适用于低成本标签的移动RFID认证协议

移动RFID系统中,阅读器与服务器之间的通道安全假设不再成立,针对这种情况,分析了当前移动RFID认证协议的安全及性能问题,建立了移动RFID安全隐私模型;基于该模型,在兼容EPC Class-1 Generation-2低成本标签系统的基础上,提出了一种能够抵抗假冒攻击、去同步化攻击,且提供前向安全隐私保护的双向认证协议;通过安全性证明与性能比较分析,表明该协议达到了设计目的,可适用于较大规模的低成本标签移动RFID系统。     

MKAP:Gen2规格下RFID安全认证协议的研究

近几年,由于EPC C1G2 RFID标准的低安全级别,轻量级的RFID认证协议被广泛研究。提出了一种改进型的符合Gen2标准的认证方案MKAP。仅运用异域运算、标签的访问密码和杀死密码来提高现用RFID Gen2标签对许多威胁的安全性。通过全面的安全性分析,证实该改进方案比现有方案,有了显著的提升。     

基于伪随机函数的移动射频识别认证协议

为解决移动射频识别(RFID)中阅读器和后端服务器之间因无线传输出现的安全问题,提出一种基于伪随机函数的移动RFID双向认证协议。该协议满足EPC Class-1 Generation-2行业标准,且实现了标签、阅读器和后端服务器之间的双向认证,并通过GNY逻辑证明了其安全性。该协议能有效抵抗追踪、重放、同步化等攻击,而且它将主要计算转移到后端服务器,因此能降低标签的运算量和标签成本。     

基于PRNG的低成本RFID认证协议设计

低成本无线射频识别(RFID)的标签是被动式的,由于受成本和资源限制,系统不能提供公约加密、对称密钥加密、杂凑函数等。EPCglobal Class-1 Gen-2 RFID规范定义一种低成本的标签,仅提供PRNG和CRC操作。该文遵循EPCglobal Class-1 Gen-2 RFID规范,仅使用PRNG操作设计一个认证协议,实现双向认证、标签的匿名性和前向安全性。     

Cryptanalysis of an EPC Class-1 Generation-2 standard compliant authentication protocol

Recently, Chen and Deng (2009) proposed an interesting new mutual authentication protocol. Their scheme is based on a cyclic redundancy code (CRC) and a pseudo-random number generator in accordance with the EPC Class-1 Generation-2 specification. The authors claimed that the proposed protocol is secure against all classical attacks against RFID systems, and that it has better security and performance than its predecessors. However, in this paper we show that the protocol fails short of its security objectives, and in fact offers the same security level than the EPC standard it tried to correct. An attacker, following our suggested approach, will be able to impersonate readers and tags. Untraceability is also not guaranteed, since it is easy to link a tag to its future broadcast responses with a very high probability. Furthermore, readers are vulnerable to denial of service attacks (DoS), by obtaining an incorrect EPC identifier after a successful authentication of the tag. Moreover, from the implementation point of view, the length of the variables is not compatible with those proposed in the standard, thus further discouraging the wide deployment of the analyzed protocol. Finally, we propose a new EPC-friendly protocol, named Azumi, which may be considered a significant step toward the security of Gen-2 compliant tags.     

基于随机运算符的轻量级匿名射频识别系统双向认证协议

针对无线射频识别（RFID）系统容易遭受无线信道中的恶意攻击以及标签所有者隐私时常收到侵犯的问题,提出了一种支持匿名的轻量级RFID认证协议。首先,使用了随机数发生器生成不可预测的序列以指定参与协议的轻量级运算符;然后,通过指定种子以实现阅读器与标签之间的密钥协商;最后,实现双向认证与信息更新。通过与部分典型的轻量级方案的对比可知,所提出的方案相较同类的轻量级协议最多节省近42%的标签存储开销,同时其通信开销维持在同类方案的低水平位置,且能够支持多种安全需求。所提方案适用于低成本RFID系统。     

轻量级移动RFID认证协议研究设计

为解决移动射频识别（Mobile RFID）系统中信息通过无线信道传输所引发的安全与隐私问题,提出一种基于伪随机函数的轻量级移动RFID认证协议,实现后台服务器、阅读器与标签之间的双向认证。该协议中的运算主要集中在后台服务器和阅读器,可以有效地控制标签成本。安全性分析表明,该协议可以有效抵抗位置追踪、假冒、重放和同步化等攻击,并通过GNY逻辑进行了安全性证明。      

满足后向隐私的可扩展RFID双向认证方案

无线射频识别(RFID)系统的匿名认证机制可以有效地保护标签的隐私性,而可扩展性和后向隐私安全性是实际应用中需要考虑的两个重要问题.对最近新提出的3个可扩展RFID双向认证协议的安全性进行了分析.分析指出,ACP方案并不能提供后向隐私安全性;G-I方案不能抵抗去同步攻击,攻击者可以通过主动攻击,使得标签和阅读器内存储的密钥数据不一致,从而破坏标签和阅读器的后继认证;而MMR方案不能抵御主动攻击,攻击者可以仿冒合法阅读器,通过不断质询标签并分析标签的回复消息,就可完全推导出标签中存储的全部秘密.在此基础上,提出了一个基于Hash函数的可扩展双向认证方案,方案从存储需求和运算量上要优于G-I方案;并且证明了方案能够满足受限后向隐私安全,并可以抵御去同步攻击.     

