一种基于PUF的超轻量级RFID标签所有权转移协议

针对RFID标签所有权转移协议中存在的数据完整性受到破坏、物理克隆攻击、去同步攻击等多种安全隐私问题,新提出一种基于物理不可克隆函数(PUF)的超轻量级RFID标签所有权转移协议—PUROTP.该协议中标签所有权的原所有者和新所有者之间直接进行通信完成所有权转移,从而不需要引入可信第三方,主要涉及的运算包括左循环移位变换(Rot(X,Y))和异或运算($\oplus$)以及标签中内置的物理不可克隆函数(PUF),并且该协议实现了两重认证,即所有权转移之前的标签原所有者与标签之间的双向认证、所有权转移之后的标签新所有者与标签之间的双向认证.通过使用BAN(Burrows-Abadi-Needham)逻辑形式化安全性分析以及协议安全分析工具Scyther对PUROTP协议的安全性进行验证,结果表明该协议的通信过程是安全的,Scyther没有发现恶意攻击,PUROTP协议能够保证通信过程中交互信息的安全性及数据隐私性.通过与现有部分经典RFID所有权转移协议的安全性及性能对比分析,结果表明该协议不仅能够满足标签所有权转移过程中的数据完整性、前向安全性、双向认证性等安全要求,而且能够抵抗物理克隆攻击、重放攻击、中间人攻击、去同步攻击等多种恶意攻击.在没有额外增加计算代价和存储开销的同时克服了现有方案存在的安全和隐私隐患,具有一定的社会经济价值.     

一种全新的RFID标签所有权转移协议

RFID标签在所有权转移过程中面临安全和隐私泄露的风险。针对这一问题,提出了一种带有转移开关并基于Hash函数的新型标签所有权转移协议。原所有者和新所有者分别拥有不同的通信密钥,前者的密钥用于原所有者与标签之间的认证,后者的密钥用于标签与新所有者之间的所有权转移。由于存在转移开关(Ownership Transfer Switch,OTS),因此可以通过对OTS的设置来实现抵抗去同步化攻击。对该协议的安全性分析结果表明,该协议能够满足标签所有权转移的安全需要,并能抵抗常见的主被动攻击,使标签的所有权实现完全转移。最后对协议进行了性能分析,结果表明所提协议在效率性能方面比已有的RFID标签所有权转移协议有明显提高。     

通用可组合安全的RFID标签组所有权转移协议

在某些应用中,往往需要在一次会话中同时完成一组RFID标签所有权的转移.然而,现有的标签组所有权转移方案大多需要可信第三方的支持且存在诸多安全和隐私保护问题.在分析安全需求的基础上,设计了一个安全高效的RFID标签组所有权转移协议.该协议在无可信第三方支持的情况下实现了一组标签所有权的同时转移.在通用可组合框架下,定义了RFID标签组所有权转移的理想函数,并证明新协议实现了所定义的理想函数.与已有同类协议相比,新协议不仅具备匿名性、不可追踪性、授权访问、抗异步攻击、前向隐私保护、后向隐私保护等安全和隐私属性,还具有通用可组合安全性.在性能方面,新方案的计算复杂度相对较低,且交互次数和标签端存储量也较少.     

一种新的RFID标签所有权转移协议

针对无线射频识别( RFID)技术标签在生命周期内安全转移其所有权的问题,提出一个不依赖可信第三方参与转移的、基于Hash函数的RFID标签所有权转移协议。采用挑战响应机制,使用Status标志位来标识标签当前所有权归属。其中新旧所有者分别与目标标签共享不同的密钥,并与其传递通信数据来认证参与转移实体的身份,从而认证新所有者获得目标标签的所有权。分析结果表明,该协议满足标签所有权转移的安全需求,目标标签在执行协议后为新所有者所有,实现了所有权的排他转移,在安全性和效率方面较已有RFID标签转移协议有较大提高。     

基于循转函数的RFID标签所有权转移协议

针对现有无线射频识别低成本无源标签在其生命周期中所有权不断转移的安全性问题,设计了一种新的基于循转函数的RFID标签所有权转移协议。在随机预言机模型下,定义标签所有权转移攻击模型、安全模型,利用攻击游戏证明协议的安全性。协议设计了完整三方认证过程,利用循转函数算法、交叉位运算以及二次剩余算法等加密通信数据并实现轻量级标准,而后新所有者和标签之间秘密信息的二次同步更新机制,保证了协议的前、后向隐私安全。最后给出多协议之间的标签计算量、通信量、存储量成本对比,表明协议满足安全、低成本特性。     

一种RFID标签所有权完全转移协议

针对射频识别（RFID）标签所有权不能完全转移及系统安全性问题,提出一种RFID标签所有权完全转移安全协议．该协议通过引入原所有者与新所有者间交易关系及身份比对保证标签所有权转移给合法身份的新所有者,利用密钥二次同步更新保证RFID标签所有权完全转移．为了确保标签和阅读器认证不被恶意干扰,采用双向认证保证RFID系统通信安全．形式化证明及分析结果表明,该协议满足标签所有权完全转移要求,可抵御多种攻击,实际应用价值高.     

