
Research Article
A Secure Lightweight RFID Mutual Authentication Protocol Without Explicit Challenge-Response Pairs
@INPROCEEDINGS{10.1007/978-3-031-17081-2_6, author={Keke Huang and Changlu Lin and Yali Liu}, title={A Secure Lightweight RFID Mutual Authentication Protocol Without Explicit Challenge-Response Pairs}, proceedings={Applied Cryptography in Computer and Communications. Second EAI International Conference, AC3 2022, Virtual Event, May 14-15, 2022, Proceedings}, proceedings_a={AC3}, year={2022}, month={10}, keywords={Radio Frequency Identification (RFID) Configurable Tristate PUF (CT PUF) Verifiable Secret Sharing (VSS) BAN logic Scyther}, doi={10.1007/978-3-031-17081-2_6} }
- Keke Huang
Changlu Lin
Yali Liu
Year: 2022
A Secure Lightweight RFID Mutual Authentication Protocol Without Explicit Challenge-Response Pairs
AC3
Springer
DOI: 10.1007/978-3-031-17081-2_6
Abstract
Radio Frequency Identification (RFID) has been widely deployed to various scenarios, but its security and privacy issues need to be concerned due to the tag’s limited computing and storage resources. While benefiting from the great convenience and advantages of RFID systems, security is still a considerable threat to their applications, such as desynchronization attacks and cloning attacks. In this paper, we propose a secure lightweight mutual authentication protocol based on the configurable tristate physical unclonable functions and the cryptographic primitive of verifiable secret sharing to solve these issues. More specifically, the tag equipped with the configurable tristate physical unclonable functions structure can enhance the tag’s security and effectively resist machine learning modeling attacks. Verifiable secret sharing plays the role of decentralized storage of secrets, and ensures the verifiability of the correctness of the each shares. The verifiability provided by verifiable secret sharing is effective against tag impersonation attacks, and the validity of the each share provided by the tag has to be verified before it is adopted. Finally, the correctness of our protocol is analyzed formally using BAN-logic and the its security is verified informally by the Scyther. In addition, we analyze security properties including data integrity, data confidentiality, anonymity, mutual authentication, forward security and resistance to various malicious attacks. The results show that the proposed protocol satisfies various security properties and resistance to diverse malicious attacks.