可证明安全的轻量级RFID所有权转移协议

设计安全的无线射频识别协议有助于实现智慧城市的规划和构建完善的智慧网络。安全的RFID所有权转移协议要求同时具备安全性和隐私性,标签的前向不可追踪性和后向不可追踪性是RFID系统实际应用中需要考量的两个重要的隐私性能。针对现有供应链系统中所有权转移协议存在的各种安全隐私问题,该文改进了原有前向不可追踪性定义的错过密钥更新过程的不合理的假设,提出了强前向不可追踪性的概念。提出了一个基于二次剩余定理的轻量级RFID所有权转移协议,并使用改进的模型和定义形式化证明了协议的安全性和隐私性。证明结果表明新方案既可以抵御内部读卡器恶意假冒攻击,追踪攻击,标签假冒攻击和异步攻击,又满足强前向不可追踪性和后向不可追踪性等隐私性能;新协议在实现低成本和高效率认证的基础上,比其他协议安全性和隐私性更好。     

一种具有阅读器匿名功能的射频识别认证协议

在射频识别(RFID)的应用中,安全问题特别是用户隐私问题正日益凸显。因此,(用户)标签信息的隐私保护的需求越来越迫切。在RFID系统中,标签的隐私保护不仅是对外部攻击者,也应该包括阅读器。而现有许多文献提出的认证协议的安全仅针对外部攻击者,甚至在外部攻击者的不同攻击方法下也并不能完全保证安全。该文提出两个标签对阅读器匿名的认证协议：列表式RFID认证协议和密钥更新式RFID认证协议。这两个协议保证了阅读器对标签认证时,标签的信息不仅对外部攻击者是安全的而且对阅读器也保持匿名和不可追踪。相较于Armknecht等人提出的对阅读器匿名和不可追踪的认证协议,该文所提的协议不再需要增加第三方帮助来完成认证。并且密钥更新式RFID匿名认证协议还保证了撤销后的标签对阅读器也是匿名性和不可追踪的。     

物联网移动RFID系统匿名访问控制认证密钥交换协议

针对物联网移动RFID系统标签隐私信息的访问控制以及用户身份隐私保护问题,本文采用身份加密和属性加密相结合的方法,建立了IB-AB-eCK安全模型,设计了基于身份及属性的认证密钥交换协议IB-AB-AKE。基于IB-AB-AKE协议,提出了移动RFID手机与信息服务器之间认证密钥交换协议,实现了在保护移动RFID手机用户身份隐私的同时,根据标签所有者定制的访问控制策略进行标签信息的访问控制认证和会话密钥交换,防止了隐私信息被非法访问。分析表明,IB-AB-AKE协议在IB-AB-eCK模型下是安全的,且在通信次数、通信量及计算量方面具有优势。      

无后台服务器的射频识别标签安全查询协议

在许多射频识别(RFID)应用中,经常需要在多个标签中确定某个特定标签是否存在。在这种环境下,标签查询协议必不可少。然而,已有的协议要么存在安全漏洞,要么查询效率低下。利用Hash函数和时间戳,提出一个无后台服务器的RFID标签查询协议。GNY逻辑被用于证明新协议的正确性。分析显示提出的协议可以高效的实现特定标签的查询,且能够抵抗一些主要攻击,实现对标签隐私的保护。     

一种基于散列函数的RFID安全认证方法

RFID系统中有限的标签芯片资源,导致数据与信息的安全成为RFID系统的重要问题之一,散列函数的单向性为RFID的识别和认证提供了一种既可靠又有效的途径.在分析了现有几种典型散列认证协议的基础上,提出了一种新的基于散列函数的安全认证协议.本协议旨在解决手持式、无线连接的RFID阅读器与标签、服务器间的识别,利用散列函数实现服务器、阅读器以及电子标签三者之间的相互认证.经过安全性与性能的分析,新协议在采用较小的存储空间和较低的运算开销的情况下,可抵抗已知的大多数攻击,有效地保证了RFID系统中数据和隐私的安全,实现了终端与服务器间的双向认证和匿名认证,非常适合于在大型分布式系统中使用.     

