Intrusion Detection Methods Based on Incomplete RFID Traces

According to the Radio frequency identifi-cation (RFID) tag cloning attack problems of RFID system and the existing problems of intrusion detection research based on incomplete RFID traces, this paper proposes a method of intrusion detection by combining the Markov chain technology and probability statistics technology. We use this method to calculate the threshold that is used to determine whether the tag event is a cloning tag intrusion one. Current research focuses on RFID intrusion detec-tion under the condition of complete RFID traces, such as encryption algorithm improvement, tag authentication protocol improvement, and track and trace technology in RFID supply chain. RFID traces are occasionally to be incomplete, which causes the above methods to be ineffi -cient. Our method proposed in this paper is the solution to incomplete RFID traces which makes up for the study of RFID intrusion detection research.     

一个针对低成本RFID标签的双向认证协议

文中提出了一种为低成本RFID标签设计的双向认证协议。分析RFID系统可能存在的安全和隐私威胁,包括重放、冒充、后向和前向跟踪、异步攻击和标签位置跟踪。该协议能够有效地防护以上攻击并且与相关方案具备更优的计算性能。     

Enhancing Privacy and Security of RFID System with Serverless Authentication and Search Protocols in Pervasive Environments

One of the recent realms that gathered attention of researchers is the security issues of Radio Frequency Identification (RFID) systems that have tradeoff between controlled costs and improved efficiency. Evolvement and benefits of RFID technology signifies that it can be low-cost, efficient and secured solution to many pervasive applications. But RFID technology will not intermingle into human lives until prevailing and flexible privacy mechanisms are conceived. However, ensuring strong privacy has been an enormous challenge due to extremely inadequate computational storage of typical RFID tags. So in order to relieve tags from responsibility, privacy protection and security assurance was guaranteed by central server. In this paper, we suggest serverless, forward secure and untraceable authentication protocol for RFID tags. This authentication protocol safeguards both tag and reader against almost all major attacks without the intervention of server. Though it is very critical to guarantee untraceability and scalability simultaneously, here we are proposing a scheme to make our protocol more scalable via ownership transfer. To the best of our knowledge this feature is incorporated in the serverless system for the first time in pervasive environments. One extension of RFID authentication is RFID tag searching, which has not been given much attention so far. But we firmly believe that in near future tag searching will be a significant issue RFID based pervasive systems. So in this paper we propose a serverless RFID tag searching protocol in pervasive environments. This protocol can search a particular tag efficiently without server’s intervention. Furthermore they are secured against major security threats.     

一种具有阅读器匿名功能的射频识别认证协议

在射频识别(RFID)的应用中,安全问题特别是用户隐私问题正日益凸显。因此,(用户)标签信息的隐私保护的需求越来越迫切。在RFID系统中,标签的隐私保护不仅是对外部攻击者,也应该包括阅读器。而现有许多文献提出的认证协议的安全仅针对外部攻击者,甚至在外部攻击者的不同攻击方法下也并不能完全保证安全。该文提出两个标签对阅读器匿名的认证协议:列表式RFID认证协议和密钥更新式RFID认证协议。这两个协议保证了阅读器对标签认证时,标签的信息不仅对外部攻击者是安全的而且对阅读器也保持匿名和不可追踪。相较于Armknecht等人提出的对阅读器匿名和不可追踪的认证协议,该文所提的协议不再需要增加第三方帮助来完成认证。并且密钥更新式RFID匿名认证协议还保证了撤销后的标签对阅读器也是匿名性和不可追踪的。     

A practical quadratic residues based scheme for authentication and privacy in mobile RFID systems

In this paper we propose a novel approach to authentication and privacy in mobile RFID systems based on quadratic residues and in conformance to EPC Class-1 Gen-2 specifications. Recently, Chen et al. (2008) [10] and Yeh et al. (2011) [11] have both proposed authentication schemes for RFID systems based on quadratic residues. However, these schemes are not suitable for implementation on low-cost passive RFID tags as they require the implementation of hash functions on the tags. Consequently, both of these current methods do not conform to the EPC Class-1 Gen-2 standard for passive RFID tags which from a security perspective requires tags to only implement cyclic redundancy checks (CRC) and pseudo-random number generators (PRNG) leaving about 2.5k–5k gates available for any other security operations. Further, due to secure channel assumptions both schemes are not suited for mobile/wireless reader applications. We present the collaborative authentication scheme suitable for mobile/wireless reader RFID systems where the security of the server–reader channel cannot be guaranteed. Our schemes achieves authentication of the tag, reader and back-end server in the RFID system and protects the privacy of the communication without the need for tags to implement expensive hash functions. Our scheme is the first quadratic residues based scheme to achieve compliance to EPC Class-1 Gen-2 specifications. Through detailed security analysis we show that the collaborative authentication scheme achieves the required security properties of tag anonymity, reader anonymity, reader privacy, tag untraceability and forward secrecy. In addition, it is resistant to replay, impersonation and desynchronisation attacks. We also show through strand space analysis that the proposed approach achieves the required properties of agreement, originality and secrecy between the tag and the server.     

