基于口令认证的RFID系统安全协议及其BAN逻辑分析

本文提出一种新的基于口令认证的RFID系统安全协议.该方法充分利用RFID低等级标签提供的有限资源:访问口令(PW)、标签的标识码(ID)和伪随机函数等建立RFID系统读写器和标签双向认证的安全协议,对该协议抵抗各种攻击的安全性进行理论分析并对该协议的认证功能进行BAN逻辑的形式化分析.结果表明该协议能够有效抵御在线和离线字典攻击、伪装攻击、重放攻击以及流量分析和跟踪攻击,因而解决了RFID系统的安全问题.     

基于QC-MDPC码的可证明安全RFID双向认证协议

目前射频识别(RFID)系统安全问题日益严重,为了保护RFID系统中无线信道部分的信息交互安全,用准循环中密度奇偶校验码构造Niederreiter型公钥密码体制,基于这种加密模型提出一种RFID双向安全认证协议。利用规约技术证明该协议安全性,将攻击困难规约到线性码的译码困难问题。通过与其他RFID认证协议对比,在交互量、计算量和存储量等性能方面该协议也适用于资源有限且高效率的RFID系统。     

基于口令认证可证安全的RFID通信安全模型研究

针对RFID技术的安全与隐私保护问题及RFID标签资源的有限性问题,本文提出了一种基于口令认证可证安全的RFID通信安全协议--pRPAP.为求从根本上解决RFID技术的安全与隐私保护问题,本文提出为RFID系统建立通信安全模型.从形式化论证的角度出发,基于随机预言模型,使用形式化描述方式,系统地建立了RFID通信安全型.该模型包括RFID系统模型,RFID系统的攻击模型以及RFID通信安全协议的安全目标模型.并在该模型下,证明了pRPAP的安全性.证明结果显示本文提出的基于口令认证可证安全的RFID通信安全协议能够有效地解决RFID技术的安全问题.此外,本文所建立的RFID通信安全模型还有助于指导pRPAP协议各项参数的选择,以便建立适合不同安全等级要求的RFID通信安全协议.RFID通信安全模型的建立,也有助于对RFID通信安全协议进一步深入地研究.     

基于相互认证的移动RFID安全协议

移动RFID系统是指利用植入RFID读写芯片的智能移动终端,获取标签中的信息,并通过移动网络,访问后台数据库,获取相关信息。然而,由于移动RFID系统的无线通信环境和无可视性读写,带来了很多安全隐患,已经成为制约移动RFID发展的重要因素,针对此问题,在分析了移动RFID网络构成及其安全隐患后,提出了一种基于相互认证的安全协议,该协议引入了一个第3方服务器来为移动读写器和后台数据库提供签名密钥,并且利用椭圆曲线加密体制(ECC)对信息进行签名验证,最后分析表明该协议可以为移动读写器与后台数据库提供安全的通信环境,以应对各种攻击。     

基于Hash链的RFID双向认证协议的设计与分析

系统中信息的安全性是制约射频识别技术(RFID)广泛应用的一个重要因素.基于Hash函数的RFID认证协议是受到广泛关注的解决方案.本文针对RFID系统存在的用户安全及隐私等问题,在讨论了现有协议的优缺点的基础上,提出了一种基于Hash链的双向认证方案.分析表明,该协议具有不可分辨性、前向安全性、抗重放攻击、哄骗攻击等特点.     

基于PRESENT算法的RFID安全认证协议

物联网中RFID技术的应用非常广泛,但是RFID系统的安全性却存在着很大隐患。在RFID系统中标签与读写器间的通信信道是最易受到攻击,传输数据的完整性与保密性得不到保障,因而需要加强RFID系统通信的安全机制。考虑到RFID系统的硬件条件与成本限制,需要建立一个适合RFID系统的安全认证协议,来解决在RFID系统中信息传输所遇到的安全问题。PRESENT算法是轻量级的分组加密算法,将PRESENT结合到RFID系统的安全认证协议中,形成了新的RFID安全认证协议PRSA(PRESENT based RFID security authentication)。此协议可以增强RFID系统的安全性而又不会占用过多的硬件资源,从而能够适用于低成本的RFID系统的通信安全。     

