RFID快速隐私保护认证协议

基于对称密码体系的RFID隐私保护认证协议的构造是学术界和工业界研究的热点问题.具有完整性隐私保护协议的效率不够高效,需要对系统中所有的标签进行穷尽搜索,难以应用于物联网海量终端的环境.给出了一种高效的RFID隐私保护认证协议的构造方法.构造的协议采用了单比特输出的伪随机函数,将协议的认证过程分解为多个步骤,与传统的基于对称密码体系的RFID认证协议相比,构造的协议显著提高了读写器对标签的搜索效率.构造的协议具有隐私性,并且计算开销小,读写器端对标签的搜索效率高,能够很好地应用于海量终端的物联网环境.     

Single tag sharing scheme for multiple-object RFID applications

RFID systems have been widely adopted in various industrial as well as personal applications. However, traditional RFID systems are limited to address only one tag for each application object. This limitation hinders the usability of RFID applications because it is difficult, if not impossible, to distinguish many tags simultaneously with existing RFID systems. In this paper, we propose a new RFID tag structure to support multiple-objects that can be easily shared by many different RFID applications. That is, the proposed RFID tag structure supports that a tag maintains several different objects and allows those applications to access them simultaneously. We also propose an authentication protocol to support multiple-object RFID applications. Especially, we focus on the efficiency of the authentication protocol by considering different security levels in RFID applications. The proposed protocol includes two types of authentication procedures. In the proposed protocol, an object has its security level and goes through one of different authentication procedures suitable for its security level. We report the results of a simulation to test the performance of the proposed scheme. In our simulation, we considered the safety of our scheme against potential attacks and evaluated the efficiency of the proposed protocol.     

Scalable RFID security protocols supporting tag ownership transfer

We identify privacy, security and performance requirements for radio frequency identification (RFID) protocols, as well as additional functional requirements such as tag ownership transfer. Many previously proposed protocols suffer from scalability issues because they require a linear search to identify or authenticate a tag. In support of scalability, some RFID protocols, however, only require constant time for tag identification, but, unfortunately, all previously proposed schemes of this type have serious shortcomings. We propose a novel scalable RFID authentication protocol based on the scheme presented in Song and Mitchell (2009) [1], that takes constant time to authenticate a tag. We also propose secret update protocols for tag ownership and authorisation transfer. The proposed protocols possess the identified privacy, security and performance properties and meet the requirements for secure ownership transfer identified here.     

EMAP: An efficient mutual authentication protocol for passive RFID tags

Radio frequency identification (RFID) system is a contactless automatic identification system, which uses small and low cost RFID tags. The primary problem of current security and privacy preserving schemes is that, in order to identify only one single tag, these schemes require a linear computational complexity on the server side. We propose an efficient mutual authentication protocol for passive RFID tags that provides confidentiality, untraceability, mutual authentication, and efficiency. The proposed protocol shifts the heavy burden of asymmetric encryption and decryption operations on the more powerful server side and only leaves lightweight hash operation on tag side. It is also efficient in terms of time complexity, space complexity, and communication cost, which are very important for practical large-scale RFID applications.     

能抵抗拒绝服务攻击且高效的RFID安全认证协议

针对现有的RFID认证协议所面临的安全隐私保护问题,利用Hash函数加密的方法,提出了一种能抵抗拒绝服务攻击且高效的RFID安全认证协议。通过在阅读器上进行随机数的比较与识别,从而使该协议可抵抗拒绝服务攻击,并且在后台数据库中存储标签标识符的两种状态,以便实现电子标签与后台数据库的数据同步。从理论上分析了协议的性能和安全性,并利用BAN逻辑对协议的安全性进行了形式化证明。分析结果表明,该协议能够有效地实现阅读器和电子标签之间的相互认证,能有效地抵抗拒绝服务攻击且与其他协议比较,整个RFID系统的计算量减小,适用于大规模使用标签的RFID系统。     

A novel mutual authentication scheme based on quadratic residues for RFID systems

