共查询到20条相似文献,搜索用时 0 毫秒
1.
RFID, with its capability of remote automatic identification, is taking the place of barcodes and becoming the new generation of electronic tags. However, information transmitted through the air is vulnerable to eavesdropping, interception, or modification due to its radio transmission nature; the prevalence of RFID has greatly increased security and privacy concerns. In 2008, Chen et al. proposed an RFID authentication scheme which can enhance security and privacy by using hash functions and quadratic residues. However, their scheme was found to be vulnerable to impersonation attacks. This study further demonstrates that their scheme does not provide location privacy and suffers from replay attacks. An improved scheme is also proposed which can prevent possible attacks and be applied in environments requiring a high level of security. 相似文献
2.
We propose a remote password authentication scheme based on quadratic residues. In our scheme, any legal user can freely choose his own password in the card initialization phase. Using his password and smart card which contains identity and other information, he can then log into the system successfully. According to our analysis, intruders cannot obtain any secret information from the public information, or derive any password from intercepted messages. In addition, our scheme can withstand the attack of replaying previously intercepted log-in requests. 相似文献
3.
Jue-Sam Chou 《The Journal of supercomputing》2014,70(1):75-94
Radio frequency identification (RFID) tags have been widely deployed in many applications, such as supply chain management, inventory control, and traffic card payment. However, these applications can suffer from security issues or privacy violations when the underlying data-protection techniques are not properly designed. Hence, many secure RFID authentication protocols have been proposed. According to the resource usage of the tags, secure RFID protocols are classified into four types: full-fledged, simple, lightweight, and ultra-lightweight. In general, non-full-fledged protocols are vulnerable to desynchronization, impersonation, and tracking attacks, and they also lack scalability. If the tag resources allow more flexibility, full-fledged protocols seem to be an attractive solution. In this study, we examine full-fledged RFID authentication protocols and discuss their security issues. We then design a novel RFID authentication protocol based on elliptic curve cryptography, to avoid these issues. In addition, we present a detailed security analysis and a comparison with related studies; the results show that our scheme is more resistant to a variety of attacks and that it has the best scalability, while maintaining competitive levels of efficiency. 相似文献
4.
The Journal of Supercomputing - The resource-constrained nature of Internet of Things (IoT) devices and their diversity and abundancy represent a major challenge for the development of efficient... 相似文献
5.
标签的认证效率一直以来都是影响无线射频识别(RFID)技术广泛应用的一个重要因素,但是目前还没有一个较好的解决方法。在基于树的RFID协议的基础上,通过秘密共享方案将各边的共享密钥分成多份,在保持查找效率的条件下构建了新的密钥树,并设计了基于共享密钥的认证协议。通过分析表明,协议保证较高的认证效率,同时还具有足够的安全性,而且解决了RFID系统研究中长期困扰的密钥更新问题。 相似文献
6.
RFID系统中基于公钥加密的相互认证协议 总被引:1,自引:0,他引:1
随着RFID系统能力的提高和标签应用的日益普及,安全问题,特别是用户隐私问题变得日益严重。提出了一种新的RFID认证协议。认为基于公钥加密的RFID认证协议相对基于哈希函数和基于对称密钥加密的RFID认证协议,有较好的安全性。公钥加密算法NTRU被认为是一种效率较高的加密算法,且更适合于RFID系统,因此提出的协议采用了NTRU公钥加密算法。对该协议的安全性和性能进行了比较分析,结果表明该协议可以为RFID系统提供更好的安全性,能为用户提供更好的隐私保护,且性能较佳。 相似文献
7.
针对目前无线射频识别(RFID)系统中阅读器与标签之间开放、不安全的无线信道易遭受恶意攻击的安全问题,提出一种基于位重排变换的超轻量级RFID双向认证协议——RRMAP。首先,位重排变换对两组二进制数组进行第一阶段逆序自组合变换达到自身位混淆效果;其次,将得到结果用于第二阶段奇偶相邻交叉异或操作,这样就完成了整个位重排变换;最后,通过新定义位重排变换操作,并结合左循环移位运算和模2的m次方加运算对认证过程中的秘密通信数据进行加密,可以有效解决目前RFID系统中存在的安全问题。BAN逻辑形式化安全性分析和性能对比分析表明:RRMAP具有比较完备的安全和隐私保护属性,能够抵抗RFID系统所面临的典型恶意攻击方式。 相似文献
8.
针对现有的无线射频识别(RFID)安全认证协议存在安全缺陷、标签成本较高以及后台数据库需要进行大量的计算来搜索匹配符合要求的标签信息来进行认证等问题,提出了一种基于Rabin算法和交叉位运算的可扩展RFID双向认证协议。并基于BAN逻辑形式化分析方法,证明了该协议的正确性与安全性。安全分析和性能评估表明该协议不仅具有防假冒、防重放、防跟踪、可扩展性等特点,而且减少了标签的计算花费和门电路数,使得其成本大大降低,适用于低成本的RFID系统。 相似文献
9.
Mohammad Sabzinejad Farash 《The Journal of supercomputing》2014,70(2):987-1001
Radio frequency identification (RFID) is a wireless technology for automatic identification and data capture. Security and privacy issues in the RFID systems have attracted much attention. Many approaches have been proposed to achieve the security and privacy goals. One of these approaches is RFID authentication protocols by which a server and tags can authorize each other through an intracity process. Recently, Chou proposed a RFID authentication protocol based on elliptic curve cryptography. However, this paper demonstrates that the Chou’s protocol does not satisfy tag privacy, forward privacy and authentication, and server authentication. Based on these security and privacy problems, we also show that Chou’s protocol is defenseless to impersonation attacks, tag cloning attacks and location tracking attacks. Therefore, we propose a more secure and efficient scheme, which does not only cover all the security flaws and weaknesses of related previous protocols, but also provides more functionality. We prove the security of the proposed improved protocol in the random oracle model. 相似文献
10.
