基于口令认证的RFID系统安全协议及其BAN逻辑分析

本文提出一种新的基于口令认证的RFID系统安全协议.该方法充分利用RFID低等级标签提供的有限资源:访问口令(PW)、标签的标识码(ID)和伪随机函数等建立RFID系统读写器和标签双向认证的安全协议,对该协议抵抗各种攻击的安全性进行理论分析并对该协议的认证功能进行BAN逻辑的形式化分析.结果表明该协议能够有效抵御在线和离线字典攻击、伪装攻击、重放攻击以及流量分析和跟踪攻击,因而解决了RFID系统的安全问题.     

一种具有阅读器匿名功能的射频识别认证协议

在射频识别(RFID)的应用中,安全问题特别是用户隐私问题正日益凸显。因此,(用户)标签信息的隐私保护的需求越来越迫切。在RFID系统中,标签的隐私保护不仅是对外部攻击者,也应该包括阅读器。而现有许多文献提出的认证协议的安全仅针对外部攻击者,甚至在外部攻击者的不同攻击方法下也并不能完全保证安全。该文提出两个标签对阅读器匿名的认证协议:列表式RFID认证协议和密钥更新式RFID认证协议。这两个协议保证了阅读器对标签认证时,标签的信息不仅对外部攻击者是安全的而且对阅读器也保持匿名和不可追踪。相较于Armknecht等人提出的对阅读器匿名和不可追踪的认证协议,该文所提的协议不再需要增加第三方帮助来完成认证。并且密钥更新式RFID匿名认证协议还保证了撤销后的标签对阅读器也是匿名性和不可追踪的。     

An efficient resource allocation scheme in a dense RFID network based on cellular learning automata

Radio‐frequency identification (RFID) is a wireless communication technology. Radio frequencies can cause interference in a dense RFID system, thus decreasing efficiency. In recent years, many protocols have been proposed to reduce reader collisions based on multiple‐access techniques. The main weakness of Time Division Multiple Access (TDMA)‐based schemes is the random selection of resources. Additionally, they do not consider the distance between the interfering readers. Therefore, the likelihood of interference in an RFID system will be increased. To address this problem, we propose a new scheme for allocating resources to readers using a learning technique. The proposed scheme takes into account the distance between interfering readers, and these readers acquire the necessary knowledge to select new resources based on the results of the previous selection of neighboring readers using cellular learning automata. This approach leads to reduced interference in an RFID system. The proposed scheme is fully distributed and operates without hardware redundancy. In this scheme, the readers select new resources without exchanging information with each other. The simulation results show that the percentage of kicked readers decreased by more than 20%, and the proposed scheme also provides higher throughput than do state‐of‐the‐art schemes for dense reader environments and leads to further recognition of tags.     

A practical quadratic residues based scheme for authentication and privacy in mobile RFID systems

In this paper we propose a novel approach to authentication and privacy in mobile RFID systems based on quadratic residues and in conformance to EPC Class-1 Gen-2 specifications. Recently, Chen et al. (2008) [10] and Yeh et al. (2011) [11] have both proposed authentication schemes for RFID systems based on quadratic residues. However, these schemes are not suitable for implementation on low-cost passive RFID tags as they require the implementation of hash functions on the tags. Consequently, both of these current methods do not conform to the EPC Class-1 Gen-2 standard for passive RFID tags which from a security perspective requires tags to only implement cyclic redundancy checks (CRC) and pseudo-random number generators (PRNG) leaving about 2.5k–5k gates available for any other security operations. Further, due to secure channel assumptions both schemes are not suited for mobile/wireless reader applications. We present the collaborative authentication scheme suitable for mobile/wireless reader RFID systems where the security of the server–reader channel cannot be guaranteed. Our schemes achieves authentication of the tag, reader and back-end server in the RFID system and protects the privacy of the communication without the need for tags to implement expensive hash functions. Our scheme is the first quadratic residues based scheme to achieve compliance to EPC Class-1 Gen-2 specifications. Through detailed security analysis we show that the collaborative authentication scheme achieves the required security properties of tag anonymity, reader anonymity, reader privacy, tag untraceability and forward secrecy. In addition, it is resistant to replay, impersonation and desynchronisation attacks. We also show through strand space analysis that the proposed approach achieves the required properties of agreement, originality and secrecy between the tag and the server.     

