Skip to main content
SpringerLink
Log in

SDRLAP: A secure lightweight RFID mutual authentication protocol based on PUF with strong desynchronization resistance

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

As one of the key identity authentication technologies in the Internet of Things (IoT), Radio Frequency Identification (RFID) technology has been widely adopted in various wireless communication fields. However, increasing security and privacy issues have been limiting the development of RFID system. Most of the existing RFID authentication protocols are vulnerable to many malicious attacks. Key updating is a common security mechanism in RFID authentication protocol, but the existing RFID authentication protocols using traditional key updating mechanism usually cannot resist against desynchronization attack. To address this issue, we present a new shared key updating method by using pseudo-random number generator (PRNG) with the seeds negotiated by tag and server. Moreover, a new bit flipping operation is proposed to reduce the computation cost of tag. On these basis, we design a lightweight RFID mutual authentication protocol SDRLAP based on double physical unclonable function (PUF) by using PRNG and bit flipping operation. Compared with most of the existing RFID authentication protocols with the traditional key updating mechanism, SDRLAP guarantees the security and privacy of RFID systems, and meanwhile has the obvious advantages in terms of computational cost, storage requirement and communication overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Data availability

Not applicable.

References

  1. Mujahid U, Najam-ul-Islam M, Sarwar S (2017) A new ultralightweight RFID authentication protocol for passive low cost tags: KMAP. Wireless Pers Commun 94(3):725–744. https://doi.org/10.1007/s11277-016-3647-4

    Article  Google Scholar 

  2. Aghili SF, Mala H, Kaliyar P, Conti M (2019) Seclap: Secure and lightweight rfid authentication protocol for medical iot. Future Gener Comput Syst 101:621–634. https://doi.org/10.1016/j.future.2019.07.004

    Article  Google Scholar 

  3. Khan T (2018) Cloud-based architecture of a smart expiry system with IoT device. Int J Adv Eng Res Dev (IJAERD) 5(4):641–650. https://www.ijaerd.com/index.php/IJAERD/article/view/3137

  4. Chen R, Yu Y, Chen J, Zhong Y, Zhao H, Hussain A, Tan HZ (2020) Customized 2D barcode sensing for anti-counterfeiting application in smart IoT with fast encoding and information hiding. Sensors 20(17):4926. https://doi.org/10.3390/s20174926

    Article  Google Scholar 

  5. Yang MH (2010) Lightweight authentication protocol for mobile RFID networks. Int J Secur Netw 5(1):53–62. https://doi.org/10.1504/IJSN.2010.030723

    Article  Google Scholar 

  6. Niu B, Zhu X, Chi H, Li H (2014) Privacy and authentication protocol for mobile RFID systems. Wireless Pers Commun 77(3):1713–1731. https://doi.org/10.1007/s11277-014-1605-6

    Article  Google Scholar 

  7. Doss R, Sundaresan S, Zhou W (2013) A practical quadratic residues based scheme for authentication and privacy in mobile RFID systems. Ad Hoc Netw 11(1):383–396. https://doi.org/10.1016/j.adhoc.2012.06.015

    Article  Google Scholar 

  8. Yu W, Jiang Y (2017) Mobile RFID mutual authentication protocol based on hash function. In Proc Int Conf Cyber-Enabled Distrib Comput Knowl Discovery (CyberC), Nanjing, China, pp 358–361. https://doi.org/10.1109/CyberC.2017.45

  9. Wu X, Zhang M, Yang X (2013) Time-stamp based mutual authentication protocol for mobile RFID system.In Proc 22nd Wireless Opt Commun Conf, Chongqing, China, pp 702–706. https://doi.org/10.1109/WOCC.2013.6676465

  10. Zhang W, Qin S, Wang S, Wu L, Yi B (2018) A new scalable lightweight grouping proof protocol for RFID systems. Wireless Pers Commun 103(1):133–143. https://doi.org/10.1007/s11277-018-5430-1

    Article  Google Scholar 

  11. Burmester M, Munilla J (2016) An anonymous RFID grouping-proof with missing tag identification. In Proc IEEE Int Conf RFID, pp 146–152. https://doi.org/10.1109/RFID.2016.7488020