In 2004, Ari Juels proposed a Yoking-Proofs protocol for RFID systems. Their aim is to permit a pair of tags to generate a proof which is verifiable off-line by a trusted entity even when the readers are potentially untrusted. However, we found that their protocol does not possess the anonymity property but also suffers from both known-plaintext attack and replay attack. Wong et al. [Kirk H.M. Wong, Patrick C.L. Hui, Allan C.K. Chan, Cryptography and authentication on RFID passive tags for apparel products, Computer in Industry 57 (2005) 342–349] proposed an authentication scheme for RFID passive tags, attempting to be a standard for apparel products. Yet, to our review, their protocol suffers from guessing parameter attack and replay attack. Moreover, both of the schemes have the common weakness: the backend server must use brute search for each tag’s authentication. In this paper, we first describe the weaknesses in the two above-mentioned protocols. Then, we propose a novel efficient scheme which not only achieve the mutual authentication between the server and the tag but also can satisfy all the security requirements needed in an RFID system.     

移动物联网的可定制RFID网络安全协议

已有的RFID安全协议大多针对隐私性与匿名性而忽略了可扩展性与可定制性,对此提出一种可扩展且可定制的RFID双向认证协议.首先,目标认证模块分别对标签与客户端阅读器进行认证,其中分别使用基于线性搜索的标签分组以及一个映射表提高认证的效率;然后,通过简单的ID匹配机制检测恶意用户;最终,通过标签与服务器的交互认证实现双向认证过程,进一步提高安全性.分析结果表明,本算法在具有可定制能力与可扩展能力的前提下,且具有较好的计算效率与安全性.     

Secure and private search protocols for RFID systems

In many real world applications, there is a need to search for RFID tagged items. In this paper, we propose a set of protocols for secure and private search for tags based on their identities or certain criteria they must satisfy. When RFID enabled systems become pervasive in our life, tag search becomes crucial. Surprisingly, the problem of RFID search has not been widely addressed in the literature. We analyzed the privacy and security features of the proposed tag search protocols, and concluded that our protocols provide tag identity privacy, tag source location privacy, and tag-reader communication privacy. For the first time, we propose a formal method to securely search RFID tags which satisfy certain search criteria.     

Tag-Splitting: Adaptive Collision Arbitration Protocols for RFID Tag Identification

Tag identification is an important tool in RFID systems with applications for monitoring and tracking. A RFID reader recognizes tags through communication over a shared wireless channel. When multiple tags transmit their IDs simultaneously, the tag-to-reader signals collide and this collision disturbs a reader's identification process. Therefore, tag collision arbitration for passive tags is a significant issue for fast identification. This paper presents two adaptive tag anticollision protocols: an Adaptive Query Splitting protocol (AQS), which is an improvement on the query tree protocol, and an Adaptive Binary Splitting protocol (ABS), which is based on the binary tree protocol and is a de facto standard for RFID anticollision protocols. To reduce collisions and identify tags efficiently, adaptive tag anticollision protocols use information obtained from the last process of tag identification. Our performance evaluation shows that AQS and ABS outperform other tree-based tag anticollision protocols.     

Cover4

Tag identification is an important tool in RFID systems with applications for monitoring and tracking. A RFID reader recognizes tags through communication over a shared wireless channel. When multiple tags transmit their IDs simultaneously, the tag-to-reader signals collide and this collision disturbs a reader's identification process. Therefore, tag collision arbitration for passive tags is a significant issue for fast identification. This paper presents two adaptive tag anticollision protocols: an adaptive query splitting protocol (AQS), which is an improvement on the query tree protocol, and an adaptive binary splitting protocol (ABS), which is based on the binary tree protocol and is a de facto standard for RFID anticollision protocols. To reduce collisions and identify tags efficiently, adaptive tag anticollision protocols use information obtained from the last process of tag identification. Our performance evaluation shows that AQS and ABS outperform other tree-based tag anticollision protocols     

适用于供应链的RFID读写器-标签双向认证协议

基于批量处理的特性,提出一个适用于供应链的可扩展的读写器-标签双向认证协议.在该协议中,后端数据库识别一个标签只需运行3次哈希函数和O(logn)次比较大小的运算,标签的计算量和已有的不可扩展的协议相当.提出的协议显著提高了射频识别RFID(Radio Frequency Identification)供应链管理系统的效率,并且满足其安全需求.     

