Next Article in Journal
Design and Evaluation of a New Machine Learning Framework for IoT and Embedded Devices
Previous Article in Journal
A Millimeter-Wave CMOS Injection-Locked BPSK Transmitter in 65-nm CMOS
Previous Article in Special Issue
5G-Compliant Authentication Protocol for RFID
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 10
Issue 5
10.3390/electronics10050599
Review Report
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Privacy-Preserving RFID-Based Search System

Electronics 2021, 10(5), 599; https://doi.org/10.3390/electronics10050599
by Ji Young Chun and Geontae Noh *
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3: Anonymous
Reviewer 4: Anonymous
Electronics 2021, 10(5), 599; https://doi.org/10.3390/electronics10050599
Submission received: 31 December 2020 / Revised: 23 February 2021 / Accepted: 24 February 2021 / Published: 4 March 2021
(This article belongs to the Special Issue Advanced RFID Technology and Applications)

Round 1

Reviewer 1 Report

The authors did a fine job with the paper.

The conclusions should be extended to be inline with all remarks that were presented in the paper.

Table 4 has no measurement units and is confusing.

A logic diagram of the proposed solution should be added.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

The authors proposed a novel RFID tag search protocol that will enhance mobilereader user privacy while being able to operate under conditions of unstable connection to a central server. The proposed scheme is sound and the experimental results are demonstrative. However, there are some questions to be addressed.

1. Related work should be summarized in a tabular form to make it look more effective.

2. The proposed protocol is not presented clearly. It should briefly describe the purpose of each step, and point out the corresponding input and output.

 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 3 Report

In the attached document, I made some comments to be addressed by the author. Besides, I have the following comments:

How does the proposal of the authors relate to ISO/IEC 18000 and ISO/IEC 29167?

The security and privacy analysis have to be improved by referencing the algorithm steps that achieve the properties.

How are obtained the results of Table 4? An explanation is needed.

Since the proposal in [6] is the closest to the author's proposal. A detailed analysis of the author's proposal against [6] will highlight the advantage of the author's idea. This is very important because both protocols achieve the same performance (Table 4).

Finally, a very detailed notation table (acronyms and algorithm's functions/variables) will ease the reading. (The MDPI's template has a section for this)

Comments for author File: Comments.pdf

Author Response

Response to Reviewer 3 Comments

 

Point 1: In the attached document, I made some comments to be addressed by the author.

Response 1: We replied to the comments in the attached document.

 

Point 2: Besides, I have the following comments: How does the proposal of the authors relate to ISO/IEC 18000 and ISO/IEC 29167?

Response 2: As the reviewer pointed out, we modified the sentence as follows: “The employment of mobile readers (or mobile phone collaborated with RFID reader) opens a novel application of RFID technology and is being standardized in the working group 6 of ISO/IEC JTC1/SC31 [3].”

 

Point 3: The security and privacy analysis have to be improved by referencing the algorithm steps that achieve the properties.

Response 3: As the reviewer pointed out, we referred the algorithm steps in the security and privacy analysis in Section 5.2.1 and 5.2.2.

 

Point 4: How are obtained the results of Table 4? An explanation is needed.

Response 4: As the reviewer pointed out, we modified the sentence as follows: “We use the result of Feldhofer et al. [17] to analyze those protocols (See Table 2). In protocols [5,6,12], each tag performs three hash operations of SHA-1, and in the protocol [7], each tag performs three decryptions and one encryption of AES-128. Each tag performs two encryptions and one decryption of AES-128 in the protocol [4].”

 

Point 5: Since the proposal in [6] is the closest to the author's proposal. A detailed analysis of the author's proposal against [6] will highlight the advantage of the author's idea. This is very important because both protocols achieve the same performance (Table 4).

Response 5: As the reviewer pointed out, we added the sentence as follows: “Both the protocol [4] and our protocol have the same tag efficiency, but our protocol protects reader's previous searches as described in Table 4.”

 

Point 6: Finally, a very detailed notation table (acronyms and algorithm's functions/variables) will ease the reading. (The MDPI's template has a section for this)

Response 6: As the reviewer pointed out, we added the notation table in Table 1.

Author Response File: Author Response.pdf

Reviewer 4 Report

The article is interesting in the context of security and privacy of RFID systems. However, there are substantive and technical errors, and these should be corrected.

