IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function”

With the exponential increase of Internet of things (IoT) connected devices, important security risks are raised as any device could be used as an attack channel. This preoccupation is particularly important with devices featuring limited processing power and memory capabilities for security purpose...

Full description

Bibliographic Details
Main Authors: Ygal Bendavid, Nasour Bagheri, Masoumeh Safkhani, Samad Rostampour
Format: Article
Language:English
Published: MDPI AG 2018-12-01
Series:Sensors
Subjects:
IoT
Online Access:https://www.mdpi.com/1424-8220/18/12/4444
id doaj-818f8e5cafce42c7a14f0226f2d77a47
record_format Article
spelling doaj-818f8e5cafce42c7a14f0226f2d77a472020-11-25T00:20:27ZengMDPI AGSensors1424-82202018-12-011812444410.3390/s18124444s18124444IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function”Ygal Bendavid0Nasour Bagheri1Masoumeh Safkhani2Samad Rostampour3Department of Management and Technology, Université du Québec à Montréal (UQAM), Montreal, QC H2X 1L7, CanadaElectrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran 16788-15811, IranComputer Engineering Department, Shahid Rajaee Teacher Training University, Tehran 16788-15811, IranDepartment of Management and Technology, Université du Québec à Montréal (UQAM), Montreal, QC H2X 1L7, CanadaWith the exponential increase of Internet of things (IoT) connected devices, important security risks are raised as any device could be used as an attack channel. This preoccupation is particularly important with devices featuring limited processing power and memory capabilities for security purposes. In line with this idea, Xu et al. (2018) proposed a lightweight Radio Frequency Identification (RFID) mutual authentication protocol based on Physical Unclonable Function (PUF)—ensuring mutual tag-reader verification and preventing clone attacks. While Xu et al. claim that their security protocol is efficient to protect RFID systems, we found it still vulnerable to a desynchronization attack and to a secret disclosure attack. Hence, guidelines for the improvements to the protocol are also suggested, for instance by changing the structure of the messages to avoid trivial attacks. In addition, we provide an explicit protocol for which our formal and informal security analysis have found no weaknesses.https://www.mdpi.com/1424-8220/18/12/4444IoTRFIDsecurityphysical unclonable functionauthentication protocoldesynchronization attack
collection DOAJ
language English
format Article
sources DOAJ
author Ygal Bendavid
Nasour Bagheri
Masoumeh Safkhani
Samad Rostampour
spellingShingle Ygal Bendavid
Nasour Bagheri
Masoumeh Safkhani
Samad Rostampour
IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function”
Sensors
IoT
RFID
security
physical unclonable function
authentication protocol
desynchronization attack
author_facet Ygal Bendavid
Nasour Bagheri
Masoumeh Safkhani
Samad Rostampour
author_sort Ygal Bendavid
title IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function”
title_short IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function”
title_full IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function”
title_fullStr IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function”
title_full_unstemmed IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function”
title_sort iot device security: challenging “a lightweight rfid mutual authentication protocol based on physical unclonable function”
publisher MDPI AG
series Sensors
issn 1424-8220
publishDate 2018-12-01
description With the exponential increase of Internet of things (IoT) connected devices, important security risks are raised as any device could be used as an attack channel. This preoccupation is particularly important with devices featuring limited processing power and memory capabilities for security purposes. In line with this idea, Xu et al. (2018) proposed a lightweight Radio Frequency Identification (RFID) mutual authentication protocol based on Physical Unclonable Function (PUF)—ensuring mutual tag-reader verification and preventing clone attacks. While Xu et al. claim that their security protocol is efficient to protect RFID systems, we found it still vulnerable to a desynchronization attack and to a secret disclosure attack. Hence, guidelines for the improvements to the protocol are also suggested, for instance by changing the structure of the messages to avoid trivial attacks. In addition, we provide an explicit protocol for which our formal and informal security analysis have found no weaknesses.
topic IoT
RFID
security
physical unclonable function
authentication protocol
desynchronization attack
url https://www.mdpi.com/1424-8220/18/12/4444
work_keys_str_mv AT ygalbendavid iotdevicesecuritychallengingalightweightrfidmutualauthenticationprotocolbasedonphysicalunclonablefunction
AT nasourbagheri iotdevicesecuritychallengingalightweightrfidmutualauthenticationprotocolbasedonphysicalunclonablefunction
AT masoumehsafkhani iotdevicesecuritychallengingalightweightrfidmutualauthenticationprotocolbasedonphysicalunclonablefunction
AT samadrostampour iotdevicesecuritychallengingalightweightrfidmutualauthenticationprotocolbasedonphysicalunclonablefunction
_version_ 1725367578428178432