一种新的RFID标签所有权转移协议

针对无线射频识别( RFID)技术标签在生命周期内安全转移其所有权的问题,提出一个不依赖可信第三方参与转移的、基于Hash函数的RFID标签所有权转移协议。采用挑战响应机制,使用Status标志位来标识标签当前所有权归属。其中新旧所有者分别与目标标签共享不同的密钥,并与其传递通信数据来认证参与转移实体的身份,从而认证新所有者获得目标标签的所有权。分析结果表明,该协议满足标签所有权转移的安全需求,目标标签在执行协议后为新所有者所有,实现了所有权的排他转移,在安全性和效率方面较已有RFID标签转移协议有较大提高。     

一种基于PUF的超轻量级RFID标签所有权转移协议

针对RFID标签所有权转移协议中存在的数据完整性受到破坏、物理克隆攻击、去同步攻击等多种安全隐私问题,新提出一种基于物理不可克隆函数(PUF)的超轻量级RFID标签所有权转移协议—PUROTP.该协议中标签所有权的原所有者和新所有者之间直接进行通信完成所有权转移,从而不需要引入可信第三方,主要涉及的运算包括左循环移位变换(Rot(X,Y))和异或运算($\oplus$)以及标签中内置的物理不可克隆函数(PUF),并且该协议实现了两重认证,即所有权转移之前的标签原所有者与标签之间的双向认证、所有权转移之后的标签新所有者与标签之间的双向认证.通过使用BAN(Burrows-Abadi-Needham)逻辑形式化安全性分析以及协议安全分析工具Scyther对PUROTP协议的安全性进行验证,结果表明该协议的通信过程是安全的,Scyther没有发现恶意攻击,PUROTP协议能够保证通信过程中交互信息的安全性及数据隐私性.通过与现有部分经典RFID所有权转移协议的安全性及性能对比分析,结果表明该协议不仅能够满足标签所有权转移过程中的数据完整性、前向安全性、双向认证性等安全要求,而且能够抵抗物理克隆攻击、重放攻击、中间人攻击、去同步攻击等多种恶意攻击.在没有额外增加计算代价和存储开销的同时克服了现有方案存在的安全和隐私隐患,具有一定的社会经济价值.     

一种全新的RFID标签所有权转移协议

RFID标签在所有权转移过程中面临安全和隐私泄露的风险。针对这一问题,提出了一种带有转移开关并基于Hash函数的新型标签所有权转移协议。原所有者和新所有者分别拥有不同的通信密钥,前者的密钥用于原所有者与标签之间的认证,后者的密钥用于标签与新所有者之间的所有权转移。由于存在转移开关(Ownership Transfer Switch,OTS),因此可以通过对OTS的设置来实现抵抗去同步化攻击。对该协议的安全性分析结果表明,该协议能够满足标签所有权转移的安全需要,并能抵抗常见的主被动攻击,使标签的所有权实现完全转移。最后对协议进行了性能分析,结果表明所提协议在效率性能方面比已有的RFID标签所有权转移协议有明显提高。     

PKI技术在RFID标签数据安全中的应用

射频识别技术RFID作为一种新兴的自动识别技术,近年来在国内外已经得到了迅速发展.但由于RFID产品成本的因素极大地限制了RFID的处理能力和安全加密措施,使RFID标签数据比计算机和网络中的数据更容易被非法获取或改写.在分析RFID标签数据在应用中存在的安全隐患的基础上,提出了通过PKI技术解决RFID标签数据安全问题的方法,通过对数据进行加密和签名,可以有效解决标签数据安全问题.     

RFID系统密钥无线生成

随着无线射频识别(Radio Frequency Identification,RFID)系统发展,众多安全和隐私的相关应用对隐私保护认证(Privacy-Preserving Authentication,PPA)技术提出了强烈需求.而PPA应用的先决条件是合法读写器和标签之间存在共享密钥.但由于无线信道的开放性,读写器直接向标签写入的密钥会被敌手轻易窃听;此外,RFID标签的计算、存储和通信能力极其有限,导致现有的密钥协商协议不能应用于RFID系统;再者,标签生产商在标签出厂时写入的密钥会带来密钥托管问题并且用户不能自定义密钥.上述原因导致RFID系统中密钥安全生成问题极具挑战性.该文创新性地利用RFID系统中信道不对称性,提出了一种RFID系统密钥无线生成方法WiKey.WiKey是一种轻量级协议可在现有的RFID系统中实现.通过全面的安全性分析,我们展示了WiKey能为PPA协议提供强有力的保护;在WISP标签上的原型实现以及实际测试表明WiKey在现有RFID系统中实现的可行性和高效性.     