  1. The introduction does not explain the purpose of applying this solution in healthcare. Security issues of RFID systems application are visible in many areas (please see e.g. a) selected papers of the regular International Workshop RFIDSec, b) RFID Security Techniques, Protocols and System-on-Chip Design, Springer, 2008). In addition, assumptions for the application scenarios are not available (Chapter 2).
  2. It is unacceptable to collectively cite many literature items without discussing them in detail (please see Chapter 1 and 3). In addition, the references should be cited in the text in the order in which they first appear.
  3. I assume that the Author in this manuscript is referring to the application of the proposed solution using typical RFID systems, e.g. in the HF (NFC functions in mobile phone/tablet) or UHF band (mobile phone/tablet collaborated with mobile or desktop RFID read/write device by using e.g. BT/WiFi interface). The author should keep in mind that the most popular RFID transponder in this frequency band contains only the chip with the connected antenna, so it is called passive transponder, whereas semi-passive type (sometimes called active) has builtin an extra supply source (e.g., lithium disposable battery) which can be exchangeable or not. Generally, the battery is used for enlarging the interrogation zone, which is a very desirable feature for most applications. It should be noted that the read/write device (RWD – called called a reader for short) must be active to conduct the radio communications process, because the extra battery system of transponder is never used for activating the transmission circuit. It means that the transponder antenna does not emit the electromagnetic field as it is in the case of conventional short-range devices (SRDs). Please see e.g. CEPT ERC Recommendation 70-03. These characteristics help distinguish the semi-passive RFID transponders from the classical active SRDs (please see e.g. DOI: 10.3390/s19204392). Please supplement the article with the indicated application aspects (Introduction) and correct substantive errors in this matter (Abstract, main part of this manuscript).
  4. The calculation results of the study are quite limited (Table 3 and 4), and the experimental verification is not available. The Author should at least propose a concept for such verification using the test stand.

Editorial corrections:

  • the references should be cited in the text in the order in which they first appear;
  • with some exceptions such as “%”, the unit should be separated from the value by a space (please use 100 m instead of 100m, 9 µA instead of 9µA, 100 kHz instead of 100kHz, etc.);
  • all symbols used in text/equations/figures/tables should be formatted uniformly (italics for scalar variables, bold italic for matrices/vectors in the whole manuscript);
  • all symbols should be explained in the first reference;
  • the same symbol must stand for a single variable (the unambiguity rule) – please see e.g. lambda (line 128 and 291);
  • units should not be formatted in italics (units are formatted without italics);
  • the references contain errors (e.g., wrong title [6]); in addition, there is no complete bibliographic data (e.g. DOI);
  • please eliminate any remaining errors.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 2 Report


Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 3 Report

Thanks for the revised version. It deals with my concerns. However, I still think that points 2 and 5 from previous reviews are not properly addressed.

I asked the author: How does the proposal of the authors relate to ISO/IEC 18000 and ISO/IEC 29167?

The author only cited the standards. There is no explanation about the role of the proposal with the standard. For instance, It is a complement to a standard? Is it another approach to meet the standard requirement? Does the proposal replace a standard? Please elaborate a little about this.

Regarding point 5 of my previous review I asked for  "A detailed analysis of the author's proposal against [6] will highlight the advantage of the author's idea. This is very important because both protocols achieve the same performance (Table 4)." The author added the text “Both the protocol [4] and our protocol have the same tag efficiency, but our protocol protects reader's previous searches as described in Table 4.” Let me ask in other words How your protocol reaches the same efficiency and does some more work (protects reader's previous searches). Is this because of the encryption algorithm? What else?

Comments for author File: Comments.pdf

Author Response

Response to Reviewer 3 Comments

 

Point 1: I asked the author: How does the proposal of the authors relate to ISO/IEC 18000 and ISO/IEC 29167?

 

The author only cited the standards. There is no explanation about the role of the proposal with the standard. For instance, It is a complement to a standard? Is it another approach to meet the standard requirement? Does the proposal replace a standard? Please elaborate a little about this.

 

Response 1: We added the sentence as follows (line 85-87) :  “The secure RFID tag is compatible with the ISO/IEC 18000-6, and the proposed system which is based on the AES-128 algorithm meeds the demands of the ISO/IEC 29167.”

 

Point 2: Regarding point 5 of my previous review I asked for  "A detailed analysis of the author's proposal against [6] will highlight the advantage of the author's idea. This is very important because both protocols achieve the same performance (Table 4)." The author added the text “Both the protocol [4] and our protocol have the same tag efficiency, but our protocol protects reader's previous searches as described in Table 4.” Let me ask in other words How your protocol reaches the same efficiency and does some more work (protects reader's previous searches). Is this because of the encryption algorithm? What else?

 

Response 2: We added the sentence as follows (line 482-484) :  “This is achieved by updating secret information in the access list whenever the reader finds the tag, and it does not affect the Tag Efficiency since tags do not need to update any information.”

 

We have proofread our manuscript and marked the corrected parts in the attached pdf file. We appreciate your comments. Thank you very much.

Author Response File: Author Response.pdf

Reviewer 4 Report

I still maintain the previous statement that the article is interesting in the context of security and privacy of RFID systems, but corrections made between the v1 and v2 are partly unsatisfactory. The answers are too short and do not match to the content of the article (the Authors declare that they have made a revision, but this is not the case). In my opinion, the Authors did not understand the previous remarks or did not correct the indicated errors, so I partially repeat them below.

  1. The introduction does not explain the purpose of applying this solution in healthcare. Security issues of RFID systems application are visible in many areas. In many applications we can say that the “assurance of privacy is paramount”, because security of such data is crucial. In addition, assumptions for the application scenarios are not available (Chapter 2).

