This article has been accepted for publication in a future issue of this journal, but has not been

fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2017.2706698, IEEE Internet of
Things Journal

IoT applications on Secure Smart Shopping System

Ruinian Li1 , Tianyi Song1 , Nicholas Capurso1 , Jiguo Yu2,∗ , Jason Couture1 , and Xiuzhen Cheng1
1 Department of Computer Science, The George Washington University, Washington, DC, USA
2 School of Information Science and Engineering, Qufu Normal University, Rizhao, Shandong, China

E-mail: {ruinian,tianyi,nickcapurso,jasoncouture,cheng}@gwu.edu, [email protected]

Abstract—The Internet of Things (IoT) is changing human all stocked items and send item status updates to the server.
lives by connecting everyday objects together. For example, in When items become sold out, the server can notify employees
a grocery store all items can be connected with each other, to restock. 3) It becomes easy for the store to do inventory
forming a smart shopping system. In such an IoT system, an
inexpensive RFID tag can be attached to each product which, management as all items can be automatically read and easily
when placed into a smart shopping cart, can be automatically logged.
read by a cart equipped with an RFID reader. As a result, We propose the use of ultra high frequency (UHF) RFID
billing can be conducted from the shopping cart itself, preventing technology [6] in the smart shopping system, as UHF passive
customers from waiting in a long queue at checkout. Additionally,
smart shelving can be added into this system, equipped with tags have a longer range, from 1 to 12 meters. Previous
RFID readers, and can monitor stock, perhaps also updating research on the design of smart shopping systems mainly
a central server. Another benefit of this kind of system is that focused on using low/high frequency RFID [7]–[14], which
inventory management becomes much easier, as all items can have inadequate ranges, and leave customers to manually scan
be automatically read by an RFID reader instead of manually items with a RFID scanner. In our proposed system, each smart
scanned by a laborer. To validate the feasibility of such a
system, in this work we identify the design requirements of cart is equipped with a UHF RFID reader, a micro controller,
a smart shopping system, build a prototype system to test an LCD touchscreen, a Zig-Bee adapter, and a weight sensor.
functionality, and design a secure communication protocol to The smart cart is able to automatically read the items put into a
make the system practical. To the best of our knowledge, this is cart via the RFID reader. A micro controller is installed on the
the first time a smart shopping system is proposed with security cart for data processing and a LCD touchscreen is equipped as
under consideration.
Index Terms—IoT; Smart Shopping; Smart Cart; Security. the user interface. In order for the smart cart to communicate
with the server, we have chosen Zig-Bee technology as it is
I. I NTRODUCTION low-power and inexpensive. We also have a weight scanner
installed on the smart cart for weighting items. The weight
In the era of the Internet of Things (IoT), interactions among scanner can also help do a security check, for example, if
physical objects have become a reality. Everyday objects can a malicious user peels off one item’s RFID tag and puts it
now be equipped with computing power and communication into the cart, extra unaccounted weight will be added. When
functionalities, allowing objects everywhere to be connected. a customer finishes shopping, they pay at the checkout point
This has brought a new revolution in industrial, financial, and using the generated billing information on the smart cart. We
environmental systems, and triggered great challenges in data also set a RFID reader before the exit door to check that all
management, wireless communications, and real-time decision the items in the cart have been paid for.
making [1]. Additionally, many security and privacy issues
We consider security and privacy issues related to smart
have emerged and lightweight cryptographic methods are in
shopping systems as no previous research has tackled it. In
high demand to fit in with IoT applications.
such a system, wireless communications among the server,
There has been a great deal of IoT research on different
smart carts, and items are vulnerable to various attacks; an
applications, such as smart homes, e-health systems, wearable
adversary is able to interfere with the communications if no
devices, etc. [2]–[4]. In this paper, we focus on a smart
proper security method is applied. Privacy issues also exist
shopping system based on Radio Frequency Identification
in such a system: the competitor of a store might get easy
(RFID) technology [5], which has not been well-studied in the
access to the circulation of commodities for financial strategy;
past. In such a system, all items for sale are attached with an
and customer preferences can be inferred by easily collecting
RFID tag, so that they can be tracked by any device equipped
the product information in shoppers’ shopping carts. There has
with an RFID reader in the store - for example, a smart shelf.
been much related work on security and privacy in other areas
Intuitively this brings the following benefits: 1). Items put into
[15]–[24], but none exists in the context of a smart shopping
a smart shopping cart (with RFID reading capability) can be
system.
automatically read and the billing information can also be
generated on the smart cart. As a result, customers do not There are a few restrictions in choosing a practical security
need to wait in long queues at checkout. 2). Smart shelves method for a smart shopping system. As an IoT application,
that are also equipped with RFID readers are able to monitor the power consumption must be low. In regards to the client-
server communication: if the smart cart needs to send a
*Corresponding Author. message to the server after reading an item in the cart, it needs

