MKAP:Gen2规格下RFID安全认证协议的研究

近几年,由于EPC C1G2 RFID标准的低安全级别,轻量级的RFID认证协议被广泛研究。提出了一种改进型的符合Gen2标准的认证方案MKAP。仅运用异域运算、标签的访问密码和杀死密码来提高现用RFID Gen2标签对许多威胁的安全性。通过全面的安全性分析,证实该改进方案比现有方案,有了显著的提升。     

一种抗计数攻击的RFID双向安全认证协议

射频识别(RFID)系统是物联网的重要组成部分,它的安全问题直接制约着物联网产业的发展.现有的RFID安全认证协议很少有考虑到RFID系统的计数攻击问题,也大都不符合EPC Class1 Generation2 (EPC C1G2)标准.通过对RFID系统的安全需求和现有协议的分析,提出一种抗计数攻击的RFID双向认证协议,该协议基于EPC C1G2标准,具有前向安全性及抗追踪性,除了能抵抗计数攻击之外,还能有效抵抗常见的安全问题,此外,它在阅读器中设有过滤功能,这些保证了协议的安全性及高效性.     

EPCGen2标准下安全的RFID认证协议

现有的许多无线射频识别(RFID)协议或者不符合EPC Class-1 Gen-2(EPCGen2)标准的要求,或者存在某种安全隐患.通过对RFID协议安全需求的讨论,以及对近来提出的符合EPCGen2标准的安全协议的分析,提出了符合EPCGen2标准的RFID认证协议的设计原则,设计了一个新的符合EPCGen2标准的RFID认证协议.新的协议满足双向认证、匿名、不可追踪、抗假冒攻击、抗重放攻击等安全需求.     

适用于低成本标签的移动RFID认证协议

移动RFID系统中,阅读器与服务器之间的通道安全假设不再成立,针对这种情况,分析了当前移动RFID认证协议的安全及性能问题,建立了移动RFID安全隐私模型;基于该模型,在兼容EPC Class-1 Generation-2低成本标签系统的基础上,提出了一种能够抵抗假冒攻击、去同步化攻击,且提供前向安全隐私保护的双向认证协议;通过安全性证明与性能比较分析,表明该协议达到了设计目的,可适用于较大规模的低成本标签移动RFID系统。     

EPC编码标签的RFID系统密钥无线生成

针对目前RFID系统的认证协议都是在事先设置好的共享密钥值基础上的,敌手可以通过一些手段获取密钥而对后续的认证造成安全威胁,提出了一种基于EPC编码标签的RFID系统密钥无线生成协议。将部分EPC加密进行通信,防止秘密信息泄露;引入标签与阅读器的安全模型,提高通信的安全性;阅读器随机数保持通信过程的新鲜性;仅采用异或运算降低标签成本与计算量。通过GNY逻辑对协议进行形式化证明,安全分析和性能分析表明,该协议符合安全模型并能够抵抗主动攻击和被动攻击,具有安全性高、低成本的特点。     

面向EPC Gen2标准的RFID标签分组多位隙并行识别协议

在分析EPCglobal UHF class1 generation2和基于DFSA协议的高速标签识别算法的基础上,采用位隙FSA协议标签响应标志位隙的设置方法,通过在标签上设置一个组位隙响应标志字,提出了一种EPC Gen2 标准下的RFID标签分组多位隙并行识别协议GMBPIP,设计了一条新的分组查询命令和基于DFSA的多组标签并行识别协议流程,从理论上了分析GMBPIP协议的性能,并使用EPC Gen2 标准协议时间参数进行了仿真实验。结果表明,GMBPIP协议在不增加标签太多计算负担的情况下,能够在EPC Gen2标准下有效降低时隙空闲率和冲突率,提高了标签的识别率、时隙利用率;平均识别率不仅突破了帧时隙ALOHA协议最高36.8%的瓶颈,而且高于目前文献所述同类算法的性能指标,达到了70.95%~81.61%。GMBPIP可以作为低成本RFID系统高速识别大量被动标签的支撑协议。     

基于二次剩余理论的智能电表安全认证协议

在EPC Class 1 Gen-2标准下,RFID标签中只有很少的内存被用于处理标签的安全问题。针对此,提出一种基于二次剩余的RFID认证协议。协议通过在阅读器和标签内预置一个智能电表ID的Hash值来保证标签的前向安全性和匿名性,数据采集器通过二次剩余理论来验证电表标签是否合法,以实现对智能电表的身份认证;利用BAN逻辑理论实现对协议的安全性分析。与其他两种应用于智能电表的认证协议的性能对比分析表明,该协议计算量小,实现复杂度低,可以抵御多种攻击,能够满足用户的安全隐私需求。     

基于AES与NTRU的RFID安全认证协议

对现有的RFID认证协议进行了安全性与算法复杂度分析,提出了一种基于高级加密标准AES与公钥体制NTRU的RFID安全认证协议。该协议可抵抗重传、窃听、篡改、跟踪等多种攻击手段,实现了双向认证与密钥更新,适合安全性能要求高、电子标签用户数多的RFID应用场合。分析了此协议的安全性及算法可行性,并利用BAN逻辑对其安全性进行了证明。     

一种RFID轻量认证协议GIMAP

RFID系统是物联网感知层的重要组成部分,系统中标签端和读写器端之间的无线通信以及标签端有限的加密处理能力使其存在安全和隐私问题,解决RFID系统中的安全和隐私问题已成为一个重要的课题.本文基于广义逆矩阵,以合理平衡安全、隐私和成本为原则,利用CRC校验、矩阵运算以及简单逻辑运算设计了一个RFID标签和后端服务器之间的双向安全认证协议GIMAP,解决了重放、窃听、拒绝服务和追踪等安全隐私问题,并基于模态逻辑中的GNY逻辑给出了形式化证明.GI-MAP具有前向安全性,并且没有使用公钥加密、私钥加密或Hash函数,符合EPC Class1Gen2标准,因此具有广泛的应用前景.     