  12. Chen YY, Tsai ML (2014) An RFID solution for enhancing inpatient medication safety with real-time verifiable grouping-proof. Int J Med Informatics 83(1):70–81. https://doi.org/10.1016/j.ijmedinf.2013.06.002

    Article  Google Scholar 

  13. Sundaresan S, Doss R, Piramuthu S, Zhou W (2014) A robust grouping proof protocol for RFID EPC C1G2 tags. IEEE Trans Inf Forensics Secur 9(6):961–975. https://doi.org/10.1109/TIFS.2014.2316338

    Article  Google Scholar 

  14. Rostampour S, Bagheri N, Hosseinzadeh M, Khademzadeh A (2018) A scalable and lightweight grouping proof protocol for internet of things applications. J Supercomputing 74(1):71–86. https://doi.org/10.1007/s11227-017-2106-7

    Article  Google Scholar 

  15. Fan K, Luo Q, Zhang K, Yang Y (2020) Cloud-based lightweight secure RFID mutual authentication protocol in IoT. Inf Sci 527:329–340. https://doi.org/10.1016/j.ins.2019.08.006

    Article  MathSciNet  MATH  Google Scholar 

  16. Wu F, Xu L, Kumari S, Li X, Das AK, Shen J (2018) A lightweight and anonymous RFID tag authentication protocol with cloud assistance for e-healthcare applications. J Ambient Intell Hum Comput 9(4):919–930. https://doi.org/10.1007/s12652-017-0485-5

    Article  Google Scholar 

  17. Aghili SF, Mala H (2019) Security analysis of an ultra-lightweight RFID authentication protocol for m-commerce. Int J Commun Syst 32(3):3837–3849. https://doi.org/10.1002/dac.3837

    Article  Google Scholar 

  18. Zhou Z, Wang P, Li Z (2019) A quadratic residue-based RFID authentication protocol with enhanced security for TMIS. J Ambient Intell Hum Comput 10(9):3603–3615. https://doi.org/10.1007/s12652-018-1088-5

    Article  Google Scholar 

  19. Benssalah M, Djeddou M, Drouiche K (2017) Security analysis and enhancement of the most recent RFID authentication protocol for telecare medicine information system. Wireless Pers Commun 96(4):6221–6238. https://doi.org/10.1007/s11277-017-4474-y

    Article  Google Scholar 

  20. Safkhani M, Bagheri N (2017) Passive secret disclosure attack on an ultralightweight authentication protocol for internet of things. J Supercomputing 73(8):3579–3585. https://doi.org/10.1007/s11227-017-1959-0

    Article  Google Scholar 

  21. Chiou SY (2019) An efficient RFID authentication protocol using dynamic identity. Int J Netw Secur 21(5):728–734. https://doi.org/10.6633/IJNS.201909_21(5).03

    Article  Google Scholar 

  22. Surekha B, Narayana KL, Jayaprakash P, Vorugunti CS (2016) A realistic lightweight authentication protocol for securing cloud based RFID system. In Proc IEEE Int Conf Cloud Comput Emerging Markets, Bangalore, India, pp 54–60. https://doi.org/10.1109/CCEM.2016.018

  23. Wang KH, Chen CM, Fang W, Wu TY (2018) On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J Supercomputing 74(1):65–70. https://doi.org/10.1007/s11227-017-2105-8

    Article  Google Scholar 

  24. Yu YH, Zhang L (2016) Research on a provable security RFID authentication protocol based on Hash function. J China Univ Posts Telecommun 23(2):31–37. https://doi.org/10.1016/S1005-8885(16)60018-3

    Article  Google Scholar 

  25. Rahman MT, Rahman F, Forte D, Tehranipoor M (2015) An aging-resistant RO-PUF for reliable key generation. IEEE Trans Emerg Topics Comput 4(3):335–348. https://doi.org/10.1109/TETC.2015.2474741

    Article  Google Scholar 

  26. Delvaux J, Gu D, Schellekens D, Verbauwhede I (2014) Helper data algorithms for PUF-based key generation: Overview and analysis. IEEE Trans Comput-Aided Design Integr Circuits Syst 34(6):889–902. https://doi.org/10.1109/TCAD.2014.2370531