2327-4662 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2017.2706698, IEEE Internet of
Things Journal

a lightweight, asymmetric scheme for signing and encrypting, TABLE I

in order to protect confidentiality and integrity. At this step S ECURITY C OMPARISON FOR VARIOUS A LGORITHM [26]
we choose to use ECC-based cryptosystems, as the key size is Symmetric ECC RSA
much smaller compared to other cryptosystems, such as RSA. 80 163 1024
As shown in Table I, an ECC system with 163-bit key can 112 233 2240
128 283 3072
achieve the same security level as an RSA system with a 1024-
192 409 7680
bit key. Once established, we switch to using a symmetric key 256 571 15360
scheme to reduce computational overhead during subsequent
communications. To do this, before communication with the
server begins, the smart cart prepares a pair of symmetric keys
II. R ELATED W ORK
as session keys and appends them to the message. The server
will use one of the two keys for encryption, and the other
for creating a message authentication code (MAC). Therefore, Study on IoT applications is a popular topic in recent years,
computational overhead is greatly reduced as symmetric en- but smart shopping systems have not been well-investigated.
cryption/decryption and MAC is more computationally effi- There are some research works being published in recent years
cient than asymmetric encryption/decryption [25]. regarding improving customers’ shopping experience. In 2011,
We have built a prototype to test the functions of the smart Klabjan et al. [7] proposed the idea of tracking a customer in
cart. We have also closely monitored the reading range to the store and discovering customers’ interests in order to offer
guarantee only the items put into a smart cart can be read. We personalized coupons. The idea of smart shelves and smart
test the placement of the RFID reader in the smart cart and carts were also discussed in their work. Smart carts can be
of the reader at the checkout point. We also give a security tracked using RFID technology and smart shelves can monitor
analysis and performance evaluation to prove this system is the location and statuses of the items.
practical. Finally, we take into consideration the cost of the There were multiple attempts made in 2003. Shanmuqapri-
required components and we find the cheapest RFID reader van et al. proposed a basic design using RFID and a barcode
are at 150 USD and UHF passive tags are at 2 cents in the reader for product identification, while using Zig-Bee for
current market. We believe in the future, grocery stores will communication [8]. Kumar et al. represented the first physical
be IoT-based with RFID technology. implementation with RFID and Zig-Bee [9]. Gupta et al. gave
a very unconventional design for a smart cart, and they are
This paper is a pioneer work in the design of secure smart
one of the first examples to address the anti-theft issue [10].
shopping system. We list our contributions as follows.
Their design was similar to a mail receptacle: a chute where
items are inserted and scanned, then dropped into a closed
1) We propose a complete design of the smart shopping
chamber. The chamber had a door on the top which could
system, and we give a description of the designs and
only be opened if the user had paid for the items. The design
corresponding functions in detail.
indirectly guarded against wireless communication security
2) We are the first to propose using UHF RFID technology
threats by not allowing any wireless communication - the
to support connections in a smart shopping system. Our
cart was physically wired up to a point-of-sales system to
system is the first system to achieve automatic reading
pay when the user was done shopping. Ali et al. designed a
of the items with a proper range.
smart cart system with navigation [11]. Their design included
3) We are the first to design a secure protocol for the com-
the implementation of smart shelves, which determined when
munications in the smart shopping system. To evaluate
smart carts enter an aisle (using infrared sensors) and delivered
the protocol, we give a security analysis and perfor-
product information to carts.
mance evaluation in terms of computational complexity
and communication complexity. There are more designs in this area in the last three years
4) We have built a prototype of the smart shopping system [12]–[14], but none of them included novel ideas. In all the
and major functions, such as accurate and automatic previous designs, a customer had to scan the items one-by-
reading, are achieved. one manually, which is not convenient. Furthermore, security
issues have never been explored in any past work.
The paper is organized as follows. Section II summarizes the RFID technology has been widely studied in recent years
most related works. Section III introduces the preliminaries. and it is a major technology applied in IoT applications [27]–
Section IV presents the design of the smart shopping system. [29]. Amendola et al. reviewed the RFID technology and its
In Section V, we present the system model. In Sections use for applications on body-centric systems [30]. Welbourne
VI, VIII and IX we describe the registration phase, billing et al. developed an RFID ecosystem with a suite of web-based,
generation phase and checkout phase, respectively. A security user-level tools and applications [31]. For grocery marketing,
analysis is provided in Section X and the evaluation of most stores are using barcodes nowadays, but we have reason
computation and communication complexities are presented in to believe that RFID over barcode is a general trend as RFID
XI. We conclude this paper with a future research discussion can achieve distance reading, which intellectually brings the
in Section XII. property of IoT and connect all the objects in a store together.

2327-4662 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2017.2706698, IEEE Internet of
Things Journal

