一种能抵抗拒绝服务攻击的RFID安全认证协议

在分析现有一些RFID认证协议的基础上,采用流密码加密和密钥动态更新的方法设计了一种能抵抗拒绝服务攻击的RFID安全认证协议。对该协议的安全性和性能进行了分析,结果表明协议能够有效防止拒绝服务攻击、隐私攻击、窃听攻击、重传攻击,同时解决了RFID的隐私问题。     

适用于低成本标签的移动RFID认证协议

移动RFID系统中,阅读器与服务器之间的通道安全假设不再成立,针对这种情况,分析了当前移动RFID认证协议的安全及性能问题,建立了移动RFID安全隐私模型;基于该模型,在兼容EPC Class-1 Generation-2低成本标签系统的基础上,提出了一种能够抵抗假冒攻击、去同步化攻击,且提供前向安全隐私保护的双向认证协议;通过安全性证明与性能比较分析,表明该协议达到了设计目的,可适用于较大规模的低成本标签移动RFID系统。     

Vulnerability of an RFID authentication protocol conforming to EPC Class 1 Generation 2 Standards

Recently, Chien et al. proposed an RFID authentication protocol, which consists of only the cyclic redundancy code (CRC) and the pseudo-random number generator (PRNG) [H. Chien, C. Chen, Mutual Authentication Protocol for RFID Conforming to EPC Class 1 Generation 2 Standards, Computer Standards & Interfaces, vol. 29, Elsevier, 2007, pp. 254–259]. They claimed that the protocol conforms to current EPC tags, and would be secure against all attacks on RFID systems. However, in this paper, we show that the protocol is not secure; firstly an attacker can impersonate a valid tag temporarily by a single eavesdropping. Secondly the attacker can forge a tag permanently by eavesdropping two consecutive sessions. Finally he can make a valid tag useless (DoS attack) by modifying the second attack slightly. The computational complexities of the attacks are so practicable that Chien et al.'s protocol cannot enhance the RFID security any more than the original EPC standard.     

Efficient verifier-based password-authenticated key exchange in the three-party setting

In the last few years, researchers have extensively studied the password-authenticated key exchange (PAKE) in the three-party setting. The fundamental security goal of PAKE is security against dictionary attacks. The protocols for verifier-based PAKE are additionally required to be secure against server compromise. Some verifier-based PAKE schemes in the three-party setting have been suggested to solve the server compromise problem. Unfortunately, the protocols are vulnerable to an off-line dictionary attack. In this paper, we present an efficient verifier-based PAKE protocol for three-parties that is secure against known-key attacks and provides forward secrecy. To the best of our knowledge, the proposed protocol is the first secure three-party verifier-based PAKE protocol in the literature.     

Secure three-party key distribution protocol for fast network access in EAP-based wireless networks

In this paper, we present a solution that reduces the time spent on providing network access in multi-domain mobile networks where the authentication process is based on the Extensible Authentication Protocol (EAP). The goal is to achieve fast and smooth handoffs by reducing the latency added by the authentication process. This process is typically required when a mobile user moves from one authenticator to another regardless of whether the new authenticator is in the same domain (intra-domain) or different domain (inter-domain). To achieve an efficient solution to this problem, it has been generally recognized that a fast and secure key distribution process is required. We propose a new fast re-authentication architecture that employs a secure three-party key distribution protocol which reduces the number of message exchanges during the network access control process. Our approach is proved to preserve security and verified by means of a formal tool. The resulting performance benefits are shown through our extensive simulations.     

轻量级移动RFID认证协议研究设计

为解决移动射频识别（Mobile RFID）系统中信息通过无线信道传输所引发的安全与隐私问题,提出一种基于伪随机函数的轻量级移动RFID认证协议,实现后台服务器、阅读器与标签之间的双向认证。该协议中的运算主要集中在后台服务器和阅读器,可以有效地控制标签成本。安全性分析表明,该协议可以有效抵抗位置追踪、假冒、重放和同步化等攻击,并通过GNY逻辑进行了安全性证明。      

