Logo PTI Logo FedCSIS

Proceedings of the 19th Conference on Computer Science and Intelligence Systems (FedCSIS)

Annals of Computer Science and Information Systems, Volume 39

On Privacy of PRF+PUF-based Authentication

DOI: http://dx.doi.org/10.15439/2024F6703

Citation: Proceedings of the 19th Conference on Computer Science and Intelligence Systems (FedCSIS), M. Bolanowski, M. Ganzha, L. Maciaszek, M. Paprzycki, D. Ślęzak (eds). ACSIS, Vol. 39, pages 177185 ()

Full text

Abstract. RFID-based authentication plays a crucial role in various fields, such as e-commerce, e-learning, e-business, health-care, cloud, IoT, etc. At the same time, there is growing interest in using physically unclonable functions (PUFs) in RFID tags to protect against key corruption of pseudo-random functions (PRFs). In this paper, we discuss the privacy properties of PRF+PUF-based RFID authentication protocols in Vaudenay's and the Hermans-Pashalidis-Vercauteren-Preneel (HPVP) models, considering two fundamental aspects: using temporary variables that might compromise privacy and using simulatable PUFs, a more realistic approach to ideal PUFs. Finally, we prove that a variant of a recently proposed RFID-based authentication protocol achieves strong privacy in the HPVP model.

