A lightweight anti-desynchronization RFID authentication protocol

Radio frequency identification (RFID) technology has been widely used in ubiquitous infrastructures. However, resource constraint in the low-cost RFID systems has posed potential risks such as privacy and security problems, becoming adoption barrier for RFID-based applications. In this paper, current security issues in RFID are introduced firstly. Then, we propose a lightweight Anti-desynchronization privacy preserving RFID authentication protocol. It is particularly suitable for the low-cost RFID environment for only the capacity of one-way hash function and XOR operation is needed. In this lightweight Anti-desynchronization RFID authentication protocol, the back-end server keeps the history of the random key update to prevent the active attackers from de-synchronizing the shared secret between the tag and the back-end server. The security and the performance of the proposed protocol are analyzed as well.     

PUF-enhanced offline RFID security and privacy

RFID (Radio Frequency IDentification) based communication solutions have been widely used nowadays for mobile environments such as access control for secure system, ticketing systems for transportation, and sport events. These systems usually depend on readers that are not continuously connected to a secure backend system. Thus, the readers should be able to perform their duties even in offline mode, which generally requires the management by the readers of the susceptible data. The use of RFID may cause several security and privacy issues such as traceability of tag owner, malicious eavesdropping and cloning of tags. Besides, when a reader is compromised by an adversary, the solution to resolve these issues getting worse. In order to handle these issues, several RFID authentication protocols have been recently proposed; but almost none of them provide strong privacy for the tag owner. On the other hand, several frameworks have been proposed to analyze the security and privacy but none of them consider offline RFID system.Motivated by this need, in this paper, we first revisit Vaudenay's model, extend it by considering offline RFID system and introduce the notion of compromise reader attacks. Then, we propose an efficient RFID mutual authentication protocol. Our protocol is based on the use of physically unclonable functions (PUFs) which provide cost-efficient means to the fingerprint chips based on their physical properties. We prove that our protocol provides destructive privacy for tag owner even against reader attacks.     

基于密钥矩阵的RFID安全协议

无线射频识别(RFID)作为一种新型的自动识别技术正逐渐得到广泛应用,但RFID系统的特点和RFID设备的局限性带来了很多安全隐患问题。针对这些问题,讨论并阐明RFID的系统组成和安全隐患,分析了几种现有的典型的RFID 安全协议的特点和缺陷,提出一种基于密钥矩阵的RFID安全协议。该协议使用密钥矩阵来加密标签和阅读器之间传输的数据,并在认证后更新标签中密值,能有效抵抗多种攻击。分析表明,该协议具有效率高、成本低、安全性高等特点。     

Secure and private search protocols for RFID systems

In many real world applications, there is a need to search for RFID tagged items. In this paper, we propose a set of protocols for secure and private search for tags based on their identities or certain criteria they must satisfy. When RFID enabled systems become pervasive in our life, tag search becomes crucial. Surprisingly, the problem of RFID search has not been widely addressed in the literature. We analyzed the privacy and security features of the proposed tag search protocols, and concluded that our protocols provide tag identity privacy, tag source location privacy, and tag-reader communication privacy. For the first time, we propose a formal method to securely search RFID tags which satisfy certain search criteria.     

一种能抵抗拒绝服务攻击的RFID安全认证协议

在分析现有一些RFID认证协议的基础上,采用流密码加密和密钥动态更新的方法设计了一种能抵抗拒绝服务攻击的RFID安全认证协议。对该协议的安全性和性能进行了分析,结果表明协议能够有效防止拒绝服务攻击、隐私攻击、窃听攻击、重传攻击,同时解决了RFID的隐私问题。     

基于混沌加密的可同步更新RFID双向认证协议

针对日益突出的RFID系统安全隐私问题,提出了一个基于混沌序列的RFID双向认证协议。利用混沌对初始值的敏感性生成混沌序列,对密钥进行加密。该协议引入标签密钥动态更新机制,并设计了自同步解决方案,实现了对标签的二次认证。采用BAN逻辑对其安全性进行证明,并与已有的协议进行安全性分析和性能比较。其分析结果表明,该协议降低了标签成本,减少了标签和后端数据库的计算量,提高了后端数据库的检索效率。不仅有效地解决了RFID系统的隐私保护及安全问题,同时也提高了RFID协议认证的执行效率,更适合低成本的RF1D系统。     

Efficient detection of counterfeit products in large-scale RFID systems using batch authentication protocols

RFID technology facilitates processing of product information, making it a promising technology for anti-counterfeiting. However, in large-scale RFID applications, such as supply chain, retail industry, pharmaceutical industry, total tag estimation and tag authentication are two major research issues. Though there are per-tag authentication protocols and probabilistic approaches for total tag estimation in RFID systems, the RFID authentication protocols are mainly per-tag-based where the reader authenticates one tag at each time. For a batch of tags, current RFID systems have to identify them and then authenticate each tag sequentially, one at a time. This increases the protocol execution time due to the large volume of authentication data. In this paper, we propose to detect counterfeit tags in large-scale system using efficient batch authentication protocol. We propose FSA-based protocol, FTest, to meet the requirements of prompt and reliable batch authentication in large-scale RFID applications. FTest can determine the validity of a batch of tags with minimal execution time which is a major goal of large-scale RFID systems. FTest can reduce protocol execution time by ensuring that the percentage of potential counterfeit products is under the user-defined threshold. The experimental result demonstrates that FTest performs significantly better than the existing counterfeit detection approaches, for example, existing authentication techniques.     

