{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T19:50:53Z","timestamp":1775073053158,"version":"3.50.1"},"reference-count":54,"publisher":"MDPI AG","issue":"13","license":[{"start":{"date-parts":[[2019,7,4]],"date-time":"2019-07-04T00:00:00Z","timestamp":1562198400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National Key R&D Program of China","award":["2018YFB1003201"],"award-info":[{"award-number":["2018YFB1003201"]}]},{"DOI":"10.13039\/501100005374","name":"Nanjing University of Posts and Telecommunications","doi-asserted-by":"publisher","award":["NY216016"],"award-info":[{"award-number":["NY216016"]}],"id":[{"id":"10.13039\/501100005374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["No. 61572260, No. 61602261, No. 61672296, and No. 61872196"],"award-info":[{"award-number":["No. 61572260, No. 61602261, No. 61672296, and No. 61872196"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Major Natural Science Research Projects in Colleges and Universities of Jiangsu Province","award":["18KJA520008"],"award-info":[{"award-number":["18KJA520008"]}]},{"name":"CERNET Innovation Project","award":["NGII20180605"],"award-info":[{"award-number":["NGII20180605"]}]},{"DOI":"10.13039\/501100004608","name":"Jiangsu Natural Science Foundation","doi-asserted-by":"publisher","award":["BK20160089"],"award-info":[{"award-number":["BK20160089"]}],"id":[{"id":"10.13039\/501100004608","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"Radio frequency identification is one of the key techniques for Internet of Things, which has been widely adopted in many applications for identification. However, there exist various security and privacy issues in radio frequency identification (RFID) systems. Particularly, one of the most serious threats is to clone tags for the goal of counterfeiting goods, which causes great loss and danger to customers. To solve these issues, lots of authentication protocols are proposed based on physical unclonable functions that can ensure an anti-counterfeiting feature. However, most of the existing schemes require secret parameters to be stored in tags, which are vulnerable to physical attacks that can further lead to the breach of forward secrecy. Furthermore, as far as we know, none of the existing schemes are able to solve the security and privacy problems with good scalability. Since many existing schemes rely on exhaustive searches of the backend server to validate a tag and they are not scalable for applications with a large scale database. Hence, in this paper, we propose a lightweight RFID mutual authentication protocol with physically unclonable functions (PUFs). The performance analysis shows that our proposed scheme can ensure security and privacy efficiently in a scalable way.<\/jats:p>","DOI":"10.3390\/s19132957","type":"journal-article","created":{"date-parts":[[2019,7,4]],"date-time":"2019-07-04T11:13:18Z","timestamp":1562238798000},"page":"2957","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":30,"title":["A Lightweight RFID Mutual Authentication Protocol with PUF"],"prefix":"10.3390","volume":"19","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7129-1082","authenticated-orcid":false,"given":"Feng","family":"Zhu","sequence":"first","affiliation":[{"name":"School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China"},{"name":"Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks, Nanjing 210003, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5026-5347","authenticated-orcid":false,"given":"Peng","family":"Li","sequence":"additional","affiliation":[{"name":"School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China"},{"name":"Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks, Nanjing 210003, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2809-2237","authenticated-orcid":false,"given":"He","family":"Xu","sequence":"additional","affiliation":[{"name":"School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China"},{"name":"Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks, Nanjing 210003, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ruchuan","family":"Wang","sequence":"additional","affiliation":[{"name":"School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China"},{"name":"Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks, Nanjing 210003, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2019,7,4]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"2787","DOI":"10.1016\/j.comnet.2010.05.010","article-title":"The Internet of Things: A survey","volume":"54","author":"Atzori","year":"2010","journal-title":"Comput. Netw."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"1546","DOI":"10.1109\/JPROC.2010.2053871","article-title":"RFID\u2014A Unique Radio Innovation for the 21st Century","volume":"98","author":"Gadh","year":"2010","journal-title":"Proc. IEEE"},{"key":"ref_3","unstructured":"EPC (2019, April 20). Global Gen2 Specification. Available online: https:\/\/www.gs1.org\/sites\/default\/files\/docs\/epc\/uhfc1g2_2_0_0_standard_20131101.pdf."