基于口令认证可证安全的RFID通信安全模型研究

针对RFID技术的安全与隐私保护问题及RFID标签资源的有限性问题,本文提出了一种基于口令认证可证安全的RFID通信安全协议--pRPAP.为求从根本上解决RFID技术的安全与隐私保护问题,本文提出为RFID系统建立通信安全模型.从形式化论证的角度出发,基于随机预言模型,使用形式化描述方式,系统地建立了RFID通信安全型.该模型包括RFID系统模型,RFID系统的攻击模型以及RFID通信安全协议的安全目标模型.并在该模型下,证明了pRPAP的安全性.证明结果显示本文提出的基于口令认证可证安全的RFID通信安全协议能够有效地解决RFID技术的安全问题.此外,本文所建立的RFID通信安全模型还有助于指导pRPAP协议各项参数的选择,以便建立适合不同安全等级要求的RFID通信安全协议.RFID通信安全模型的建立,也有助于对RFID通信安全协议进一步深入地研究.     

标准模型下可证明安全的RFID双向认证协议

目前RFID(radio frequency identification)系统安全问题日益突出,为了实现RFID系统信息安全与隐私保护,在标准模型提出了一个基于HB协议的RFID双向安全认证协议。利用规约技术证明协议的安全性,将攻击者的困难规约到伪随机函数与真正随机函数的不可区分性上。协议仅使用轻量级的伪随机发生器以及向量点乘运算,具有较高的安全性和效率。通过从安全性及性能两方面与其他认证协议进行比较,表明协议适用于低成本及存储资源受限的RFID标签。     

一种RFID标签信息安全传输协议

针对在射频识别（RFID）标签资源受限条件下的标签信息安全传输与隐私保护问题,提出了一种能够实现对RFID标签信息安全传输的协议,该协议能够实现后端数据管理系统对读写器和标签的认证,以及实现密钥的分发,实现标签数据的安全传输。然后采用形式化分析的方法,对该协议进行了分析,分析了其具有的安全属性、抗攻击属性以及其他属性。最后对该协议与传统基于Hash机制的多种协议进行了分析比较,分析结果认为,该协议具有比传统基于Hash机制的协议具有更多的安全属性和抗攻击属性,同时具有适度的运算量,能够满足现有很多场合的应用条件。     

最优分组索引的RFID安全协议

由于RFID系统及设备的特殊性和局限性,以及使用开放的无线通信链路,从而带来许多安全问题,目前还缺乏安全、高效、实用的低成本RFID安全协议。本文对现有几种典型的安全协议进行了分析,并指出其存在的安全缺陷和漏洞。针对基于分组索引的RFID安全协议所存在的问题,本文提出了最优分组方案,使其索引的时间复杂度降为最低,同时采用随机数、Hash函数、标签与后端数据库共享密钥机制等,解决了RFID中的隐私保护、跟踪、欺骗攻击、前向安全、后向安全、妥协攻击等安全性问题。     

一种基于部分ID的新型RFID安全隐私相互认证协议

在低成本电子标签中实现安全隐私功能是RFID研究领域需要解决的一项关键技术,该文采用部分ID,CRC校验以及ID动态更新的方法,提出一种新型RFID相互认证协议,该协议具有前向安全性,能够防止位置隐私攻击、重传攻击、窃听攻击和拒绝服务攻击,新协议有效地解决了RFID安全隐私问题,并且符合EPC Class1 Gen2标准,它的硬件复杂度较低,适用于低成本电子标签.     

Enhancing Privacy and Security of RFID System with Serverless Authentication and Search Protocols in Pervasive Environments

One of the recent realms that gathered attention of researchers is the security issues of Radio Frequency Identification (RFID) systems that have tradeoff between controlled costs and improved efficiency. Evolvement and benefits of RFID technology signifies that it can be low-cost, efficient and secured solution to many pervasive applications. But RFID technology will not intermingle into human lives until prevailing and flexible privacy mechanisms are conceived. However, ensuring strong privacy has been an enormous challenge due to extremely inadequate computational storage of typical RFID tags. So in order to relieve tags from responsibility, privacy protection and security assurance was guaranteed by central server. In this paper, we suggest serverless, forward secure and untraceable authentication protocol for RFID tags. This authentication protocol safeguards both tag and reader against almost all major attacks without the intervention of server. Though it is very critical to guarantee untraceability and scalability simultaneously, here we are proposing a scheme to make our protocol more scalable via ownership transfer. To the best of our knowledge this feature is incorporated in the serverless system for the first time in pervasive environments. One extension of RFID authentication is RFID tag searching, which has not been given much attention so far. But we firmly believe that in near future tag searching will be a significant issue RFID based pervasive systems. So in this paper we propose a serverless RFID tag searching protocol in pervasive environments. This protocol can search a particular tag efficiently without server’s intervention. Furthermore they are secured against major security threats.     

