基于Hash链的RFID双向认证协议的设计与分析

系统中信息的安全性是制约射频识别技术(RFID)广泛应用的一个重要因素.基于Hash函数的RFID认证协议是受到广泛关注的解决方案.本文针对RFID系统存在的用户安全及隐私等问题,在讨论了现有协议的优缺点的基础上,提出了一种基于Hash链的双向认证方案.分析表明,该协议具有不可分辨性、前向安全性、抗重放攻击、哄骗攻击等特点.     

RFID协议及其安全性研究

RFID可在开放的环境中无需物理接触、也无需直接可视就可实现对对象的标识,因而具有广泛的应用。但由于隐私和可追踪性问题影响了这项技术的普及,为此,许多认证协议被提出来了。文中对RFID协议进行分类研究,探讨了RFID协议的安全性分析和证明方法。     

一种轻量级隐私保护的RFID群组证明协议

设计高效安全的群组证明协议有利于RFID(Radio Frequency Identification)系统的广泛应用.本文提出了一种轻量级隐私保护的RFID群组证明协议LPGP(Lightweight Privacy-Preserving Grouping Proof),LPGP协议只使用计算复杂度比较小的伪随机发生器和散列运算来提高协议的运行效率,并且LPGP协议具有认证性、隐私性和可证明安全性,满足了RFID系统群组证明协议的安全性要求.与现有的群组证明协议相比,LPGP协议的标签只需较小的计算复杂度和存储空间,具有较高的效率.     

一种基于动态密钥的低成本射频识别标签安全方案

随着射频识别(RFID)技术的广泛应用,隐私安全问题引起了人们的极大关注。首先从安全性和实用性方面讨论了现有的RFID安全协议存在的不足,然后对一种基于动态密钥的低成本RFID标签安全方案进行了分析,较好地解决了在认证协议中容易出现的数据不同步和重传攻击问题。     

基于Edwards曲线的移动RFID安全认证协议

针对传统的RFID认证协议通常难以适应移动RFID系统的问题,提出了基于Edwards曲线的适用于移动RFID系统的安全认证协议,协议采用Edwards曲线提高了其防侧信道攻击的能力,并应用椭圆曲线离散对数问题实现安全认证。进一步采用可证明安全方法给出了标签和阅读器不可跟踪隐私的安全性证明,通过安全性分析指出协议能更有效抵抗已有各种攻击。与现有的结构类似RFID认证协议相比,该协议扩展性更好,安全性和性能优于其他方案。     

一种基于部分ID的新型RFID安全隐私相互认证协议

在低成本电子标签中实现安全隐私功能是RFID研究领域需要解决的一项关键技术,该文采用部分ID,CRC校验以及ID动态更新的方法,提出一种新型RFID相互认证协议,该协议具有前向安全性,能够防止位置隐私攻击、重传攻击、窃听攻击和拒绝服务攻击,新协议有效地解决了RFID安全隐私问题,并且符合EPC Class1 Gen2标准,它的硬件复杂度较低,适用于低成本电子标签.     

可证明安全的轻量级RFID所有权转移协议

设计安全的无线射频识别协议有助于实现智慧城市的规划和构建完善的智慧网络。安全的RFID所有权转移协议要求同时具备安全性和隐私性,标签的前向不可追踪性和后向不可追踪性是RFID系统实际应用中需要考量的两个重要的隐私性能。针对现有供应链系统中所有权转移协议存在的各种安全隐私问题,该文改进了原有前向不可追踪性定义的错过密钥更新过程的不合理的假设,提出了强前向不可追踪性的概念。提出了一个基于二次剩余定理的轻量级RFID所有权转移协议,并使用改进的模型和定义形式化证明了协议的安全性和隐私性。证明结果表明新方案既可以抵御内部读卡器恶意假冒攻击,追踪攻击,标签假冒攻击和异步攻击,又满足强前向不可追踪性和后向不可追踪性等隐私性能;新协议在实现低成本和高效率认证的基础上,比其他协议安全性和隐私性更好。     

