{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,17]],"date-time":"2026-06-17T01:11:25Z","timestamp":1781658685823,"version":"3.54.5"},"reference-count":30,"publisher":"MDPI AG","issue":"12","license":[{"start":{"date-parts":[[2023,6,12]],"date-time":"2023-06-12T00:00:00Z","timestamp":1686528000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Open Access Publishing Fund of the Free University of Bozen-Bolzano"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Exploiting Radio Frequency Identification (RFID) technology in healthcare systems has become a common practice, as it ensures better patient care and safety. However, these systems are prone to security vulnerabilities that can jeopardize patient privacy and the secure management of patient credentials. This paper aims to advance state-of-the-art approaches by developing more secure and private RFID-based healthcare systems. More specifically, we propose a lightweight RFID protocol that safeguards patients\u2019 privacy in the Internet of Healthcare Things (IoHT) domain by utilizing pseudonyms instead of real IDs, thereby ensuring secure communication between tags and readers. The proposed protocol has undergone rigorous testing and has been proven to be secure against various security attacks. This article provides a comprehensive overview of how RFID technology is used in healthcare systems and benchmarks the challenges faced by these systems. Then, it reviews the existing RFID authentication protocols proposed for IoT-based healthcare systems in terms of their strengths, challenges, and limitations. To overcome the limitations of existing approaches, we proposed a protocol that addresses the anonymity and traceability issues in existing schemes. Furthermore, we demonstrated that our proposed protocol had a lower computational cost than existing protocols and ensured better security. Finally, our proposed lightweight RFID protocol ensured strong security against known attacks and protected patient privacy using pseudonyms instead of real IDs.<\/jats:p>","DOI":"10.3390\/s23125518","type":"journal-article","created":{"date-parts":[[2023,6,13]],"date-time":"2023-06-13T02:00:45Z","timestamp":1686621645000},"page":"5518","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":23,"title":["Enhancing Security and Privacy in Healthcare Systems Using a Lightweight RFID Protocol"],"prefix":"10.3390","volume":"23","author":[{"given":"Muhammad Ayaz","family":"Khan","sequence":"first","affiliation":[{"name":"Department of Computer Science, Air University, Islamabad 44000, Pakistan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3925-621X","authenticated-orcid":false,"given":"Subhan","family":"Ullah","sequence":"additional","affiliation":[{"name":"Faculty of Computer Science, National University of Computer and Emerging Sciences (NUCES-FAST), Islamabad 44000, Pakistan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8105-6791","authenticated-orcid":false,"given":"Tahir","family":"Ahmad","sequence":"additional","affiliation":[{"name":"Center for Cybersecurity, Brunno Kessler Foundation, 38123 Trento, Italy"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Khwaja","family":"Jawad","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Iqra National University, Swat 19200, Pakistan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2723-2410","authenticated-orcid":false,"given":"Attaullah","family":"Buriro","sequence":"additional","affiliation":[{"name":"Faculty of Engineering, Free University Bozen-Bolzano, 39100 Bolzano, Italy"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2023,6,12]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"431","DOI":"10.1016\/j.bushor.2015.03.008","article-title":"The Internet of Things (IoT): Applications, investments, and challenges for enterprises","volume":"58","author":"Lee","year":"2015","journal-title":"Bus. Horizons"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1002\/dac.4137","article-title":"An enhanced anonymous identity-based key agreement protocol for smart grid advanced metering infrastructure","volume":"32","author":"Mahmood","year":"2019","journal-title":"Int. J. Commun. Syst."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"2603","DOI":"10.1109\/TII.2019.2925071","article-title":"Efficient and Secure Anonymous Authentication with Location Privacy for IoT-Based WBANs","volume":"16","author":"Vijayakumar","year":"2020","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_4","first-page":"102928","article-title":"A provably secure content distribution framework for portable DRM systems","volume":"61","author":"Mishra","year":"2021","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"10893","DOI":"10.1007\/s11227-021-04252-y","article-title":"URAP: A new ultra-lightweight RFID authentication protocol in passive RFID system","volume":"78","author":"Gao","year":"2022","journal-title":"J. Supercomput."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"8577","DOI":"10.1007\/s11227-021-04232-2","article-title":"AnonSURP: An anonymous and secure ultralightweight RFID protocol for deployment in internet of vehicles systems","volume":"78","author":"Shariq","year":"2022","journal-title":"J. Supercomput."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"An, Y., Zhang, Y., Cao, W., Tong, Z., and He, Z. (2022). A Lightweight and Practical Anonymous Authentication Protocol Based on Bit-Self-Test PUF. Electronics, 11.","DOI":"10.3390\/electronics11050772"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"20319","DOI":"10.1007\/s11042-020-08683-2","article-title":"Secure and ubiquitous authenticated content distribution framework for IoT enabled DRM system","volume":"79","author":"Rana","year":"2020","journal-title":"Multimed. Tools Appl."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"425","DOI":"10.1016\/j.comcom.2022.05.002","article-title":"A secured and lightweight RFID-tag based authentication protocol with privacy-preserving in Telecare medicine information system","volume":"191","author":"Chander","year":"2022","journal-title":"Computer Commun."