A New Object Searching Protocol for Multi-tag RFID

This paper proposes a secure and lightweight object searching scheme using Radio Frequency Identification (RFID) technology. The proposed scheme assumes that the objects are attached with multiple number of RFID tags which helps to increase the detection probability of the objects. Security risks such as eavesdropping, information leakage, traceability, man-in-the-middle attack, forward secrecy, backward secrecy, replay attack, de-synchronization attack and impersonation attack are involved in the authentication process. The proposed scheme addresses these issues and utilizes multiple number of tags in an object to increase difficulty for the adversary to mount these attacks. The proposed scheme has advantage over existing schemes that use single RFID tag which are more vulnerable to attacks. This paper considers the resource constraints of RFID tags and hence tries to make the proposed scheme lightweight. Necessary analysis has been carried out to evaluate the security and the other requirements such as computation, communication and storage overhead.     

一种RFID标签信息安全传输协议

针对在射频识别（RFID）标签资源受限条件下的标签信息安全传输与隐私保护问题,提出了一种能够实现对RFID标签信息安全传输的协议,该协议能够实现后端数据管理系统对读写器和标签的认证,以及实现密钥的分发,实现标签数据的安全传输。然后采用形式化分析的方法,对该协议进行了分析,分析了其具有的安全属性、抗攻击属性以及其他属性。最后对该协议与传统基于Hash机制的多种协议进行了分析比较,分析结果认为,该协议具有比传统基于Hash机制的协议具有更多的安全属性和抗攻击属性,同时具有适度的运算量,能够满足现有很多场合的应用条件。     

基于相互认证的移动RFID安全协议

移动RFID系统是指利用植入RFID读写芯片的智能移动终端,获取标签中的信息,并通过移动网络,访问后台数据库,获取相关信息。然而,由于移动RFID系统的无线通信环境和无可视性读写,带来了很多安全隐患,已经成为制约移动RFID发展的重要因素,针对此问题,在分析了移动RFID网络构成及其安全隐患后,提出了一种基于相互认证的安全协议,该协议引入了一个第3方服务器来为移动读写器和后台数据库提供签名密钥,并且利用椭圆曲线加密体制(ECC)对信息进行签名验证,最后分析表明该协议可以为移动读写器与后台数据库提供安全的通信环境,以应对各种攻击。     

RFID安全保密技术研究进展

文中首先概括了RFID系统的安全需求和需要保护的位置,然后介绍了RFID物理安全机制和基于密码技术的安全机制,包括kill命令、阻塞标签、夹子标签、假名标签、Hash-Lock协议、随机化Hash-Lock协议、Hash链协议等,并对其安全性进行了分析,分别指出其存在的安全威胁。     

Intelligent RFID Tag Detection Using Support Vector Machine

RFID Tag detection/recognition is one of the most critical issues for successful deployment of RFID systems in diverse applications. The main factors influencing tag detection by RFID reader antenna include tag position, relative position of reader, read field length, etc. In this paper, we analyze the characteristics of tag detection for a carton box object on a wooden pallet by an experimental approach based on tag signal strength, and we propose a method for predicting detection related directly to the strength of tag signal using an intelligent machine learning technique called support vector machine (SVM). The use of the proposed method is able to save time and cost by quick prediction of tag detection. Extensive experiments showed that the proposed approach can predict tag recognition for a carton box object with an accuracy at 95% for various reader heights and read field lengths. The proposed approach is effective for determining the best tag detection influencing factor conditioned on the target object with the help of detectability prediction.     