改进的三方口令认证密钥交换协议

基于三方的口令认证密钥交换（3PAKE）协议是客户通过与可信服务器共享一个口令验证元,在两客户进行通信时通过此可信服务器进行会话密钥的建立与共享,从而进行通信。首先对李文敏等人提出的协议进行安全性分析,发现该协议易受离线字典攻击和服务器泄露攻击。提出了一个改进协议,该协议能够提供双向认证、会话密钥机密性和前向安全性,能够有效抵抗多种攻击,包括离线字典攻击和服务器泄露攻击。     

可扩展及可证安全的射频识别认证协议

针对目前广泛应用的被动式射频识别（RFID）标签中的计算、存储资源有限,导致RFID认证协议的安全和隐私保护,特别是可扩展性一直没有得到很好解决的问题,提出一种基于哈希函数、可证安全的轻权认证协议。该协议通过哈希运算和随机化等操作确保认证过程中会话信息的保密传输和隐私性;在认证过程中,标签的身份信息通过伪名进行确认,其真实身份没有透漏给阅读器等不信任实体;后端服务器进行身份确认仅需进行一次哈希运算,通过标识符构造哈希表可使身份信息查找时间为常数;每次认证后,标签的秘密信息和伪名等均进行更新,从而确保协议的前向安全性。分析证实,该RFID轻权认证协议具有很好的可扩展性、匿名性和前向安全性,能够抵抗窃听、追踪、重放、去同步化等攻击,而且标签仅需提供哈希运算和伪随机数生成操作,非常适合应用于低成本的RFID系统。     

多服务器架构下认证与密钥协商协议

随着网络应用的广泛发展,网络中服务器的体系结构通常由许多不同的服务器组成.多服务器架构下的认证与密钥协商协议是实现远程用户认证的关键.单次注册是多服务架构下的认证与密钥协商协议的最重要特性,而采用动态的身份进行登录认证能有效地保护隐私.Chuang等人结合智能卡和生物特征,提出了一种基于可信计算的匿名可认证密钥协商协议,并指出其协议适用于多服务器环境同时能满足其必需的安全需求.分析指出Chuang等人的协议并不能实现用户的匿名性,同时还容易遭到服务器假冒攻击和智能卡丢失攻击.为了弥补这些安全缺陷,设计每个应用服务器选用不同的秘密参数,提出了一种改进方案.通过对敌手可能的攻击行为分析,证明了改进方案能有效防范服务器假冒攻击、智能卡丢失攻击、窃听攻击、重放攻击等安全威胁,同时改进协议保持着运算简单的特性.     

一种基于双PUF的RFID认证协议

针对Liang等人提出的基于双物理不可克隆函数(physical uncloneable function, PUF)的无线射频识别(radio frequency identification, RFID)认证协议进行分析发现其存在安全隐患,不能抵抗重放攻击、去同步攻击、标签伪造等恶意攻击.为解决由于恶意攻击者对RFID系统所造成的安全隐患问题,提出一种基于双PUF的RFID认证协议DPRAP.在伪随机数发生器种子生成阶段,不直接在非安全信道上传输种子的通信值,通过多次的Hash与异或运算对种子的值进行加密隐藏,保证协商种子的机密性;在标签与服务器的伪随机数发生器种子协商过程中,使用一个时间阈值,防止攻击者恶意阻塞通信信道引发去同步攻击,确保服务器与标签端的伪随机数发生器种子的同步性;在认证阶段,在认证信息中增加使用标签的身份标识IDS来对标签的合法性进行验证,防止标签假冒攻击.通过使用BAN逻辑和Vaudenay模型对DPRAP协议进行形式化分析和验证,证明DPRAP协议满足不可追踪性,能够抵抗去同步攻击、标签假冒攻击等攻击手段,结果表明DPRAP协议具有更强的安全隐私性和更好的实用性.     