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"1052","DOI":"10.1109\/TMC.2008.175","article-title":"A Gen2-Based RFID Authentication Protocol for Security and Privacy","volume":"8","author":"Sun","year":"2009","journal-title":"IEEE Trans. Mob. Comput."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Karda\u015f, S., Kiraz, M.S., Bing\u00f6l, M.A., and Demirci, H. (2011, January 26\u201328). A Novel RFID Distance Bounding Protocol Based on Physically Unclonable Functions. Proceedings of the International Workshop on Radio Frequency Identification: Security and Privacy Issues, Amherst, MA, USA.","DOI":"10.1007\/978-3-642-25286-0_6"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1007\/s10207-014-0236-y","article-title":"Implementing Public-key Cryptography on Passive RFID Tags is Practical","volume":"14","author":"Arbit","year":"2015","journal-title":"Int. J. Inf. Secur."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"333","DOI":"10.1007\/978-3-642-54568-9_21","article-title":"Lightweight Cryptography for Embedded Systems\u2014A Comparative Analysis","volume":"Volume 8247","author":"Lioudakis","year":"2014","journal-title":"Data Privacy Management and Autonomous Spontaneous Security"},{"key":"ref_8","unstructured":"Guo, J., Peyrin, T., and Poschmann, A. (2011, January 14\u201318). The PHOTON Family of Lightweight Hash Functions. Proceedings of the 31st Annual Cryptology Conference, Santa Barbara, CA, USA."},{"key":"ref_9","unstructured":"Bogdanov, A., Kne\u017eevi\u0107, M., Leander, G., Toz, D., Var\u0131c\u0131, K., and Verbauwhede, I. (October, January 28). SPONGENT: A Lightweight Hash Function. Proceedings of the 13th International Workshop on Cryptographic Hardware and Embedded Systems, Nara, Japan."},{"key":"ref_10","unstructured":"Juels, A., and Weis, S.A. (2005, January 14\u201318). Authenticating Pervasive Devices with Human Protocols. Proceedings of the 25th International Cryptology Conference, Santa Barbara, CA, USA."},{"key":"ref_11","unstructured":"Bringer, J., Chabanne, H., and Dottax, E. (2006, January 29\u201329). HB++: A Lightweight Authentication Protocol Secure against Some Attacks. Proceedings of the 2nd International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, Lyon, France."},{"key":"ref_12","unstructured":"Piramuthu, S. (2006, January 9\u201310). HB and Related Lightweight Authentication Protocols for Se-cure RFID Tag\/Reader Authentication Title. Proceedings of the Collaborative Elelctronic Commerce Technology and Research Europe 2006, Basel, Switzerland."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Peris-Lopez, P., Hernandez-Castro, J.C., Est\u00e9vez-Tapiador, J.M., and Ribagorda, A. (2006, January 12\u201314). LMAP: A Real Lightweight Mutual Authentication Protocol for Low-cost RFID Tags. Proceedings of the 2nd Workshop on RFID Security, Graz, Austria.","DOI":"10.1007\/11833529_93"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., and Ribagorda, A. (2006, January 3\u20136). M2AP: A Minimalist Mutual-authentication Protocol for Low-cost RFID Tags. Proceedings of the 3rd International Conference on Ubiquitous Intelligence and Computing, Wuhan, China.","DOI":"10.1007\/11833529_93"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Li, T. (2008, January 21\u201324). Employing Lightweight Primitives on Low-Cost RFID Tags for Authentication. Proceedings of the IEEE 68th Vehicular Technology Conference, Calgary, BC, Canada.","DOI":"10.1109\/VETECF.2008.290"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"1169","DOI":"10.1049\/el:20052622","article-title":"Active Attack against HB+: A Provably Secure Lightweight Authentication Protocol","volume":"41","author":"Gilbert","year":"2005","journal-title":"Electron. Lett."},{"key":"ref_17","unstructured":"Ouafi, K., Overbeck, R., and Vaudenay, S. (2008, January 7\u201311). On the Security of HB# against A Man-in-the-middle Attack. Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia."},{"key":"ref_18","unstructured":"Safkhani, M., Bagheri, N., Naderi, M., and Sanadhya, S.K. (2011, January 11\u201314). Security Analysis of LMAP++, an RFID Authentication Protocol. Proceedings of the 2011 International Conference for Internet Technology and Secured Transactions, Abu Dhabi, United Arab Emirites."