References

  1. U. Rührmair and M. van Dijk, “PUFs in security protocols: Attack models and security evaluations,” in 2013 IEEE Symposium on Security and Privacy, 2013, pp. 286–300.
  2. W. Xie, L. Xie, C. Zhang, Q. Zhang, and C. Tang, “Cloud-based RFID authentication,” in 2013 IEEE International Conference on RFID (RFID), 2013, pp. 168–175.
  3. Z. Zhao, “A secure RFID authentication protocol for healthcare environments using elliptic curve cryptosystem,” J. Medical Syst., vol. 38, no. 5, p. 46, 2014.
  4. C. Jin, C. Xu, X. Zhang, and J. Zhao, “A secure RFID mutual authentication protocol for healthcare environments using elliptic curve cryptography,” J. Medical Syst., vol. 39, no. 3, p. 24, 2015.
  5. H. Xiao, A. A. Alshehri, and B. Christianson, “A cloud-based RFID authentication protocol with insecure communication channels,” in 2016 IEEE Trustcom/BigDataSE/ISPA, 2016, pp. 332–339.
  6. H. Xu, J. Ding, P. Li, F. Zhu, and R. Wang, “A lightweight RFID mutual authentication protocol based on physical unclonable function,” Sensors, vol. 18, no. 3, 2018.
  7. M. Safkhani, Y. Bendavid, S. Rostampour, and N. Bagheri, “On designing lightweight RFID security protocols for medical IoT,” Cryptology ePrint Archive, Paper 2019/851, 2019.
  8. W. Liang, S. Xie, J. Long, K.-C. Li, D. Zhang, and K. Li, “A double PUF-based RFID identity authentication protocol in service-centric internet of things environments,” Information Sciences, vol. 503, pp. 129–147, 2019. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0020025519305857
  9. F. Zhu, P. Li, H. Xu, and R. Wang, “A lightweight RFID mutual authentication protocol with PUF,” Sensors, vol. 19, no. 13, 2019. [Online]. Available: https://www.mdpi.com/1424-8220/19/13/2957
  10. K. Fan, Q. Luo, K. Zhang, and Y. Yang, “Cloud-based lightweight secure RFID mutual authentication protocol in IoT,” Information Sciences, vol. 527, pp. 329–340, 2020.
  11. L. Xiao, H. Xu, F. Zhu, R. Wang, and P. Li, “SKINNY-based RFID lightweight authentication protocol,” Sensors, vol. 20, no. 5, 2020. [Online]. Available: https://www.mdpi.com/1424-8220/20/5/1366
  12. F. Zhu, P. Li, H. Xu, and R. Wang, “A novel lightweight authentication scheme for RFID-based healthcare systems,” Sensors, vol. 20, no. 17, 2020. [Online]. Available: https://www.mdpi.com/1424-8220/20/17/4846
  13. P. Gope and B. Sikdar, “A comparative study of design paradigms for PUF-based security protocols for iot devices: Current progress, challenges, and future expectation,” Computer, vol. 54, no. 11, pp. 36–46, 2021.
  14. M. Shariq, K. Singh, M. Y. Bajuri, A. A. Pantelous, A. Ahmadian, and M. Salimi, “A secure and reliable RFID authentication protocol using digital Schnorr cryptosystem for IoT-enabled healthcare in COVID-19 scenario,” Sustainable Cities and Society, vol. 75, p. 103354, 2021.
  15. V. Kumar, R. Kumar, S. Jangirala, S. Kumari, S. Kumar, and C.-M. Chen, “An enhanced RFID-based authentication protocol using PUF for vehicular cloud computing,” Security and Communication Networks, 2022. [Online]. Available: https://api.semanticscholar.org/CorpusID:251239918
  16. M. Adeli, N. Bagheri, S. Sadeghi, and S. Kumari, “χperbp: a cloudbased lightweight mutual authentication protocol,” Peer Peer Netw. Appl., vol. 16, no. 4, pp. 1785–1802, 2023.
  17. A. Kumar, K. Singh, M. Shariq, C. Lal, M. Conti, R. Amin, and S. A. Chaudhry, “An efficient and reliable ultralightweight RFID authentication scheme for healthcare systems,” Computer Communications, vol. 205, pp. 147–157, 2023. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0140366423001329
  18. Y. Wang, R. Liu, T. Gao, F. Shu, X. Lei, G. Gui, and J. Wang, “A novel RFID authentication protocol based on a block-order-modulus variable matrix encryption algorithm,” 2023.
  19. S. Vaudenay, “On privacy models for RFID,” in Proceedings of the Advances in Crypotology 13th International Conference on Theory and Application of Cryptology and Information Security, ser. ASIACRYPT’07. Berlin, Heidelberg: Springer-Verlag, 2007, pp. 68–87.
  20. J. Hermans, F. Pashalidis, Andreasand Vercauteren, and B. Preneel, “A new RFID privacy model,” in Computer Security – ESORICS 2011, V. Atluri and C. Diaz, Eds. Berlin, Heidelberg: Springer Verlag, 2011, pp. 568–587.
  21. J. Hermans, R. Peeters, and B. Preneel, “Proper RFID privacy: Model and protocols,” IEEE Transactions on Mobile Computing, vol. 13, no. 12, pp. 2888–2902, Dec 2014.
  22. F. Armknecht, A.-R. Sadeghi, I. Visconti, and C. Wachsmann, “On RFID privacy with mutual authentication and tag corruption,” in Proceedings of the 8th International Conference on Applied Cryptography and Network Security, ser. ACNS’10. Berlin, Heidelberg: Springer-Verlag, 2010, pp. 493–510.
  23. Y. Gao, M. van Dijk, L. Xu, W. Yang, S. Nepal, and D. C. Ranasinghe, “TREVERSE: TRial-and-Error lightweight secure ReVERSE authentication with simulatable PUFs,” IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 1, pp. 419–437, 2022.
  24. J. Katz and Y. Lindell, Introduction to Modern Cryptography, 3rd ed. Chapman & Hall/CRC, 2020.
  25. M. Sipser, Introduction to the Theory of Computation. Cengage Learning, 2012.
  26. F. L. Ţiplea and C. Hristea, “Privacy and reader-first authentication in Vaudenay’s RFID model with temporary state disclosure,” Cryptology ePrint Archive, Report 2019/113, 2019, https://eprint.iacr.org/2019/113.
  27. F. L. Ţiplea and C. Hristea, “PUF protected variables: A solution to RFID security and privacy under corruption with temporary state disclosure,” IEEE Transactions on Information Forensics and Security, vol. 16, pp. 999–1013, 2021.
  28. F. L. Ţiplea, C. Andriesei, and C. Hristea, “Security and privacy of PUF-based RFID systems,” in Cryptography - Recent Advances and Future Developments. IntechOpen, 2021, iSBN 978-1-83962-566-4.
  29. F. L. Ţiplea, “Lessons to be learned for a good design of private RFID schemes,” IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 4, pp. 2384–2395, 2022.
  30. F. L. Ţiplea, “Narrow privacy and desynchronization in Vaudenay’s RFID model,” International Journal of Information Security, vol. 22, pp. 563–575, June 2022.
  31. F. L. Ţiplea, C. Hristea, and R. Bulai, “Privacy and reader-first authentication in Vaudenay’s RFID model with temporary state disclosure,” Comput. Sci. J. Moldova, vol. 30, no. 3, pp. 335–359, 2022.
  32. J. Delvaux, “Security analysis of PUF-based key generation and entity authentication,” 2017.
  33. A.-R. Sadeghi, I. Visconti, and C. Wachsmann, “PUF-enhanced RFID security and privacy,” in Workshop on secure component and system identification (SECSI), vol. 110, 2010.
  34. A.-R. Sadeghi, I. Visconti, and C. Wachsmann, Enhancing RFID Security and Privacy by Physically Unclonable Functions. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010, pp. 281–305.
  35. C. Hristea and F. L. Ţiplea, “Destructive privacy and mutual authentication in Vaudenay’s RFID model,” Cryptology ePrint Archive, Report 2019/073, 2019.
  36. F. L. Ţiplea, “On privacy of RFID-based authentication protocols,” in Proceedings of the 21st International Conference on Security and Cryptography - SECRYPT, INSTICC. SciTePress, 2024, pp. 128–139.
  37. F. L. T , iplea, “Security and privacy requirements for RFID schemes in healthcare: Case studies, solutions, and challenges,” Procedia Computer Science, 2024, 28th International Conference on Knowledge Based and Intelligent Information and Engineering Sytems (KES 2024).