一种采用双层校验的RFID离线匿名群证明协议

随着越来越多的物品被贴上RFID标签,用于证明若干具有一定关系的物品作为一个群组在同一时间、同一地点出现的群证明技术的应用日趋广泛.在RFID群证明技术中,如何在确保标签信息安全与隐私的同时,生成可靠的群证明,并提升协议的执行效率是当前的研究热点.为确保标签信息的安全与隐私,离线群证明协议往往仅由Verifier完成验证,Reader仅负责群证明信息的收集,降低了协议对于非法群证明的响应速度,为提高系统的群证明效率,抵御拒绝服务(deny of proof, DoP)攻击,提出了一种采用双层校验的RFID离线匿名群证明协议AGPDL,使用椭圆曲线加密,通过二次校验的方法,授权Reader在标签匿名的情况下预先进行群证明的有效性验证,然后再由Verifier完成最终的群证明校验,并确认标签身份.通过安全性分析与性能分析可知：AGPDL能够较好地保护标签信息的安全与隐私,抵御冒充攻击与重放攻击,并且防止Reader提交无效群证明带来的系统开销,具有较好的可扩展性.     

基于PUF适用于大规模RFID系统的移动认证协议

针对移动射频识别系统中的安全问题,采用物理不可克隆函数研究适用于大规模RFID系统的移动认证协议。为解决移动RFID认证环境下读写器易遭受假冒攻击的问题,在Vaudenay模型中加入攻击者入侵读写器的能力,并通过服务器对读写器的身份认证来抵御攻击者的假冒攻击;为解决标签的运算能力不足问题和服务器搜索标签耗时长的问题,采用PUF生成会话密钥来减轻标签加密过程中的运算量,服务器通过共享密钥异或运算实现对检索标签和读写器身份标识的快速检索。利用Vaudenay模型理论,分析和证明了研究的协议可实现Destructive等级的隐私保护;仿真结果表明,PMLS协议中服务器的搜索耗时不随标签数目增长而加长,满足大规模移动RFID系统的应用要求。     

一个基于稳固加密RFID协议的安全性分析

稳固加密(insubvertible encryption)是一种新型的重加密技术,它在RFID安全协议设计中发挥着重要的作用.最近,Osaka等人基于稳固加密和守护代理提出了一种新的RFID认证协议,并声称该协议具有不可追踪性、标签不可欺骗性、抵抗替换攻击、拥有权可以安全转移、密钥安全同步更新等.利用该协议中读卡器随机数和守护代理随机数的差量恒等关系,提出了一种异步攻击方法：通过伪造差量恒等的随机数,可以有效地进行读卡器和后台服务器的所有认证计算,并使服务器上的密钥和标签密钥异步,从而导致合法标签被拒绝服务.研究结果表明：该协议在异步攻击下是很脆弱的.     

SE-AKA: A secure and efficient group authentication and key agreement protocol for LTE networks

To support Evolved Packet System (EPS) in the Long Term Evolution (LTE) networks, the 3rd Generation Partnership Project (3GPP) has proposed an authentication and key agreement (AKA) protocol, named EPS-AKA, which has become an emerging standard for fourth-generation (4G) wireless communications. However, due to the requirement of backward compatibility, EPS-AKA inevitably inherits some defects of its predecessor UMTS-AKA protocol that cannot resist several frequent attacks, i.e., redirection attack, man-in-the-middle attack, and DoS attack. Meanwhile, there are additional security issues associated with the EPS-AKA protocol, i.e., the lack of privacy-preservation and key forward/backward secrecy (KFS/KBS). In addition, there are new challenges with the emergence of group-based communication scenarios in authentication. In this paper, we propose a secure and efficient AKA protocol, called SE-AKA, which can fit in with all of the group authentication scenarios in the LTE networks. Specifically, SE-AKA uses Elliptic Curve Diffie-Hellman (ECDH) to realize KFS/KBS, and it also adopts an asymmetric key cryptosystem to protect users’ privacy. For group authentication, it simplifies the whole authentication procedure by computing a group temporary key (GTK). Compared with other authentication protocols, SE-AKA cannot only provide strong security including privacy-preservation and KFS/KBS, but also provide a group authentication mechanism which can effectively authenticate group devices. Extensive security analysis and formal verification by using proverif have shown that the proposed SE-AKA is secure against various malicious attacks. In addition, elaborate performance evaluations in terms of communication, computational and storage overhead also demonstrates that SE-AKA is more efficient than those existing protocols.     