 

  1. I still assume that this manuscript is referring to the application of the proposed solution using typical RFID systems, e.g. in the HF (NFC functions in mobile phone/tablet) or UHF band (mobile phone/tablet collaborated with mobile or desktop RFID read/write device by using e.g. BT/WiFi interface). The Author should keep in mind that the most popular RFID transponder in this frequency band contains only the chip with the connected antenna, so it is called passive transponder, whereas semi-passive type (sometimes called active) has builtin an extra supply source (e.g., lithium disposable battery) which can be exchangeable or not. Generally, the battery is used for enlarging the interrogation zone, which is a very desirable feature for most applications. It should be noted that the read/write device (RWD –called a reader for short) must be active to conduct the radio communications process, because the extra battery system of transponder is never used for activating the transmission circuit. It means that the transponder antenna does not emit the electromagnetic field as it is in the case of conventional short-range devices (SRDs). Please see e.g. CEPT ERC Recommendation 70-03. These characteristics help distinguish the semi-passive RFID transponders from the classical active SRDs. Please supplement the article with the indicated application aspects (Introduction) and correct substantive errors in this matter (Abstract, main part of this manuscript).

Editorial corrections:

a) there should be a space before the brackets in the text;

b) units should not be formatted in italics (units are formatted without italics – please see “µA”);

c) please eliminate any remaining errors.

Author Response

Response to Reviewer 4 Comments

 

Point 1: The introduction does not explain the purpose of applying this solution in healthcare. Security issues of RFID systems application are visible in many areas. In many applications we can say that the “assurance of privacy is paramount”, because security of such data is crucial. In addition, assumptions for the application scenarios are not available (Chapter 2).

 

Response 1: We removed Chapter 2 and modified the part related to the healthcare. We intended to provide the suitable application for the proposed system, but we think it was awkward.

 

Point 2: I still assume that this manuscript is referring to the application of the proposed solution using typical RFID systems, e.g. in the HF (NFC functions in mobile phone/tablet) or UHF band (mobile phone/tablet collaborated with mobile or desktop RFID read/write device by using e.g. BT/WiFi interface). The Author should keep in mind that the most popular RFID transponder in this frequency band contains only the chip with the connected antenna, so it is called passive transponder, whereas semi-passive type (sometimes called active) has builtin an extra supply source (e.g., lithium disposable battery) which can be exchangeable or not. Generally, the battery is used for enlarging the interrogation zone, which is a very desirable feature for most applications. It should be noted that the read/write device (RWD –called a reader for short) must be active to conduct the radio communications process, because the extra battery system of transponder is never used for activating the transmission circuit. It means that the transponder antenna does not emit the electromagnetic field as it is in the case of conventional short-range devices (SRDs). Please see e.g. CEPT ERC Recommendation 70-03. These characteristics help distinguish the semi-passive RFID transponders from the classical active SRDs. Please supplement the article with the indicated application aspects (Introduction) and correct substantive errors in this matter (Abstract, main part of this manuscript).

 

Response 2: We are afraid that we didn’t understand your comments, but we added the sentence as follows (line 29-32): “An RFID tag is either active or passive according to whether it has its own battery or not. A passive tag obtains the operating power passively from an RFID reader, while an active tag has its own battery. An RFID reader interrogates RFID tags and transfer communication messages between an RFID tag and a centeral database server.”

 

We added the sentence in Abstract as follows: “The proposed protocol enables serverless RFID tag searches with passive tags which obtain operating power from the mobile reader.”

 

We would like to address that there are some sentences related to this in section 3.1.2 and 3.1.3.

 

(line 164-166) Mobile readers can search specific tags using data obtained from the CDS. Mobile readers have enough signal strength to power tags. The communication range of mobile readers is sufficiently practical, e.g., about 100m [16].

 

(line 169-174) An RFID tag has a specific and unique identifier ID and additional identifying information that is required to authenticate it. Tags operate passively, that is, they do not have internal batteries and so simply obtain operating power from the reader. In addition, RFID tags are resource-constrained. For example, the communication range of RFID tags is only about 3m or less [16]. However, we assume that RFID tags can run a kind of lightweight cryptographic algorithm such as the symmetric encryption algorithm, Advanced Encryption Standard (AES), for resource-constrained devices.

 

Point 3: Editorial corrections:  there should be a space before the brackets in the text

 

Response 3: As the reviewer pointed out, we modified our manuscript. It is marked in the attacked pdf file.

 

Point 4: units should not be formatted in italics (units are formatted without italics – please see “µA”)

 

Response 4: As the reviewer pointed out, we modified our manuscript. It is marked in the attacked pdf file.

 

Point 5: please eliminate any remaining errors

 

Response 5: As the reviewer pointed out, we tried to remove remaining errors.

 

We have proofread our manuscript and marked the corrected parts in the attached pdf file. We appreciate your comments. Thank you very much.

Author Response File: Author Response.pdf

Back to TopTop