k-strong privacy for radio frequency identification authentication protocols based on physically unclonable functions

This paper examines Vaudenay's privacy model, which is one of the first and most complete privacy models that featured the notion of different privacy classes. We enhance this model by introducing two new generic adversary classes, k‐strong and k‐forward adversaries where the adversary is allowed to corrupt a tag at most k times. Moreover, we introduce an extended privacy definition that also covers all privacy classes of Vaudenay's model. In order to achieve highest privacy level, we study low cost primitives such as physically unclonable functions (PUFs). The common assumption of PUFs is that their physical structure is destroyed once tampered. This is an ideal assumption because the tamper resistance depends on the ability of the attacker and the quality of the PUF circuits. In this paper, we have weakened this assumption by introducing a new definition k‐resistant PUFs. k‐PUFs are tamper resistant against at most k attacks; that is, their physical structure remains still functional and correct until at most kth physical attack. Furthermore, we prove that strong privacy can be achieved without public‐key cryptography using k PUF‐based authentication. We finally prove that our extended proposal achieves both reader authentication and k‐strong privacy. Copyright © 2014 John Wiley & Sons, Ltd. We enhance Vaudenay's privacy model by introducing two new adversary classes, k‐strong and k‐forward adversaries where it is possible to corrupt a tag at most k times. The common assumption of physically unclonable functions (PUFs) is that PUFs are destroyed once tampered. In this paper, we weaken this assumption by introducing a new definition k‐resistant PUFs. k‐Resistant PUFs are tamper resistant against number of k attacks. We prove that strong privacy can be achieved without public‐key cryptography using k‐PUF‐based authentication.