Abstract
As one of the key identity authentication technologies in the Internet of Things (IoT), Radio Frequency Identification (RFID) technology has been widely adopted in various wireless communication fields. However, increasing security and privacy issues have been limiting the development of RFID system. Most of the existing RFID authentication protocols are vulnerable to many malicious attacks. Key updating is a common security mechanism in RFID authentication protocol, but the existing RFID authentication protocols using traditional key updating mechanism usually cannot resist against desynchronization attack. To address this issue, we present a new shared key updating method by using pseudo-random number generator (PRNG) with the seeds negotiated by tag and server. Moreover, a new bit flipping operation is proposed to reduce the computation cost of tag. On these basis, we design a lightweight RFID mutual authentication protocol SDRLAP based on double physical unclonable function (PUF) by using PRNG and bit flipping operation. Compared with most of the existing RFID authentication protocols with the traditional key updating mechanism, SDRLAP guarantees the security and privacy of RFID systems, and meanwhile has the obvious advantages in terms of computational cost, storage requirement and communication overhead.
Similar content being viewed by others
Data availability
Not applicable.
References
Mujahid U, Najam-ul-Islam M, Sarwar S (2017) A new ultralightweight RFID authentication protocol for passive low cost tags: KMAP. Wireless Pers Commun 94(3):725–744. https://doi.org/10.1007/s11277-016-3647-4
Aghili SF, Mala H, Kaliyar P, Conti M (2019) Seclap: Secure and lightweight rfid authentication protocol for medical iot. Future Gener Comput Syst 101:621–634. https://doi.org/10.1016/j.future.2019.07.004
Khan T (2018) Cloud-based architecture of a smart expiry system with IoT device. Int J Adv Eng Res Dev (IJAERD) 5(4):641–650. https://www.ijaerd.com/index.php/IJAERD/article/view/3137
Chen R, Yu Y, Chen J, Zhong Y, Zhao H, Hussain A, Tan HZ (2020) Customized 2D barcode sensing for anti-counterfeiting application in smart IoT with fast encoding and information hiding. Sensors 20(17):4926. https://doi.org/10.3390/s20174926
Yang MH (2010) Lightweight authentication protocol for mobile RFID networks. Int J Secur Netw 5(1):53–62. https://doi.org/10.1504/IJSN.2010.030723
Niu B, Zhu X, Chi H, Li H (2014) Privacy and authentication protocol for mobile RFID systems. Wireless Pers Commun 77(3):1713–1731. https://doi.org/10.1007/s11277-014-1605-6
Doss R, Sundaresan S, Zhou W (2013) A practical quadratic residues based scheme for authentication and privacy in mobile RFID systems. Ad Hoc Netw 11(1):383–396. https://doi.org/10.1016/j.adhoc.2012.06.015
Yu W, Jiang Y (2017) Mobile RFID mutual authentication protocol based on hash function. In Proc Int Conf Cyber-Enabled Distrib Comput Knowl Discovery (CyberC), Nanjing, China, pp 358–361. https://doi.org/10.1109/CyberC.2017.45
Wu X, Zhang M, Yang X (2013) Time-stamp based mutual authentication protocol for mobile RFID system.In Proc 22nd Wireless Opt Commun Conf, Chongqing, China, pp 702–706. https://doi.org/10.1109/WOCC.2013.6676465
Zhang W, Qin S, Wang S, Wu L, Yi B (2018) A new scalable lightweight grouping proof protocol for RFID systems. Wireless Pers Commun 103(1):133–143. https://doi.org/10.1007/s11277-018-5430-1
Burmester M, Munilla J (2016) An anonymous RFID grouping-proof with missing tag identification. In Proc IEEE Int Conf RFID, pp 146–152. https://doi.org/10.1109/RFID.2016.7488020
Chen YY, Tsai ML (2014) An RFID solution for enhancing inpatient medication safety with real-time verifiable grouping-proof. Int J Med Informatics 83(1):70–81. https://doi.org/10.1016/j.ijmedinf.2013.06.002
Sundaresan S, Doss R, Piramuthu S, Zhou W (2014) A robust grouping proof protocol for RFID EPC C1G2 tags. IEEE Trans Inf Forensics Secur 9(6):961–975. https://doi.org/10.1109/TIFS.2014.2316338
Rostampour S, Bagheri N, Hosseinzadeh M, Khademzadeh A (2018) A scalable and lightweight grouping proof protocol for internet of things applications. J Supercomputing 74(1):71–86. https://doi.org/10.1007/s11227-017-2106-7