标准模型下可证明安全的RFID双向认证协议

目前RFID(radio frequency identification)系统安全问题日益突出,为了实现RFID系统信息安全与隐私保护,在标准模型提出了一个基于HB协议的RFID双向安全认证协议。利用规约技术证明协议的安全性,将攻击者的困难规约到伪随机函数与真正随机函数的不可区分性上。协议仅使用轻量级的伪随机发生器以及向量点乘运算,具有较高的安全性和效率。通过从安全性及性能两方面与其他认证协议进行比较,表明协议适用于低成本及存储资源受限的RFID标签。     

一种基于OPDL规则的RFID数据访问控制机制

可信性、安全性和隐私性是目前RFID(无线射频识别技术)研究的主要关注点.在安全性和隐私性方面,由于计算能力和能量的限制,对RFID标签的数据访问控制一直是一个挑战.丈中在改进的OPDL基础上,基于RFID媒体访问控制协议,介绍一种新技术和合法的途径,探测和抵制非授权组织对标签的访问,以保护存储在RFID系统中的个人隐私数据.     

一种轻量级RFID相互认证协议

针对射频识别系统中存在的用户安全、隐私等问题,文章提出一种轻量级密码学的安全认证协议。该协议利用Hash函数的单向性和递增的时间戳,较好地解决了RFID的安全隐私问题。通过对比说明该协议具有很好的安全性和高效性。     

RFID认证协议研究

Secure and private authentication protocol is important in Radio Frequency Identification (RFID) technology. To date, researchers have proposed many RFID authentication protocols. However, these protocols have many flaws due to lack of theoretical support in designing these protocols. In this work, first we present the security and privacy requirements in RFID authentication protocols. Then we examine related works and point out problems in designing RFID authentication protocols. To solve these problems, we propose and briefly prove three theorems. We also give necessary examples for better understanding these theorems with concrete protocols. At last, we give our suggestions on designing secure and private authentication protocols. The security and privacy requirements, theorems, and suggestions will facilitate better understanding and designing of RFID authentication protocols in the future.     

一种基于相互认证的安全RFID系统

论文分析了现在RFID面临的各种安全问题,然后在XingxinGao等给出的RFID系统的基础上,提出了一种基于相互认证的安全RFID系统。通过结合相互认证机制与随机读取访问控制,本系统可有效地抵御传统攻击,特别是解决了Gao系统的重放攻击漏洞,也保证了个人隐私安全。此外,通过数字证书加密,标签与读头之间的信息交互过程变得更加安全。     

ECC-Based RFID Authentication Protocol

The radio frequency identification (RFID) technology has been widely used so far in industrial and commercial applications. To develop the RFID tags that support elliptic curve cryptography (ECC), we propose a scalable and mutual authentication protocol based on ECC. We also suggest a tag privacy model that provides adversaries exhibiting strong abilities to attack a tag’s privacy. We prove that the proposed protocol preserves privacy under the privacy model and that it meets general security requirements. Compared with other recent ECC-based RFID authentication protocols, our protocol provides tag privacy and performs the best under comprehensive evaluation of tag privacy, tag computation cost, and communications cost.     

轻型的RFID安全认证协议LAP

RFID标签存在着处理能力弱、存储空间小和电源供给有限等局限性,传统的公钥算法或散列函数等复杂运算不能满足实际应用的需求。针对现有轻量级RFID认证协议的不足,设计了基于广义逆矩阵的RFID安全认证协议LAP。该协议采用了硬件复杂度较低的CRC校验及计算量较小的矩阵运算。通过安全隐私和性能分析,LAP协议适用于低成本、存储与计算受限的RFID标签。     

A practical quadratic residues based scheme for authentication and privacy in mobile RFID systems