基于零知识证明的多实体RFID认证协议

物联网的发展对射频识别(RFID)系统的安全性能提出了越来越高的要求。虽然基于密钥阵列的RFID认证协议解决了传统RFID认证协议在多实体环境中存在的内部攻击问题,但基于交换实体身份信息的认证方式存在信息泄露的安全隐患。针对这一问题,设计了基于零知识证明的多实体RFID认证协议(MERAP)。该协议采用分布式密钥阵列抵御内部攻击,利用零知识证明方案实现双向认证时敏感身份信息零泄露。性能分析结果显示,MERAP协议在维持一定复杂度和标签成本的基础上,可抵抗包括重传、跟踪、拒绝服务和篡改等多种外部攻击和内部攻击。     

一种基于部分ID的新型RFID安全隐私相互认证协议

在低成本电子标签中实现安全隐私功能是RFID研究领域需要解决的一项关键技术,该文采用部分ID,CRC校验以及ID动态更新的方法,提出一种新型RFID相互认证协议,该协议具有前向安全性,能够防止位置隐私攻击、重传攻击、窃听攻击和拒绝服务攻击,新协议有效地解决了RFID安全隐私问题,并且符合EPC Class1 Gen2标准,它的硬件复杂度较低,适用于低成本电子标签.     

一种基于散列函数的RFID安全认证方法

RFID系统中有限的标签芯片资源,导致数据与信息的安全成为RFID系统的重要问题之一,散列函数的单向性为RFID的识别和认证提供了一种既可靠又有效的途径.在分析了现有几种典型散列认证协议的基础上,提出了一种新的基于散列函数的安全认证协议.本协议旨在解决手持式、无线连接的RFID阅读器与标签、服务器间的识别,利用散列函数实现服务器、阅读器以及电子标签三者之间的相互认证.经过安全性与性能的分析,新协议在采用较小的存储空间和较低的运算开销的情况下,可抵抗已知的大多数攻击,有效地保证了RFID系统中数据和隐私的安全,实现了终端与服务器间的双向认证和匿名认证,非常适合于在大型分布式系统中使用.     

基于单向伪随机函数的移动RFID系统认证协议

针对移动RFID系统认证中可能出现的成本、效率、安全问题,设计了一种基于单向伪随机函数的移动RFID认证协议.协议在满足Gen-2标准的前提下,综合采用位替换运算、异或运算和单向伪随机函数加密通信信息;协议充分利用标签、读写器、后端数据库三方共享密钥和三方通信信息,对信息进行加密传输和加密认证,降低系统成本;通过实现完整三方认证与密钥更新工作,避免协议遭受假冒、去同步化等攻击行为.最后,给出协议GNY理论逻辑证明以及安全、性能分析,表明新协议的可行性与安全性.     

A Novel Authentication Management RFID Protocol Based on Elliptic Curve Cryptography

The existing RFID (Radio Frequency Identification) security protocol lacks the key establishment mechanism, assuming only that both parties of the authentication protocol have shared their respective session keys. However, key establishment is an integral part of the RFID security system. This article first introduces the elliptic curve related mathematical theory foundation. Then we establish the key negotiation mechanism, and analyze the correctness and rationality of the negotiation mechanism. Finally, we design the authentication protocol based on elliptic curve in mobile RFID system, analyze the protocol authentication process, and compare the security and performance with other protocols, which shows that the authentication protocol has more efficient performance and the ability to resist all kinds of attacks.     

射频识别系统中安全认证协议的研究

射频识别安全认证协议主要解决阅读器与应答器之间的互相认证问题。应答器需要确认阅读器的身份,防止存储数据未被认可地读出或重写;而阅读器也应确认应答器的身份,以防止假冒和读入伪造数据。目前射频识别系统主要面临着窃听隐私、重放攻击、前向安全性、同步性破坏、位置跟踪及所有权转移等安全隐患,通过对阅读器和应答器ID地址的认证来加强安全认证协议,抵抗目前已知的威胁攻击,能很好地解决射频识别系统中的主要安全问题。     

Keyless Security in Wireless Networks

Security and privacy issues in RFID technology gain tremendous popularity recently. However, existing work on RFID authentication problems always make assumptions such as (1) hash function can be fully employed in designing RFID protocols; (2) channels between readers and server are always secure. The first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be directly adopted in mobile RFID applications where wireless channels between readers and server are always insecure. To solve these problems, in this paper, we propose a novel ultralightweight and privacy-preserving authentication protocol for mobile RFID systems. We only use bitwise XOR, and several special constructed pseudo-random number generators to achieve our aims in the insecure mobile RFID environment. We use GNY logic to prove the security correctness of our proposed protocol. The security and privacy analysis show that our protocol can provide several privacy properties and avoid suffering from a number of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare several parameters with existing work, the evaluation results indicate us that our protocol significantly improves the system performance.     