超高频RFID标签芯片射频电路的分析与测试(英文)

提出了一种应用于超高频(Ultra high frequency,UHF)射频识别(Radio frequency identification,RFID)标签芯片的射频测试技术。针对UHF RFID标签芯片射频电路的特殊工作方式,该技术可对芯片的输入阻抗和灵敏度进行准确测量,并同时完成芯片功能验证。与传统的RFID标签芯片射频测试技术相比,文中的方案利用商用阅读器和可调衰减器代替了高端或RFID专用测试设备,因此极大降低了测试成本。利用该测试方案,对已开发的UHF RFID标签芯片进行了测试与验证,并利用测试结果完成了折叠偶极子天线设计以实现芯片与天线之间的阻抗匹配。将芯片与天线组装成无源标签,其灵敏度可达-10.5 dBm。实验结果证明了该方案的正确性。     

基于PRESENT算法的RFID安全认证协议

物联网中RFID技术的应用非常广泛,但是RFID系统的安全性却存在着很大隐患。在RFID系统中标签与读写器间的通信信道是最易受到攻击,传输数据的完整性与保密性得不到保障,因而需要加强RFID系统通信的安全机制。考虑到RFID系统的硬件条件与成本限制,需要建立一个适合RFID系统的安全认证协议,来解决在RFID系统中信息传输所遇到的安全问题。PRESENT算法是轻量级的分组加密算法,将PRESENT结合到RFID系统的安全认证协议中,形成了新的RFID安全认证协议PRSA(PRESENT based RFID security authentication)。此协议可以增强RFID系统的安全性而又不会占用过多的硬件资源,从而能够适用于低成本的RFID系统的通信安全。     

Performance Analysis of Tags Collection Time on A New Architecture of 2.4 GHz Embedded Active RFID System for Indoor and Outdoor Tracking and Monitoring Applications Based on IEEE 802.15.4 Standard

This paper focuses on the analysis of tags collection time of 2.4 GHz embedded active Radio Frequency Identification (RFID) system for indoor and outdoor real-time tracking and monitoring applications based on IEEE 802.15.4 standard. The main novelty of the system is the implementation of the communication method in order to provide Machine to Machine (M2M) communication and automated switching mechanism between indoor and outdoor location by utilizing active RFID, Wireless Sensor Network (WSN), Global Positioning System (GPS) and mobile communication on a single platform. In this work, GPS receiver covers outdoor location tracking, while active RFID provides identification and Receive Signal Strength Indicator (RSSI) reading for each tag holder to cover indoor location tracking especially near or inside building where location information is not detected by GPS. Several experiments were conducted on three different RFID tags which were active RFID tag embedded with GPS and GSM (ERFIDG2), active RFID tag embedded with GPS (ERFIDG) and standalone RFID tag communicating with the same active RFID reader. The experiment was done to evaluate the communication performance of the active RFID in terms of tags collection time using Transparent (AT) and Application Programming Interface (API) mode. The experiment was extended to measure tags collection time in single hop and multi hops communication for Tag Talk First (TTF) and Reader Talk First (RTF) protocols. The results show that the proposed active RFID system (ERFIDG2) is better than the standalone and ERFIDG systems. The in-depth research done in this work is to study the experience and identify the challenges that will be faced in the development and implementation of a wireless RFID-based system for tracking and monitoring applications.     

基于Montgomery型椭圆曲线密码的RFID安全认证方案

针对现有基于椭圆曲线密码（elliptic curve cryptography,ECC）体制的 RFID（radio frequency identification device）安全认证方案不能满足相互认证、隐私保护和前向安全性等要求,提出一种基于Montgomery型椭圆曲线密码的认证方案。利用Montgomery型椭圆曲线来降低计算量,并提供标签和服务器之间的相互认证,具有匿名性和前向安全性。通过分析表明,该方案能够抵抗重放攻击、标签伪装攻击、服务器欺骗攻击、DoS攻击、位置跟踪攻击和克隆攻击。与现有方案相比,该方案在保证较低的内存、计算和通信需求的情况下,提供了较高的安全性能,能够满足RFID系统的安全性要求。     

基于伪随机函数的RFID系统双向认证协议

移动RFID系统中,读写器与后台数据库之间不再通过有线方式通信,而采用无线方式通信,但也存在一定的安全隐患问题。为确保通信数据的安全,提出一种基于伪随机函数的移动RFID双向认证协议。协议确保标签、读写器、后台数据库三方均进行认证,从而保障通信的安全性;采用字合成等位运算,在一定程度上能够减少总的计算量;三方认证,使得移动RFID系统具备更为广泛的运用价值。安全性及性能分析表明,所提协议具有较高的安全性及较低的成本。     