III. P RELIMINARIES C. Elgamal Encryption based on ECC

A. Elliptic Curve Cryptography (ECC) There are different ways to implement encryption
operations-based ECC, such as Elliptic Curve Cryptography
Elliptic curve cryptography (ECC) was invented by Koblitz Diffie-Hellman (ECCDH) and Elgamal encryption on ECC.
[32] and Victor [33] in 1985. It is a public-key cryptographic ECCDH suffers from Man-in-the-Middle (MITM) attacks and
system based on the algebraic structure of elliptic curves over is not suitable for our application.
finite fields. It is lightweight compared to other asymmetric Upon generating a pair of public keys Q and d based on
cryptographic systems based on plain finite fields such as RSA, ECC, the encryption and decryption operations of the Elgamal
as it requires smaller key sizes to provide equivalent security cryptosystem on message m are illustrated as follows:
[34]. Encryption: C1 = kP , C2 = M + kQ, return C1 , C2 .
Let Fp denote the field of integers module p and an elliptic Decryption: m = C2 − dC1 , return m.
curve E over Fp is defined by the equation:
D. Elliptic Curve Digital Signature Algorithm (ECDSA)
y 2 = x3 + ax + b (1)
ECDSA was initially proposed in 1992 by Scott Vanstone
3 2
where a, b ∈ Fp and 4a +27b 6≡ 0 (mod p). The set of points [35] as an authentication scheme based on ECC. It is much
on an elliptic curve forms a group and Fig. 1 describes the more efficient than RSA because of the smaller key length of
geometric addition operations of adding P and Q: if we draw the ECC system. The parties involved in the application of
a line passing through P and Q, then this line will intersect a ECDSA need to agree upon Elliptic Curve domain parameters
third point on the curve R, and the inverse of this point, −R, in order to process ECDSA. For the sake of space, we will
is the result of P + Q. The idea behind this group operation not discuss the details of ECDSA here.
is that the three points P , Q, −R are aligned on the curve
IV. S MART S HOPPING S YSTEM
and the points that form the intersection of a function with
the curve sum to zero. A. Design Goals
Suppose E is an elliptic curve defined over a finite field Fp , Our proposed smart shopping system should achieve the
and P is a point in E(Fp ) with a prime order n. To generate a following major goals:
public key pair, a cyclic subgroup of E(Fp ) will be generated
1) Item reading: The smart cart should be able to accurately
by P :
read items put into or removed from the cart. An item
hP i = {∞, P, 2P, 3P, ..., (n − 1)P } (2) put into one cart should not be able to be read by another
cart nearby.
A private key will be selected uniformly and randomly from
2) Items tracking: The server should maintain the state of
the interval [1, n − 1], and the corresponding public key is
items in the store. With RFID readers installed on the
Q = dP .
shelves, the items can be monitored and the item stock
can be updated to the server.
3) Payment verification: We propose installing RFID read-
ers before the exit door, which can scan all the items in
the smart cart, and check with the server if everything
in the cart has been paid. If a dishonest customer tries
to leave the store without making a payment, he will not
pass the verification.
Apart from the major goals, many other functions can be
achieved in future, such as navigation, advertising, coupon rec-
ommendation, etc. Advertising and coupon recommendations
can be easily added to the functions of the smart cart, and
navigation can be reached by utilizing the Zig-Bee gateways to
determine the location of a shopping cart through triangulation
techniques [36].
Fig. 1. Group Law on an Elliptic Curve
B. Challenges
1) Tag Tamper-Proofing (Tag Security): The tag design
B. Elliptic Curve Discrete Logarithm Problem (ECDLP) must be resistant to the following misuses:
ECDLP refers to finding d with dP = Q where the points a) re-writes in order to pay less.
P , Q belong to a set of points E on an elliptic curve. ECDLP b) obstructions and replacement by fake tags.
is known to be computationally infeasible; and as discussed c) swapping the tags of different items.
before, an elliptic curve group could provide the same level d) breaking or tampering to avoid paying the price
of security afforded by RSA with a smaller key size. altogether.

2327-4662 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2017.2706698, IEEE Internet of
Things Journal

In Section VI, we give a standard regarding how the tags 3) Smart Shelves: Installed with RFID readers that monitor
can be designed for secure use. the status of the items.
2) Reading Collision: Intuitively, the reading range of the 4) Smart Checkout Point: The checkout point is installed
RFID reader should be carefully set to avoid collisions with a Point of Sale (POS) for the customer to make a
with other carts. purchase. After making the payment, a customer has to
3) Communication Security: The communication in the go through a lane, where a RFID reader can read all the
smart shopping system needs to be protected. For ex- items in the cart, and check with the server if all the
ample, to guarantee the confidentiality and integrity of items have been purchased. Any overpay or underpay
a transaction, lightweight cryptographic systems need to will trigger an alert.
be utilized to prevent an attacker from eavesdropping
data or modifying data sent between the carts and the D. Building a Functional Smart Cart
server. We built a prototype to test our design and functionality.
Fig. 3 shows the components of our designed smart cart and
C. Components
the specific descriptions of each component can be found in
Our proposed smart shopping system consists of the follow- Table II. The workflow of our smart cart is illustrated through
ing components: Fig. 4. According to our tests, when putting an item into the
1) Server: All items are registered to the server before smart cart or removing an item from the cart, the smart cart
moved to the shelves. The server stores all items’ is able to accurately read it. One surprising result is that, the
information, such as location and price, in a database. metal outside the cart blocks the signal to a pretty high extent
The server communicates with all the other entities in that, when the reader is inside the cart, no item outside the
the smart shopping system through Zig-Bee. cart can be read. This clearly indicates that an item put into
2) Smart Cart: As shown in Fig. 2, the following compo- a smart cart will not be read by a nearby cart accidently. We
nents are equipped on the smart cart. are also able to test how to set a RFID reader at the checkout
point so that the items in the cart can be accurately read.

ZigBee Adapter Server

RFID Reader Microcontroller Weight Scanner

LCD Touchscreen

Fig. 2. Cart Components

• Microcontroller: Coordinates with the RFID reader,

Zig-Bee adapter, weight scanner, and LCD touch- Fig. 3. Smart Cart
screen to perform computing functions.
• Zig-Bee Adapter: Zig-Bee is a low-cost and low-
power protocol that costs much less energy than Wi-
Fi [37].
• Weight Scanner: The weight scanner can weigh
items that are put in the cart to ensure the tag
corresponds to the correct item. It can also help with
a security check: if a malicious user peels off the
RFID tags before putting it into the cart, the cart
can detect it as no weight is sensed.
• RFID reader: We use an ultra-high frequency (UHF)
RFID reader which allows a reading range up to Fig. 4. Workflow of the Smart Cart
10 meters. By tuning the transmission power of the
reader, we can control its reading range.
• User Interface (LCD display): Displays product V. S YSTEM M ODEL
information, possible navigation choices, billing in- Fig. 5 depicts the system model. The server communicates
formation, and coupons etc. with the smart shelves, smart carts, and the checkout points.