Fan K, Luo Q, Zhang K, Yang Y (2020) Cloud-based lightweight secure RFID mutual authentication protocol in IoT. Inf Sci 527:329–340. https://doi.org/10.1016/j.ins.2019.08.006
Wu F, Xu L, Kumari S, Li X, Das AK, Shen J (2018) A lightweight and anonymous RFID tag authentication protocol with cloud assistance for e-healthcare applications. J Ambient Intell Hum Comput 9(4):919–930. https://doi.org/10.1007/s12652-017-0485-5
Aghili SF, Mala H (2019) Security analysis of an ultra-lightweight RFID authentication protocol for m-commerce. Int J Commun Syst 32(3):3837–3849. https://doi.org/10.1002/dac.3837
Zhou Z, Wang P, Li Z (2019) A quadratic residue-based RFID authentication protocol with enhanced security for TMIS. J Ambient Intell Hum Comput 10(9):3603–3615. https://doi.org/10.1007/s12652-018-1088-5
Benssalah M, Djeddou M, Drouiche K (2017) Security analysis and enhancement of the most recent RFID authentication protocol for telecare medicine information system. Wireless Pers Commun 96(4):6221–6238. https://doi.org/10.1007/s11277-017-4474-y
Safkhani M, Bagheri N (2017) Passive secret disclosure attack on an ultralightweight authentication protocol for internet of things. J Supercomputing 73(8):3579–3585. https://doi.org/10.1007/s11227-017-1959-0
Chiou SY (2019) An efficient RFID authentication protocol using dynamic identity. Int J Netw Secur 21(5):728–734. https://doi.org/10.6633/IJNS.201909_21(5).03
Surekha B, Narayana KL, Jayaprakash P, Vorugunti CS (2016) A realistic lightweight authentication protocol for securing cloud based RFID system. In Proc IEEE Int Conf Cloud Comput Emerging Markets, Bangalore, India, pp 54–60. https://doi.org/10.1109/CCEM.2016.018
Wang KH, Chen CM, Fang W, Wu TY (2018) On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J Supercomputing 74(1):65–70. https://doi.org/10.1007/s11227-017-2105-8
Yu YH, Zhang L (2016) Research on a provable security RFID authentication protocol based on Hash function. J China Univ Posts Telecommun 23(2):31–37. https://doi.org/10.1016/S1005-8885(16)60018-3
Rahman MT, Rahman F, Forte D, Tehranipoor M (2015) An aging-resistant RO-PUF for reliable key generation. IEEE Trans Emerg Topics Comput 4(3):335–348. https://doi.org/10.1109/TETC.2015.2474741
Delvaux J, Gu D, Schellekens D, Verbauwhede I (2014) Helper data algorithms for PUF-based key generation: Overview and analysis. IEEE Trans Comput-Aided Design Integr Circuits Syst 34(6):889–902. https://doi.org/10.1109/TCAD.2014.2370531
Maurya PK, Bagchi S (2018) A secure PUF-based unilateral authentication scheme for RFID system. Wireless Pers Commun 103(2):1699–1712. https://doi.org/10.1007/s11277-018-5875-2
Chatterjee U, Chakraborty RS, Mukhopadhyay D (2017) A PUF-based secure communication protocol for IoT. ACM Trans Embedded Comput Syst 16(3):1–25. https://doi.org/10.1145/3005715
Devadas S, Suh E, Paral S, Sowell R, Ziola R, Khandelwal V (2008) Design and implementation of PUF-based unclonable RFID ICs for anti-counterfeiting and security applications. In Proc IEEE Int Conf RFID, Las Vegas, NV, USA, pp 58–64. https://doi.org/10.1109/RFID.2008.4519377
Van Herrewege A, Katzenbeisser S, Maes R, Peeters R, Sadeghi AR, Verbauwhede I, Wachsmann C (2012) Reverse fuzzy extractors: Enabling lightweight mutual authentication for PUF-enabled RFIDs. In Proc Int Conf Financial Cryptogr Data Secur, pp 374–389. https://doi.org/10.1007/978-3-642-32946-3_27
Aysu A, Gulcan E, Moriyama D, Schaumont P, Yung M (2015) End-to-end design of a PUF-based privacy preserving authentication protocol. In Proc Int Conf Cryptograph Hardw Embedded Syst, Saint-Malo, France, pp 556–576. https://doi.org/10.1007/978-3-662-48324-4_28
Gope P, Lee J, Quek TQS (2018) Lightweight and practical anonymous authentication protocol for RFID systems using physically unclonable functions. IEEE Trans Inf Forensics Secur 13(11):2831–2843. https://doi.org/10.1109/TIFS.2018.2832849
Zhu F, Li P, Xu H, Wang R (2019) A lightweight RFID mutual authentication protocol with PUF. Sensors 19(13):2957. https://doi.org/10.3390/s19132957
Majzoobi M, Rostami M, Koushanfar F, Wallach DS, Devadas S (2012) Slender PUF protocol: a lightweight, robust, and secure authentication by substring matching.In Proc IEEE Symp Secur Privacy Workshops, San Francisco, CA, USA, pp 33–44. https://doi.org/10.1109/SPW.2012.30