  27. Maurya PK, Bagchi S (2018) A secure PUF-based unilateral authentication scheme for RFID system. Wireless Pers Commun 103(2):1699–1712. https://doi.org/10.1007/s11277-018-5875-2

    Article  Google Scholar 

  28. Chatterjee U, Chakraborty RS, Mukhopadhyay D (2017) A PUF-based secure communication protocol for IoT. ACM Trans Embedded Comput Syst 16(3):1–25. https://doi.org/10.1145/3005715

    Article  Google Scholar 

  29. Devadas S, Suh E, Paral S, Sowell R, Ziola R, Khandelwal V (2008) Design and implementation of PUF-based unclonable RFID ICs for anti-counterfeiting and security applications. In Proc IEEE Int Conf RFID, Las Vegas, NV, USA, pp 58–64. https://doi.org/10.1109/RFID.2008.4519377

  30. Van Herrewege A, Katzenbeisser S, Maes R, Peeters R, Sadeghi AR, Verbauwhede I, Wachsmann C (2012) Reverse fuzzy extractors: Enabling lightweight mutual authentication for PUF-enabled RFIDs. In Proc Int Conf Financial Cryptogr Data Secur, pp 374–389. https://doi.org/10.1007/978-3-642-32946-3_27

  31. Aysu A, Gulcan E, Moriyama D, Schaumont P, Yung M (2015) End-to-end design of a PUF-based privacy preserving authentication protocol. In Proc Int Conf Cryptograph Hardw Embedded Syst, Saint-Malo, France, pp 556–576. https://doi.org/10.1007/978-3-662-48324-4_28

  32. Gope P, Lee J, Quek TQS (2018) Lightweight and practical anonymous authentication protocol for RFID systems using physically unclonable functions. IEEE Trans Inf Forensics Secur 13(11):2831–2843. https://doi.org/10.1109/TIFS.2018.2832849

    Article  Google Scholar 

  33. Zhu F, Li P, Xu H, Wang R (2019) A lightweight RFID mutual authentication protocol with PUF. Sensors 19(13):2957. https://doi.org/10.3390/s19132957

    Article  Google Scholar 

  34. Majzoobi M, Rostami M, Koushanfar F, Wallach DS, Devadas S (2012) Slender PUF protocol: a lightweight, robust, and secure authentication by substring matching.In Proc IEEE Symp Secur Privacy Workshops, San Francisco, CA, USA, pp 33–44. https://doi.org/10.1109/SPW.2012.30

  35. Rostami M, Majzoobi M, Koushanfar F, Wallach DS, Devadas S (2014) Robust and reverse-engineering resilient PUF authentication and key-exchange by substring matching. IEEE Trans Emerg Topics Comput 2(1):37–49. https://doi.org/10.1109/TETC.2014.2300635

    Article  Google Scholar 

  36. Mukhopadhyay D (2016) PUFs as promising tools for security in Internet of Things. IEEE Des Test 33(3):103–115. https://doi.org/10.1109/MDAT.2016.2544845

    Article  Google Scholar 

  37. Liang W, Xie S, Long J, Li KC, Zhang D, Li K (2019) A double PUF-based RFID identity authentication protocol in service-centric internet of things environments. Inf Sci 503:129–147. https://doi.org/10.1016/j.ins.2019.06.047

    Article  Google Scholar 

  38. Akgün M, Çaǧlayan MU (2015) Providing destructive privacy and scalability in RFID systems using PUFs. Ad Hoc Netw 32:32–42. https://doi.org/10.1016/j.adhoc.2015.02.001

    Article  Google Scholar 

  39. Idriss T, Bayoumi M (2017) Lightweight highly secure PUF protocol for mutual authentication and secret message exchange. In Proc IEEE Int Conf RFID Technol Appl (RFID-TA), Warsaw, Poland, pp 214–219. https://doi.org/10.1109/RFID-TA.2017.8098893

  40. Xu H, Ding J, Li P, Zhu F, Wang R (2018) A Lightweight RFID mutual authentication protocol based on physical unclonable function. Sensors 18(3):760. https://doi.org/10.3390/s18030760

    Article  Google Scholar 

  41. Chien HY (2007) SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans Depend Secure Comput 4(4):337–340. https://doi.org/10.1109/TDSC.2007.70226

