QR-PUF: Design and Implementation of a RFID-Based Secure Inpatient Management System Using XOR-Arbiter-PUF and QR-Code

Abstract

In recent years, Physical Unclonable Functions (PUFs) have played a major role in providing low-cost physical security for IoT devices such as Radio Frequency Identification (RFID) tags. PUFs take advantage of the physical properties of the device to build unique security primitives that can be used by authentication mechanisms. Meanwhile, the security and convenience of QR codes for device authentication on mobile devices has been widely recognized. The point-to-point communication makes it less vulnerable to interception and analysis by adversaries. In this article, we propose a <i>new</i> RFID-based secure inpatient management system for identifying a legitimate patient. Our proposed system uses an XOR Arbiter PUF to generate a secret key-stream and then uses the key-stream to construct a secure QR code for secure identification. Also, since PUFs are vulnerable to machine learning attacks, we propose a modeling attack resilience obfuscation framework to enhance the security of the proposed protocol. Security analysis of the proposed scheme using ProVerif shows that the scheme is effective against a variety of imperative attacks on RFID devices. To show the applicability of the proposed scheme, we also provide a case study of an inpatient management system in hospitals.