一种基于散列函数的RFID安全认证方法

RFID系统中有限的标签芯片资源,导致数据与信息的安全成为RFID系统的重要问题之一,散列函数的单向性为RFID的识别和认证提供了一种既可靠又有效的途径.在分析了现有几种典型散列认证协议的基础上,提出了一种新的基于散列函数的安全认证协议.本协议旨在解决手持式、无线连接的RFID阅读器与标签、服务器间的识别,利用散列函数实现服务器、阅读器以及电子标签三者之间的相互认证.经过安全性与性能的分析,新协议在采用较小的存储空间和较低的运算开销的情况下,可抵抗已知的大多数攻击,有效地保证了RFID系统中数据和隐私的安全,实现了终端与服务器间的双向认证和匿名认证,非常适合于在大型分布式系统中使用.     

轻量级RFID系统的认证协议研究

由于标签强大的追踪能力,无线射频识别(RFID,Radio Frequency Identification)技术越来越多地被应用到与安全相关的各个领域,从而对安全功能的要求也随之提高。针对轻量级RFID标签在使用中的安全问题,对现有的认证协议潜在的危险进行了深入的分析,在此基础上提出了一种基于流密码的认证协议。在此安全协议中,标签和阅读器之间进行多次的双向认证,可以确保通信双方的合法性;并充分考虑了在实际应用中,标签的低成本要求。     

一种RFID系统的Tag-Reader双向安全认证协议

为了保证RFID系统的信息安全,本文在分析现有RFID认证协议的基础上,提出一种基于Grain-Mac流密码加密算法的双向安全认证协议,采用流密码和密钥动态更新的方法实现了标签与阅读器的双向认证。仿真结果表明,该协议成本低、效率高、安全性好,且能够有效抵抗拒绝服务攻击,达到了预期的效果。     

基于共享秘密的伪随机散列函数RFID双向认证协议

针对资源受限的RFID标签,结合伪随机数和共享秘密机制,该文提出一种基于散列函数的轻量级双向认证协议,实现了后端数据库、阅读器和标签之间的双向认证。详细分析了双向认证协议的抗攻击性能和效率性能,并基于BAN逻辑分析方法对协议模型进行了形式化证明。理论分析表明,该文提出的认证协议能够实现预期安全目标,抗攻击性能好,认证执行效率高且标签开销小,适用于大数量的RFID应用。     

ITPMAP: An Improved Three-Pass Mutual Authentication Protocol for Secure RFID Systems

Radio frequency identification (RFID) is a wireless technology used in various applications to minimize the complexity of everyday life. However, it opens a large number of security and privacy issues that require to be addressed before its successful deployment. Many RFID authentication protocols are proposed in recent years to address security and privacy issues, and most of them are based on lightweight cryptographic techniques such as pseudo-random number generators (PRNGs), or bitwise logical operations. However, the existing RFID authentication protocols suffer from security weaknesses, and cannot solve most of the security and privacy problems. A new solution is necessary to address security and privacy issues. In this paper, an improved three-pass mutual authentication protocol (ITPMAP) for low-cost RFID tags is proposed to offer an adequate security level for RFID systems. The proposed ITPMAP protocol uses one PRNG on the tag side and heavy-weighted cryptographic techniques (i.e., digital signature and password-based encryption schemes) on the back-end server side instead of lightweight cryptographic techniques to address the security and privacy issues. The ITPMAP protocol is secure against various attacks such as cloning, spoofing, replay, and desynchronization attacks. Furthermore, as a proof of concept, the ITPMAP protocol is adopted to propose the design of three real-life RFID systems; namely: Signing and Verification of Graduation Certificate System, issuing and verification of e-ticketing system, and charging and discharging of prepaid card system. The Unified Modeling Language is used to demonstrate the design of the proposed ITPMAP protocol and systems. Java language is used for the implementation of the proposed systems. In addition, the “Mifare Classic” tags and readers are used as RFID apparatuses for the proposed systems.     

