The invention discloses an RFID authentication method and system based on PUFs. The system comprises a backend database, a reader and a tag, wherein communication between the backend database and the reader can be realized by using a conventional network security technology, so that the communication between the backend database and the reader is safe; however, the communication between the reader and the tag is not realized through the conventional network security technology, so that the communication is not safe. The RFID authentication method has the advantages of high safety and authentication efficiency, little in resource consumption and the like, can resist typical attack techniques such as replay attacks, counterfeit attacks, track attacks, physical attacks and the like, has forward safety and backward safety, and realizes bidirectional authentication between the reader and the tag. A public key encryption method is used, so that the RFID authentication method has higher safety.