On Privacy of PRF+PUF-based Authentication

Tiplea, Ferucio Laurentiu

doi:10.15439/2024F6703

Artykuł - szczegóły

Tytuł artykułu

On Privacy of PRF+PUF-based Authentication

Autorzy

Tiplea Ferucio Laurentiu

Wybrane pełne teksty z tego czasopisma

http://annals-csis.org

Identyfikatory

DOI

10.15439/2024F6703

Warianty tytułu

Konferencja

Federated Conference on Computer Science and Information Systems (19 ; 08-11.09.2024 ; Belgrade, Serbia)

Języki publikacji

Abstrakty

RFID-based authentication plays a crucial role in various fields, such as e-commerce, e-learning, e-business, health-care, cloud, IoT, etc. At the same time, there is growing interest in using physically unclonable functions (PUFs) in RFID tags to protect against key corruption of pseudo-random functions (PRFs). In this paper, we discuss the privacy properties of PRF+PUF-based RFID authentication protocols in Vaudenay's and the Hermans-Pashalidis-Vercauteren-Preneel (HPVP) models, considering two fundamental aspects: using temporary variables that might compromise privacy and using simulatable PUFs, a more realistic approach to ideal PUFs. Finally, we prove that a variant of a recently proposed RFID-based authentication protocol achieves strong privacy in the HPVP model.

Słowa kluczowe

RFID authentication Physically Unclonable Functions (PUFs) privacy Pseudo-Random Functions (PRFs) HPVP model

RFID identyfikatory PUF prywatność funkcja pseudolosowa model HPVP

Wydawca

Polskie Towarzystwo Informatyczne

Czasopismo

Annals of Computer Science and Information Systems

Rocznik

2024

Tom

Vol. 39

Strony

177--185

Opis fizyczny

Bibliogr. 37 poz., tab.

Twórcy

autor

Tiplea Ferucio Laurentiu

ferucio.tiplea@uaic.ro

Faculty of Computer Science “Alexandru Ioan Cuza” University of Iaşi, Iaşi, Romania

