PUF-Based Protocols About Mutual Authentication and Ownership Transfer for RFID Gen2 v2 Systems

Abstract

Radio Frequency Identification (RFID) is used to replace the bar code system. RFID is more powerful than a bar code system, but it suffers from the weakness of wireless communication. Security issues in RFID systems include a tag or reader impersonation, replay attack, eavesdropping, location privacy, forward and backward un-traceability. Appling traditional security mechanism such as MD4, MD5, SHA 256 or AES directly on RFID is impossible due to the hardware limitation of a passive tag. Thus, many studies try to design all new protocols about mutual authentication and ownership transfer on RFID system. Physical unclonable function (PUF) is a new hardware security device that could make their protocols tinier. In order to keep location privacy of tag, most of these works will not use tags unique identification. Instead, they will use a temporary identification once and update it individually each run. However, in this way, their works will suffer from de-synchronization between the tag and reader, if an attacker blocks some messages. In this work, we propose protocols about mutual authentication and ownership transfer with PUF that can significantly alleviate this issue because the de-synchronization attacks will not happen in our mutual authentication protocol. On the other hand, our protocol also can be compatible with the EPC Gen2 v2 standard easily. Besides, our simple and robust methods have better performance.