Conformation of EPC Class 1 Generation 2 standards RFID system with mutual authentication and privacy protection

Radio frequency identification (RFID) technology has recently aroused great interest due to its convenience and economic efficiency. Through RFID become popular worldwide, it is susceptible to various attacks and security problems. Since RFID systems use wireless transmission, user privacy may be compromised by malicious people intercepting the information contained in the RFID tags. Many of the methods previously proposed to prevent such attacks do not adequately protect privacy or reduce database loading. In this paper, we propose a new authentication and encryption method that conforms to the EPC Class 1 Generation 2 standards to ensure RFID security between tags and readers. Our scheme not only reduces database loading, but also ensures user privacy. Finally, we survey our scheme from several security viewpoints, and prove its feasibility for use in several applications.     

轻量级的无线射频识别安全认证协议

针对现有无线射频识别(RFID)认证协议存在的安全缺陷,提出了一种新的轻量级RFID安全认证协议,并基于GNY逻辑给出了形式化证明。协议采用阅读器双重认证及预认证阶段刷新密钥的方法,通过在标签中添加保护密钥同步的恶意攻击标记Tm,解决了当前协议中存在的可扩展性欠佳、标签密钥更新失败导致位置跟踪和非法更新标签/服务器内部密钥造成拒绝服务(DoS)等问题,可抵抗重传、标签/阅读器假冒和通信量分析等多种恶意攻击,尤其防范来自位置隐私泄露和拒绝服务的安全威胁。分析结果表明,所提协议具有低成本、安全性高、计算复杂度低等特点,适合于标签数目较多的RFID系统。     

可扩展及可证安全的射频识别认证协议

针对目前广泛应用的被动式射频识别（RFID）标签中的计算、存储资源有限,导致RFID认证协议的安全和隐私保护,特别是可扩展性一直没有得到很好解决的问题,提出一种基于哈希函数、可证安全的轻权认证协议。该协议通过哈希运算和随机化等操作确保认证过程中会话信息的保密传输和隐私性;在认证过程中,标签的身份信息通过伪名进行确认,其真实身份没有透漏给阅读器等不信任实体;后端服务器进行身份确认仅需进行一次哈希运算,通过标识符构造哈希表可使身份信息查找时间为常数;每次认证后,标签的秘密信息和伪名等均进行更新,从而确保协议的前向安全性。分析证实,该RFID轻权认证协议具有很好的可扩展性、匿名性和前向安全性,能够抵抗窃听、追踪、重放、去同步化等攻击,而且标签仅需提供哈希运算和伪随机数生成操作,非常适合应用于低成本的RFID系统。     

基于混沌加密的可同步更新RFID双向认证协议

针对日益突出的RFID系统安全隐私问题,提出了一个基于混沌序列的RFID双向认证协议。利用混沌对初始值的敏感性生成混沌序列,对密钥进行加密。该协议引入标签密钥动态更新机制,并设计了自同步解决方案,实现了对标签的二次认证。采用BAN逻辑对其安全性进行证明,并与已有的协议进行安全性分析和性能比较。其分析结果表明,该协议降低了标签成本,减少了标签和后端数据库的计算量,提高了后端数据库的检索效率。不仅有效地解决了RFID系统的隐私保护及安全问题,同时也提高了RFID协议认证的执行效率,更适合低成本的RF1D系统。     

Anti-cloning protocol suitable to EPCglobal Class-1 Generation-2 RFID systems

Radio frequency Identification (RFID) systems are used to identify remote objects equipped with RFID tags by wireless scanning without manual intervention. Recently, EPCglobal proposed the Electronic Product Code (EPC) that is a coding scheme considered to be a possible successor to bar-code with added functionalities. In RFID-based applications where RFID tags are used to identify and track tagged objects, an RFID tag emits its EPC in plaintext. This makes the tag inevitably vulnerable to cloning attacks as well as information leakage and password disclosure. In this paper, we propose a novel anti-cloning method in accordance with the EPCglobal Class-1 Generation-2 (C1G2) standard. Our method only uses functions that can be supported by the standard and abides by the communication flow of the standard. The method is also secure against threats such as information leakage and password disclosure.     

