A Lightweight RFID Mutual Authentication Protocol with PUF

Radio frequency identification is one of the key techniques for Internet of Things, which has been widely adopted in many applications for identification. However, there exist various security and privacy issues in radio frequency identification (RFID) systems. Particularly, one of the most serious threats is to clone tags for the goal of counterfeiting goods, which causes great loss and danger to customers. To solve these issues, lots of authentication protocols are proposed based on physical unclonable functions that can ensure an anti-counterfeiting feature. However, most of the existing schemes require secret parameters to be stored in tags, which are vulnerable to physical attacks that can further lead to the breach of forward secrecy. Furthermore, as far as we know, none of the existing schemes are able to solve the security and privacy problems with good scalability. Since many existing schemes rely on exhaustive searches of the backend server to validate a tag and they are not scalable for applications with a large scale database. Hence, in this paper, we propose a lightweight RFID mutual authentication protocol with physically unclonable functions (PUFs). The performance analysis shows that our proposed scheme can ensure security and privacy efficiently in a scalable way.

[1]  S. Devadas,et al.  Design and Implementation of PUF-Based "Unclonable" RFID ICs for Anti-Counterfeiting and Security Applications , 2008, 2008 IEEE International Conference on RFID.

[2]  Wei Liang,et al.  An Enhancement of a Smart Card Authentication Scheme for Multi-server Architecture , 2015, Wirel. Pers. Commun..

[3]  Juan E. Tapiador,et al.  Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protocol , 2009, WISA.

[4]  Thomas Peyrin,et al.  The PHOTON Family of Lightweight Hash Functions , 2011, IACR Cryptol. ePrint Arch..

[5]  Yong Guan,et al.  Lightweight Mutual Authentication and Ownership Transfer for RFID Systems , 2010, 2010 Proceedings IEEE INFOCOM.

[6]  Hung-Min Sun,et al.  On the Security of Chien's Ultralightweight RFID Authentication Protocol , 2011, IEEE Transactions on Dependable and Secure Computing.

[7]  Moti Yung,et al.  End-To-End Design of a PUF-Based Privacy Preserving Authentication Protocol , 2015, CHES.

[8]  Yong Guan,et al.  Lightweight Secure Search Protocols for Low-cost RFID Systems , 2009, 2009 29th IEEE International Conference on Distributed Computing Systems.

[9]  Firdous Kausar,et al.  Security Analysis of Ultra-lightweight Cryptographic Protocol for Low-cost RFID Tags: Gossamer Protocol , 2009, 2009 International Conference on Network-Based Information Systems.

[10]  Süleyman Kardas,et al.  A Novel RFID Distance Bounding Protocol Based on Physically Unclonable Functions , 2011, IACR Cryptol. ePrint Arch..

[11]  Chen Zhang,et al.  Cloud-based RFID authentication , 2013, 2013 IEEE International Conference on RFID (RFID).

[12]  Mike Burmester,et al.  Anonymous RFID authentication supporting constant-cost key-lookup against active adversaries , 2008, Int. J. Appl. Cryptogr..

[13]  Srinivas Devadas,et al.  Modeling attacks on physical unclonable functions , 2010, CCS '10.

[14]  Serge Vaudenay,et al.  On the Security of HB# against a Man-in-the-Middle Attack , 2008, ASIACRYPT.

[15]  Srinivas Devadas,et al.  Physical Unclonable Functions and Applications: A Tutorial , 2014, Proceedings of the IEEE.

[16]  Hung-Min Sun,et al.  A Gen2-Based RFID Authentication Protocol for Security and Privacy , 2009, IEEE Transactions on Mobile Computing.

[17]  R. Pappu,et al.  Physical One-Way Functions , 2002, Science.

[18]  Dan Jiang,et al.  Anti-counterfeiting using phosphor PUF , 2008, 2008 2nd International Conference on Anti-counterfeiting, Security and Identification.

[19]  Tieyan Li Employing Lightweight Primitives on Low-Cost RFID Tags for Authentication , 2008, 2008 IEEE 68th Vehicular Technology Conference.

