PUF-enhanced offline RFID security and privacy (original) (raw)

Security and Privacy of PUF-Based RFID Systems

Cryptography - Recent Advances and Future Developments, 2021

The last decade has shown an increasing interest in the use of the physically unclonable function (PUF) technology in the design of radio frequency identification (RFID) systems. PUFs can bring extra security and privacy at the physical level that cannot be obtained by symmetric or asymmetric cryptography at the moment. However, many PUF-based RFID schemes proposed in recent years do not even achieve the lowest privacy level in reputable security and privacy models, such as Vaudenay’s model. In contrast, the lowest privacy in this model can be achieved through standard RFID schemes that use only symmetric cryptography. The purpose of this chapter is to analyze this aspect. Thus, it is emphasized the need to use formal models in the study of the security and privacy of (PUF-based) RFID schemes. We broadly discuss the tag corruption oracle and highlight some aspects that can lead to schemes without security or privacy. We also insist on the need to formally treat the cryptographic pro...

A Novel RFID Distance Bounding Protocol Based on Physically Unclonable Functions

eprint.iacr.org

Radio Frequency Identification (RFID) systems are vulnerable to relay attacks (i.e., mafia, terrorist and distance frauds) when they are used for authentication purposes. Distance bounding protocols are particularly designed as a countermeasure against these attacks. These protocols aim to ensure that the tags are in a distant area by measuring the round-trip delays during a rapid challenge-response exchange of short authenticated messages. Terrorist fraud is the most challenging attack to avoid, because a legitimate user (a tag owner) collaborates with an attacker to defeat the authentication system. Many RFID distance bounding protocols have been proposed recently, with encouraging results. However, none of them provides the ideal security against the terrorist fraud. Motivated by this need, we first introduce a strong adversary model for Physically Unclonable Functions (PUFs) based authentication protocol in which the adversary has access to volatile memory of the tag. We show that the security of Sadeghi et al.'s PUF based authentication protocol is not secure in this model. We provide a new technique to improve the security of their protocol. Namely, in our scheme, even if an adversary has access to volatile memory she cannot obtain all long term keys to clone the tag. Next, we propose a novel RFID distance bounding protocol based on PUFs which satisfies the expected security requirements. Comparing to the previous protocols, the use of PUFs in our protocol enhances the system in terms of security and privacy. We also prove that our extended protocol with a final signature provides the ideal security against all those frauds, remarkably the terrorist fraud. Besides that, our protocols enjoy the attractive properties of PUFs, which provide a cost efficient and reliable method to fingerprint chips based on their physical properties.

PUF-based Privacy-Preserving RFID Protocol

Communications on Applied Electronics, 2018

The limitation of RFID tag resources plays a great challenge for the researchers to implement an applied RFID scheme which is privacy-preserving, efficient and suitable for a lowcost tag. In this paper, we suggest a privacy-preserving mutual authenticated key establishment protocol for RFID systems with no computational or storage consumption. Our scheme is based on the utilization of the fading channel features and the use of Physically Unclonable Functions (PUFs). Firstly, we exploit the resources provided by the time-varying channel gains to share a common randomization source between RFID reader and its tags, for key establishment. Secondly, we use PUF for tags authentication and improving the key generation rate of our suggested protocol. We determine the upper bound for the generation rate of a secret key shared among reader and tag, and give numerical examples to reveal the performance of our suggested technique.

PUMAP: A PUF-Based Ultra-Lightweight Mutual-Authentication RFID Protocol

International Journal of RFID Security and Cryptography, 2013

Radio Frequency Identification (RFID) is a technology used for automatic identification of objects, people, and virtually anything one can think of. Applications of RFID technology are expanding and its usage is being adopted worldwide. As such, major efforts have been made to secure the communications in RFID systems and to protect them from various attacks. This paper surveys RFID systems, citing some of their applications as well as the numerous security vulnerabilities they suffer from. Then, some of the proposed solutions that guard against these vulnerabilities are presented and discussed. Then, a novel approach to achieve mutual authentication for ultra-lightweight tags is proposed using Physically Unclonable Functions (PUFs). The proposed approach provides robust security properties as well as good performance characteristics. A proof of concept implementation of the proposed protocol was done on Java programming language that proved the feasibility and efficiency of the protocol.

k-Strong Privacy for RFID Authentication Protocols Based on Physically Unclonable Functions

2019

This paper examines Vaudenay’s privacy model, which is one of the first and most complete privacy models featured the notion of differen t privacy classes. We enhance this model by introducing two new generic adversa ry classes, k-strong andk-forward adversaries where the adversary is allowed to corrupt a tag at mostk times. Moreover, we introduce an extended privacy definition that also covers all privacy classes of Vaudenay’s model. In order to ac hieve highest privacy level, we study low cost primitives such as Physically Unclonable Functions (PUFs). The common assumption of PUFs is that their physical struc ture is destroyed once tampered. This assumption works only in the ideal case b ecause the tamper resistance depends on the ability of the attacker and the quality of the PUF circuits. In this paper, we have weaken this assumption by introduc ing a new definitionk-resistant PUFs . k-PUFs are tamper-resistant against at most k attacks, i.e., their physical structure remains st...