Rostami M, Majzoobi M, Koushanfar F, Wallach DS, Devadas S (2014) Robust and reverse-engineering resilient PUF authentication and key-exchange by substring matching. IEEE Trans Emerg Topics Comput 2(1):37–49. https://doi.org/10.1109/TETC.2014.2300635
Mukhopadhyay D (2016) PUFs as promising tools for security in Internet of Things. IEEE Des Test 33(3):103–115. https://doi.org/10.1109/MDAT.2016.2544845
Liang W, Xie S, Long J, Li KC, Zhang D, Li K (2019) A double PUF-based RFID identity authentication protocol in service-centric internet of things environments. Inf Sci 503:129–147. https://doi.org/10.1016/j.ins.2019.06.047
Akgün M, Çaǧlayan MU (2015) Providing destructive privacy and scalability in RFID systems using PUFs. Ad Hoc Netw 32:32–42. https://doi.org/10.1016/j.adhoc.2015.02.001
Idriss T, Bayoumi M (2017) Lightweight highly secure PUF protocol for mutual authentication and secret message exchange. In Proc IEEE Int Conf RFID Technol Appl (RFID-TA), Warsaw, Poland, pp 214–219. https://doi.org/10.1109/RFID-TA.2017.8098893
Xu H, Ding J, Li P, Zhu F, Wang R (2018) A Lightweight RFID mutual authentication protocol based on physical unclonable function. Sensors 18(3):760. https://doi.org/10.3390/s18030760
Chien HY (2007) SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans Depend Secure Comput 4(4):337–340. https://doi.org/10.1109/TDSC.2007.70226
Rahman M, Sampangi RV, Sampalli S (2015) Lightweight protocol for anonymity and mutual authentication in RFID systems. In Proc 12th Annu IEEE Consum Commun Netw Conf, Las Vegas, NV, USA, pp 910–915. https://doi.org/10.1109/CCNC.2015.7158097
Fan K, Jiang W, Li H, Yang Y (2018) Lightweight RFID protocol for medical privacy protection in IoT. IEEE Trans Ind Informat 14(4):1656–1665. https://doi.org/10.1109/TII.2018.2794996
Luo H, Wen G, Su J, Huang Z (2018) SLAP: Succinct and lightweight authentication protocol for low-cost RFID system. Wireless Netw 24(1):69–78. https://doi.org/10.1007/s11276-016-1323-y
Tewari A, Gupta BB (2017) Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags. J Supercomputing 73(3):1085–1102. https://doi.org/10.1007/s11227-016-1849-x
Fan K, Gong Y, Liang C, Li H, Yang Y (2016) Lightweight and ultralightweight RFID mutual authentication protocol with cache in the reader for IoT in 5G. Secur Commun Netw 9(16):3095–3104. https://doi.org/10.1002/sec.1314
Mujahid U, Najam-ul-Islam M, Shami MA (2015) RCIA: a new ultralightweight RFID authentication protocol using recursive hash. Int J Distrib Sensor Netw 11(1):642180. https://doi.org/10.1155/2015/642180
Wang S, Liu S, Chen D (2015) Security analysis and improvement on two RFID authentication protocols. Wireless Pers Commun 82(1):21–33. https://doi.org/10.1007/s11277-014-2189-x
Pang L, He L, Pei Q, Wang Y (2013) Secure and efficient mutual authentication protocol for RFID conforming to the EPC C-1 G-2 standard.In Proc IEEE Wireless Commun Netw Conf, Shanghai, China, pp 1870–1875. https://doi.org/10.1109/WCNC.2013.6554849
Qian Q, Jia YL, Zhang R (2016) A lightweight RFID security protocol based on elliptic curve crytography. Int J Netw Secur 18(2):354–361. https://doi.org/10.6633/IJNS.201603.18(2).17
Yogesh PR (2020) Formal verification of secure evidence collection protocol using BAN logic and AVISPA. Procedia Comput Sci 167:1334–1344. https://doi.org/10.1016/j.procs.2020.03.449
Cremers CJF (2008) The Scyther Tool: Verification, falsification, and analysis of security protocols. In Proc. Int. Conf. Comput. Aided Verification, Princeton, NJ, USA, pp 414–418. https://doi.org/10.1007/978-3-540-70545-1_38
Izza S, Benssalah M, Drouiche K (2021) An enhanced scalable and secure RFID authentication protocol for WBAN within an IoT environment. J Inf Secur Appl 58:102705. https://doi.org/10.1016/j.jisa.2020.102705
Rivest RL, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun of the ACM 21(2):120–126. https://doi.org/10.1145/359340.359342
Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48(177):203–209. https://doi.org/10.1090/S0025-5718-1987-0866109-5
Acknowledgements