A Gen2-Based RFID Authentication Protocol for Security and Privacy

EPCglobal Class-1 Generation-2 specification (Gen2 in brief) has been approved as ISO18000-6C for global use, but the identity of tag (TID) is transmitted in plaintext which makes the tag traceable and clonable. Several solutions have been proposed based on traditional encryption methods, such as symmetric or asymmetric ciphers, but they are not suitable for low-cost RFID tags. Recently, some lightweight authentication protocols conforming to Gen2 have been proposed. However, the message flow of these protocols is different from Gen2. Existing readers may fail to read new tags. In this paper, we propose a novel authentication protocol based on Gen2, called Gen2^{+}, for low-cost RFID tags. Our protocol follows every message flow in Gen2 to provide backward compatibility. Gen2^{+} is a multiple round protocol using shared pseudonyms and Cyclic Redundancy Check (CRC) to achieve reader-to-tag authentication. Conversely, Gen2^{+} uses the memory read command defined in Gen2 to achieve tag-to-reader authentication. We show that Gen2^{+} is more secure under tracing and cloning attacks.     

Keyless Security in Wireless Networks

Security and privacy issues in RFID technology gain tremendous popularity recently. However, existing work on RFID authentication problems always make assumptions such as (1) hash function can be fully employed in designing RFID protocols; (2) channels between readers and server are always secure. The first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be directly adopted in mobile RFID applications where wireless channels between readers and server are always insecure. To solve these problems, in this paper, we propose a novel ultralightweight and privacy-preserving authentication protocol for mobile RFID systems. We only use bitwise XOR, and several special constructed pseudo-random number generators to achieve our aims in the insecure mobile RFID environment. We use GNY logic to prove the security correctness of our proposed protocol. The security and privacy analysis show that our protocol can provide several privacy properties and avoid suffering from a number of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare several parameters with existing work, the evaluation results indicate us that our protocol significantly improves the system performance.     

Public key cryptography based privacy preserving multi-context RFID infrastructure

In this paper, we propose a novel radio frequency identification (RFID) infrastructure enabling multi-purpose RFID tags realized by the use of privacy preserving public key cryptography (PKC) architecture. The infrastructure ensures that the access rights of the tags are preserved based on the spatial and temporal information collected from the RFID readers. We demonstrate that the proposed scheme is secure with respect to cryptanalytic, impersonation, tracking, replay, and relay attacks. We also analyze the feasibility of PKC implementation on passive class 2 RFID tags, and show that the requirements for PKC are comparable to those of other cryptographic implementations based on symmetric ciphers. Our numerical results indicate PKC based systems can outperform symmetric cipher based systems, since the back end servers can identify RFID tags with PKC based systems approximately 57 times faster than the best symmetric cipher based systems.     

基于混沌序列的超高频RFID防碰撞及安全协议设计(英文)

Collision and security issues are considered as barriers to RFID applications.In this paper,a parallelizable anti-collision based on chaotic sequence combined dynamic frame slotted aloha to build a high-efficiency RFID system is proposed.In the tags parallelizable identification,we design a Discrete Markov process to analyze the success identification rate.Then a mutual authentication security protocol merging chaotic anti-collision is presented.The theoretical analysis and simulation results show that the proposed identification scheme has less than 45.1%of the identification time slots compared with the OVSF-system when the length of the chaos sequence is 31.The success identification rate of the proposed chaotic anti-collision can achieve 63%when the number of the tag is100.We test the energy consumption of the presented authentication protocol,which can simultaneously solve the anti-collision and security of the UHF RFID system.     

Security and Privacy Analysis of Song–Mitchell RFID Authentication Protocol

Many applications, such as e-passport, e-health, credit cards, and personal devices that utilize Radio frequency Identification (RFID) devices for authentication require strict security and privacy. However, RFID tags suffer from some inherent weaknesses due to restricted hardware capabilities and are vulnerable to eavesdropping, interception, or modification. The synchronization and untraceability characteristics are the major determinants of RFID authentication protocols. They are strongly related to privacy of tags and availability, respectively. In this paper, we analyze a new lightweight RFID authentication protocol, Song and Mitchell, in terms of privacy and security. We prove that not only is the scheme vulnerable to desynchronization attack, but it suffers from traceability and backward traceability as well. Finally, our improved scheme is proposed which can prevent aforementioned attacks.     