基于密钥阵列的RFID安全认证协议

随着RFID技术的发展和广泛应用,安全认证协议的设计与完善对于保护信息安全和用户隐私变得更加重要。该文针对现有安全认证协议中常常忽略的来自系统内部合法阅读器之间的伪造和篡改问题,提出一种新的基于密钥阵列的安全认证协议。它通过增加密钥更新标记,有效地解决了标签和数据库之间的同步更新问题。新协议在维持一定复杂度和标签成本的基础上,可抵抗包括重传、跟踪、阻断和篡改等多种攻击手段,尤其针对来自系统内的安全威胁,具有较高的安全性和实用性。     

Security analysis of an ultra‐lightweight RFID authentication protocol for m‐commerce

Nowadays, many people perform their commercial activities, such as electronic payment and electronic banking, through their mobile phones. Mobile commerce (m‐commerce) refers to manipulating electronic commerce (e‐commerce) by using mobile devices and wireless networks. Radio‐frequency identification (RFID) is a technology which can be employed to complete payment functions on m‐commerce. As an RFID subsystem is applied in m‐commerce and supply chains, the related security concerns are very important. Recently, Fan et al. have proposed an ultra‐lightweight RFID authentication scheme for m‐commerce (ULRAS) and claimed that their protocol is efficient enough and provides a high level of security. In this paper, we show that their protocol is vulnerable to secret disclosure and reader impersonation attacks. Finally, we improve it to a protocol that is resistant to the attacks presented in this paper and the other known attacks in the context of RFID authentication. We further analyze the security of the improved protocol through the Burrows–Abadi–Needham logic (BAN‐logic). Moreover, our proposed improvement does not impose any additional workload on the RFID tag.     

Design and FPGA implementation of an efficient security mechanism for mobile pay‐TV systems

A mobile pay‐TV service is one of the ongoing services of multimedia systems. Designing an efficient mechanism for authentication and key distribution is an important security requirement in mobile pay‐TV systems. Until now, many security protocols have been proposed for mobile pay‐TV systems. However, the existing protocols for mobile pay‐TV systems are vulnerable to various security attacks. Recently, Wang and Qin proposed an authentication scheme for mobile pay‐TV systems using bilinear pairing on elliptic curve cryptography. They claimed that their scheme could withstand various attacks. In this paper, we demonstrate that Wang and Qin's scheme is vulnerable to replay attacks and impersonation attacks. Furthermore, we propose a novel security protocol for mobile pay‐TV systems using the elliptic curve cryptosystem to overcome the weaknesses of Wang and Qin's scheme. In order to improve the efficiency, the proposed scheme is designed in such a way that needs fewer scalar multiplication operations and does not use bilinear pairing, which is an expensive cryptographic operation. Detailed analyses, including verification using the Automated Validation of Internet Security Protocols and Applications tool and implementation on FPGA, demonstrate that the proposed scheme not only withstands active and passive attacks and provides user anonymity but also has a better performance than Wang and Qin's scheme.     

A hidden mutual authentication protocol for low‐cost RFID tags

Radio‐frequency identification (RFID) technology enables the identification and tracking of objects by means of the wireless signals emitted by a tag attached to the objects of interest. Without adequate protection, however, malicious attackers can easily eavesdrop, scan or forge the information within the tag, thereby threatening the integrity of the system. Previous research has shown that the basic security requirements of RFID systems, i.e. identity authentication, information privacy and location privacy, can be satisfied using conventional cryptographic components. However, such components are expensive, and therefore conflict with the general requirement for low‐cost tag designs. Accordingly, this paper presents a low‐cost challenge‐response security protocol designated as the hidden mutual authentication protocol (HMAP) to accomplish both a mutual authentication capability between the tag and the reader and information privacy. The results show that HMAP provides an efficient means of concealing the authentication messages exchanged between the tag and the reader and is robust toward replay attacks. In addition, it is shown that HMAP is easily extended to provide complete location privacy by utilizing a hash function to generate different tag identifiers in each authentication session. Copyright © 2011 John Wiley & Sons, Ltd.