一种RFID隐私保护双向认证协议

作为一种非接触式自动识别技术,RFID在带来成本节约和效率提高的同时,也带来了安全和隐私的风险。为保证安全性和隐私性,必须对阅读器和标签之间的通信提供认证和保护,对现有的RFID安全性和隐私性解决方案进行了简要分析,之后应用零知识思想,提出了一种基于单向Hash函数的双向RFID认证协议,并分析了其安全性和抗攻击性。     

SLAP: Succinct and Lightweight Authentication Protocol for low-cost RFID system

Data security is crucial for a RFID system. Since the existing RFID mutual authentication protocols encounter the challenges such as security risks, poor performance, an ultra-lightweight authentication protocol named Succinct and Lightweight Authentication Protocol (SLAP) is proposed. SLAP is only composed of bitwise operations like XOR, left rotation and conversion which is easy to implement on a passive tag. The proposed conversion operation as the main security component guarantees the security of RFID system with the properties such as irreversibility, sensibility, full confusion and low complexity, which better performed or even absent in other previous protocols. Security analysis shows that SLAP guarantees the functionalities of mutual authentication as well as resistance to various attacks such as de-synchronization attack, replay attack and traceability attack, etc. Furthermore, performance evaluation also indicates that the proposed scheme outperforms the existing protocols in terms of less computation requirement and fewer communication messages during authentication process.     

射频识别技术及其在交通领域的应用

射频识别（RFID）技术采用大规模集成电路技术，识别技术，计算机及通信技术，通过读写器和安装在载体（车辆或设备或人员）上的RFID卡，构成RFID系统，实现对载体的非接触的识别和数据信息交换，RFID技术已广泛应用于交通、公安，路政、物流管理等领域，本文介绍该技术在交通领域的几个主要应用。     

ITPMAP: An Improved Three-Pass Mutual Authentication Protocol for Secure RFID Systems

Radio frequency identification (RFID) is a wireless technology used in various applications to minimize the complexity of everyday life. However, it opens a large number of security and privacy issues that require to be addressed before its successful deployment. Many RFID authentication protocols are proposed in recent years to address security and privacy issues, and most of them are based on lightweight cryptographic techniques such as pseudo-random number generators (PRNGs), or bitwise logical operations. However, the existing RFID authentication protocols suffer from security weaknesses, and cannot solve most of the security and privacy problems. A new solution is necessary to address security and privacy issues. In this paper, an improved three-pass mutual authentication protocol (ITPMAP) for low-cost RFID tags is proposed to offer an adequate security level for RFID systems. The proposed ITPMAP protocol uses one PRNG on the tag side and heavy-weighted cryptographic techniques (i.e., digital signature and password-based encryption schemes) on the back-end server side instead of lightweight cryptographic techniques to address the security and privacy issues. The ITPMAP protocol is secure against various attacks such as cloning, spoofing, replay, and desynchronization attacks. Furthermore, as a proof of concept, the ITPMAP protocol is adopted to propose the design of three real-life RFID systems; namely: Signing and Verification of Graduation Certificate System, issuing and verification of e-ticketing system, and charging and discharging of prepaid card system. The Unified Modeling Language is used to demonstrate the design of the proposed ITPMAP protocol and systems. Java language is used for the implementation of the proposed systems. In addition, the “Mifare Classic” tags and readers are used as RFID apparatuses for the proposed systems.     

RFID多频点联合测距系统中的信号检测方法

主要研究射频识别(Radio Frequency Identification,RFID)多频点联合测距系统中如何检测标签反射信号以及如何提高信道估计精度的问题.首先,提出了一种标签反射信号的检测方法,利用标签反射信号的功率谱特性,通过分析接收信号的能量谱,识别标签反射信号得到识别信号,再利用能量检测方法对识别信号进行范围限制得到检测信号;然后,改进RFID的传统信道估计方法,以提高信道估计精度;最后,搭建了多频点联合测距系统以验证系统性能.实验结果表明,该系统具有较高的检测效率;经改进的信道估计方法能有效减小载波相位的方差;系统平均测距误差约为2.5 cm,实现了厘米级测距.