基于动态密钥的移动RFID安全认证协议

针对现有RFID安全认证协议可移动性差,以及现有协议密钥更新失败导致的跟踪、数据不同步问题,提出了一种基于动态密钥的移动RFID安全认证协议。采用随机数来动态选取认证密钥,既保证了密钥新鲜性,又避免跟踪与数据不同步问题,并且在服务器上对阅读器进行一个预处理操作,有效地阻止了外部非法阅读器对服务器发起的假冒攻击和拒绝服务攻击。分析了协议的性能和安全性,分析结果表明该协议达到了安全性要求且移动性强,计算复杂度低,适用于大规模移动RFID系统。     

Vulnerability of an RFID authentication protocol conforming to EPC Class 1 Generation 2 Standards

Recently, Chien et al. proposed an RFID authentication protocol, which consists of only the cyclic redundancy code (CRC) and the pseudo-random number generator (PRNG) [H. Chien, C. Chen, Mutual Authentication Protocol for RFID Conforming to EPC Class 1 Generation 2 Standards, Computer Standards & Interfaces, vol. 29, Elsevier, 2007, pp. 254–259]. They claimed that the protocol conforms to current EPC tags, and would be secure against all attacks on RFID systems. However, in this paper, we show that the protocol is not secure; firstly an attacker can impersonate a valid tag temporarily by a single eavesdropping. Secondly the attacker can forge a tag permanently by eavesdropping two consecutive sessions. Finally he can make a valid tag useless (DoS attack) by modifying the second attack slightly. The computational complexities of the attacks are so practicable that Chien et al.'s protocol cannot enhance the RFID security any more than the original EPC standard.     

Conformation of EPC Class 1 Generation 2 standards RFID system with mutual authentication and privacy protection

Radio frequency identification (RFID) technology has recently aroused great interest due to its convenience and economic efficiency. Through RFID become popular worldwide, it is susceptible to various attacks and security problems. Since RFID systems use wireless transmission, user privacy may be compromised by malicious people intercepting the information contained in the RFID tags. Many of the methods previously proposed to prevent such attacks do not adequately protect privacy or reduce database loading. In this paper, we propose a new authentication and encryption method that conforms to the EPC Class 1 Generation 2 standards to ensure RFID security between tags and readers. Our scheme not only reduces database loading, but also ensures user privacy. Finally, we survey our scheme from several security viewpoints, and prove its feasibility for use in several applications.     

基于伪随机函数的移动射频识别认证协议

为解决移动射频识别(RFID)中阅读器和后端服务器之间因无线传输出现的安全问题,提出一种基于伪随机函数的移动RFID双向认证协议。该协议满足EPC Class-1 Generation-2行业标准,且实现了标签、阅读器和后端服务器之间的双向认证,并通过GNY逻辑证明了其安全性。该协议能有效抵抗追踪、重放、同步化等攻击,而且它将主要计算转移到后端服务器,因此能降低标签的运算量和标签成本。     

A minimum disclosure approach to authentication and privacy in RFID systems

In this paper we present a novel approach to authentication and privacy in RFID systems based on the minimum disclosure property and in conformance to EPC Class-1 Gen-2 specifications. We present two security schemes that are suitable for both fixed reader and mobile/wireless reader environments, the mutual authentication and the collaborative authentication schemes respectively. Both schemes are suited to the computational constraints of EPC Class-1 Gen-2 passive RFID tags as only the cyclic redundancy check (CRC) and pseudo random number generator (PRNG) functions that passive RFID tags are capable of are used. Detailed security analysis of both our schemes show that they offer robust security properties in terms of tag anonymity, tag untraceability and reader privacy while at the same time being robust to replay, tag impersonation and desynchronisation attacks. Simulations results are also presented to study the scalability of the schemes and its impact on authentication delay. In addition, Yeh et al. (2010) [20] proposed a security scheme for EPC Class-1 Gen-2 based mobile/wireless RFID systems. We show that this scheme has a security vulnerability and is not suitable for mobile/wireless RFID systems.     

Secure authentication scheme for passive C1G2 RFID tags

Privacy and security concerns inhibit the fast adaption of RFID technology for many applications. A number of authentication protocols that address these concerns have been proposed but real-world solutions that are secure, maintain low communication cost and can be integrated into the ubiquitous EPCglobal Class 1 Generation 2 tag protocol (C1G2) are still needed and being investigated. We present a novel authentication protocol, which offers a high level of security through the combination of a random key scheme with a strong cryptography. The protocol is applicable to resource, power and computationally constraint platforms such as RFID tags. Our investigation shows that it can provide mutual authentication, untraceability, forward and backward security as well as resistance to replay, denial-ofth-service and man-in-the-middle attacks, while retaining a competitive communication cost. The protocol has been integrated into the EPCglobal C1G2 tag protocol, which assures low implementation cost. We also present a successful implementation of our protocol on real-world components such as the INTEL WISP UHF RFID tag and a C1G2 compliant reader.