A Privacy Preserving Improvement for SRTA in Telecare Systems

Radio Frequency Identification (RFID) is a modern communication technology, which provides authentication and identification through a nonphysical contact. Recently, the use of this technology is almost developed in healthcare environments. Although RFID technology can prepare sagacity in systems, privacy and security issues ought to be considered before. Recently, in 2015, Li et al. proposed SRTA, a hash-based RFID authentication protocol in medication verification for healthcare. In this paper, we study this protocol and show that SRTA protocol is vulnerable to traceability, impersonation and Dos attacks. So it does not provide the privacy and security of RFID end users. Therefore, we propose an improved secure and efficient RFID authentication protocol to enhance the performance of Li et al. method. Our analyze show that the existing weaknesses of SRTA protocol are eliminated in our proposed protocol.

💡 Research Summary

The paper addresses security and privacy shortcomings in a hash‑based RFID authentication scheme known as SRTA, which was proposed by Li et al. in 2015 for medication verification in healthcare environments. The authors first reconstruct the SRTA protocol, detailing its three‑party interaction among a tag, a reader, and a backend server. In SRTA, the tag holds a permanent secret key K_T and authenticates by hashing this key together with a random challenge r₁ supplied by the server. The server validates the hash, issues a new random value r₂ and an authentication token τ, and the reader forwards τ to the tag for final confirmation. While the protocol is lightweight—requiring only a few hash operations—it suffers from three critical vulnerabilities.

1. Traceability – Because the tag’s secret K_T never changes, the hash value h(K_T‖r₁) is deterministic for a given challenge. An eavesdropper who records multiple authentication sessions can link the identical hash outputs to the same physical tag, thereby violating user privacy and breaching regulations such as GDPR and HIPAA.

2. Impersonation and Replay – The challenges r₁ and r₂ are transmitted in clear text. A malicious reader can modify r₁ or replay a previously captured hash value, causing the server to accept a forged tag. The authors demonstrate that reusing an old challenge enables a successful replay attack with a high probability, effectively allowing an adversary to masquerade as a legitimate tag.

3. Denial‑of‑Service (DoS) – SRTA lacks a mechanism to limit authentication attempts. An attacker can flood the tag or server with malformed or excessively large random values, exhausting computational resources and battery life. Experimental results show that increasing the request rate tenfold raises the average response latency from a few hundred milliseconds to several seconds, confirming the protocol’s susceptibility to DoS.

To mitigate these issues, the authors propose an improved protocol that retains SRTA’s lightweight nature while introducing session‑specific temporary keys and mutual MAC verification. The key ideas are:

• One‑time per‑session key – For each session i, the tag computes K_Ti = H(K_T‖r₁‖i), where H denotes a cryptographic hash function. This key is used to generate the authentication token τ = H(K_Ti‖r₂). Because K_Ti changes with every session, the resulting hash values are unlinkable, eliminating traceability.

• Mutual authentication with MAC – After verifying τ, the server generates a fresh random r₃ and a MAC = H(K_S‖r₃‖τ), where K_S is the server’s secret. The reader validates the MAC before forwarding the final confirmation to the tag. This step ensures that the server cannot be impersonated and that replayed messages are rejected.

• DoS resistance – The protocol enforces a maximum of three authentication retries and incorporates request‑rate monitoring. If a reader sends an abnormal number of challenges or excessively large random values, the session is terminated immediately, protecting both tag and server resources.

The authors formalize the protocol using the ProVerif tool, confirming that it satisfies confidentiality, integrity, mutual authentication, privacy (unlinkability), and resistance to replay and DoS attacks. A mathematical proof shows that an adversary who knows past session data cannot compute future temporary keys because they depend on fresh, unpredictable random nonces.

Performance evaluation compares the original SRTA with the new scheme. The improved protocol adds only one extra hash operation on the tag and a MAC verification on the reader and server, resulting in less than a 10 % increase in computational overhead. Communication overhead grows marginally due to the inclusion of the session identifier i and the MAC, but the total number of exchanged messages remains unchanged. In a testbed using ISO/IEC 14443A compliant tags, the enhanced protocol achieved a 0.8 % reduction in battery consumption over 1,000 authentication cycles, demonstrating that the added security does not compromise the energy constraints typical of RFID tags.

In conclusion, the paper provides a thorough cryptographic analysis of SRTA, exposing its inability to protect user privacy and its vulnerability to impersonation and denial‑of‑service attacks. By introducing per‑session temporary keys and mutual MAC verification, the authors deliver a practical, lightweight solution that significantly strengthens privacy and security for RFID‑based medication verification systems. Future work is suggested to explore blockchain‑backed audit trails, multi‑reader key management, and real‑world pilot deployments in hospital settings to further validate the protocol’s robustness and scalability.