[20]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[21]  M. Ufuk Çaglayan,et al.  Providing destructive privacy and scalability in RFID systems using PUFs , 2015, Ad Hoc Networks.

[22]  Stefan Katzenbeisser,et al.  Reverse Fuzzy Extractors: Enabling Lightweight Mutual Authentication for PUF-Enabled RFIDs , 2012, Financial Cryptography.

[23]  Juels,et al.  HB and Related Lightweight Authentication Protocols for Secure RFID Tag / Reader Authentication ∗ , 2006 .

[24]  Kai Fan,et al.  An ultra-lightweight RFID authentication scheme for mobile commerce , 2017, Peer-to-Peer Netw. Appl..

[25]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[26]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[27]  Derek Abbott,et al.  Obfuscated challenge-response: A secure lightweight authentication mechanism for PUF-based pervasive devices , 2016, 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[28]  Jie Ding,et al.  A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function , 2018, Sensors.

[29]  Ulrich Rührmair,et al.  PUFs at a glance , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[30]  Hamid Mala,et al.  Security analysis of an ultra‐lightweight RFID authentication protocol for m‐commerce , 2018, IACR Cryptol. ePrint Arch..

[31]  Chen Danwei,et al.  Efficient Passive Full-disclosure Attack on RFID Light-weight Authentication Protocols LMAP++ and SUAP , 2012 .

[32]  Cas J. F. Cremers,et al.  The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols , 2008, CAV.

[33]  Tim Güneysu,et al.  Secure and Private, yet Lightweight, Authentication for the IoT via PUF and CBKA , 2016, ICISC.

[34]  Julien Bringer,et al.  HB^+^+: a Lightweight Authentication Protocol Secure against Some Attacks , 2006, Second International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU'06).

[35]  Raphael C.-W. Phan,et al.  Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI , 2009, IEEE Transactions on Dependable and Secure Computing.

[36]  Avishai Wool,et al.  Implementing public-key cryptography on passive RFID tags is practical , 2015, International Journal of Information Security.

[37]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[38]  Suhas N. Diggavi,et al.  Design and Analysis of Stability-Guaranteed PUFs , 2018, IEEE Transactions on Information Forensics and Security.

[39]  Matthew J. B. Robshaw,et al.  An Active Attack Against HB +-A Provably Secure Lightweight Authentication Protocol , 2022 .

[40]  Elisa Bertino,et al.  Security Analysis of the SASI Protocol , 2009, IEEE Transactions on Dependable and Secure Computing.

[41]  Katina Michael,et al.  RFID - A Unique Radio Innovation for the 21st Century , 2010, Proc. IEEE.

[42]  Jian Ma,et al.  A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments , 2013, Math. Comput. Model..

[43]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[44]  Sherali Zeadally,et al.  Unique Radio Innovation for the 21st Century: Building Scalable and Global RFID Networks , 2010 .

[45]  Wei-wei Zhang,et al.  Passive Attack on RFID LMAP++ Authentication Protocol , 2011, CANS.

[46]  Masoumeh Safkhani,et al.  Security analysis of LMAP++, an RFID authentication protocol , 2011, 2011 International Conference for Internet Technology and Secured Transactions.

[47]  Patrick Schaumont,et al.  A Systematic Method to Evaluate and Compare the Performance of Physical Unclonable Functions , 2011, IACR Cryptol. ePrint Arch..

[48]  Charalampos Manifavas,et al.  Lightweight Cryptography for Embedded Systems - A Comparative Analysis , 2013, DPM/SETOP.

[49]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[50]  Tony Q. S. Quek,et al.  Lightweight and Practical Anonymous Authentication Protocol for RFID Systems Using Physically Unclonable Functions , 2018, IEEE Transactions on Information Forensics and Security.

[51]  Masoumeh Safkhani,et al.  IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function” , 2018, Sensors.

[52]  Andrey Bogdanov,et al.  spongent: A Lightweight Hash Function , 2011, CHES.

[53]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[54]  Pedro Peris-López,et al.  LMAP : A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags , 2006 .