},{"key":"ref_10","first-page":"381","article-title":"A Novel RFID Authentication Protocol based on Elliptic Curve Cryptosystem","volume":"2011","author":"Chen","year":"2011","journal-title":"IACR Cryptol. EPrint Arch."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Bilal, Z., Masood, A., and Kausar, F. (2009, January 19\u201321). Security analysis of ultra-lightweight cryptographic protocol for low-cost RFID tags: Gossamer protocol. Proceedings of the 2009 International Conference on Network-Based Information Systems, Indianapolis, IN, USA.","DOI":"10.1109\/NBiS.2009.9"},{"key":"ref_12","unstructured":"Abughazalah, S., Markantonakis, K., and Mayes, K. (2015). Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance, Springer."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Xie, W., Xie, L., Zhang, C., Zhang, Q., and Tang, C. (May, January 30). Cloud-based RFID authentication. Proceedings of the 2013 IEEE International Conference on RFID (RFID), Penang, Malaysia.","DOI":"10.1109\/RFID.2013.6548151"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"1656","DOI":"10.1109\/TII.2018.2794996","article-title":"Lightweight RFID Protocol for Medical Privacy Protection in IoT","volume":"14","author":"Fan","year":"2018","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"9979","DOI":"10.1007\/s10916-013-9979-7","article-title":"RFID authentication protocol to enhance patient medication safety","volume":"37","author":"Kaul","year":"2013","journal-title":"J. Med. Syst."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"75","DOI":"10.1007\/s11227-013-1073-x","article-title":"An efficient mutual authentication RFID scheme based on elliptic curve cryptography","volume":"70","author":"Chou","year":"2014","journal-title":"J. Supercomput."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"133","DOI":"10.1016\/j.adhoc.2013.02.004","article-title":"A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol","volume":"18","author":"Liao","year":"2014","journal-title":"Ad Hoc Netw."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"46","DOI":"10.1007\/s10916-014-0046-9","article-title":"A secure RFID authentication protocol for healthcare environments using elliptic curve cryptosystem","volume":"38","author":"Zhao","year":"2014","journal-title":"J. Med. Syst."},{"key":"ref_19","unstructured":"Peeters, R., and Hermans, J. (2023, March 15). Attack on Liao and Hsiao\u2019s Secure ECC-Based RFID Authentication Scheme Integrated with ID-Verifier Transfer Protocol. Cryptology ePrint Archive. Available online: https:\/\/eprint.iacr.org\/2013\/399.pdf."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"165","DOI":"10.1007\/s10916-016-0521-6","article-title":"A provably secure RFID authentication protocol based on elliptic curve for healthcare environments","volume":"40","author":"Farash","year":"2016","journal-title":"J. Med. Syst."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"153","DOI":"10.1007\/s10916-014-0153-7","article-title":"A hash based mutual RFID tag authentication protocol in telecare medicine information system","volume":"39","author":"Srivastava","year":"2015","journal-title":"J. Med. Syst."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1007\/s10916-015-0260-0","article-title":"A secure RFID tag authentication protocol with privacy preserving in telecare medicine information system","volume":"39","author":"Li","year":"2015","journal-title":"J. Med. Syst."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1007\/s10916-015-0362-8","article-title":"A secure ECC-based RFID mutual authentication protocol to enhance patient medication safety","volume":"40","author":"Jin","year":"2016","journal-title":"J. Med. Syst."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Prakash Pokala, J., Reddy, M.C., Bapana, S., and Vorugunti, C.S. (2016, January 23\u201325). A secure RFID protocol for telecare medicine information systems using ECC. Proceedings of the 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), Chennai, India.","DOI":"10.1109\/WiSPNET.2016.7566552"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"3603","DOI":"10.1007\/s12652-018-1088-5","article-title":"A quadratic residue-based RFID authentication protocol with enhanced security for TMIS","volume":"10","author":"Zhou","year":"2019","journal-title":"J. Ambient Intell. Humaniz. Comput."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"23514","DOI":"10.1109\/ACCESS.2019.2896641","article-title":"A new secure authentication protocol for telecare medicine information system and smart campus","volume":"7","author":"Safkhani","year":"2019","journal-title":"IEEE Access"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"60996","DOI":"10.1109\/ACCESS.2018.2875973","article-title":"A new mutual authentication protocol in mobile RFID for smart campus","volume":"6","author":"Zheng","year":"2018","journal-title":"IEEE Access"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"1371","DOI":"10.1007\/s11277-020-07424-w","article-title":"Security analysis and enhancement of the most recent RFID protocol for telecare medicine information system","volume":"114","author":"Chen","year":"2020","journal-title":"Wirel. Pers. Commun."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"3737","DOI":"10.1007\/s12083-021-01192-5","article-title":"Urasp: An ultralightweight rfid authentication scheme using permutation operation","volume":"14","author":"Shariq","year":"2021","journal-title":"Peer- Netw. Appl."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"769","DOI":"10.1080\/09540091.2021.1889976","article-title":"A lightweight authentication scheme for telecare medical information system","volume":"33","author":"Xiao","year":"2021","journal-title":"Connect. Sci."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/12\/5518\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T19:53:29Z","timestamp":1760126009000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/12\/5518"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,6,12]]},"references-count":30,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2023,6]]}},"alternative-id":["s23125518"],"URL":"https:\/\/doi.org\/10.3390\/s23125518","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,6,12]]}}}