An efficient and secure authentication protocol for RFID systems

The use of radio frequency identification (RFID) tags may cause privacy violation of users carrying an RFID tag. Due to the unique identification number of the RFID tag, the possible privacy threats are information leakage of a tag, traceability of the consumer, denial of service attack, replay attack and impersonation of a tag, etc. There are a number of challenges in providing privacy and security in the RFID tag due to the limited computation, storage and communication ability of low-cost RFID tags. Many research works have already been conducted using hash functions and pseudorandom numbers. As the same random number can recur many times, the adversary can use the response derived from the same random number for replay attack and it can cause a break in location privacy. This paper proposes an RFID authentication protocol using a static identifier, a monotonically increasing timestamp, a tag side random number and a hash function to protect the RFID system from adversary attacks. The proposed protocol also indicates that it requires less storage and computation than previous existing RFID authentication protocols but offers a larger range of security protection. A simulation is also conducted to verify some of the privacy and security properties of the proposed protocol.     

轻量级RFID标签组证明协议

目前,RFID（射频识别）技术已大量应用于物品识别、供应链管理、电子票证等领域。为向第三方证明一组RFID标签已被阅读器同时扫描过,针对低性能标签,提出了一个基于ElGamal加密方案的轻量级RFID标签组证明协议。该协议执行时,阅读器首先与主标签进行认证,然后转发主标签的部分输出信息至标签组中的第一个标签,该标签对输入信息进行哈希运算后,再产生输出信息并由阅读器转发至第二个标签。第二个标签再对输入信息进行哈希运算,其输出再被阅读器转发至第三个标签。此过程重复执行,直至标签组中最后一个标签的输出信息被阅读器转发回主标签。最后,阅读器记录所有标签的输出信息并形成标签组证明,该证明可交由第三方验证。所提出的协议需要阅读器执行ElGamal加密算法,主标签执行轻量级对称加密运算,而标签组中的所有普通标签只需执行哈希运算。经分析,所提出协议满足相应安全要求,且性能优于对比协议。     

A hybrid approach for privacy-preserving RFID tags

Recently, there have been a considerable amount of works for privacy-preserving RFID tags. However, most existing schemes have a common, inherent problem in the fact that in order to identify only one single tag they require a linear computational complexity on the system side. This problem makes use of the schemes impractical in large-scale RFID deployments. We propose a new scheme for privacy-preserving RFID tags which combines the classical challenge-response mechanism with the idea of one-time pads in a simple but practical way. Our technique has a number of crucial advantages. It supports mutual authentication between reader and tag. It also supports untraceability with no information leakage. Furthermore, the scheme we present requires only one cryptographic operation to identify one device among N, which is an important benefit in large-scale RFID systems.     

Secure authentication scheme for passive C1G2 RFID tags

Privacy and security concerns inhibit the fast adaption of RFID technology for many applications. A number of authentication protocols that address these concerns have been proposed but real-world solutions that are secure, maintain low communication cost and can be integrated into the ubiquitous EPCglobal Class 1 Generation 2 tag protocol (C1G2) are still needed and being investigated. We present a novel authentication protocol, which offers a high level of security through the combination of a random key scheme with a strong cryptography. The protocol is applicable to resource, power and computationally constraint platforms such as RFID tags. Our investigation shows that it can provide mutual authentication, untraceability, forward and backward security as well as resistance to replay, denial-ofth-service and man-in-the-middle attacks, while retaining a competitive communication cost. The protocol has been integrated into the EPCglobal C1G2 tag protocol, which assures low implementation cost. We also present a successful implementation of our protocol on real-world components such as the INTEL WISP UHF RFID tag and a C1G2 compliant reader.     