2327-4662 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2017.2706698, IEEE Internet of
Things Journal

TABLE II
S PECIFICATIONS OF THE COMPONENTS

Function Components Description

1 Cart Shopping Cart Standard Metal Frame
2 Micro-processing a) Raspberry Pi 3 1.2GHz 64-bit quad-core ARMv8 CPU; 802.11n Wireless LAN; Bluetooth 4.1
b) Arduino Uno as an interim so- Bluetooth Low Energy (BLE); 1GB RAM; 4 USB ports; 40 GPIO pins; Full HDMI port;
lution for weight sensor Ethernet port; Combined 3.5mm audio jack and composite video; Camera interface (CSI);
Display interface (DSI); Micro SD card slot (now push-pull rather than push-push); VideoCore
IV 3D graphics core
3 Display Raspberry Pi Foundation 7” RGB 800480 display @ 60fps; 24-bit color; FT5406 10 point
Touchscreen LCD Display capacitive touchscreen; 70 degree viewing angle; Metal-backed display with mounting holes for
the Pi
4 Weight Sensing a) HX711 ADC b) 4xHalf Bridge Signal Amplifier; Analog-to-Digital Converter;
Load Sensors
5 RFID Reader a) Cottonwood Long Range UHF EPC Gen2 Compatible; Global Frequency Capable (840-960MHz); 20dBm Max Antenna Power;
RFID Reader b) Circularly Polar- 1.5-2W Power Consumption; GPIO programmable; UART Serial Interface;
ized Antenna (5dB)
6 Power Supply Polanfo 12000mAh Power Bank Charge input of 5V/1 A; Two USB output ports (2.1A and 1A)
Universal Ultra Compact External
Battery

The smart shelves are able to monitor the items on the shelves Tag Information(TI)

by reading the RFID signals from the tags; the smart carts are
able to read and retrieve information of the items inside the Producer Number Product Number Product Name Weight Expire Date … HMAC(TI)

carts; finally, the checkout points can validate the purchase

made by a customer. Fig. 6. Tag Design

RFID Reader
Server
ZigBee To prevent a malicious user from rewriting a tag, we create
RFID Signal
a HMAC appended to the tag for each item. After reading an
RFID Tags
item, the smart cart needs to first check the HMAC of the item
Smart Shelf Checkout Point
Smart Cart to make sure it has not been modified maliciously. The key
s used for the HMAC is stored in each smart cart, and the
allocation can be done at back-end.
We insist that the tags must be tamper-proof, so that any
action on taking off a tag or switching tags between items will
lead to a failure. Finally, we utilize the weight scanner on the
Fig. 5. System Model
cart to prevent a dishonest customer from underpaying. If the
weight of the items in the cart is greater than they should be,
We adopt a combination of symmetric and asymmetric
an alarm is triggered. Traditional markets use hidden secure
cryptographic systems. The server is assigned with a pair
tags such as the Electronic Article Surveillance tags to prevent
of asymmetric keys Ps and Ss . Each smart cart is assigned
shoplifting. This idea can also be incorporated into our system.
a unique ID i and a pair of asymmetric keys Pi and Si .
Each checkout point is assigned a unique ID j and a pair of VII. S ECURITY M ODEL
asymmetric keys Pj and Sj . For asymmetric encryption and
To make our security model practical, we do not assume the
decryption, we denote the encryption to ciphertext c of data d
existence of a secure channel. The communications should be
with public key P by c = EP (d), and decryption of ciphertext
resistant to any eavesdropper who actively monitors the traffic.
c with private key S by d = DS (c). For symmetric encryption
The security of the system is based on the difficulty of solving
and decryption, we denote the encryption to ciphertext c of
the ECDLP, which can not be done in a feasible amount of
data d with key s by c = Es (d), and decryption of ciphertext
time.
c with key s by d = Ds (c).
VIII. B ILLING G ENERATION ON S MART C ARTS
VI. R EGISTRATION
As an IoT application, a smart shopping system should
Before moving all items to the shelves, the store needs to involve lightweight cryptographic methods due to limited
register all of them. We give a design of the RFID tags here computational power. We combine symmetric and asymmetric
shown in Fig. 6. encryption to tackle this issue. When an item is put into a
In our design, information such as price, location, and smart cart, the RFID reader on the smart cart should read
coupon are stored in a database of the server, rather than in the tag and then send the tag information to the micro-
the tags, because such information might change over time, controller that will then communicate with the server via Zig-
and it is more convenient for the server to manage them. Bee to request product information. We adopt ECDSA to sign