11.
为了能有效保证射频识别(RFID)系统中用户的隐私和数据安全,采用椭圆曲线和Weil对相结合的方法来设计RFID系统的认证协议,并提出一种新型RFID双向认证协议。该协议实现了双向认证和匿名认证,并能抵抗流量分析、伪装、重放等攻击。与随机Hash锁、Hash链、New-Gen2等进行比较,该协议能够抵抗大多数已发现的攻击形式,并给出针对这些攻击的安全性分析。 相似文献
12.
Identity-based signature scheme based on quadratic residues 总被引:1,自引:0,他引:1
Identity-based(ID-based)cryptography has drawn great concerns in recent years,and most of ID-based schemes are constructed from bilinear parings.Therefore,ID-based scheme without pairing is of great interest in the field of cryptography.Up to now, there still remains a challenge to construct ID-based signature scheme from quadratic residues.Thus,we aim to meet this challenge by proposing a concrete scheme.In this paper,we first introduce the technique of how to calculate a 2lth root of a quadratic residue,and then give a concrete ID-based signature scheme using such technique. We also prove that our scheme is chosen message and ID secure in the random oracle model,assuming the hardness of factoring. 相似文献
13.
一种基于二次剩余的动态口令算法* 总被引:3,自引:1,他引:2
针对基于动态口令的电子商务身份认证机制存在计算和通信负担过重及不能对用户的使用次数和使用时间进行控制的问题,利用二次剩余理论中计算模平方根的复杂性提出一种基于二次剩余的动态口令算法。本算法具有失效次数和失效时间两个特性,因为不需要任何口令和验证表,可以避免重放攻击,因此具有稳定的安全性。这些特点使其适合用于电子商务,如在线游戏、付费电视等。另外本算法客户端计算量很小,可以用于手机等计算能力有限的环境。 相似文献
14.
针对日益突出的RFID系统安全隐私问题,提出了一个基于混沌序列的RFID双向认证协议。利用混沌对初始值的敏感性生成混沌序列,对密钥进行加密。该协议引入标签密钥动态更新机制,并设计了自同步解决方案,实现了对标签的二次认证。采用BAN逻辑对其安全性进行证明,并与已有的协议进行安全性分析和性能比较。其分析结果表明,该协议降低了标签成本,减少了标签和后端数据库的计算量,提高了后端数据库的检索效率。不仅有效地解决了RFID系统的隐私保护及安全问题,同时也提高了RFID协议认证的执行效率,更适合低成本的RF1D系统。 相似文献
15.
Nishant Doshi Saru Kumari Dheerendra Mishra Xiong Li Kim-Kwang Raymond Choo Arun Kumar Sangaiah 《Multimedia Tools and Applications》2017,76(24):25893-25918
In this digital era, where Internet of Things (IoT) is increasing day by day, use of resource constrained devices is also increasing. Indeed, the features such as low cost, less maintenance, more adaptive to hostile environment, etc. make the wireless multimedia devices to be the best choice as the resource constrained devices. For the security, the end user device requires to establish the session key with the server before transferring the data. Mobile is one of the device having more and more usage as wireless multimedia device in recent years. In 2013, Li et al. proposed an efficient scheme for the wireless mobile communications and claimed it to be secure against various attacks. Recently, Shen et al. claimed that the scheme of Li et al. is still vulnerable to the privileged insider attack, the stolen verifier attack and finally proposed a scheme to withstand the mentioned and other attacks. However, in this paper we claim that the scheme of Shen et al. is still susceptible to the user anonymity, the session specific temporary information attack and the replay attack. In addition, Shen et al.’s scheme requires more time due to many operations. Further, we propose an efficient scheme that is secure against various known attacks and due to reduced time complexity our scheme is a preferred choice for the wireless mobile networks and hence for wireless multimedia systems. 相似文献
16.
17.
The Journal of Supercomputing - Health-care is one of the major concerns for every individual; however, it is not always possible to physically visit the health-care center in emergency situations.... 相似文献
18.
The Session Initiation Protocol (SIP) is the most widely used signaling protocol for controlling communication on the internet, establishing, maintaining, and terminating the sessions. The services that are enabled by SIP are equally applicable in the world of multimedia communication. Recently, Tsai proposed an efficient nonce-based authentication scheme for SIP. In this paper, we do a cryptanalysis of Tsai’s scheme and show that Tsai’s scheme is vulnerable to the password guessing attack and stolen-verifier attack. Furthermore, Tsai’s scheme does not provide known-key secrecy and perfect forward secrecy. We also propose a novel and secure mutual authentication scheme based on elliptic curve discrete logarithm problem for SIP which is immune to the presented attacks. 相似文献
19.
20.
针对现有基于智能卡支付系统的安全方案存在密码暴露、信息泄露和身份认证等问题,提出一种新的基于相互认证和3DES加密的智能卡远程支付系统认证方案。分析基于二次剩余的支付认证方案的不足,在注册、登录、身份认证和密码更改阶段对其进行改进,避免密码暴露攻击,提高密码更改阶段的安全性,同时结合3DES加密算法对支付信息进行加密处理。性能分析表明,该方案能有效抵御多种攻击,且用户能够自由地修改密码,同时可对用户信息进行匿名保护。与现有智能卡支付认证方案相比,该方案提高了支付系统的安全性能且具有较小的计算复杂度。 相似文献