader generates a fresh random nonce r1 and sends it to the tag.
2. Tag Response – The tag computes h1 = H(ID ‖ r1), where ID is the tag’s unique identifier, and returns h1 to the reader. No secret key is stored on the tag; the identifier is static, and the hash operation masks it.
3. Server Verification – The reader forwards (r1, h1) to the back‑end server. The server checks the hash against its database of IDs, confirming the tag’s presence.
4. Biometric Capture – The server prompts the user to present a biometric sample. The user’s device (e.g., a smartphone or a dedicated biometric sensor) computes the biometric hash hb = BHash(biometric_sample).
5. Biometric Challenge – The user’s device generates a second nonce r2 and computes h2 = H(hb ‖ r2). It sends (hb, r2, h2) to the server.
6. Biometric Verification & Session Key Derivation – The server compares hb with the stored biometric hash for the claimed identity. If they match, the server derives a session key K = H(r1 ‖ r2 ‖ ID) and securely distributes it to both the tag (via the reader) and the user’s device.

All messages exchanged over the air consist solely of nonces and hash outputs, eliminating any clear‑text transmission of identifiers or biometric data. This design thwarts eavesdropping, replay attacks (nonces are one‑time), and man‑in‑the‑middle attempts because an adversary cannot forge valid hash values without knowing the underlying secret (ID or hb) and the current nonces.

Security Evaluation – The authors model the protocol in the AVISPA framework, employing both the OFMC (On‑the‑Fly Model Checker) and CL‑AtSe (Constraint‑Logic based Analyzer) back‑ends. They define secrecy goals for the tag identifier (ID) and the session key (K), as well as authentication goals for both initiator (reader) and responder (server). AVISPA reports that all goals are satisfied, indicating resistance to standard Dolev‑Yao adversaries. Additionally, the SPAN tool is used to simulate realistic attack scenarios, including tag cloning, replay, and impersonation attacks. In each case, the protocol’s reliance on fresh nonces and one‑way hash functions prevents successful exploitation.

Performance Considerations – Because the tag only needs a PRNG and a hash computation, the hardware requirements are modest and compatible with existing low‑cost RFID chips. The biometric hash function, however, must be carefully designed to tolerate the natural variability of biometric measurements while still producing a stable hash output; this is a non‑trivial research problem that the paper acknowledges but does not fully resolve.

Limitations and Future Work – The protocol assumes that the tag can generate a high‑quality random nonce, which may be challenging for ultra‑low‑power devices. Moreover, the security of the biometric hash hinges on the collision resistance and pre‑image resistance of BHash; any weakness could lead to false acceptances or template inversion attacks. Future research directions suggested include: (1) implementing the protocol on ultra‑low‑power microcontrollers and measuring real‑world energy consumption; (2) evaluating multiple biometric modalities (fingerprint, iris, facial recognition) to determine the most suitable hashing schemes; (3) integrating blockchain‑based audit logs to provide immutable proof of authentication events; and (4) developing error‑tolerant biometric hashing techniques that maintain security while accommodating measurement noise.

In summary, the paper delivers a well‑structured, formally verified RFID‑biometric authentication scheme that respects the severe resource constraints of RFID tags while delivering strong confidentiality, authentication, and privacy guarantees. Its combination of lightweight cryptographic primitives with a privacy‑preserving biometric hash makes it a promising candidate for high‑security access‑control, supply‑chain tracking, and smart‑city applications where both identity assurance and data protection are paramount.