A double PUF-based RFID identity authentication protocol in service-centric internet of things environments

Abstract

The rapid development of sensing, automation and communication technologies has led to the proliferation of the Internet of Things (IoT), providing recognized promising opportunities to build complex industrial systems and applications, leveraging the growing ubiquity of Radio Frequency Identification (RFID) and wireless sensor devices. With the pervasiveness of the interconnected systems encompassed with an ever-growing number of RFID-enabled devices being deployed, RFID security is an issue of high concern. As lightweight security encryption primitive, Physical Unclonable Function (PUF) is used to protect the information security of low-cost devices. Unfortunately, they are vulnerable to attacks, so countermeasures should be employed in the design. Aimed at low-cost and security of connected IoT devices to satisfy various security requirements of RFID technology in IoT, a two-stage multiple-choice arbiter (TSMCA)-based PUF in RFID systems is proposed, referred as TSMCA PUF. It is aimed at the design of a double PUF-based bidirectional RFID identity authentication protocol that permits the realization of bidirectional authentication between a server and a tag for the IC authentication in low-cost RFID systems, where the exclusive-OR (XOR) and character padding operations are adopted to generate the response of the PUF; the string-matching method is used in authentication, without exposing the PUF response to the verifier. Evaluation and analysis show that the advantages over conventional schemes include reduced area, higher randomness, and high stability, yet experimental results depict that the proposed protocol is promising resilient against attacks and practical for the deployment of low-cost hardware.