Protecting Your Privacy with a Mobile Agent Device in RFID Environment

Radio Frequency Identification (RFID) Technology is a contactless automatic identification technology using radio frequency. For this RFID technology to be widely spread, the problem of privacy invasion should be solved. There are many research works in progress to solve the RFID privacy problems. Most of works for solving this problem have focused on developing light-weight cryptographic modules which can be embedded into RFID tags, but some of them used a proxy agent approach that control communications between the tag and the reader for protecting user privacy. The later approach is very useful and practical in terms of manufacturing low-cost tag hardware. However, all schemes of this approach have some problems in ownership transfer and forgery detection. In this paper, we are focusing on the proxy agent approach and we suggest an advanced agent scheme that guarantees not only privacy protection but also forgery detection. And our scheme is more scalable than other agent schemes so far.     

ECC-Based RFID Authentication Protocol

The radio frequency identification (RFID) technology has been widely used so far in industrial and commercial applications. To develop the RFID tags that support elliptic curve cryptography (ECC), we propose a scalable and mutual authentication protocol based on ECC. We also suggest a tag privacy model that provides adversaries exhibiting strong abilities to attack a tag’s privacy. We prove that the proposed protocol preserves privacy under the privacy model and that it meets general security requirements. Compared with other recent ECC-based RFID authentication protocols, our protocol provides tag privacy and performs the best under comprehensive evaluation of tag privacy, tag computation cost, and communications cost.     

A secure ownership transfer protocol using EPCglobal Gen-2 RFID

Radio Frequency Identification (RFID) is a relatively new technology. In recent years, it has been shown to be convenient and feasible in many applications. However, there are security issues which need to be addressed. Due to the wireless transmission of the RFID system, malicious people can gain the information in the RFID tags, and the user’s privacy is invaded. Although there have been many protection methods proposed for RFID security, the system has remained vulnerable to various attacks. In this paper, we propose a conforming of the EPCglobal Class 1 Generation 2 standards RFID ownership transfer protocol with provable security. The proposed scheme can resist several attacks and ensure a secure transaction.     

ITPMAP: An Improved Three-Pass Mutual Authentication Protocol for Secure RFID Systems

Radio frequency identification (RFID) is a wireless technology used in various applications to minimize the complexity of everyday life. However, it opens a large number of security and privacy issues that require to be addressed before its successful deployment. Many RFID authentication protocols are proposed in recent years to address security and privacy issues, and most of them are based on lightweight cryptographic techniques such as pseudo-random number generators (PRNGs), or bitwise logical operations. However, the existing RFID authentication protocols suffer from security weaknesses, and cannot solve most of the security and privacy problems. A new solution is necessary to address security and privacy issues. In this paper, an improved three-pass mutual authentication protocol (ITPMAP) for low-cost RFID tags is proposed to offer an adequate security level for RFID systems. The proposed ITPMAP protocol uses one PRNG on the tag side and heavy-weighted cryptographic techniques (i.e., digital signature and password-based encryption schemes) on the back-end server side instead of lightweight cryptographic techniques to address the security and privacy issues. The ITPMAP protocol is secure against various attacks such as cloning, spoofing, replay, and desynchronization attacks. Furthermore, as a proof of concept, the ITPMAP protocol is adopted to propose the design of three real-life RFID systems; namely: Signing and Verification of Graduation Certificate System, issuing and verification of e-ticketing system, and charging and discharging of prepaid card system. The Unified Modeling Language is used to demonstrate the design of the proposed ITPMAP protocol and systems. Java language is used for the implementation of the proposed systems. In addition, the “Mifare Classic” tags and readers are used as RFID apparatuses for the proposed systems.     

一种RFID隐私保护双向认证协议

作为一种非接触式自动识别技术,RFID在带来成本节约和效率提高的同时,也带来了安全和隐私的风险。为保证安全性和隐私性,必须对阅读器和标签之间的通信提供认证和保护,对现有的RFID安全性和隐私性解决方案进行了简要分析,之后应用零知识思想,提出了一种基于单向Hash函数的双向RFID认证协议,并分析了其安全性和抗攻击性。