一种改进的安全RFID群组标签所有权转移协议

针对现有无线射频识别群组标签所有权转移协议中出现的后向隐私泄露、暴力破解等安全问题,提出一种改进的所有权转移协议。通过字合成、循环移位简单位运算加密随机数,以抵抗攻击者的暴力破解攻击。利用可信第三方的参与,在不经过原所有者的条件下直接向新所有者和标签下发初始密钥,进而同步更新密钥,保证协议的后向隐私安全性。使用标签所有权归属标识位定义群组标签归属权,防止出现双重所有权,同时给出协议的GNY逻辑证明。分析结果表明,该协议具有安全、低成本特性。     

供应链环境下UC安全的RFID所有权转移协议*

针对供应链环境下无线射频识别(RFID)标签流动所涉及的节点隐私和供应链可见性管理问题,定义了供应链环境下RFID标签所有权转移的安全需求,提出了通用可组合安全模型,并基于所提出的RFID认证协议,设计了一个能实现该模型的RFID标签所有权转移协议。安全性证明和效率分析表明该协议通过利用授权机制和哈希函数的单向性,很好地解决了可见性和不可追踪性问题,采用索引机制和标签端轻量级的计算方式提高了执行效率。与同类方案相比,该协议降低了标签端的计算量且安全性更高。     

基于ECC的支持标签所有权转移的RFID认证协议

针对射频识别（RFID）标签认证及其所有权转移过程的隐私泄露等安全问题,以及认证协议通常与标签所有权转移协议单独设计的现状,基于支持椭圆曲线加密（ECC）的标签,提出了一个适用于开放环境的兼具标签认证和所有权转移的协议。该协议结构类似于Diffie-Hellman密钥交换算法结构,协议的标签隐私保护基于椭圆曲线上的计算性Diffie-Hellman问题的难解性。经证明,该协议满足标签隐私保护要求及认证协议的其他安全需求。与近年来其他基于标签支持ECC的RFID认证协议相比,从支持标签所有权转移、标签计算开销、协议通信开销和标签隐私保护等多方面综合评估,所提出的认证协议优于对比协议。另外,针对较安全的应用场合,给出了阅读器单向认证标签的简化版协议。     

基于NTRU密码体制的RFID安全协议

为解决射频识别(RFID)技术在用户隐私方面存在的安全隐患,提出一种基于NTRU密码体制的新型RFID双向安全认证协议,从大维数格中寻找最短向量。与使用对称密码和RSA公钥密码的协议相比,安全性能更高、计算复杂度更小、实现效率更高。该协议利用基于嵌入Hash函数的NTRU公钥加密方案,通过对比原Hash值与解密后的Hash值是否相等,实现RFID标签与阅读器之间的安全数据交换。研究结果表明,该协议不仅能有效地保护内容隐私和位置隐私,而且还能防范重放攻击,满足RFID系统的安全性要求。     

Security standards for the RFID market

As the RFID market expands, we'll see the continued proliferation of RFID tags built for highly specialized vertical markets, which means greater variety and the consequent need to ensure interoperability. A great deal of research and development is currently under way in the RFID security field to mitigate both known and postulated risks. Manufacturers; business managers, and RFID systems engineers continue to weigh the trade-offs between chip size, cost, functionality, interoperability, security and privacy with the bottom-line impact on business processes. Security features supporting data confidentiality, tag-to-reader authentication, optimized RF protocols, high-assurance readers, and secure system engineering principles should become available. Security and privacy in RFID tags aren't just technical issues; important policy questions arise as RFID tags join to create large sensor networks and bring us closer to "ubiquitous computing." With public attention focused on the RFID landscape, security and privacy have moved to the forefront in RFID standards work, and the results are worth watching.     

Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI

Since RFID tags are ubiquitous and at times even oblivious to the human user, all modern RFID protocols are designed to resist tracking so that the location privacy of the human RFID user is not violated. Another design criterion for RFIDs is the low computational effort required for tags, in view that most tags are passive devices that derive power from an RFID reader's signals. Along this vein, a class of ultralightweight RFID authentication protocols has been designed, which uses only the most basic bitwise and arithmetic operations like exclusive-OR, OR, addition, rotation, and so forth. In this paper, we analyze the security of the SASI protocol, a recently proposed ultralightweight RFID protocol with better claimed security than earlier protocols. We show that SASI does not achieve resistance to tracking, which is one of its design objectives.     