    Article  Google Scholar 

  42. Rahman M, Sampangi RV, Sampalli S (2015) Lightweight protocol for anonymity and mutual authentication in RFID systems. In Proc 12th Annu IEEE Consum Commun Netw Conf, Las Vegas, NV, USA, pp 910–915. https://doi.org/10.1109/CCNC.2015.7158097

  43. Fan K, Jiang W, Li H, Yang Y (2018) Lightweight RFID protocol for medical privacy protection in IoT. IEEE Trans Ind Informat 14(4):1656–1665. https://doi.org/10.1109/TII.2018.2794996

    Article  Google Scholar 

  44. Luo H, Wen G, Su J, Huang Z (2018) SLAP: Succinct and lightweight authentication protocol for low-cost RFID system. Wireless Netw 24(1):69–78. https://doi.org/10.1007/s11276-016-1323-y

    Article  Google Scholar 

  45. Tewari A, Gupta BB (2017) Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags. J Supercomputing 73(3):1085–1102. https://doi.org/10.1007/s11227-016-1849-x

    Article  Google Scholar 

  46. Fan K, Gong Y, Liang C, Li H, Yang Y (2016) Lightweight and ultralightweight RFID mutual authentication protocol with cache in the reader for IoT in 5G. Secur Commun Netw 9(16):3095–3104. https://doi.org/10.1002/sec.1314

    Article  Google Scholar 

  47. Mujahid U, Najam-ul-Islam M, Shami MA (2015) RCIA: a new ultralightweight RFID authentication protocol using recursive hash. Int J Distrib Sensor Netw 11(1):642180. https://doi.org/10.1155/2015/642180

  48. Wang S, Liu S, Chen D (2015) Security analysis and improvement on two RFID authentication protocols. Wireless Pers Commun 82(1):21–33. https://doi.org/10.1007/s11277-014-2189-x

    Article  Google Scholar 

  49. Pang L, He L, Pei Q, Wang Y (2013) Secure and efficient mutual authentication protocol for RFID conforming to the EPC C-1 G-2 standard.In Proc IEEE Wireless Commun Netw Conf, Shanghai, China, pp 1870–1875. https://doi.org/10.1109/WCNC.2013.6554849

  50. Qian Q, Jia YL, Zhang R (2016) A lightweight RFID security protocol based on elliptic curve crytography. Int J Netw Secur 18(2):354–361. https://doi.org/10.6633/IJNS.201603.18(2).17

    Article  Google Scholar 

  51. Yogesh PR (2020) Formal verification of secure evidence collection protocol using BAN logic and AVISPA. Procedia Comput Sci 167:1334–1344. https://doi.org/10.1016/j.procs.2020.03.449

    Article  Google Scholar 

  52. Cremers CJF (2008) The Scyther Tool: Verification, falsification, and analysis of security protocols. In Proc. Int. Conf. Comput. Aided Verification, Princeton, NJ, USA, pp 414–418. https://doi.org/10.1007/978-3-540-70545-1_38

  53. Izza S, Benssalah M, Drouiche K (2021) An enhanced scalable and secure RFID authentication protocol for WBAN within an IoT environment. J Inf Secur Appl 58:102705. https://doi.org/10.1016/j.jisa.2020.102705

  54. Rivest RL, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun of the ACM 21(2):120–126. https://doi.org/10.1145/359340.359342

    Article  MathSciNet  MATH  Google Scholar 

  55. Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48(177):203–209. https://doi.org/10.1090/S0025-5718-1987-0866109-5

