A Secure Lightweight RFID Mutual Authentication Protocol Without Explicit Challenge-Response Pairs

Radio Frequency Identification (RFID) has been widely deployed to various scenarios, but its security and privacy issues need to be concerned due to the tag’s limited computing and storage resources. While benefiting from the great convenience and advantages of RFID systems, security is still a considerable threat to their applications, such as desynchronization attacks and cloning attacks. In this paper, we propose a secure lightweight mutual authentication protocol based on the configurable tristate physical unclonable functions and the cryptographic primitive of verifiable secret sharing to solve these issues. More specifically, the tag equipped with the configurable tristate physical unclonable functions structure can enhance the tag’s security and effectively resist machine learning modeling attacks. Verifiable secret sharing plays the role of decentralized storage of secrets, and ensures the verifiability of the correctness of the each shares. The verifiability provided by verifiable secret sharing is effective against tag impersonation attacks, and the validity of the each share provided by the tag has to be verified before it is adopted. Finally, the correctness of our protocol is analyzed formally using BAN-logic and the its security is verified informally by the Scyther. In addition, we analyze security properties including data integrity, data confidentiality, anonymity, mutual authentication, forward security and resistance to various malicious attacks. The results show that the proposed protocol satisfies various security properties and resistance to diverse malicious attacks.