A PUF-based ultra-lightweight mutual-authentication RFID protocol

2011

Radio Frequency Identification (RFID) is a technology used for automatic identification of objects, people, and virtually anything one can think of. Applications of RFID technology are expanding and its usage has been adopted worldwide. As such, major efforts have been made to secure the communications in RFID systems and to protect them from various attacks. This paper surveys RFID security vulnerabilities and some of the proposed solutions that guard against these vulnerabilities. Then, a novel approach to achieve mutual authentication for ultralightweight tags is proposed using Physically Unclonable Functions (PUFs). The proposed approach provides robust security properties as well as good performance.

An Analysis of Authentication for Passive RFID Tags

2009

RFID (Radio Frequency Identification) tags have become pervasive for identifying objects, people and pets, automated payment and theftdeterrents. However, assurance of tag identity has not been built into the RFID environment. Privacy by means of encryption can prevent the data from being human readable but cannot stop a clone being created. This paper considers recent approaches that have been proposed to breach this gap. These include PUF’s (Physically Unclonable Functions), cryptography, digital signatures and radio fingerprints. This paper contributes a critical analysis of current approaches in order to identify requirements for RFID tag authentication, focusing on passive RFID tags used for product authentication.

Privacy and Reader-first Authentication in Vaudenay's RFID Model with Temporary State Disclosure

Computer Science Journal of Moldova

Privacy and mutual authentication under corruption with temporary state disclosure are two significant requirements for real-life applications of RFID schemes. This paper proposes two practical RFID schemes that meet these requirements. They differ from other similar schemes in that they provide reader-first authentication. Regarding privacy, our first scheme achieves destructive privacy, while the second one -- narrow destructive privacy in Vaudenay's model with temporary state disclosure. To achieve these privacy levels, we use Physically Unclonable Functions (PUFs) to assure that the internal secret of the tag remains hidden from an adversary with invasive capabilities. Both of our schemes avoid the use of random generators on tags. Detailed security and privacy proofs are provided.

The F_f-Family of Protocols for RFID-Privacy and Authentication

IEEE Transactions on Dependable and Secure Computing, 2011

F f is a family of lightweight and privacy-preserving authentication protocols for RFID-systems. Contrary to related work, F f offers user-adjustable authentication and privacy without requiring a complex cryptographic hash function or non-volatile state on the tag. At the core of F f is a lightweight keyed hash function that allows the reader to identify and authenticate a tag by iterative elimination of the entries in its database through a few rounds of verifications. The security of F f is analyzed against algebraic and statistical attacks, attacks based on the LPN technique, and also with respect to recently highlighted SATsolving approaches. The feasibility of the scheme is discussed through an estimation of the hardware cost and of the protocol performance based on a specific instance of the F f family.

PUF-Based Authentication-Oriented Architecture for Identification Tags

IEEE Transactions on Dependable and Secure Computing/IEEE transactions on dependable and secure computing, 2024

Smart tags are compact electronic devices affixed to or embedded into objects to facilitate identification, monitoring, and data exchange. Consequently, secure authentication of these tags is a crucial issue, as objects must reliably verify their identity before sharing sensitive information with other entities. The application of Physical Unclonable Functions (PUF) as a device's "digital fingerprint" has attracted significant attention, yet existing PUF-based authentication methods exhibit security vulnerabilities, either due to the authentication protocol itself or the limited reliability of the PUF technology used. Moreover, there has been a considerable focus on the software aspect, often overlooking the critical role of hardware design, which can become a target for attacks aimed at compromising the device's identity or act as a hindrance in the manufacturing process. In light of these points, this paper introduces an identification tag architecture that leverages PUF technology, focusing on authentication. This architecture features a straightforward but efficient authentication protocol, underpinned by a new and highly stable PUF model. The overall architecture encompasses particular hardware implementation aspects that significantly simplify the tag's enrollment phase and minimize vulnerabilities to attacks. The paper also describes a prototype of this identification tag and provide detailed insights into its application.