动态双向Hash认证的RFID安全协议

射频识别(RFID)系统利用无线射频技术以非接触的形式,在开放的环境下通过电磁波进行对象识别。但由于RFID系统的特殊性和实际要求的一些局限性,给射频识别带来了很多安全问题。如何设计出适合于RFID系统的高效、安全的认证协议是RFID系统能够进一步广泛应用的关键。本文通过分析现有的典型的RFID安全协议,在了解它们的特点和缺陷的基础上,提出了一种RFID动态协议。通过相关协议的比较表明,该协议是一种安全、高效、隐私性好的认证协议。     

一种适用于RFID协议安全性评估的方案

基于对RFID系统安全模型,对可能存在的安全隐患进行详细地分析,针对各种安全隐患提出可行的对策,从中总结出安全协议最重要的两个特性,即双向认证以及数据和密钥的隐私性。然后基于CSP模型提出一套简单、行之有效的自动化安全性评估方案,从而避免了传统的依靠自我论述证明的方法说服力不高的问题。     

基于多方排序协议的安全电子投票方案

与传统投票相比较, 电子投票拥有许多优势, 也存在重要的安全问题. 电子投票的全隐私性是评估投票方案安全的重要指标, 它是指对投票者的隐私保护和候选者的隐私保护, 特别是落选者的得票数的保护. 利用可验证秘密共享的思想提出了一个安全多方排序协议, 并将它运用到电子投票中, 设计了一个新的安全的电子投票协议, 本协议具有全隐私性.     

基于SM2联合签名的电子发票公开验证方案

为解决当前电子发票防伪困难、隐私泄露、验证效率低等问题,针对全程无纸化的电子发票文件,提出了一种基于国密签名算法的电子发票公开验证架构。面向电子发票文件数据来源复杂、票面用户信息敏感、数据流转频繁等特征及电子发票高效公开查验需求,在电子发票服务架构下设计电子发票生成及查验协议,基于无证书联合签名提出发票防伪签名码生成方案,实现开票方与税务主管部门的多重数据核验与签名,支持各类型的发票持有者对电子发票的真伪及数据完整性进行公开查验。融合数据加密算法对电子发票中的用户隐私数据进行保护,同时可满足各类发票应用场景下的真伪或状态验证需求,解决了当前电子发票文件中用户消费信息等敏感数据在传递中泄露的问题,突破了电子发票仅能通过在线系统核对真伪的局限。查验方仅需验证单次签名即可确认开票方及主管部分等双方签名的电子发票真伪性,同时利用公钥加密实现了隐私数据,方案中使用国密算法符合电子发票应用需求。调用Scyther安全仿真工具对方案安全性进行分析,在各类攻击下可安全验证数据的完整性及来源真实性并保证隐私数据的保密性。在查验计算开销及发票文件数据量两方面,与国外已实行的典型电子发票查验方案及同类型基于...     

Single tag sharing scheme for multiple-object RFID applications

RFID systems have been widely adopted in various industrial as well as personal applications. However, traditional RFID systems are limited to address only one tag for each application object. This limitation hinders the usability of RFID applications because it is difficult, if not impossible, to distinguish many tags simultaneously with existing RFID systems. In this paper, we propose a new RFID tag structure to support multiple-objects that can be easily shared by many different RFID applications. That is, the proposed RFID tag structure supports that a tag maintains several different objects and allows those applications to access them simultaneously. We also propose an authentication protocol to support multiple-object RFID applications. Especially, we focus on the efficiency of the authentication protocol by considering different security levels in RFID applications. The proposed protocol includes two types of authentication procedures. In the proposed protocol, an object has its security level and goes through one of different authentication procedures suitable for its security level. We report the results of a simulation to test the performance of the proposed scheme. In our simulation, we considered the safety of our scheme against potential attacks and evaluated the efficiency of the proposed protocol.     

Extending ECC-based RFID authentication protocols to privacy-preserving multi-party grouping proofs

Since the introduction of the concept of grouping proofs by Juels, which permit RFID tags to generate evidence that they have been scanned simultaneously, various new schemes have been proposed. Their common property is the use of symmetric-key primitives. However, it has been shown that such schemes often entail scalability, security and/or privacy problems. In this article, we extend the notion of public-key RFID authentication protocols and propose a privacy-preserving multi-party grouping-proof protocol which relies exclusively on the use of elliptic curve cryptography (ECC). It allows to generate a proof which is verifiable by a trusted verifier in an offline setting, even when readers or tags are potentially untrusted, and it is privacy-preserving in the setting of a narrow-strong attacker. We also demonstrate that our RFID grouping-proof protocol can easily be extended to use cases with more than two tags, without any additional cost for an RFID tag. To illustrate the implementation feasibility of our proposed solutions, we present a novel ECC hardware architecture designed for RFID.     

