Desynchronization-resistant anonymous authentication protocol for RFID systems utilizing physically unclonable functions

Authors/Creators

Fazal Muhammad
Akhtar Badshah
Xin Ai
Muhammad Waqas, Edith Cowan UniversityFollow
Jalal Khan
Athanasios V. Vasilakos
Houbing Song

Abstract

Radio frequency identification (RFID) systems are an indispensable part of many critical Internet of Things (IoT) applications, including supply chain management and access control. Ensuring strong security in these systems is critical to safeguarding sensitive information and protecting user privacy. In recent years, in order to meet the diversified security needs of RFID systems, authentication and key protocols based on physical unclonable functions (PUFs) have received wide attention. Nevertheless, existing protocols typically require RFID tags to pre-store an excessive number of secret credentials and impose considerable computational and communication overheads, which prove challenging for resource-constrained RFID tag. Additionally, certain lightweight protocols fall short of achieving their intended security and functional objectives, exhibiting insufficient anonymity and untraceability, and vulnerability to desynchronization attacks. To address these critical challenges, this paper first proposes a lightweight anonymous authentication and key agreement protocol designed for an ideal PUF environment. The proposed protocol integrates the arbiter PUF with cryptographic hash functions, providing robust resistance to potential attacks while minimizing system overhead. Subsequently, an enhanced protocol specifically tailored for noisy PUF scenarios is presented. This protocol employs a fuzzy extractor to reliably derive stable keys from noisy PUF responses, thereby mitigating the instability caused by inherent noise. Through comprehensive security analysis and formal verification, as well as performance evaluations compared with existing state-of-the-art protocols, both protocols are demonstrated to overcome the limitations of prior protocols and provide efficient and practically feasible solutions well suited for resource-constrained RFID environments.

Document Type

Journal Article

Date of Publication

1-1-2025

Publication Title

IEEE Internet of Things Journal

Publisher

IEEE

School

School of Engineering

Comments

Muhammad, F., Badshah, A., Ai, X., Waqas, M., Khan, J., Vasilakos, A. V., & Song, H. (2025). Desynchronization-resistant anonymous authentication protocol for RFID systems utilizing physically unclonable functions. IEEE Internet of Things Journal. Advance online publication. https://doi.org/10.1109/JIOT.2025.3645565

Copyright

subscription content