https://orcid.org/0000-0001-6143-3641

Bibliografia

1. U. Rührmair and M. van Dijk, “PUFs in security protocols: Attack models and security evaluations,” in 2013 IEEE Symposium on Security and Privacy, 2013, pp. 286–300.
2. W. Xie, L. Xie, C. Zhang, Q. Zhang, and C. Tang, “Cloud-based RFID authentication,” in 2013 IEEE International Conference on RFID (RFID), 2013, pp. 168–175.
3. Z. Zhao, “A secure RFID authentication protocol for healthcare environments using elliptic curve cryptosystem,” J. Medical Syst., vol. 38, no. 5, p. 46, 2014.
4. C. Jin, C. Xu, X. Zhang, and J. Zhao, “A secure RFID mutual authentication protocol for healthcare environments using elliptic curve cryptography,” J. Medical Syst., vol. 39, no. 3, p. 24, 2015.
5. H. Xiao, A. A. Alshehri, and B. Christianson, “A cloud-based RFID authentication protocol with insecure communication channels,” in 2016 IEEE Trustcom/BigDataSE/ISPA, 2016, pp. 332–339.
6. H. Xu, J. Ding, P. Li, F. Zhu, and R. Wang, “A lightweight RFID mutual authentication protocol based on physical unclonable function,” Sensors, vol. 18, no. 3, 2018.
7. M. Safkhani, Y. Bendavid, S. Rostampour, and N. Bagheri, “On designing lightweight RFID security protocols for medical IoT,” Cryptology ePrint Archive, Paper 2019/851, 2019.
8. W. Liang, S. Xie, J. Long, K.-C. Li, D. Zhang, and K. Li, “A double PUF-based RFID identity authentication protocol in service-centric internet of things environments,” Information Sciences, vol. 503, pp. 129–147, 2019. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0020025519305857
9. F. Zhu, P. Li, H. Xu, and R. Wang, “A lightweight RFID mutual authentication protocol with PUF,” Sensors, vol. 19, no. 13, 2019. [Online]. Available: https://www.mdpi.com/1424-8220/19/13/2957
10. K. Fan, Q. Luo, K. Zhang, and Y. Yang, “Cloud-based lightweight secure RFID mutual authentication protocol in IoT,” Information Sciences, vol. 527, pp. 329–340, 2020.
11. L. Xiao, H. Xu, F. Zhu, R. Wang, and P. Li, “SKINNY-based RFID lightweight authentication protocol,” Sensors, vol. 20, no. 5, 2020. [Online]. Available: https://www.mdpi.com/1424-8220/20/5/1366
12. F. Zhu, P. Li, H. Xu, and R. Wang, “A novel lightweight authentication scheme for RFID-based healthcare systems,” Sensors, vol. 20, no. 17, 2020. [Online]. Available: https://www.mdpi.com/1424-8220/20/17/4846
13. P. Gope and B. Sikdar, “A comparative study of design paradigms for PUF-based security protocols for iot devices: Current progress, challenges, and future expectation,” Computer, vol. 54, no. 11, pp. 36–46, 2021.
14. M. Shariq, K. Singh, M. Y. Bajuri, A. A. Pantelous, A. Ahmadian, and M. Salimi, “A secure and reliable RFID authentication protocol using digital Schnorr cryptosystem for IoT-enabled healthcare in COVID-19 scenario,” Sustainable Cities and Society, vol. 75, p. 103354, 2021.
15. V. Kumar, R. Kumar, S. Jangirala, S. Kumari, S. Kumar, and C.-M. Chen, “An enhanced RFID-based authentication protocol using PUF for vehicular cloud computing,” Security and Communication Networks, 2022. [Online]. Available: https://api.semanticscholar.org/CorpusID:251239918
16. M. Adeli, N. Bagheri, S. Sadeghi, and S. Kumari, “χperbp: a cloudbased lightweight mutual authentication protocol,” Peer Peer Netw. Appl., vol. 16, no. 4, pp. 1785–1802, 2023.
17. A. Kumar, K. Singh, M. Shariq, C. Lal, M. Conti, R. Amin, and S. A. Chaudhry, “An efficient and reliable ultralightweight RFID authentication scheme for healthcare systems,” Computer Communications, vol. 205, pp. 147–157, 2023. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0140366423001329
18. Y. Wang, R. Liu, T. Gao, F. Shu, X. Lei, G. Gui, and J. Wang, “A novel RFID authentication protocol based on a block-order-modulus variable matrix encryption algorithm,” 2023.
19. S. Vaudenay, “On privacy models for RFID,” in Proceedings of the Advances in Crypotology 13th International Conference on Theory and Application of Cryptology and Information Security, ser. ASIACRYPT’07. Berlin, Heidelberg: Springer-Verlag, 2007, pp. 68–87.
20. J. Hermans, F. Pashalidis, Andreasand Vercauteren, and B. Preneel, “A new RFID privacy model,” in Computer Security – ESORICS 2011, V. Atluri and C. Diaz, Eds. Berlin, Heidelberg: Springer Verlag, 2011, pp. 568–587.
21. J. Hermans, R. Peeters, and B. Preneel, “Proper RFID privacy: Model and protocols,” IEEE Transactions on Mobile Computing, vol. 13, no. 12, pp. 2888–2902, Dec 2014.
22. F. Armknecht, A.-R. Sadeghi, I. Visconti, and C. Wachsmann, “On RFID privacy with mutual authentication and tag corruption,” in Proceedings of the 8th International Conference on Applied Cryptography and Network Security, ser. ACNS’10. Berlin, Heidelberg: Springer-Verlag, 2010, pp. 493–510.
23. Y. Gao, M. van Dijk, L. Xu, W. Yang, S. Nepal, and D. C. Ranasinghe, “TREVERSE: TRial-and-Error lightweight secure ReVERSE authentication with simulatable PUFs,” IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 1, pp. 419–437, 2022.
24. J. Katz and Y. Lindell, Introduction to Modern Cryptography, 3rd ed. Chapman & Hall/CRC, 2020.
25. M. Sipser, Introduction to the Theory of Computation. Cengage Learning, 2012.
26. F. L. Ţiplea and C. Hristea, “Privacy and reader-first authentication in Vaudenay’s RFID model with temporary state disclosure,” Cryptology ePrint Archive, Report 2019/113, 2019, https://eprint.iacr.org/2019/113.
27. F. L. Ţiplea and C. Hristea, “PUF protected variables: A solution to RFID security and privacy under corruption with temporary state disclosure,” IEEE Transactions on Information Forensics and Security, vol. 16, pp. 999–1013, 2021.
28. F. L. Ţiplea, C. Andriesei, and C. Hristea, “Security and privacy of PUF-based RFID systems,” in Cryptography - Recent Advances and Future Developments. IntechOpen, 2021, iSBN 978-1-83962-566-4.
29. F. L. Ţiplea, “Lessons to be learned for a good design of private RFID schemes,” IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 4, pp. 2384–2395, 2022.
30. F. L. Ţiplea, “Narrow privacy and desynchronization in Vaudenay’s RFID model,” International Journal of Information Security, vol. 22, pp. 563–575, June 2022.
31. F. L. Ţiplea, C. Hristea, and R. Bulai, “Privacy and reader-first authentication in Vaudenay’s RFID model with temporary state disclosure,” Comput. Sci. J. Moldova, vol. 30, no. 3, pp. 335–359, 2022.
32. J. Delvaux, “Security analysis of PUF-based key generation and entity authentication,” 2017.
33. A.-R. Sadeghi, I. Visconti, and C. Wachsmann, “PUF-enhanced RFID security and privacy,” in Workshop on secure component and system identification (SECSI), vol. 110, 2010.
34. A.-R. Sadeghi, I. Visconti, and C. Wachsmann, Enhancing RFID Security and Privacy by Physically Unclonable Functions. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010, pp. 281–305.
35. C. Hristea and F. L. Ţiplea, “Destructive privacy and mutual authentication in Vaudenay’s RFID model,” Cryptology ePrint Archive, Report 2019/073, 2019.
36. F. L. Ţiplea, “On privacy of RFID-based authentication protocols,” in Proceedings of the 21st International Conference on Security and Cryptography - SECRYPT, INSTICC. SciTePress, 2024, pp. 128–139.
37. F. L. T , iplea, “Security and privacy requirements for RFID schemes in healthcare: Case studies, solutions, and challenges,” Procedia Computer Science, 2024, 28th International Conference on Knowledge Based and Intelligent Information and Engineering Sytems (KES 2024).

Uwagi

1. Main Track: Regular Papers

2. Opracowanie rekordu ze środków MNiSW, umowa nr POPUL/SP/0154/2024/02 w ramach programu "Społeczna odpowiedzialność nauki II" - moduł: Popularyzacja nauki (2025).

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-dbce1b34-dc34-4662-b502-870561e91da7