A hybrid user authentication protocol for mobile IPTV service

IPTV, a technological convergence that combines communication and broadcasting technologies, delivers customized, interactive TV content and other multimedia information over wired and wireless connections. Providing secure access to IPTV services calls for authentication, without proper and secure authentication mechanisms, an individual impersonating a subscriber could steal a service. This paper proposes a new authentication protocol to authenticate IPTV users. The authors based the proposed protocol, a hybrid authentication protocol providing lightweight, personalized user authentication, on RFID (radio-frequency identification) and USIM (Universal Subscriber Identity Module) technologies. In the proposed protocol, USIM performs highly personalized authentication, and the authenticated subscriber’s RFID tags can have a temporary authority to execute authentication. These RFID tags become Agent Tags authorized to authenticate subscribers. Agent Tags identify and authenticate themselves to RFID readers in the set-top box, thus, simplifying the authentication process.     

Security Analysis of the SASI Protocol

The ultralightweight RFID protocols only involve simple bit-wise operations (like XOR, AND, OR, etc.) on tags. In this paper, we show that the ultralightweight strong authentication and strong integrity (SASI) protocol has two security vulnerabilities, namely denial-of-service (DoS) and anonymity tracing based on a compromised tag. The former permanently disables the authentication capability of a RFID tag by destroying synchronization between the tag and the RFID reader. The latter links a compromised tag with past actions performed on this tag.     

基于帧时隙ALOHA的RFID标签集合检测协议框架

大规模RFID应用需要高效的检测协议对RFID标签集合进行管理,而现有的高效检测协议大都基于帧时隙ALOHA方法。为此在总结已有文献中对于标签集合检测协议的不同描述的基础上,提出了基于帧时隙ALOHA的RFID标签集合检测协议框架：分析了协议时间度量、丢失率估算、已识别标签处理和最优检测效率问题等协议框架中的基本问题,总结了迭代识别、短响应时隙和随机响应三种典型的优化方法。针对基本的帧时隙ALOHA检测协议,本文进一步利用上述三种方法进行优化,并通过仿真实验对其效率进行了分析对比。实验结果表明,综合利用三种优化方法的协议检测效率高于已知最高检测效率的IIPS-CM协议。     

一种基于PUF的超轻量级RFID标签所有权转移协议

针对RFID标签所有权转移协议中存在的数据完整性受到破坏、物理克隆攻击、去同步攻击等多种安全隐私问题,新提出一种基于物理不可克隆函数(PUF)的超轻量级RFID标签所有权转移协议—PUROTP.该协议中标签所有权的原所有者和新所有者之间直接进行通信完成所有权转移,从而不需要引入可信第三方,主要涉及的运算包括左循环移位变换(Rot(X,Y))和异或运算($\oplus$)以及标签中内置的物理不可克隆函数(PUF),并且该协议实现了两重认证,即所有权转移之前的标签原所有者与标签之间的双向认证、所有权转移之后的标签新所有者与标签之间的双向认证.通过使用BAN(Burrows-Abadi-Needham)逻辑形式化安全性分析以及协议安全分析工具Scyther对PUROTP协议的安全性进行验证,结果表明该协议的通信过程是安全的,Scyther没有发现恶意攻击,PUROTP协议能够保证通信过程中交互信息的安全性及数据隐私性.通过与现有部分经典RFID所有权转移协议的安全性及性能对比分析,结果表明该协议不仅能够满足标签所有权转移过程中的数据完整性、前向安全性、双向认证性等安全要求,而且能够抵抗物理克隆攻击、重放攻击、中间人攻击、去同步攻击等多种恶意攻击.在没有额外增加计算代价和存储开销的同时克服了现有方案存在的安全和隐私隐患,具有一定的社会经济价值.     

供应链环境下UC安全的RFID所有权转移协议*

针对供应链环境下无线射频识别(RFID)标签流动所涉及的节点隐私和供应链可见性管理问题,定义了供应链环境下RFID标签所有权转移的安全需求,提出了通用可组合安全模型,并基于所提出的RFID认证协议,设计了一个能实现该模型的RFID标签所有权转移协议。安全性证明和效率分析表明该协议通过利用授权机制和哈希函数的单向性,很好地解决了可见性和不可追踪性问题,采用索引机制和标签端轻量级的计算方式提高了执行效率。与同类方案相比,该协议降低了标签端的计算量且安全性更高。