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Wang, S.H., and Zhang, W.W. (2011, January 10\u201312). Passive Attack on RFID LMAP++ Authentication Protocol. Proceedings of the 10th International Conference on Cryptology and Network Security, Sanya, China.","DOI":"10.1007\/978-3-642-25513-7_14"},{"key":"ref_20","first-page":"1458","article-title":"Efficient Passive Full-disclosure Attack on RFID Light-weight Authentication Protocols LMAP++ and SUAP","volume":"10","author":"Wang","year":"2012","journal-title":"Telkomnika"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"337","DOI":"10.1109\/TDSC.2007.70226","article-title":"SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity","volume":"4","author":"Chien","year":"2007","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"73","DOI":"10.1109\/TDSC.2008.32","article-title":"Security Analysis of the SASI Protocol","volume":"6","author":"Cao","year":"2009","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"316","DOI":"10.1109\/TDSC.2008.33","article-title":"Cryptanalysis of A New Ultralightweight RFID Authentication Protocol\u2014SASI","volume":"6","author":"Phan","year":"2009","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"315","DOI":"10.1109\/TDSC.2009.26","article-title":"On the Security of Chien\u2019s Ultralightweight RFID Authentication Protocol","volume":"8","author":"Sun","year":"2011","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Peris-Lopez, P., Hernandez-Castro, J.C., Tapiador, J.M., and Ribagorda, A. (2008, January 23\u201325). Advances in Ultralightweight Cryptography for Low-cost RFID Tags: Gossamer Protocol. Proceedings of the 9th International Workshop on Information Security Applications, Jeju Island, Korea.","DOI":"10.1007\/978-3-642-00306-6_5"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Bilal, Z., Masood, A., and Kausar, F. (2009, January 19\u201321). Security Analysis of Ultra-Lightweight Cryptographic Protocol for Low-cost RFID Tags: Gossamer Protocol. Proceedings of the 2009 International Conference on Network-Based Information Systems, Indianapolis, IN, USA.","DOI":"10.1109\/NBiS.2009.9"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"368","DOI":"10.1007\/s12083-016-0443-6","article-title":"An Ultra-lightweight RFID Authentication Scheme for Mobile Commerce","volume":"10","author":"Fan","year":"2017","journal-title":"Peer Peer Netw. Appl."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"3837","DOI":"10.1002\/dac.3837","article-title":"Security Analysis of an Ultra-lightweight RFID Authentication Protocol for M-commerce","volume":"32","author":"Aghili","year":"2019","journal-title":"Int. J. Commun. Syst."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"2026","DOI":"10.1126\/science.1074376","article-title":"Physical One-way Functions","volume":"297","author":"Pappu","year":"2002","journal-title":"Science"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Gassend, B., Clarke, D., Van Dijk, M., and Devadas, S. (2002, January 18\u201322). Silicon Physical Random Functions. Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, DC, USA.","DOI":"10.1145\/586110.586132"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1016\/j.mcm.2012.06.033","article-title":"A Novel Smart Card and Dynamic ID based Remote User Authentication Scheme for Multi-Server Environments","volume":"58","author":"Li","year":"2013","journal-title":"Math. Comput. Model."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"175","DOI":"10.1007\/s11277-014-2002-x","article-title":"An Enhancement of a Smart Card Authentication Scheme for Multi-Server Architecture","volume":"80","author":"Li","year":"2015","journal-title":"Wirel. Pers. Commun."},{"key":"ref_33","unstructured":"Maiti, A., Gunreddy, V., and Schaumont, P. A Systematic Method to Evaluate and Compare the Performance of Physical Unclonable Functions. Proceedings of the Embedded Systems Design with FPGAs."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"R\u00fchrmair, U., and Holcomb, D.E. (2014, January 24\u201328). PUFs at a Glance. Proceedings of the Design, Automation and Test in Europe, Dresden, Germany.","DOI":"10.7873\/DATE2014.360"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Gao, Y., Li, G., Ma, H., Al-Sarawi, S.F., Kavehei, O., Abbott, D., and Ranasinghe, D.C. (2016, January 14\u201318). Obfuscated Challenge-response: A Secure Lightweight Authentication Mechanism for PUF-based Pervasive Devices. Proceedings of the 2016 IEEE International Conference on Pervasive Computing and Communication Workshops, Sydney, Australia.","DOI":"10.1109\/PERCOMW.2016.7457162"},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"1126","DOI":"10.1109\/JPROC.2014.2320516","article-title":"Physical Unclonable Functions and Applications: A Tutorial","volume":"102","author":"Herder","year":"2014","journal-title":"Proc. IEEE"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Devadas, S., Suh, E., Paral, S., Sowell, R., Ziola, T., and Khandelwal, V. (2008, January 16\u201317). Design and Implementation of PUF-Based \u201cUnclonable\u201d RFID ICs for Anti-Counterfeiting and Security Applications. Proceedings of the 2008 IEEE International Conference of RFID, Las Vegas, NV, USA.","DOI":"10.1109\/RFID.2008.4519377"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Jiang, D., and Chong, C.N. (2008, January 20\u201323). Anti-counterfeiting Using Phosphor PUF. Proceedings of the 2nd International Conference on Anti-counterfeiting, Security and Identification, Guiyang, China.","DOI":"10.1109\/IWASID.2008.4688338"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Kulseng, L., Yu, Z., Wei, Y., and Guan, Y. (2009, January 22\u201326). Lightweight Secure Search Protocols for Low-cost RFID Systems. Proceedings of the 29th International Conference on Distributed Computing Systems, Montreal, QC, Canada.","DOI":"10.1109\/ICDCS.2009.12"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1016\/j.adhoc.2015.02.001","article-title":"Providing Destructive Privacy and Scalability in RFID Systems using PUFs","volume":"32","author":"Akgun","year":"2015","journal-title":"Ad Hoc Netw."