Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Reverse fuzzy extractors: Enabling lightweight mutual authentication for PUF-enabled RFIDs

 
: Herrewege, A. van; Katzenbeisser, S.; Maes, R.; Peeters, R.; Sadeghi, A.-R.; Verbauwhede, I.; Wachsmann, C.

:

Keromytis, A.D.:
Financial cryptography and data security : 16th international conference, FC 2012, Kralendijk, Bonaire, Februray 27 - March 2, 2012. Revised selected papers
Heidelberg: Springer, 2012 (Lecture Notes in Computer Science 7397)
ISBN: 3-642-32945-4 (print)
ISBN: 978-3-642-32945-6 (print)
ISBN: 978-3-642-32946-3 (online)
S.374-389
International Conference on Financial Cryptography and Data Security (FC) <16, 2012, Kralendijk, Bonaire>
Englisch
Konferenzbeitrag
Fraunhofer SIT ()

Abstract
RFID-based tokens are increasingly used in electronic payment and ticketing systems for mutual authentication of tickets and terminals. These systems typically use cost-effective tokens without expensive hardware protection mechanisms and are exposed to hardware attacks that copy and maliciously modify tokens. Physically Unclonable Functions (PUFs) are a promising technology to protect against such attacks by binding security critical data to the physical characteristics of the underlying hardware. However, existing PUF-based authentication schemes for RFID do not support mutual authentication, are often vulnerable to emulation and denial-of service attacks, and allow only for a limited number of authentications. In this paper, we present a new PUF-based authentication scheme that overcomes these drawbacks: it supports PUF-based mutual authentication between tokens and readers, is resistant to emulation attacks, and supports an unlimited number of authentications withou t requiring the reader to store a large number of PUF challenge/response pairs. In this context, we introduce reverse fuzzy extractors, a new approach to correct noise in PUF responses that allows for extremely lightweight implementations on the token. Our proof-of-concept implementation shows that our scheme is suitable for resource-constrained devices.

: http://publica.fraunhofer.de/dokumente/N-264057.html