2327-4662 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2017.2706698, IEEE Internet of
Things Journal

the message and Elgamal encryption on Elliptic Curves to returning back different information: for smart cart, the server
encrypt the message. At this point, the smart cart needs to is returning price-related information and for the exit door, the
perform the encryption and signing of the message, which are server is returning the status of the items. In short of space,
computationally lightweight. To prevent the smart cart from we are not giving the algorithms here.
performing the heavy-load, asymmetric decryption work, we We carefully test the reading range of the smart cart in this
let the smart cart randomly generate two symmetric keys s1 system. We have found that the metal around the cart is able
and s2 and send both to the server with its requests. The server to block the signals from outside, which is to say, a RFID
then uses s1 to encrypt the requested information and creates a reader is not able to read the items in a shopping cart unless
message authentication code (MAC) with s2 . Therefore, upon it is set inside the cart or at the top of the cart. Therefore, the
receiving a message from the server, the smart cart only needs RFID reader on the exit door is suggested to be installed on
to perform symmetric decryptions and MAC checking. a high spot in order to read the items in the cart passing by
We propose the following three algorithms to complete the below.
billing generation process. Here we use T to denote the current Fig. 7 depicts the checkout point. The user should first pay
system time. bill at the PoS. The PoS can either read the billing information
In Algorithm 1, the smart cart reads an item, and checks the from the smart cart via Zig-Bee or a physical cable. After
validation of the HMAC. If the verification passes, the smart making the payment, the user then walks through the lane to
cart randomly generates two symmetric keys s1 and s2 : s1 the exit door, where a RFID reader on the top will read all the
will be used for encryption and s2 will be used for creating items in the cart, and verify with the server that everything has
the message authentication code. The smart cart will then sign been paid for. The exit door will open and let the customer
the tag information together with its own ID i, a time stamp, pass if the verification has been passed.
and the two session keys s1 and s2 , encrypts the message, and
sends it to the server. RFID Reader
Server
In Algorithm 2, upon receiving a request from a smart ZigBee

cart, the server decrypts the message and verifies the signature RFID Signal
and the time stamp. If the message is valid, the server looks RFID Tags
Exit Door
for the requested information Inf o(T I) for the item in the Smart Cart
database, concatenates it with a new time stamp, then encrypts
the message using s1 obtained from the cart. The server also Point of Sale
creates a message authentication code using s2 and sends it
together with the encrypted message to the smart cart.
In Algorithm 3, upon receiving the response from the server,
the smart cart first checks the MAC using s2 . If MAC is valid,
the smart cart decrypts the message using s1 and checks if the Fig. 7. Checkout Point
time stamp is valid. If the verification passes, the smart cart
will update the billing information on the LCD display.
X. S ECURITY A NALYSIS
IX. C HECKOUT AND V ERIFICATION
We analyze the security of the communication between the
Even though the smart cart can generate a billing statement, smart cart and the server. The communication between the
we insist that a checkout point be equipped with a Point of checkout point and the server are the same.
Sale (PoS) before the store exit. This is to prevent physical 1) Confidentiality: In each communication between the
attacks on the smart cart’s PoS which can be easily moved to smart cart and the server, the message sent from the smart
areas out of the sights of a store’s employees. cart to the server is encrypted using the smart cart’s public
To verify that a customer has made a valid purchase for all key. The security is based on ECDLP, which is known to be
the items in the smart cart before leaving the store, a RFID computationally infeasible to break. The message sent back
reader with a micorcontroller will be installed before the exit to the smart cart is encrypted using a session key, which is
door. This RFID reader will read all the items in the smart cart only known to the server and the client. Therefore, no outside
and check with the server if a valid purchase has been made. adversary is able to figure out the data in the communications.
This can be done by giving all the items two statuses - “for This also indicates that the privacy in the smart shopping
sale” and “sold” - in the server’s database, and when an item system is well-protected.
is paid, the server will be informed immediately to change 2) Integrity: The message sent from the smart cart to the
the item’s status from “for sale” to “sold”. Therefore, only an server is signed with the smart cart’s private key Ss , thus
honest customer who has paid all the items in the smart cart integrity is protected. When the server sends a message back
can pass the verification and the exit door will open for him. to the smart cart, it creates a MAC using the secret shared with
Algorithms for the communication between the RFID reader the smart cart s2 , and no outside adversary is able to modify
at the exit door are similar to the one between the smart cart the message while passing the check of MAC. Therefore, data
and the server; the only difference here is that, the server is integrity is well-protected.

2327-4662 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2017.2706698, IEEE Internet of
Things Journal

Algorithm 1 Smart cart sends requests to the server

1: while read T I||HM AC(T I) do
2: compute the HMAC using the secret key stored at the smart cart: HM AC 0 (T I) = HM ACs (T I).
3: if HM AC 0 (T I) = HM AC(T I) then
4: compute EPs (DSi (T I, i, T, s1 , s2 ), T I, i, s1 , s2 ),
5: send EPs (DSi (T I, i, T, s1 , s2 ), T I, i, s1 , s2 ) to the server.
6: else
7: send an alarm.
8: end if
9: end while

Algorithm 2 Server responds to Smart Cart

1: while receive EPs (DSi (T I, i, T, s1 , s2 ), T I, i, s1 , s2 ) do
2: decrypt the message: (DSi (T I, i, T, s1 , s2 ), T I, i, s1 , s2 ) = DSs (EPs (DSi (T I, i, T, s1 , s2 ), T I, i, s1 , s2 )),
3: Compute (T I 0 , i0 , T 0 , s01 , s02 ) = EPi (DSi (T I, i, T, s1 , s2 )) , check if T I 0 = T I, i0 = i and T 0 is valid.
4: if T I 0 = T I, i0 = i and T 0 is valid, then
5: Look for Inf o(T I) in the server database.
6: compute Es1 (Inf o(T I), T )||M ACs2 (Es1 (Inf o(T I), T )) and sends it to the smart cart.
7: else
8: discard the message.
9: end if
10: end while