一种实用的轻量级RFID安全协议研究

RFID的安全问题是RFID应用中的关键问题之一.RFID标签计算资源有限,因此旨在研究一种轻量级且具有一定安全性的RFID安全协议,使得标签端的协议不包含复杂的加密操作,只包含异或和简单逻辑控制.证明了"RFID标签最小限度密码算法"存在弱点,并针对该弱点提出了信道加密等3点改进方法,改进后攻击者不能直接计算密码而需强力攻击.实验结果表明,改进后,破解所需时间和所需记录数都增加,且破解难度随着信道密码长度的增加呈指数增加而加密复杂度呈线性增加.另外改进后对硬件需求的增加不多.该协议有助于在低成本RFID标签上实现较高安全性的RFID安全协议.     

一般化RFID安全认证授权协议模型

RFID技术安全性存在的问题阻碍了它的进一步应用。提出了一个一般化RFID安全认证授权协议模型,在Seo等提出的RFID四角色模型的基础上调整了系统读写过程以便简化RFID应用模型且更接近实用要求,并引入了RFID标签管理者、数据所有者、数据运载者和数据读取者等新角色,给出了新的RFID认证/授权模型的基本结构、角色职责和实现该模型的系统化协议原型。与之前的RFID认证授权模型相比更加灵活,可以在此基础上实现RFID设备之间更加多样的管理、认证、授权模式。     

基于特征的轻量级RFID安全搜索协议

在RFID技术的应用中,需要对特定的RFID标签进行有效安全的搜索。由于低成本的RFID标签的计算能力和硬件资源的限制,使RFID标签搜索协议的有效性和安全性更难保证。从减少RFID标签的计算量为出发点,提出一个轻量级的基于物品特征的RFID安全搜索协议,以解决隐私泄露、前向安全、跟踪、重放攻击和假冒等安全问题,并对该协议给出基于BAN逻辑的形式化证明。在该协议中,RFID标签只存储自己的标识符和一个秘密数,在通信过程中只进行一次随机数运算,因此,该协议更适合于低成本RFID系统中对标签的搜索。     

RFID应用系统中的Tag-reader安全通信协议

无线射频识别(RFID)技术目前已被广泛应用，但其缺乏安全机制，无法有效地保护RFID标签中的数据信息。该文分析了RFID技术在应用中存在的安全及隐私问题，提出了在RFID标签芯片计算资源有限的情况下解决这些问题的一个安全通信协议。该协议利用Hash函数技术实现了防止消息泄漏、伪装、定位跟踪等安全攻击。     

基于Hash链的RFID隐私增强标签研究

无线射频识别（RFID)作为一种新型的自动识别技术在供应链与零售业中得到了广泛的应用。然而由于RFID标签强大的追踪能力，RFID的广泛应用也势必给消费者带来新的隐私威胁问题。在构造RFID方案时有几个技术关键点，尤其重要的是消费者隐私与标签信息的安全问题。低成本是另外一个关键。针对这些问题，讨论并阐明了RFID系统的需求与限制，分析了现有的一些相关的RFID方案的特性与问题。最后提出了一种简单的采用低成本的Hash链机制的安全模式标签来增强消费者隐私。     

Security standards for the RFID market

As the RFID market expands, we'll see the continued proliferation of RFID tags built for highly specialized vertical markets, which means greater variety and the consequent need to ensure interoperability. A great deal of research and development is currently under way in the RFID security field to mitigate both known and postulated risks. Manufacturers; business managers, and RFID systems engineers continue to weigh the trade-offs between chip size, cost, functionality, interoperability, security and privacy with the bottom-line impact on business processes. Security features supporting data confidentiality, tag-to-reader authentication, optimized RF protocols, high-assurance readers, and secure system engineering principles should become available. Security and privacy in RFID tags aren't just technical issues; important policy questions arise as RFID tags join to create large sensor networks and bring us closer to "ubiquitous computing." With public attention focused on the RFID landscape, security and privacy have moved to the forefront in RFID standards work, and the results are worth watching.     

Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI

Since RFID tags are ubiquitous and at times even oblivious to the human user, all modern RFID protocols are designed to resist tracking so that the location privacy of the human RFID user is not violated. Another design criterion for RFIDs is the low computational effort required for tags, in view that most tags are passive devices that derive power from an RFID reader's signals. Along this vein, a class of ultralightweight RFID authentication protocols has been designed, which uses only the most basic bitwise and arithmetic operations like exclusive-OR, OR, addition, rotation, and so forth. In this paper, we analyze the security of the SASI protocol, a recently proposed ultralightweight RFID protocol with better claimed security than earlier protocols. We show that SASI does not achieve resistance to tracking, which is one of its design objectives.     

物联网感知层中RFID系统安全解决方案

RFID系统是物联网感知层中的关键技术,由电子标签、阅读器、应用程序以及通信信道共同构成.RFID系统的各组成部分都面临严重的安全威胁.本文通过分析RFID系统的攻击者模型,提出了一种RFID系统安全解决方案,可以对RFID系统提供全方位的安全防护.     