一种基于字合成运算的射频识别双向认证协议

RFID系统由标签、读写器、后台数据库3部分组成,其中标签与读写器之间通过无线信道进行信息传输,存在易被攻击者截获通信信息的风险。提出一种基于字合成运算的射频识别双向认证协议。所提协议运用二次剩余定理对信息进行加密,增大破解难度;每轮通信加密过程中,随机数的添加使得前后通信消息均不一致,致使攻击者无法发起追踪攻击行为信消息加密过程中,同时采用字合成运算方法,能够有效减少RFID系统总的计算量;后台数据库端引入随机数校验机制,使系统能够有效抵抗异步攻击等攻击。安全性分析表明,基于字合成运算的射频识别双向认证协议具备较高的安全性;性能分析表明,协议具备轻行为量级计算量的标准。     

Server‐less RFID authentication and searching protocol with enhanced security

This paper focuses on two interesting radio‐frequency identification (RFID) cryptographic protocols: the server‐less RFID authentication protocol that allows readers to authenticate tags without the help of any online backend servers, and the RFID searching protocol in which the verifier explicitly specifies the target tag to be searched and authenticated. These two kinds of RFID protocols play important roles in many RFID applications; however, the existing protocols either had security weaknesses or exhibited poor efficiency. This paper shows the weaknesses, and then proposes our server‐less RFID authentication protocol and RFID searching protocol. The proposed protocols greatly enhance the security using one more hashing. Copyright © 2011 John Wiley & Sons, Ltd.     

Enhancing Privacy and Security of RFID System with Serverless Authentication and Search Protocols in Pervasive Environments

One of the recent realms that gathered attention of researchers is the security issues of Radio Frequency Identification (RFID) systems that have tradeoff between controlled costs and improved efficiency. Evolvement and benefits of RFID technology signifies that it can be low-cost, efficient and secured solution to many pervasive applications. But RFID technology will not intermingle into human lives until prevailing and flexible privacy mechanisms are conceived. However, ensuring strong privacy has been an enormous challenge due to extremely inadequate computational storage of typical RFID tags. So in order to relieve tags from responsibility, privacy protection and security assurance was guaranteed by central server. In this paper, we suggest serverless, forward secure and untraceable authentication protocol for RFID tags. This authentication protocol safeguards both tag and reader against almost all major attacks without the intervention of server. Though it is very critical to guarantee untraceability and scalability simultaneously, here we are proposing a scheme to make our protocol more scalable via ownership transfer. To the best of our knowledge this feature is incorporated in the serverless system for the first time in pervasive environments. One extension of RFID authentication is RFID tag searching, which has not been given much attention so far. But we firmly believe that in near future tag searching will be a significant issue RFID based pervasive systems. So in this paper we propose a serverless RFID tag searching protocol in pervasive environments. This protocol can search a particular tag efficiently without server’s intervention. Furthermore they are secured against major security threats.     

基于ISO18000-6C标准的RFID认证协议

RFID技术应用越来越广,给人们带来便利的同时安全和隐私问题也相随而生,如何提高RFID系统的安全防范能力已成为该领域的重点研究方向。许多研究者提出了基于RFID空中接口通信的认证协议,但复杂的算法难以适用于符合ISO18000-6C标准的电子标签。论文根据ISO18000-6C标准提出了一种新的适合低成本标签的认证协议,为RFID安全提供了一套解决方案。     

基于Montgomery型椭圆曲线密码的RFID安全认证方案

针对现有基于椭圆曲线密码（elliptic curve cryptography,ECC）体制的 RFID（radio frequency identification device）安全认证方案不能满足相互认证、隐私保护和前向安全性等要求,提出一种基于Montgomery型椭圆曲线密码的认证方案。利用Montgomery型椭圆曲线来降低计算量,并提供标签和服务器之间的相互认证,具有匿名性和前向安全性。通过分析表明,该方案能够抵抗重放攻击、标签伪装攻击、服务器欺骗攻击、DoS攻击、位置跟踪攻击和克隆攻击。与现有方案相比,该方案在保证较低的内存、计算和通信需求的情况下,提供了较高的安全性能,能够满足RFID系统的安全性要求。     

轻型的RFID安全认证协议LAP

RFID标签存在着处理能力弱、存储空间小和电源供给有限等局限性,传统的公钥算法或散列函数等复杂运算不能满足实际应用的需求。针对现有轻量级RFID认证协议的不足,设计了基于广义逆矩阵的RFID安全认证协议LAP。该协议采用了硬件复杂度较低的CRC校验及计算量较小的矩阵运算。通过安全隐私和性能分析,LAP协议适用于低成本、存储与计算受限的RFID标签。