Algorithm 3 Smart Cart Generates billing information

1: while receive Es1 (Inf o(T I), T )||M ACs2 (Es1 (Inf o(T I), T )) do
2: Calculate the MAC using s2 : M ACs0 2 (Es1 (Inf o(T I), T )), and check if M ACs0 2 (Es1 (Inf o(T I), T )) =
M ACs2 (Es1 (Inf o(T I), T )),
3: if M ACs0 2 (Es1 (Inf o(T I), T )) = M ACs2 (Es1 (Inf o(T I), T )), then
4: decrypt the message: (Inf o(T I), T ) = Ds1 (Es1 (Inf o(T I), T ),
5: if T is valid, then
6: update the billing information.
7: else
8: drop the message.
9: end if
10: else
11: drop the message.
12: end if
13: end while

3) Replay Attack Resistance: In our proposed system, all keys are generated for each request and are unrelated to the
communication messages include a time stamp T , making it previous keys. By adopting the session keys, the data sent from
hard for an attacker to perform a replay attack. If a malicious the server to the smart carts is well-protected.
customer replays a message from a server that contains an
item’s price lower than current price, the smart cart can detect 5) Tag Security: Based on our design, the security of the
that the message is replayed immediately by checking the time RFID tags is well-protected. First, physically destroying the
stamp: If T in the message is not consistent with the system tags or blocking the RFID signal from a tag can be detected
time, the message will be discarded. If a malicious customer by the scales on the smart cart. A small camera can also be
would like to pass the verification of the server, he must be installed on the smart cart to cooperate with the scale for this
able to change the value of the times stamp T included in the function: if the smart cart fails to read a tag and the scale
ciphertext, which is not possible. Therefore, replay attacks are or camera detects that a new item is put into the cart, it
not practical. will send an alarm. Second, any rewriting to the RFID tags
4) One-Time Key: Each time a smart cart requests infor- will be detected by checking the HMAC, which can not be
mation from the server, it randomly creates a pair of session counterfeited by an outside adversary without the secret key.
keys and sends them to the server. The server uses one key Finally, switching the tags on different items does not work
to encrypt data and the other to create a MAC. The session because peeling off the tamper-proof tags will break them.

2327-4662 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2017.2706698, IEEE Internet of
Things Journal

TABLE III
T HE C OMPUTATION C OMPLEXITIES

Computational Overhead scheme with asymmetric and symmetric operations scheme with only asymmetric operations
Sever R d + R e + R s + Cm 2Rd + 2Re
Smart Cart Gs + Re + Rd + Rs + 2Cm 2Rd + 2Re + Cm

XI. P ERFORMANCE E VALUATION TABLE IV

T HE C OMMUNICATION OVERHEAD BETWEEN SERVER AND A SMART CART
We test the robustness of the system with our prototype,
and we find that the RFID reading is accurate and precise. Communication Overhead
According to our tests, the metal of the cart blocks the signal Algorithm 1 max{2n, 320}
to a large extent and an item outside the cart can not be read Algorithm 2 max{n + 160, 320}
Algorithm 3 0
by the reader inside the cart. When a new item is put into the
smart cart, it will be automatically read by the reader, which
is continually scanning items within its range. After a product
to first calculate the HMAC of the item’s tag with Cm , and
is read, its ID will be checked to see if it is a newly added
signs and encrypts the message within Re +Rd before sending
item. If so, its information will be listed on the user interface.
it out. Then, the smart cart needs to decrypt the message
On the other hand, when an item is removed from the smart
from the server using its own private key and then verifies the
cart, the reader will no longer be able to scan its information.
signature with Rd + Re . The server, on the other hand, needs
In this case, the smart cart determines that the item has been
to decrypt the message within Rd and checks the signature
removed and will update the display correspondingly.
of the smart cart within Re . Then, it signs and encrypts the
We now evaluate the computational and communication
message using its own asymmetric key pair with Rd + Re .
overhead of our proposed protocol. We focus only on the
Table III shows the operational complexity for the server
communications between the server and the smart cart, as the
and a smart cart in the proposed protocol and a regular protocol
communication patterns between the checkout point and the
with only asymmetric encryptions. Computing the MAC and
server are the same.
generating the keys are known to be very efficient, and sym-
A. Computational Complexity metric key operations are much more efficient than asymmetric
key operations [25]. Therefore, the smart cart’s computational
We consider the following operations for computational
complexity is mainly determined by Re (Elgamal encryption
complexity:
on ECC) and Rd (ECDSA). The server, on the other hand,
• symmetric encryption/decryption: Rs
needs to decrypt the message from the smart cart and verify the
• asymmetric encryption: Re
signature, thus its computational overhead is also determined
• asymmetric decryption: Rd
by Re and Rd . Note that in our proposed scheme, both the
• MAC computing: Cm
smart cart and the server only needs to perform Rd and Re
• symmetric key generation: Gs
once, which is much more efficient than a scheme with only
Now we compute the computational complexity for the asymmetric encryptions. Furthermore, while the efficiency is
smart cart and server in one communication. improved, the security is not reduced: the symmetric key pair
1) Smart cart: In Algorithm 1, the smart cart initially works as a one-time key and maintains the same level of
calculates the HMAC of the item’s tag with Cm , and security.
randomly generates two keys within Gs . Then, it signs
and encrypts the message within Re + Rd . In Algo- B. Communication Complexity
rithm 3, the smart cart decrypts the message from the We choose ECC with 160 bits and MAC with 160 bits,
server using the symmetric key within Rs , and computes as well. Suppose the size of the data to be sent is n. For
the MAC within Cm . simplicity, we do not consider the padding of encryption in
2) Server: In Algorithm 2, the server decrypts a message our calculation.
within Rd , and checks the signature of a smart cart We consider the communication overhead between the
within Re . Then, it encrypts the message using the server and the smart cart for one communication: In Algo-
symmetric key s1 with Rs , and computes the MAC using rithm 1, the smart cart sends a ciphertext to the server: If
the symmetric key s2 with Cm . n > 160, the message size is 2n after signing and encryption;
In our proposed scheme, we combine symmetric and asym- if n < 160, the message is first signed to be 160 bits, then the
metric encryptions to reduce the computational overhead to a signature is concatenated with the message to be encrypted,
large extent. We compare it with a regular protocol where only yielding 160 + 160 = 320 bits. In Algorithm 2, the server
asymmetric encryption is used. In such a protocol, the smart sends a ciphertext and a MAC to the smart cart: If n > 160,
cart signs and encrypts messages using its own asymmetric key the message size will be n+160 bits; if n < 160, the message
pairs and the server signs and encrypts the message using the size will be 160 + 160 = 320 bits. There is no communication
its own asymmetric key pairs. Therefore, the smart cart needs in Algorithm 3. Table IV shows the communication overhead