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Aysu, A., Gulcan, E., Moriyama, D., Schaumont, P., and Yung, M. (2015, January 13\u201316). End-to-end Design of a PUF-based Privacy Preserving Authentication Protocol. Proceedings of the 17th International Conference of Cryptographic Hardware and Embedded Systems, Saint-Malo, France.","DOI":"10.1007\/978-3-662-48324-4_28"},{"key":"ref_42","unstructured":"Huth, C., Aysu, A., Guajardo, J., Duplys, P., and G\u00fcneysu, T. (December, January 30). Secure and Private, yet Lightweight, Authentication for the IoT via PUF and CBKA. Proceedings of the 19th International Conference on Information Security and Cryptology, Seoul, Korea."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1504\/IJACT.2008.021082","article-title":"Anonymous RFID Authentication Supporting Constant-cost Key-lookup Against Active Adversaries","volume":"1","author":"Burmester","year":"2008","journal-title":"Int. J. Appl. Cryptogr."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Kulseng, L., Yu, Z., Wei, Y., and Guan, U. (2010, January 14\u201319). Lightweight Mutual Authentication and Ownership Transfer for RFID Systems. Proceedings of the 29th IEEE International Conference on Computer Communications, San Diego, CA, USA.","DOI":"10.1109\/INFCOM.2010.5462233"},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Xu, H., Ding, J., Li, P., Zhu, F., and Wang, R. (2018). A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function. Sensors, 18.","DOI":"10.3390\/s18030760"},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Bendavid, Y., Bagheri, N., Safkhani, M., and Rostampour, S. (2018). IoT Device Security: Challenging \u201cA Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function\u201d. Sensors, 18.","DOI":"10.3390\/s18124444"},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"2831","DOI":"10.1109\/TIFS.2018.2832849","article-title":"Lightweight and Practical Anonymous Authentication Protocol for RFID Systems Using Physically Unclonable Functions","volume":"13","author":"Gope","year":"2018","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"198","DOI":"10.1109\/TIT.1983.1056650","article-title":"On the Security of Public Key Protocols","volume":"29","author":"Dolev","year":"1983","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_49","unstructured":"Xie, W., Xie, L., Zhang, C., Zhang, Q., and Tang, C. (May, January 30). Cloud-based RFID Authentication. Proceedings of the 7th Annual IEEE International Conference on RFID, Orlando, FL, USA."},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"R\u00fchrmair, U., Sehnke, F., S\u00f6lter, J., Dror, G., Devadas, S., and Schmidhuber, J. (2010, January 4\u20138). Modeling Attacks on Physical Unclonable Functions. Proceedings of the 17th ACM conference on Computer and Communications Security, Chicago, IL, USA.","DOI":"10.1145\/1866307.1866335"},{"key":"ref_51","unstructured":"Cremers, C.J. (2008, January 7\u201314). The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols. Proceedings of the 20th International Conference on Computer Aided Verification, Princeton, NJ, USA."},{"key":"ref_52","unstructured":"(2019, June 05). Differences between Active and Passive Tags. Available online: https:\/\/www.rfidjournal.com\/faq\/show?68."},{"key":"ref_53","doi-asserted-by":"crossref","first-page":"978","DOI":"10.1109\/TIFS.2017.2774761","article-title":"Design and Analysis of Stability-guaranteed PUFs","volume":"13","author":"Wang","year":"2017","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_54","unstructured":"Van Herrewege, A., Katzenbeisser, S., Maes, R., Peeters, R., Sadeghi, A.R., Verbauwhede, I., and Wachsmann, C. (March, January 27). Reverse Fuzzy Extractors: Enabling Lightweight Mutual Authentication for PUF-enabled RFIDs. Proceedings of the 16th International Conference on Financial Cryptography and Data Security, Kralendijk, Bonaire."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/19\/13\/2957\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T13:02:39Z","timestamp":1760187759000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/19\/13\/2957"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,7,4]]},"references-count":54,"journal-issue":{"issue":"13","published-online":{"date-parts":[[2019,7]]}},"alternative-id":["s19132957"],"URL":"https:\/\/doi.org\/10.3390\/s19132957","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,7,4]]}}}