Counterfeited products are costing the global economy hundreds of billions of dollars annually. Radio frequency
identification(RFID) technology provides a promising solution for this problem, wherein each product is fitted with a secure tag, which is
difficult to forge. However, RFID technology is faced with numerous security threats, for example, if the communication link between the
reader and the tag is compromised, then it will be possible for a malicious adversary to obtain the private data stored on the device.
Tag cloning attacks have also been demonstrated to be feasible, which severely undermines the capabilities of the RFID technology to
protect against counterfeiting. One solution to this problem is the use of authentication protocol; however, existing schemes do not
support mutual authentication and are still vulnerable to tag cloning attacks. In this paper, a new security mechanism is proposed,
which consists of a lightweight three-flights mutual authentication protocol and an anti-counterfeit tag design. The proposed solution is
based on combining the Rabin public-key encryption scheme with physically unclonable functions (PUF) technology. The security of
the proposed protocol is systematically analysed and compared with existing schemes. The implementation cost of the proposed
security primitives, assuming the 1024-bit public key, is 10139 GEs, which is suitable for low-cost RFID tags. Our results show that the
proposed design is up-to 50% more area-efficient compared to systems based on Elliptic Curve Cryptography (ECC).