2327-4662 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2017.2706698, IEEE Internet of
Things Journal

between the server and the smart cart. The communication [14] A. Yewatkar, F. Inamdar, R. Singh, A. Bandal et al., “Smart cart with
overhead between the checkout point and the server is the automatic billing, product information, product recommendation using
rfid & zigbee with anti-theft,” Procedia Computer Science, vol. 79, pp.
same, as the communication patterns are identical. 793–800, 2016.
[15] Z. Cai, Z. He, X. Guan, and Y. Li, “Collective data-sanitization for
XII. C ONCLUSION AND F UTURE R ESEARCH preventing sensitive information inference attacks in social networks,”
IEEE Transactions on Dependable and Secure Computing, 2016.
In this paper, we propose a secure smart shopping system [16] Z. He, Z. Cai, Q. Han, W. Tong, L. Sun, and Y. Li, “An energy efficient
utilizing RFID technology. This is the first time that UHF privacy-preserving content sharing scheme in mobile social networks,”
RFID is employed in enhancing shopping experiences and Personal and Ubiquitous Computing, vol. 20, no. 5, pp. 833–846, 2016.
[17] L. Zhang, Z. Cai, and X. Wang, “Fakemask: A novel privacy preserving
security issues are discussed in the context of a smart shopping approach for smartphones,” IEEE Transactions on Network and Service
system. We detail the design of a complete system and build Management, vol. 13, no. 2, pp. 335–348, 2016.
a prototype to test its functions. We also design a secure [18] Y. Wang, Z. Cai, G. Yin, Y. Gao, X. Tong, and G. Wu, “An incentive
mechanism with privacy protection in mobile crowdsourcing systems,”
communication protocol and present security analysis and Computer Networks, vol. 102, pp. 157–171, 2016.
performance evaluations. [19] X. Jin, M. Zhang, N. Zhang, and G. Das, “Versatile publishing for
We believe that future stores will be covered with RFID privacy preservation,” in Proceedings of the 16th ACM SIGKDD inter-
national conference on Knowledge discovery and data mining. ACM,
technology and our research is a pioneering one in the de- 2010, pp. 353–362.
velopment of a smart shopping system. Our future research [20] C. Hu, R. Li, W. Li, J. Yu, Z. Tian, and R. Bie, “Efficient privacy-
will focus on improving the current system, for example, by preserving schemes for dot-product computation in mobile computing,”
in Proceedings of the 2st ACM Workshop on Privacy-Aware Mobile
reducing the computational overhead at the smart cart side Computing. ACM, 2016, pp. 51–59.
for higher efficiency, and how to improve the communication [21] A. Dasgupta, N. Zhang, G. Das, and S. Chaudhuri, “Privacy preservation
efficiency while preserving security properties. of aggregates in hidden databases: why and how?” in Proceedings of the
2009 ACM SIGMOD International Conference on Management of data.
ACKNOWLEDGMENT ACM, 2009, pp. 153–164.
[22] M. Larson, R. Li, C. Hu, W. Li, X. Cheng, and R. Bie, “A bidder-oriented
This research was partially supported by the National Sci- privacy-preserving vcg auction scheme,” in International Conference on
Wireless Algorithms, Systems, and Applications. Springer, 2015, pp.
ence Foundation of the US under grants CCF-1442642 and 284–294.
CNS-1318872, and the National Natural Science Foundation [23] N. Zhang and W. Zhao, “Privacy-preserving data mining systems,”
of China under grants 61672321 and 61373027. Computer, vol. 40, no. 4, pp. 52–58, 2007.
[24] W. Li, M. Larson, C. Hu, R. Li, X. Cheng, and R. Bie, “Secure multi-unit
R EFERENCES sealed first-price auction mechanisms,” Security and Communication
Networks, vol. 9, no. 16, pp. 3833–3843, 2016.
[1] F. Xia, L. T. Yang, L. Wang, and A. Vinel, “Internet of things,” [25] W. Dai. (2009) Crypto++ 5.6. 0 benchmarks.
International Journal of Communication Systems, vol. 25, no. 9, p. 1101, http://www.cryptopp.com/benchmarks.html.
2012. [26] N. Jansma and B. Arrendondo, “Performance comparison of elliptic
[2] P. Castillejo, J.-F. Martinez, J. Rodriguez-Molina, and A. Cuerva, curve and rsa digital signatures,” nicj. net/files, 2004.
“Integration of wearable devices in a wireless sensor network for an [27] L. Tan and N. Wang, “Future internet: The internet of things,” in