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgements

The authors thank the editors and the reviewers for their comments and suggestions. This work was supported by the National Natural Science Foundation of China under Grant No.61702237, No.61972094 and No.62032005; the Science and Technology Planning Foundation of Xuzhou City under Grant No.KC22052; the Opening Foundation of Henan Key Laboratory of Network Cryptography Technology under Grant No.LNCT2021-A07; the Opening Foundation of Fujian Provincial Key Laboratory of Network Security and Cryptology Research Fund, Fujian Normal University under Grant No.NSCL-KF2021-04; the Opening Foundation of Guangxi Key Laboratory of Cryptography and Information Security, Guilin University of Electronic Technology under Grant No. GCIS202114; the Postgraduate Research & Practice Innovation Program of Jiangsu Province under Grant No.KYCX20_2381; the Postgraduate Research & Practice Innovation Program of Jiangsu Normal University under Grant No.2021XKT1382; Cooperative Education Project of the Ministry of Education under Grant No. 202101374001; the Natural Science Foundation of Jiangsu Province under Grant No.BK20150241; the Special Foundation of Promoting Science and Technology Innovation of Xuzhou City under Grant No.KC18005; the Natural Science Foundation of the Higher Education Institutions of Jiangsu Province under Grant No.14KJB520010; the Scientific Research Support Project for Teachers with Doctor’s Degree of Jiangsu Normal University under Grant No.14XLR035; and Jiangsu Provincial Government Scholarship for Overseas Studies.

Funding

This work was supported by the National Natural Science Foundation of China under Grant No.61702237, No.61972094 and No.62032005; the Science and Technology Planning Foundation of Xuzhou City under Grant No.KC22052; the Opening Foundation of Henan Key Laboratory of Network Cryptography Technology under Grant No.LNCT2021-A07; the Opening Foundation of Fujian Provincial Key Laboratory of Network Security and Cryptology Research Fund, Fujian Normal University under Grant No.NSCL-KF2021-04; the Opening Foundation of Guangxi Key Laboratory of Cryptography and Information Security, Guilin University of Electronic Technology under Grant No. GCIS202114; the Postgraduate Research & Practice Innovation Program of Jiangsu Province under Grant No.KYCX20_2381; the Postgraduate Research & Practice Innovation Program of Jiangsu Normal University under Grant No.2021XKT1382; Cooperative Education Project of the Ministry of Education under Grant No. 202101374001; the Natural Science Foundation of Jiangsu Province under Grant No.BK20150241; the Special Foundation of Promoting Science and Technology Innovation of Xuzhou City under Grant No.KC18005; the Natural Science Foundation of the Higher Education Institutions of Jiangsu Province under Grant No.14KJB520010; the Scientific Research Support Project for Teachers with Doctor’s Degree of Jiangsu Normal University under Grant No.14XLR035; and Jiangsu Provincial Government Scholarship for Overseas Studies.

Author information

Authors and Affiliations

  1. College of Computer Science and Technology, Jiangsu Normal University, Xuzhou, 221116, China

    Tao Li & Yali Liu

  2. Henan Key Laboratory of Network Cryptography Technology, Zhengzhou, 450001, China

    Tao Li & Yali Liu

  3. Fujian Provincial Key Laboratory of Network Security and Cryptology, College of Computer and Cyber Security, Fujian Normal University, Fuzhou, 350117, China

    Tao Li, Yali Liu & Jianting Ning

  4. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China

    Jianting Ning

Authors
  1. Tao Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yali Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianting Ning
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Tao Li designed research plans, methodology and made writing-original draft preparation. Yali Liu put forward research ideas, conceptualization, supervision and made writing-reviewing and editing. Jianting Ning reviewed and put forward suggestions for modification.

Corresponding author

Correspondence to Yali Liu.

Ethics declarations

Ethics approval

Not applicable.

Consent to publish

All authors whose names appear on the submission:

  1. 1.

    confirm that the work described has not been published before and not under consideration for publication elsewhere;

  2. 2.

    made substantial contributions to the conception or design of the work;

  3. 3.

    drafted the work or revised it critically for important intellectual content;

  4. 4.

    approved the version to be published; and

  5. 5.

    agree to be accountable for all aspects of the work in ensuring that questions related to the accuracy or integrity of any part of the work are appropriately investigated and resolved.

Competing interests

The authors declare no competing interests.

Additional information

Guest Editor: Rongxing Lu

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the Topical Collection: Special Issue on 2 - Track on Security and Privacy

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Li, T., Liu, Y. & Ning, J. SDRLAP: A secure lightweight RFID mutual authentication protocol based on PUF with strong desynchronization resistance. Peer-to-Peer Netw. Appl. 16, 1652–1667 (2023). https://doi.org/10.1007/s12083-023-01471-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-023-01471-3

Keywords

Search

Navigation