Next Article in Journal
A Flexible Tactile Sensor with Irregular Planar Shape Based on Uniform Electric Field
Previous Article in Journal
Posture-Specific Breathing Detection
Open AccessArticle

IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function”

by Ygal Bendavid 1,*,†, Nasour Bagheri 2,3,†, Masoumeh Safkhani 4,† and Samad Rostampour 1,5,†
1
Department of Management and Technology, Université du Québec à Montréal (UQAM), Montreal, QC H2X 1L7, Canada
2
Electrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran 16788-15811, Iran
3
School of Computer Science, Institute for Research in Fundamental Sciences (IPM), Tehran 19538-33511, Iran
4
Computer Engineering Department, Shahid Rajaee Teacher Training University, Tehran 16788-15811, Iran
5
Department of Computer Engineering, Ahvaz Branch, Islamic Azad University, Ahvaz 61349-37333, Iran
*
Author to whom correspondence should be addressed.
These authors contributed equally to this work.
Sensors 2018, 18(12), 4444; https://doi.org/10.3390/s18124444
Received: 18 October 2018 / Revised: 5 December 2018 / Accepted: 11 December 2018 / Published: 15 December 2018
(This article belongs to the Section Sensor Networks)
With the exponential increase of Internet of things (IoT) connected devices, important security risks are raised as any device could be used as an attack channel. This preoccupation is particularly important with devices featuring limited processing power and memory capabilities for security purposes. In line with this idea, Xu et al. (2018) proposed a lightweight Radio Frequency Identification (RFID) mutual authentication protocol based on Physical Unclonable Function (PUF)—ensuring mutual tag-reader verification and preventing clone attacks. While Xu et al. claim that their security protocol is efficient to protect RFID systems, we found it still vulnerable to a desynchronization attack and to a secret disclosure attack. Hence, guidelines for the improvements to the protocol are also suggested, for instance by changing the structure of the messages to avoid trivial attacks. In addition, we provide an explicit protocol for which our formal and informal security analysis have found no weaknesses. View Full-Text
Keywords: IoT; RFID; security; physical unclonable function; authentication protocol; desynchronization attack IoT; RFID; security; physical unclonable function; authentication protocol; desynchronization attack
Show Figures

Figure 1

MDPI and ACS Style

Bendavid, Y.; Bagheri, N.; Safkhani, M.; Rostampour, S. IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function”. Sensors 2018, 18, 4444.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop