ECC-based lightweight authentication protocol with untraceability for low-cost RFID

Due to the potential wide deployment of Radio Frequency Identification (RFID), the security of RFID systems has drawn extensive attention from both academia and industry, and the RFID authentication protocol is an important mechanism in the security of RFID systems. The desired security requirements of RFID authentication protocols include privacy, integrity, authentication, anonymity/untraceability, and even availability. To design an efficient protocol that satisfies all the requirements with limited resources is a challenge. This paper proposes a new RFID authentication protocol based on Error Correction Codes (ECC). The proposed scheme has excellent performance in terms of security, efficiency, server’s maintenance, robustness, and cost. The tag only performs simple operations, such as random number generation and simple bitwise computations. The lightweight feature makes it attractive to those low-cost RFIDs that support only simple operations.     

基于PRF的RFID轻量级认证协议研究

无线射频识别(radio frequency identification, RFID)认证协议可实现读写器和标签之间的身份识别,保证只有合法的读写器才能访问标签的数据.由于标签的成本限制,设计最轻量级的RFID认证协议是面临的主要挑战.为了达到不可预测性隐私,标签至少需要具有伪随机函数PRF的能力.首先提出了一种基于PRF的RFID轻量级认证协议的基本框架,给出了抽象描述.基于对消息认证函数F\\-i的实例化,提出了一种新的RFID轻量级认证协议ELAP.与现有协议相比,该协议可以实现读写器和标签之间的双向认证,并能抵抗已知的所有攻击方式.在效率方面,标签只需要进行2次消息摘要运算,让标签的计算代价达到了最小.     

一种抗恶意攻击的RFID双向认证协议

针对现有无线射频识别（RFID）认证机制存在的安全缺陷,提出一种新型抗恶意攻击的RFID双向认证协议,并基于GNY逻辑给出了协议的安全性证明。该协议将公钥加密算法和对称密钥加密算法相结合,采用阅读器双重认证及预认证阶段刷新密钥的方法,通过在标签中添加保护密钥同步的恶意攻击标记Tm,解决了当前协议中存在的认证效率较低,标签密钥更新失败导致位置跟踪和非法更新标签/服务器内部密钥造成拒绝服务（DoS）等问题,可抵抗重传,标签/阅读器假冒,通信量分析和去同步化等多种恶意攻击。分析结果表明：该协议具有安全性好,效率高,计算复杂度低等特点,适合于标签的大规模应用。     

A novel mutual authentication scheme based on quadratic residues for RFID systems

In 2004, Ari Juels proposed a Yoking-Proofs protocol for RFID systems. Their aim is to permit a pair of tags to generate a proof which is verifiable off-line by a trusted entity even when the readers are potentially untrusted. However, we found that their protocol does not possess the anonymity property but also suffers from both known-plaintext attack and replay attack. Wong et al. [Kirk H.M. Wong, Patrick C.L. Hui, Allan C.K. Chan, Cryptography and authentication on RFID passive tags for apparel products, Computer in Industry 57 (2005) 342–349] proposed an authentication scheme for RFID passive tags, attempting to be a standard for apparel products. Yet, to our review, their protocol suffers from guessing parameter attack and replay attack. Moreover, both of the schemes have the common weakness: the backend server must use brute search for each tag’s authentication. In this paper, we first describe the weaknesses in the two above-mentioned protocols. Then, we propose a novel efficient scheme which not only achieve the mutual authentication between the server and the tag but also can satisfy all the security requirements needed in an RFID system.     

A lightweight anti-desynchronization RFID authentication protocol

Radio frequency identification (RFID) technology has been widely used in ubiquitous infrastructures. However, resource constraint in the low-cost RFID systems has posed potential risks such as privacy and security problems, becoming adoption barrier for RFID-based applications. In this paper, current security issues in RFID are introduced firstly. Then, we propose a lightweight Anti-desynchronization privacy preserving RFID authentication protocol. It is particularly suitable for the low-cost RFID environment for only the capacity of one-way hash function and XOR operation is needed. In this lightweight Anti-desynchronization RFID authentication protocol, the back-end server keeps the history of the random key update to prevent the active attackers from de-synchronizing the shared secret between the tag and the back-end server. The security and the performance of the proposed protocol are analyzed as well.     

