IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function”
With the exponential increase of Internet of things (IoT) connected devices, important security risks are raised as any device could be used as an attack channel. This preoccupation is particularly important with devices featuring limited processing power and memory capabilities for security purpose...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2018-12-01
|
Series: | Sensors |
Subjects: | |
Online Access: | https://www.mdpi.com/1424-8220/18/12/4444 |
id |
doaj-818f8e5cafce42c7a14f0226f2d77a47 |
---|---|
record_format |
Article |
spelling |
doaj-818f8e5cafce42c7a14f0226f2d77a472020-11-25T00:20:27ZengMDPI AGSensors1424-82202018-12-011812444410.3390/s18124444s18124444IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function”Ygal Bendavid0Nasour Bagheri1Masoumeh Safkhani2Samad Rostampour3Department of Management and Technology, Université du Québec à Montréal (UQAM), Montreal, QC H2X 1L7, CanadaElectrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran 16788-15811, IranComputer Engineering Department, Shahid Rajaee Teacher Training University, Tehran 16788-15811, IranDepartment of Management and Technology, Université du Québec à Montréal (UQAM), Montreal, QC H2X 1L7, CanadaWith the exponential increase of Internet of things (IoT) connected devices, important security risks are raised as any device could be used as an attack channel. This preoccupation is particularly important with devices featuring limited processing power and memory capabilities for security purposes. In line with this idea, Xu et al. (2018) proposed a lightweight Radio Frequency Identification (RFID) mutual authentication protocol based on Physical Unclonable Function (PUF)—ensuring mutual tag-reader verification and preventing clone attacks. While Xu et al. claim that their security protocol is efficient to protect RFID systems, we found it still vulnerable to a desynchronization attack and to a secret disclosure attack. Hence, guidelines for the improvements to the protocol are also suggested, for instance by changing the structure of the messages to avoid trivial attacks. In addition, we provide an explicit protocol for which our formal and informal security analysis have found no weaknesses.https://www.mdpi.com/1424-8220/18/12/4444IoTRFIDsecurityphysical unclonable functionauthentication protocoldesynchronization attack |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Ygal Bendavid Nasour Bagheri Masoumeh Safkhani Samad Rostampour |
spellingShingle |
Ygal Bendavid Nasour Bagheri Masoumeh Safkhani Samad Rostampour IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function” Sensors IoT RFID security physical unclonable function authentication protocol desynchronization attack |
author_facet |
Ygal Bendavid Nasour Bagheri Masoumeh Safkhani Samad Rostampour |
author_sort |
Ygal Bendavid |
title |
IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function” |
title_short |
IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function” |
title_full |
IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function” |
title_fullStr |
IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function” |
title_full_unstemmed |
IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function” |
title_sort |
iot device security: challenging “a lightweight rfid mutual authentication protocol based on physical unclonable function” |
publisher |
MDPI AG |
series |
Sensors |
issn |
1424-8220 |
publishDate |
2018-12-01 |
description |
With the exponential increase of Internet of things (IoT) connected devices, important security risks are raised as any device could be used as an attack channel. This preoccupation is particularly important with devices featuring limited processing power and memory capabilities for security purposes. In line with this idea, Xu et al. (2018) proposed a lightweight Radio Frequency Identification (RFID) mutual authentication protocol based on Physical Unclonable Function (PUF)—ensuring mutual tag-reader verification and preventing clone attacks. While Xu et al. claim that their security protocol is efficient to protect RFID systems, we found it still vulnerable to a desynchronization attack and to a secret disclosure attack. Hence, guidelines for the improvements to the protocol are also suggested, for instance by changing the structure of the messages to avoid trivial attacks. In addition, we provide an explicit protocol for which our formal and informal security analysis have found no weaknesses. |
topic |
IoT RFID security physical unclonable function authentication protocol desynchronization attack |
url |
https://www.mdpi.com/1424-8220/18/12/4444 |
work_keys_str_mv |
AT ygalbendavid iotdevicesecuritychallengingalightweightrfidmutualauthenticationprotocolbasedonphysicalunclonablefunction AT nasourbagheri iotdevicesecuritychallengingalightweightrfidmutualauthenticationprotocolbasedonphysicalunclonablefunction AT masoumehsafkhani iotdevicesecuritychallengingalightweightrfidmutualauthenticationprotocolbasedonphysicalunclonablefunction AT samadrostampour iotdevicesecuritychallengingalightweightrfidmutualauthenticationprotocolbasedonphysicalunclonablefunction |
_version_ |
1725367578428178432 |