基于ECC的支持标签所有权转移的RFID认证协议

针对射频识别（RFID）标签认证及其所有权转移过程的隐私泄露等安全问题,以及认证协议通常与标签所有权转移协议单独设计的现状,基于支持椭圆曲线加密（ECC）的标签,提出了一个适用于开放环境的兼具标签认证和所有权转移的协议。该协议结构类似于Diffie-Hellman密钥交换算法结构,协议的标签隐私保护基于椭圆曲线上的计算性Diffie-Hellman问题的难解性。经证明,该协议满足标签隐私保护要求及认证协议的其他安全需求。与近年来其他基于标签支持ECC的RFID认证协议相比,从支持标签所有权转移、标签计算开销、协议通信开销和标签隐私保护等多方面综合评估,所提出的认证协议优于对比协议。另外,针对较安全的应用场合,给出了阅读器单向认证标签的简化版协议。     

一种更具实用性的移动RFID认证协议

针对Doss协议的不足,提出了一种改进的轻量级移动RFID认证协议。首先使用二次剩余混合随机数加密的方法提高后台服务器识别速度;在阅读器端添加时间戳生成器,抵御阅读器冒充及重放攻击。新协议标签端只采用成本较低的伪随机数生成、模平方以及异或运算,遵循了EPC C1G2标准,且实现了移动RFID环境下的安全认证。理论分析及实验显示了新协议提高了Doss协议后台识别速度,并满足标签和阅读器的匿名性、阅读器隐私、标签前向隐私等安全需求,更有效抵抗已有的各种攻击：重放、冒充、去同步化攻击等。与同类RFID认证协议相比,实用性更佳。     

PUF-enhanced offline RFID security and privacy

RFID (Radio Frequency IDentification) based communication solutions have been widely used nowadays for mobile environments such as access control for secure system, ticketing systems for transportation, and sport events. These systems usually depend on readers that are not continuously connected to a secure backend system. Thus, the readers should be able to perform their duties even in offline mode, which generally requires the management by the readers of the susceptible data. The use of RFID may cause several security and privacy issues such as traceability of tag owner, malicious eavesdropping and cloning of tags. Besides, when a reader is compromised by an adversary, the solution to resolve these issues getting worse. In order to handle these issues, several RFID authentication protocols have been recently proposed; but almost none of them provide strong privacy for the tag owner. On the other hand, several frameworks have been proposed to analyze the security and privacy but none of them consider offline RFID system.Motivated by this need, in this paper, we first revisit Vaudenay's model, extend it by considering offline RFID system and introduce the notion of compromise reader attacks. Then, we propose an efficient RFID mutual authentication protocol. Our protocol is based on the use of physically unclonable functions (PUFs) which provide cost-efficient means to the fingerprint chips based on their physical properties. We prove that our protocol provides destructive privacy for tag owner even against reader attacks.     

能抵抗拒绝服务攻击且高效的RFID安全认证协议

针对现有的RFID认证协议所面临的安全隐私保护问题,利用Hash函数加密的方法,提出了一种能抵抗拒绝服务攻击且高效的RFID安全认证协议。通过在阅读器上进行随机数的比较与识别,从而使该协议可抵抗拒绝服务攻击,并且在后台数据库中存储标签标识符的两种状态,以便实现电子标签与后台数据库的数据同步。从理论上分析了协议的性能和安全性,并利用BAN逻辑对协议的安全性进行了形式化证明。分析结果表明,该协议能够有效地实现阅读器和电子标签之间的相互认证,能有效地抵抗拒绝服务攻击且与其他协议比较,整个RFID系统的计算量减小,适用于大规模使用标签的RFID系统。     

EMAP: An efficient mutual authentication protocol for passive RFID tags

Radio frequency identification (RFID) system is a contactless automatic identification system, which uses small and low cost RFID tags. The primary problem of current security and privacy preserving schemes is that, in order to identify only one single tag, these schemes require a linear computational complexity on the server side. We propose an efficient mutual authentication protocol for passive RFID tags that provides confidentiality, untraceability, mutual authentication, and efficiency. The proposed protocol shifts the heavy burden of asymmetric encryption and decryption operations on the more powerful server side and only leaves lightweight hash operation on tag side. It is also efficient in terms of time complexity, space complexity, and communication cost, which are very important for practical large-scale RFID applications.     

基于PRF的RFID轻量级认证协议研究

无线射频识别(radio frequency identification, RFID)认证协议可实现读写器和标签之间的身份识别,保证只有合法的读写器才能访问标签的数据.由于标签的成本限制,设计最轻量级的RFID认证协议是面临的主要挑战.为了达到不可预测性隐私,标签至少需要具有伪随机函数PRF的能力.首先提出了一种基于PRF的RFID轻量级认证协议的基本框架,给出了抽象描述.基于对消息认证函数F\\-i的实例化,提出了一种新的RFID轻量级认证协议ELAP.与现有协议相比,该协议可以实现读写器和标签之间的双向认证,并能抵抗已知的所有攻击方式.在效率方面,标签只需要进行2次消息摘要运算,让标签的计算代价达到了最小.     

基于EPC-C1G2标准的RFID认证机制

分析EPC-C1G2标准认证机制和现有改进方案,针对超高频射频识别(RFID)认证机制存在的安全缺陷,提出一种轻量级RFID认证方案。该方案实现了读写器和标签的双向认证,其轻量级加密算法能在一定程度上保证消息的安全传输。分析结果表明该方案具有较高安全性,能满足超高频RFID的安全需求。