The authors thank the editors and the reviewers for their comments and suggestions. This work was supported by the National Natural Science Foundation of China under Grant No.61702237, No.61972094 and No.62032005; the Science and Technology Planning Foundation of Xuzhou City under Grant No.KC22052; the Opening Foundation of Henan Key Laboratory of Network Cryptography Technology under Grant No.LNCT2021-A07; the Opening Foundation of Fujian Provincial Key Laboratory of Network Security and Cryptology Research Fund, Fujian Normal University under Grant No.NSCL-KF2021-04; the Opening Foundation of Guangxi Key Laboratory of Cryptography and Information Security, Guilin University of Electronic Technology under Grant No. GCIS202114; the Postgraduate Research & Practice Innovation Program of Jiangsu Province under Grant No.KYCX20_2381; the Postgraduate Research & Practice Innovation Program of Jiangsu Normal University under Grant No.2021XKT1382; Cooperative Education Project of the Ministry of Education under Grant No. 202101374001; the Natural Science Foundation of Jiangsu Province under Grant No.BK20150241; the Special Foundation of Promoting Science and Technology Innovation of Xuzhou City under Grant No.KC18005; the Natural Science Foundation of the Higher Education Institutions of Jiangsu Province under Grant No.14KJB520010; the Scientific Research Support Project for Teachers with Doctor’s Degree of Jiangsu Normal University under Grant No.14XLR035; and Jiangsu Provincial Government Scholarship for Overseas Studies.
Funding
This work was supported by the National Natural Science Foundation of China under Grant No.61702237, No.61972094 and No.62032005; the Science and Technology Planning Foundation of Xuzhou City under Grant No.KC22052; the Opening Foundation of Henan Key Laboratory of Network Cryptography Technology under Grant No.LNCT2021-A07; the Opening Foundation of Fujian Provincial Key Laboratory of Network Security and Cryptology Research Fund, Fujian Normal University under Grant No.NSCL-KF2021-04; the Opening Foundation of Guangxi Key Laboratory of Cryptography and Information Security, Guilin University of Electronic Technology under Grant No. GCIS202114; the Postgraduate Research & Practice Innovation Program of Jiangsu Province under Grant No.KYCX20_2381; the Postgraduate Research & Practice Innovation Program of Jiangsu Normal University under Grant No.2021XKT1382; Cooperative Education Project of the Ministry of Education under Grant No. 202101374001; the Natural Science Foundation of Jiangsu Province under Grant No.BK20150241; the Special Foundation of Promoting Science and Technology Innovation of Xuzhou City under Grant No.KC18005; the Natural Science Foundation of the Higher Education Institutions of Jiangsu Province under Grant No.14KJB520010; the Scientific Research Support Project for Teachers with Doctor’s Degree of Jiangsu Normal University under Grant No.14XLR035; and Jiangsu Provincial Government Scholarship for Overseas Studies.
Author information
Authors and Affiliations
Contributions
Tao Li designed research plans, methodology and made writing-original draft preparation. Yali Liu put forward research ideas, conceptualization, supervision and made writing-reviewing and editing. Jianting Ning reviewed and put forward suggestions for modification.
Corresponding author
Ethics declarations
Ethics approval
Not applicable.
Consent to publish
All authors whose names appear on the submission:
-
1.
confirm that the work described has not been published before and not under consideration for publication elsewhere;
-
2.
made substantial contributions to the conception or design of the work;
-
3.
drafted the work or revised it critically for important intellectual content;
-
4.
approved the version to be published; and
-
5.
agree to be accountable for all aspects of the work in ensuring that questions related to the accuracy or integrity of any part of the work are appropriately investigated and resolved.
Competing interests
The authors declare no competing interests.
Additional information
Guest Editor: Rongxing Lu
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article is part of the Topical Collection: Special Issue on 2 - Track on Security and Privacy
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Li, T., Liu, Y. & Ning, J. SDRLAP: A secure lightweight RFID mutual authentication protocol based on PUF with strong desynchronization resistance. Peer-to-Peer Netw. Appl. 16, 1652–1667 (2023). https://doi.org/10.1007/s12083-023-01471-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-023-01471-3