ECC-based lightweight authentication protocol with untraceability for low-cost RFID

Due to the potential wide deployment of Radio Frequency Identification (RFID), the security of RFID systems has drawn extensive attention from both academia and industry, and the RFID authentication protocol is an important mechanism in the security of RFID systems. The desired security requirements of RFID authentication protocols include privacy, integrity, authentication, anonymity/untraceability, and even availability. To design an efficient protocol that satisfies all the requirements with limited resources is a challenge. This paper proposes a new RFID authentication protocol based on Error Correction Codes (ECC). The proposed scheme has excellent performance in terms of security, efficiency, server’s maintenance, robustness, and cost. The tag only performs simple operations, such as random number generation and simple bitwise computations. The lightweight feature makes it attractive to those low-cost RFIDs that support only simple operations.     

一种基于NTRU公钥加密系统的RFID认证协议

随着RFID(Radio Frequency Identification)技术研究进展,RFID系统的应用日趋广泛,从而使得RFID系统本身固有限制所导致的一些问题变得突出和严重,其中就包括RFID的安全、隐私问题.所以基于RFID系统的发展和应用考虑,RFID系统必须满足一定的安全需求.在NTRU(Number Theory Research Unit)公钥加密系统的基础上,提出一种新的RFID安全认证协议,并且结合NTRU公钥加密系统的安全性和通用可组合模型,对新协议的安全性进行了系统、形式化的描述和分析.     

An efficient and secure authentication protocol for RFID systems

The use of radio frequency identification (RFID) tags may cause privacy violation of users carrying an RFID tag. Due to the unique identification number of the RFID tag, the possible privacy threats are information leakage of a tag, traceability of the consumer, denial of service attack, replay attack and impersonation of a tag, etc. There are a number of challenges in providing privacy and security in the RFID tag due to the limited computation, storage and communication ability of low-cost RFID tags. Many research works have already been conducted using hash functions and pseudorandom numbers. As the same random number can recur many times, the adversary can use the response derived from the same random number for replay attack and it can cause a break in location privacy. This paper proposes an RFID authentication protocol using a static identifier, a monotonically increasing timestamp, a tag side random number and a hash function to protect the RFID system from adversary attacks. The proposed protocol also indicates that it requires less storage and computation than previous existing RFID authentication protocols but offers a larger range of security protection. A simulation is also conducted to verify some of the privacy and security properties of the proposed protocol.     

RFID安全协议的设计与分析

回顾了已有的各种RFID安全机制,重点介绍基于密码技术的RFID安全协议;分析了这些协议的缺陷;讨论了基于可证明安全性理论来设计和分析RFID安全协议的模型和方法.     

Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography

Radio frequency identification (RFID) is a wireless technology for automatic identification and data capture. Security and privacy issues in the RFID systems have attracted much attention. Many approaches have been proposed to achieve the security and privacy goals. One of these approaches is RFID authentication protocols by which a server and tags can authorize each other through an intracity process. Recently, Chou proposed a RFID authentication protocol based on elliptic curve cryptography. However, this paper demonstrates that the Chou’s protocol does not satisfy tag privacy, forward privacy and authentication, and server authentication. Based on these security and privacy problems, we also show that Chou’s protocol is defenseless to impersonation attacks, tag cloning attacks and location tracking attacks. Therefore, we propose a more secure and efficient scheme, which does not only cover all the security flaws and weaknesses of related previous protocols, but also provides more functionality. We prove the security of the proposed improved protocol in the random oracle model.     

Conformation of EPC Class 1 Generation 2 standards RFID system with mutual authentication and privacy protection

Radio frequency identification (RFID) technology has recently aroused great interest due to its convenience and economic efficiency. Through RFID become popular worldwide, it is susceptible to various attacks and security problems. Since RFID systems use wireless transmission, user privacy may be compromised by malicious people intercepting the information contained in the RFID tags. Many of the methods previously proposed to prevent such attacks do not adequately protect privacy or reduce database loading. In this paper, we propose a new authentication and encryption method that conforms to the EPC Class 1 Generation 2 standards to ensure RFID security between tags and readers. Our scheme not only reduces database loading, but also ensures user privacy. Finally, we survey our scheme from several security viewpoints, and prove its feasibility for use in several applications.     

基于ECC的支持标签所有权转移的RFID认证协议

针对射频识别（RFID）标签认证及其所有权转移过程的隐私泄露等安全问题,以及认证协议通常与标签所有权转移协议单独设计的现状,基于支持椭圆曲线加密（ECC）的标签,提出了一个适用于开放环境的兼具标签认证和所有权转移的协议。该协议结构类似于Diffie-Hellman密钥交换算法结构,协议的标签隐私保护基于椭圆曲线上的计算性Diffie-Hellman问题的难解性。经证明,该协议满足标签隐私保护要求及认证协议的其他安全需求。与近年来其他基于标签支持ECC的RFID认证协议相比,从支持标签所有权转移、标签计算开销、协议通信开销和标签隐私保护等多方面综合评估,所提出的认证协议优于对比协议。另外,针对较安全的应用场合,给出了阅读器单向认证标签的简化版协议。