k-Strong Privacy for RFID Authentication Protocols Based on Physically Unclonable Functions

This paper examines Vaudenay’s privacy model, which is one of the first and most complete privacy models featured the notion of differen t privacy classes. We enhance this model by introducing two new generic adversa ry classes, k-strong andk-forward adversaries where the adversary is allowed to corrupt a tag at mostk times. Moreover, we introduce an extended privacy definition that also covers all privacy classes of Vaudenay’s model. In order to ac hieve highest privacy level, we study low cost primitives such as Physically Unclonable Functions (PUFs). The common assumption of PUFs is that their physical struc ture is destroyed once tampered. This assumption works only in the ideal case b ecause the tamper resistance depends on the ability of the attacker and the quality of the PUF circuits. In this paper, we have weaken this assumption by introduc ing a new definitionk-resistant PUFs . k-PUFs are tamper-resistant against at most k attacks, i.e., their physical structure remains still functional and corre t until at mostkth physical attack. Furthermore, we prove that strong privacy can be achieved without public-key cryptography using k-PUF based authentication. We finally prove that our extended proposal achieves both reader authen tication and k-strong privacy.

[1]  Gustavus J. Simmons,et al.  A System for Verifying User Identity and Authorization at the Point-of Sale or Access , 1984, Cryptologia.

[2]  G. J. Simmons,et al.  Identification of data, devices, documents and individuals , 1991, Proceedings. 25th Annual 1991 IEEE International Carnahan Conference on Security Technology.

[3]  R. Pappu,et al.  Physical One-Way Functions , 2002, Science.

[4]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[5]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[6]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[7]  D. Engels,et al.  Security and Privacy : Modest Proposals for Low-Cost RFID Systems # , 2004 .

[8]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[9]  Philippe Oechslin,et al.  A scalable and provably secure hash-based RFID protocol , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[10]  Gildas Avoine Adversarial Model for Radio Frequency Identification , 2005, IACR Cryptol. ePrint Arch..

[11]  Pim Tuyls,et al.  Secret key generation from classical physics : Physical Uncloneable Functions (Chapter 6.4) , 2006 .

[12]  Lejla Batina,et al.  RFID-Tags for Anti-counterfeiting , 2006, CT-RSA.

[13]  Mike Burmester,et al.  Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols , 2006, 2006 Securecomm and Workshops.

[14]  Boris Skoric,et al.  Read-Proof Hardware from Protective Coatings , 2006, CHES.

[15]  Ted Taekyoung Kwon,et al.  Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer , 2006, ICICS.

[16]  Leonid Bolotnyy,et al.  Physically Unclonable Function-Based Security and Privacy in RFID Systems , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom'07).

[17]  Serge Vaudenay,et al.  On Privacy Models for RFID , 2007, ASIACRYPT.

[18]  Daniel E. Holcomb,et al.  Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags , 2007 .

[19]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, PerCom Workshops.

[20]  G.-J. Schrijen,et al.  Physical Unclonable Functions and Public-Key Crypto for FPGA IP Protection , 2007, 2007 International Conference on Field Programmable Logic and Applications.

[21]  S. Devadas,et al.  Design and Implementation of PUF-Based "Unclonable" RFID ICs for Anti-Counterfeiting and Security Applications , 2008, 2008 IEEE International Conference on RFID.

[22]  Sjouke Mauw,et al.  Untraceability of RFID Protocols , 2008, WISTP.

[23]  JaeCheol Ha,et al.  A New Formal Proof Model for RFID Location Privacy , 2008, ESORICS.

[24]  Chris J. Mitchell,et al.  RFID authentication protocol for low-cost tags , 2008, WiSec '08.

[25]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[26]  Jorge Guajardo,et al.  Extended abstract: The butterfly PUF protecting IP on every FPGA , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[27]  Ingrid Verbauwhede,et al.  Intrinsic PUFs from Flip-flops on Reconfigurable Devices , 2008 .

[28]  Serge Vaudenay,et al.  Mutual authentication in RFID: security and privacy , 2008, ASIACCS '08.

[29]  Frederik Armknecht,et al.  Memory Leakage-Resilient Encryption Based on Physically Unclonable Functions , 2009, ASIACRYPT.

[30]  Robert H. Deng,et al.  Revisiting Unpredictability-Based RFID Privacy Models , 2010, ACNS.

[31]  Yunlei Zhao,et al.  A New Framework for RFID Privacy , 2010, ESORICS.

[32]  Sébastien Canard,et al.  Privacy-Preserving RFID Systems: Model and Constructions , 2010, IACR Cryptol. ePrint Arch..

[33]  Ahmad-Reza Sadeghi,et al.  PUF-Enhanced RFID Security and Privacy , 2010 .

[34]  Frederik Armknecht,et al.  On RFID Privacy with Mutual Authentication and Tag Corruption , 2010, ACNS.

[35]  Frederik Armknecht,et al.  A Formalization of the Security Features of Physical Functions , 2011, 2011 IEEE Symposium on Security and Privacy.

[36]  M. Ufuk Çaglayan,et al.  PUF Based Scalable Private RFID Authentication , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[37]  Frederik Vercauteren,et al.  A New RFID Privacy Model , 2011, ESORICS.

[38]  Iwen Coisel,et al.  Untangling RFID Privacy Models , 2013, IACR Cryptol. ePrint Arch..

[39]  Guang Gong,et al.  Computationally efficient mutual entity authentication in wireless sensor networks , 2011, Ad Hoc Networks.

[40]  Süleyman Kardas,et al.  A Novel RFID Distance Bounding Protocol Based on Physically Unclonable Functions , 2011, IACR Cryptol. ePrint Arch..

[41]  Yuanbo Guo,et al.  PUF-Based Node Mutual Authentication Scheme for Delay Tolerant Mobile Sensor Network , 2011, 2011 7th International Conference on Wireless Communications, Networking and Mobile Computing.

[42]  Mohammad Reza Aref,et al.  Two RFID Privacy Models in Front of a Court , 2011, IACR Cryptol. ePrint Arch..

[43]  Young Sil Lee,et al.  RFID mutual authentication protocol with Unclonable RFID-tags , 2011, International Conference on Mobile IT Convergence.

[44]  Wei Wu,et al.  A practical device authentication scheme using SRAM PUFs , 2012, Journal of Cryptographic Engineering.

[45]  Albert Levi,et al.  PUF-enhanced offline RFID security and privacy , 2012, J. Netw. Comput. Appl..