Secure authentication scheme for passive C1G2 RFID tags

Privacy and security concerns inhibit the fast adaption of RFID technology for many applications. A number of authentication protocols that address these concerns have been proposed but real-world solutions that are secure, maintain low communication cost and can be integrated into the ubiquitous EPCglobal Class 1 Generation 2 tag protocol (C1G2) are still needed and being investigated. We present a novel authentication protocol, which offers a high level of security through the combination of a random key scheme with a strong cryptography. The protocol is applicable to resource, power and computationally constraint platforms such as RFID tags. Our investigation shows that it can provide mutual authentication, untraceability, forward and backward security as well as resistance to replay, denial-ofth-service and man-in-the-middle attacks, while retaining a competitive communication cost. The protocol has been integrated into the EPCglobal C1G2 tag protocol, which assures low implementation cost. We also present a successful implementation of our protocol on real-world components such as the INTEL WISP UHF RFID tag and a C1G2 compliant reader.     

Single tag sharing scheme for multiple-object RFID applications

RFID systems have been widely adopted in various industrial as well as personal applications. However, traditional RFID systems are limited to address only one tag for each application object. This limitation hinders the usability of RFID applications because it is difficult, if not impossible, to distinguish many tags simultaneously with existing RFID systems. In this paper, we propose a new RFID tag structure to support multiple-objects that can be easily shared by many different RFID applications. That is, the proposed RFID tag structure supports that a tag maintains several different objects and allows those applications to access them simultaneously. We also propose an authentication protocol to support multiple-object RFID applications. Especially, we focus on the efficiency of the authentication protocol by considering different security levels in RFID applications. The proposed protocol includes two types of authentication procedures. In the proposed protocol, an object has its security level and goes through one of different authentication procedures suitable for its security level. We report the results of a simulation to test the performance of the proposed scheme. In our simulation, we considered the safety of our scheme against potential attacks and evaluated the efficiency of the proposed protocol.     

Conformation of EPC Class 1 Generation 2 standards RFID system with mutual authentication and privacy protection

Radio frequency identification (RFID) technology has recently aroused great interest due to its convenience and economic efficiency. Through RFID become popular worldwide, it is susceptible to various attacks and security problems. Since RFID systems use wireless transmission, user privacy may be compromised by malicious people intercepting the information contained in the RFID tags. Many of the methods previously proposed to prevent such attacks do not adequately protect privacy or reduce database loading. In this paper, we propose a new authentication and encryption method that conforms to the EPC Class 1 Generation 2 standards to ensure RFID security between tags and readers. Our scheme not only reduces database loading, but also ensures user privacy. Finally, we survey our scheme from several security viewpoints, and prove its feasibility for use in several applications.     

RFID标签组中的可验证门限秘密共享方案

无线射频识别（RFID）标签具有隐蔽、方便、高效等优点,可以作为秘密存储的新载体。该文针对如何在RFID标签组中实现秘密共享的问题,提出适用于RFID系统的可验证门限秘密共享方案,对其进行安全性分析。根据RFID系统的特点提出先认证后读取的实现原则。该方案的安全性基于RFID阅读器与标签的双向认证以及求解离散对数的困难性。     

RFID系统安全问题研究

RFID技术的优点是标签与读写器之间无需任何的物理接触或者其他任何可见的接触,缺点是RFID标签与读写器之间的无线信道是不安全的。本文在分析了RFID系统的组成、通信模型以及所面临的安全问题后,提出了解决RFID系统安全问题的机制,强调必须综合运用物理安全机制与密码安全机制,才能有效解决RFID系统的安全问题。     

Secure and private search protocols for RFID systems

In many real world applications, there is a need to search for RFID tagged items. In this paper, we propose a set of protocols for secure and private search for tags based on their identities or certain criteria they must satisfy. When RFID enabled systems become pervasive in our life, tag search becomes crucial. Surprisingly, the problem of RFID search has not been widely addressed in the literature. We analyzed the privacy and security features of the proposed tag search protocols, and concluded that our protocols provide tag identity privacy, tag source location privacy, and tag-reader communication privacy. For the first time, we propose a formal method to securely search RFID tags which satisfy certain search criteria.     

EMAP: An efficient mutual authentication protocol for passive RFID tags

Radio frequency identification (RFID) system is a contactless automatic identification system, which uses small and low cost RFID tags. The primary problem of current security and privacy preserving schemes is that, in order to identify only one single tag, these schemes require a linear computational complexity on the server side. We propose an efficient mutual authentication protocol for passive RFID tags that provides confidentiality, untraceability, mutual authentication, and efficiency. The proposed protocol shifts the heavy burden of asymmetric encryption and decryption operations on the more powerful server side and only leaves lightweight hash operation on tag side. It is also efficient in terms of time complexity, space complexity, and communication cost, which are very important for practical large-scale RFID applications.