e-health application,” IEEE Wireless Communications, vol. 20, no. 4, 2010 3rd International Conference on Advanced Computer Theory and
pp. 38–49, 2013. Engineering (ICACTE), vol. 5. IEEE, 2010, pp. V5–376.
[3] N. Mitton, S. Papavassiliou, A. Puliafito, and K. S. Trivedi, “Combining [28] J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, “Internet of things
cloud and sensors in a smart city environment,” EURASIP journal on (iot): A vision, architectural elements, and future directions,” Future
Wireless Communications and Networking, vol. 2012, no. 1, p. 1, 2012. Generation Computer Systems, vol. 29, no. 7, pp. 1645–1660, 2013.
[4] T. Song, R. Li, X. Xing, J. Yu, and X. Cheng, “A privacy preserving [29] R. Khan, S. U. Khan, R. Zaheer, and S. Khan, “Future internet: the
communication protocol for iot applications in smart homes,” in to internet of things architecture, possible applications and key challenges,”
appear in International Conference on Identification, Information and in Frontiers of Information Technology (FIT), 2012 10th International
Knowledge in the Internet of Things (IIKI) 2016, 2016. Conference on. IEEE, 2012, pp. 257–260.
[5] S. Shepard, RFID: radio frequency identification. McGraw Hill [30] S. Amendola, R. Lodato, S. Manzari, C. Occhiuzzi, and G. Marrocco,
Professional, 2005. “Rfid technology for iot-based personal healthcare in smart spaces,”
[6] D. M. Dobkin, The rf in RFID: uhf RFID in practice. Newnes, 2012. IEEE Internet of things journal, vol. 1, no. 2, pp. 144–152, 2014.
[7] D. Klabjan and J. Pei, “In-store one-to-one marketing,” Journal of [31] E. Welbourne, L. Battle, G. Cole, K. Gould, K. Rector, S. Raymer,
Retailing and Consumer Services, vol. 18, no. 1, pp. 64–73, 2011. M. Balazinska, and G. Borriello, “Building the internet of things using
[8] T. Shanmugapriyan, “Smart cart to recognize objects based on user rfid: the rfid ecosystem experience,” IEEE Internet Computing, vol. 13,
intention,” International Journal of Advanced Research in Computer no. 3, pp. 48–55, 2009.
and Communication Engineering, vol. 2, no. 5, 2013. [32] N. Koblitz, “Elliptic curve cryptosystems,” Mathematics of computation,
[9] R. Kumar, K. Gopalakrishna, and K. Ramesha, “Intelligent shopping vol. 48, no. 177, pp. 203–209, 1987.
cart,” International Journal of Engineering Science and Innovative [33] V. S. Miller, “Use of elliptic curves in cryptography,” in Conference on
Technology, vol. 2, no. 4, pp. 499–507, 2013. the Theory and Application of Cryptographic Techniques. Springer,
[10] S. Gupta, A. Kaur, A. Garg, A. Verma, A. Bansal, and A. Singh, 1985, pp. 417–426.
“Arduino based smart cart,” International Journal of Advanced Research [34] D. Hankerson, A. J. Menezes, and S. Vanstone, Guide to elliptic curve
in Computer Engineering & Technology, vol. 2, no. 12, 2013. cryptography. Springer Science & Business Media, 2006.
[11] Z. Ali and R. Sonkusare, “Rfid based smart shopping and billing,” [35] R. L. Rivest, M. E. Hellman, J. C. Anderson, and J. W. Lyons,
International Journal of Advanced Research in Computer and Com- “Responses to nist’s proposal,” Communications of the ACM, vol. 35,
munication Engineering, vol. 2, no. 12, pp. 4696–4699, 2013. no. 7, pp. 41–54, 1992.
[12] P. Chandrasekar and T. Sangeetha, “Smart shopping cart with automatic [36] Z. Fang, Z. Zhao, X. Cui, D. Geng, L. Du, and C. Pang, “Localization
billing system through rfid and zigbee,” in Information Communication in wireless sensor networks with known coordinate database,” EURASIP
and Embedded Systems (ICICES), 2014 International Conference on. Journal on Wireless Communications and Networking, vol. 2010, no. 1,
IEEE, 2014, pp. 1–4. pp. 1–17, 2010.
[13] M. R. Sawant, K. Krishnan, S. Bhokre, and P. Bhosale, “The rfid based [37] P. Kinney et al., “Zigbee technology: Wireless control that simply
smart shopping cart,” International Journal of Engineering Research and works,” in Communications design conference, vol. 2, 2003, pp. 1–7.
General Science, vol. 3, no. 2, pp. 275–280, 2015.

2327-4662 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.