In this paper we propose a novel approach to authentication and privacy in mobile RFID systems based on quadratic residues and in conformance to EPC Class-1 Gen-2 specifications. Recently, Chen et al. (2008) [10] and Yeh et al. (2011) [11] have both proposed authentication schemes for RFID systems based on quadratic residues. However, these schemes are not suitable for implementation on low-cost passive RFID tags as they require the implementation of hash functions on the tags. Consequently, both of these current methods do not conform to the EPC Class-1 Gen-2 standard for passive RFID tags which from a security perspective requires tags to only implement cyclic redundancy checks (CRC) and pseudo-random number generators (PRNG) leaving about 2.5k–5k gates available for any other security operations. Further, due to secure channel assumptions both schemes are not suited for mobile/wireless reader applications. We present the collaborative authentication scheme suitable for mobile/wireless reader RFID systems where the security of the server–reader channel cannot be guaranteed. Our schemes achieves authentication of the tag, reader and back-end server in the RFID system and protects the privacy of the communication without the need for tags to implement expensive hash functions. Our scheme is the first quadratic residues based scheme to achieve compliance to EPC Class-1 Gen-2 specifications. Through detailed security analysis we show that the collaborative authentication scheme achieves the required security properties of tag anonymity, reader anonymity, reader privacy, tag untraceability and forward secrecy. In addition, it is resistant to replay, impersonation and desynchronisation attacks. We also show through strand space analysis that the proposed approach achieves the required properties of agreement, originality and secrecy between the tag and the server.     

ITPMAP: An Improved Three-Pass Mutual Authentication Protocol for Secure RFID Systems

Radio frequency identification (RFID) is a wireless technology used in various applications to minimize the complexity of everyday life. However, it opens a large number of security and privacy issues that require to be addressed before its successful deployment. Many RFID authentication protocols are proposed in recent years to address security and privacy issues, and most of them are based on lightweight cryptographic techniques such as pseudo-random number generators (PRNGs), or bitwise logical operations. However, the existing RFID authentication protocols suffer from security weaknesses, and cannot solve most of the security and privacy problems. A new solution is necessary to address security and privacy issues. In this paper, an improved three-pass mutual authentication protocol (ITPMAP) for low-cost RFID tags is proposed to offer an adequate security level for RFID systems. The proposed ITPMAP protocol uses one PRNG on the tag side and heavy-weighted cryptographic techniques (i.e., digital signature and password-based encryption schemes) on the back-end server side instead of lightweight cryptographic techniques to address the security and privacy issues. The ITPMAP protocol is secure against various attacks such as cloning, spoofing, replay, and desynchronization attacks. Furthermore, as a proof of concept, the ITPMAP protocol is adopted to propose the design of three real-life RFID systems; namely: Signing and Verification of Graduation Certificate System, issuing and verification of e-ticketing system, and charging and discharging of prepaid card system. The Unified Modeling Language is used to demonstrate the design of the proposed ITPMAP protocol and systems. Java language is used for the implementation of the proposed systems. In addition, the “Mifare Classic” tags and readers are used as RFID apparatuses for the proposed systems.     

射频识别系统中安全认证协议的研究

射频识别安全认证协议主要解决阅读器与应答器之间的互相认证问题。应答器需要确认阅读器的身份,防止存储数据未被认可地读出或重写;而阅读器也应确认应答器的身份,以防止假冒和读入伪造数据。目前射频识别系统主要面临着窃听隐私、重放攻击、前向安全性、同步性破坏、位置跟踪及所有权转移等安全隐患,通过对阅读器和应答器ID地址的认证来加强安全认证协议,抵抗目前已知的威胁攻击,能很好地解决射频识别系统中的主要安全问题。     

一种基于Hash函数的RFID安全认证方法

近年来,射频识别(RFID)技术得到越来越多的应用,随之而来的是各种RFID安全问题。对现有的基于Hash函数的RFID认证协议进行分析,针对现有技术存在的不足,提出了一种基于Hash函数的低成本的RFID双向安全认证方法,该方法只需要进行一次Hash函数计算,且加入了标签ID动态更新机制,通过在后台数据库中存储旧的标签ID解决同步问题,与现有技术相比具有一定的优越性。     

基于ISO18000-6C标准的RFID认证协议

RFID技术应用越来越广,给人们带来便利的同时安全和隐私问题也相随而生,如何提高RFID系统的安全防范能力已成为该领域的重点研究方向。许多研究者提出了基于RFID空中接口通信的认证协议,但复杂的算法难以适用于符合ISO18000-6C标准的电子标签。论文根据ISO18000-6C标准提出了一种新的适合低成本标签的认证协议,为RFID安全提供了一套解决方案。