Providing destructive privacy and scalability in RFID systems using PUFs

Abstract

Internet of Things (IoT) emerges as a global network in which any things (including humans and the real world things) having unique identifier can communicate each other. The RFID system has very important role in the IoT system for solving the identification issues of things cost-effectively. However, RFID systems have serious security and privacy issues. In the literature, there are many proposals that aim to solve to security and privacy issues of RFID systems. The common drawback of these solution is scalability because they generally require a linear search on the back-end database in order to identify a tag. Some proposals use tree structures to store the keys. They reduce the search complexity from O(n) to O(log n). However, these protocols are susceptible to compromising attack in which an adversary compromising one tag can reveal the secrets of other tags. That means tree-based protocols can provide only a weak level of privacy. In this paper, we propose a scalable authentication protocol for RFID systems. Our solution utilizes Physically Unclonable Functions (PUFs) in order to achieve higher level of privacy with constant identification time. It provides destructive privacy according to the Vaudenay’s privacy and security model. It defends against compromising attack by using PUFs as a secure storage to keep secrets of the tag. To the best of our knowledge, it is the first protocol providing such a privacy level with constant identification time.