A Secure TCP Connection Migration Protocol to Enable the Survivability of Client-Server Applications Under Malicious Attack

Transmission Control Protocol (TCP) connection migration has been previously proposed to allow for the mobility of servers. In this paper we revisit TCP connection migration for purposes of server survivability against malicious denial-of-service attacks. We present a protocol that allows an on-going TCP connection to be migrated from one server to another. This migration is performed in a secure manner such that the protocol itself cannot be exploited for malicious attacks. Further the migration can be performed even in the case where the original server is compromised. The protocol has been designed so as to allow interoperability with legacy TCP protocols. It is intended to be the transport layer foundations over which survivable applications can be built.     

通用可组合安全的RFID标签组所有权转移协议

在某些应用中,往往需要在一次会话中同时完成一组RFID标签所有权的转移.然而,现有的标签组所有权转移方案大多需要可信第三方的支持且存在诸多安全和隐私保护问题.在分析安全需求的基础上,设计了一个安全高效的RFID标签组所有权转移协议.该协议在无可信第三方支持的情况下实现了一组标签所有权的同时转移.在通用可组合框架下,定义了RFID标签组所有权转移的理想函数,并证明新协议实现了所定义的理想函数.与已有同类协议相比,新协议不仅具备匿名性、不可追踪性、授权访问、抗异步攻击、前向隐私保护、后向隐私保护等安全和隐私属性,还具有通用可组合安全性.在性能方面,新方案的计算复杂度相对较低,且交互次数和标签端存储量也较少.     

Cryptanalysis of a new EPC class-1 generation-2 standard compliant RFID protocol

EPC class 1 Generation-2 (or in short term EPC-C1 G2) is one of the most important standards for RFID passive tags. However, the original protocol is known to be insecure. To improve the security of this standard, several protocols have been proposed which are compliant to this standard. In this paper, we analyze the security of a protocol which has been recently proposed by Lo and Yeh (2010). Despite the designers’ claim, which is optimal security, however, we present a passive attack which can retrieve all secret parameters of the tag efficiently. The cost of this attack is eavesdropping only one session of protocol between the tag and a legitimate reader and 2¹⁶ PRNG-function evaluations in off-line. In addition, we show that an active adversary can retrieve secret parameters more efficiently, that is, with the complexity of two consequence sessions of protocol and without the need for PRNG-function evaluation. The success probability of the given attacks are “1”. To counteract such flaws, we propose an enhanced EPC-compliant protocol entitled YAYA, by applying some minor modifications to the original protocol so that it provides the claimed security properties.     

基于ID变化的RFID安全协议

提出了一种基于ID变化的RFID安全协议,由于使用单向Hash函数,从而使数据存储机制很好地解决了阅读器和标签数据不同步的问题,有效地防止了非法读取、位置跟踪、窃听、伪装哄骗、重放等攻击。分析表明,该方法具有前向安全,效率高,安全性好等特点,适用于标签数目较多的情况。     

一种认证密钥协商协议的安全分析及改进

针对用于移动通信的可证安全的双向认证密钥协商协议MAKAP给出了一种有效攻击,指出该协议存在安全缺陷,它不能抵抗未知密钥共享攻击.分析了这些安全缺陷产生的原因,并给出了一种改进的协议MAKAP-I.改进后的MAKAP-I协议不但是可证安全的,而且无论从计算开销、通信开销、存储开销以及实现成本等方面,都比原MAKAP协议更高效、更实用.     

Security flaws in a recent RFID delegation protocol

Radio frequency identification (RFID) tag delegation enables a centralized back-end server to delegate the right to identify and authenticate a tag to specified readers. This should be used to mitigate the computational load on the server side and also to solve the issues in terms of latency and dependency on network connectivity. In this study, we describe a basic RFID delegation architecture and then under this model, we investigate the security of an RFID delegation protocol: Song Mitchell delegation (SMD), which is recently proposed by Song and Mitchell. We point out security flaws that have gone unnoticed in the design and present two attacks namely, a tag impersonation attack and a desynchronization attack against it. We also discover a subtle flaw by which a delegated entity can still keep its delegation rights after the expire of them—this infringes security policy of the scheme. More precisely, we show that the protocol will be still vulnerable to previously mentioned attacks, even if the back-end server ends the delegation right of a delegated reader and update the secrets of the delegated tags. To counteract such flaws, we improve the SMD protocol with a stateful variant so that it provides the claimed security properties.