物联网感知层中RFID系统安全解决方案

RFID系统是物联网感知层中的关键技术,由电子标签、阅读器、应用程序以及通信信道共同构成.RFID系统的各组成部分都面临严重的安全威胁.本文通过分析RFID系统的攻击者模型,提出了一种RFID系统安全解决方案,可以对RFID系统提供全方位的安全防护.     

Secure authentication scheme for passive C1G2 RFID tags

Privacy and security concerns inhibit the fast adaption of RFID technology for many applications. A number of authentication protocols that address these concerns have been proposed but real-world solutions that are secure, maintain low communication cost and can be integrated into the ubiquitous EPCglobal Class 1 Generation 2 tag protocol (C1G2) are still needed and being investigated. We present a novel authentication protocol, which offers a high level of security through the combination of a random key scheme with a strong cryptography. The protocol is applicable to resource, power and computationally constraint platforms such as RFID tags. Our investigation shows that it can provide mutual authentication, untraceability, forward and backward security as well as resistance to replay, denial-ofth-service and man-in-the-middle attacks, while retaining a competitive communication cost. The protocol has been integrated into the EPCglobal C1G2 tag protocol, which assures low implementation cost. We also present a successful implementation of our protocol on real-world components such as the INTEL WISP UHF RFID tag and a C1G2 compliant reader.     

Single tag sharing scheme for multiple-object RFID applications

RFID systems have been widely adopted in various industrial as well as personal applications. However, traditional RFID systems are limited to address only one tag for each application object. This limitation hinders the usability of RFID applications because it is difficult, if not impossible, to distinguish many tags simultaneously with existing RFID systems. In this paper, we propose a new RFID tag structure to support multiple-objects that can be easily shared by many different RFID applications. That is, the proposed RFID tag structure supports that a tag maintains several different objects and allows those applications to access them simultaneously. We also propose an authentication protocol to support multiple-object RFID applications. Especially, we focus on the efficiency of the authentication protocol by considering different security levels in RFID applications. The proposed protocol includes two types of authentication procedures. In the proposed protocol, an object has its security level and goes through one of different authentication procedures suitable for its security level. We report the results of a simulation to test the performance of the proposed scheme. In our simulation, we considered the safety of our scheme against potential attacks and evaluated the efficiency of the proposed protocol.     

Conformation of EPC Class 1 Generation 2 standards RFID system with mutual authentication and privacy protection

Radio frequency identification (RFID) technology has recently aroused great interest due to its convenience and economic efficiency. Through RFID become popular worldwide, it is susceptible to various attacks and security problems. Since RFID systems use wireless transmission, user privacy may be compromised by malicious people intercepting the information contained in the RFID tags. Many of the methods previously proposed to prevent such attacks do not adequately protect privacy or reduce database loading. In this paper, we propose a new authentication and encryption method that conforms to the EPC Class 1 Generation 2 standards to ensure RFID security between tags and readers. Our scheme not only reduces database loading, but also ensures user privacy. Finally, we survey our scheme from several security viewpoints, and prove its feasibility for use in several applications.     

RFID标签组中的可验证门限秘密共享方案

无线射频识别（RFID）标签具有隐蔽、方便、高效等优点,可以作为秘密存储的新载体。该文针对如何在RFID标签组中实现秘密共享的问题,提出适用于RFID系统的可验证门限秘密共享方案,对其进行安全性分析。根据RFID系统的特点提出先认证后读取的实现原则。该方案的安全性基于RFID阅读器与标签的双向认证以及求解离散对数的困难性。     

RFID系统安全问题研究

RFID技术的优点是标签与读写器之间无需任何的物理接触或者其他任何可见的接触,缺点是RFID标签与读写器之间的无线信道是不安全的。本文在分析了RFID系统的组成、通信模型以及所面临的安全问题后,提出了解决RFID系统安全问题的机制,强调必须综合运用物理安全机制与密码安全机制,才能有效解决RFID系统的安全问题。     

Secure and private search protocols for RFID systems

In many real world applications, there is a need to search for RFID tagged items. In this paper, we propose a set of protocols for secure and private search for tags based on their identities or certain criteria they must satisfy. When RFID enabled systems become pervasive in our life, tag search becomes crucial. Surprisingly, the problem of RFID search has not been widely addressed in the literature. We analyzed the privacy and security features of the proposed tag search protocols, and concluded that our protocols provide tag identity privacy, tag source location privacy, and tag-reader communication privacy. For the first time, we propose a formal method to securely search RFID tags which satisfy certain search criteria.