Zhu Feng, Li Peng, Xu He, Wang Ruchuan
School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China.
Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks, Nanjing 210003, China.
Sensors (Basel). 2019 Jul 4;19(13):2957. doi: 10.3390/s19132957.
Radio frequency identification is one of the key techniques for Internet of Things, which has been widely adopted in many applications for identification. However, there exist various security and privacy issues in radio frequency identification (RFID) systems. Particularly, one of the most serious threats is to clone tags for the goal of counterfeiting goods, which causes great loss and danger to customers. To solve these issues, lots of authentication protocols are proposed based on physical unclonable functions that can ensure an anti-counterfeiting feature. However, most of the existing schemes require secret parameters to be stored in tags, which are vulnerable to physical attacks that can further lead to the breach of forward secrecy. Furthermore, as far as we know, none of the existing schemes are able to solve the security and privacy problems with good scalability. Since many existing schemes rely on exhaustive searches of the backend server to validate a tag and they are not scalable for applications with a large scale database. Hence, in this paper, we propose a lightweight RFID mutual authentication protocol with physically unclonable functions (PUFs). The performance analysis shows that our proposed scheme can ensure security and privacy efficiently in a scalable way.
射频识别是物联网的关键技术之一,已在许多识别应用中广泛采用。然而,射频识别(RFID)系统存在各种安全和隐私问题。特别是,最严重的威胁之一是为了假冒商品而克隆标签,这给客户造成了巨大损失和危险。为了解决这些问题,基于可确保防伪特性的物理不可克隆功能,提出了许多认证协议。然而,现有的大多数方案都要求将秘密参数存储在标签中,这些参数容易受到物理攻击,进而可能导致前向保密性的泄露。此外,据我们所知,现有的方案都无法以良好的可扩展性解决安全和隐私问题。由于许多现有方案依赖于后端服务器的穷举搜索来验证标签,并且对于具有大规模数据库的应用来说它们不可扩展。因此,在本文中,我们提出了一种具有物理不可克隆功能(PUF)的轻量级RFID相互认证协议。性能分析表明,我们提出的方案能够以可扩展的方式有效地确保安全和隐私。
