基于PUF适用于大规模RFID系统的移动认证协议

针对移动射频识别系统中的安全问题，采用物理不可克隆函数研究适用于大规模RFID系统的移动认证协议。为解决移动RFID认证环境下读写器易遭受假冒攻击的问题，在Vaudenay模型中加入攻击者入侵读写器的能力，并通过服务器对读写器的身份认证来抵御攻击者的假冒攻击；为解决标签的运算能力不足问题和服务器搜索标签耗时长的问题，采用PUF生成会话密钥来减轻标签加密过程中的运算量，服务器通过共享密钥异或运算实现对检索标签和读写器身份标识的快速检索。利用Vaudenay模型理论，分析和证明了研究的协议可实现Destructive等级的隐私保护；仿真结果表明，PMLS协议中服务器的搜索耗时不随标签数目增长而加长，满足大规模移动RFID系统的应用要求。

PUF based authentication protocol in mobile and large scale RFID systems

Aiming at the security problem in mobile radio frequency identification (RFID) systems, we employ the physical unclonable function (PUF) to study authentication protocol in mobile and large scale RFID systems. To solve the problem of impersonation attack to the reader, the Vaudenay’s model is extended by introducing the corrupting ability of the adversary to the reader and the reader is further authenticated by the server. To solve the problem of insufficient computation ability of tag and long time cost of the server for searching target tag, the PUF is adopted to generate the session key to reduce the computation cost of tag encryption, and the server quickly identifies the tag and the reader using the shared key XOR operations. Our analysis proves that the proposed security protocol can realize destructive privacy according to the Vaudenay's model theory. Simulation results show that the search time of the server in PMLS protocol does not increase with the number of the tag by using the proposed security protocol, which meets the application requirements of mobile and large scale RFID systems.