基于混沌加密的可同步更新RFID双向认证协议

针对日益突出的RFID系统安全隐私问题,提出了一个基于混沌序列的RFID双向认证协议。利用混沌对初始值的敏感性生成混沌序列,对密钥进行加密。该协议引入标签密钥动态更新机制,并设计了自同步解决方案,实现了对标签的二次认证。采用BAN逻辑对其安全性进行证明,并与已有的协议进行安全性分析和性能比较。其分析结果表明,该协议降低了标签成本,减少了标签和后端数据库的计算量,提高了后端数据库的检索效率。不仅有效地解决了RFID系统的隐私保护及安全问题,同时也提高了RFID协议认证的执行效率,更适合低成本的RF1D系统。     

轻量级RFID标签组证明协议

目前,RFID（射频识别）技术已大量应用于物品识别、供应链管理、电子票证等领域。为向第三方证明一组RFID标签已被阅读器同时扫描过,针对低性能标签,提出了一个基于ElGamal加密方案的轻量级RFID标签组证明协议。该协议执行时,阅读器首先与主标签进行认证,然后转发主标签的部分输出信息至标签组中的第一个标签,该标签对输入信息进行哈希运算后,再产生输出信息并由阅读器转发至第二个标签。第二个标签再对输入信息进行哈希运算,其输出再被阅读器转发至第三个标签。此过程重复执行,直至标签组中最后一个标签的输出信息被阅读器转发回主标签。最后,阅读器记录所有标签的输出信息并形成标签组证明,该证明可交由第三方验证。所提出的协议需要阅读器执行ElGamal加密算法,主标签执行轻量级对称加密运算,而标签组中的所有普通标签只需执行哈希运算。经分析,所提出协议满足相应安全要求,且性能优于对比协议。     

Secure authentication scheme for passive C1G2 RFID tags

Privacy and security concerns inhibit the fast adaption of RFID technology for many applications. A number of authentication protocols that address these concerns have been proposed but real-world solutions that are secure, maintain low communication cost and can be integrated into the ubiquitous EPCglobal Class 1 Generation 2 tag protocol (C1G2) are still needed and being investigated. We present a novel authentication protocol, which offers a high level of security through the combination of a random key scheme with a strong cryptography. The protocol is applicable to resource, power and computationally constraint platforms such as RFID tags. Our investigation shows that it can provide mutual authentication, untraceability, forward and backward security as well as resistance to replay, denial-ofth-service and man-in-the-middle attacks, while retaining a competitive communication cost. The protocol has been integrated into the EPCglobal C1G2 tag protocol, which assures low implementation cost. We also present a successful implementation of our protocol on real-world components such as the INTEL WISP UHF RFID tag and a C1G2 compliant reader.     

满足后向隐私的可扩展RFID双向认证方案

无线射频识别(RFID)系统的匿名认证机制可以有效地保护标签的隐私性,而可扩展性和后向隐私安全性是实际应用中需要考虑的两个重要问题.对最近新提出的3个可扩展RFID双向认证协议的安全性进行了分析.分析指出,ACP方案并不能提供后向隐私安全性;G-I方案不能抵抗去同步攻击,攻击者可以通过主动攻击,使得标签和阅读器内存储的密钥数据不一致,从而破坏标签和阅读器的后继认证;而MMR方案不能抵御主动攻击,攻击者可以仿冒合法阅读器,通过不断质询标签并分析标签的回复消息,就可完全推导出标签中存储的全部秘密.在此基础上,提出了一个基于Hash函数的可扩展双向认证方案,方案从存储需求和运算量上要优于G-I方案;并且证明了方案能够满足受限后向隐私安全,并可以抵御去同步攻击.     

Efficient detection of counterfeit products in large-scale RFID systems using batch authentication protocols

RFID technology facilitates processing of product information, making it a promising technology for anti-counterfeiting. However, in large-scale RFID applications, such as supply chain, retail industry, pharmaceutical industry, total tag estimation and tag authentication are two major research issues. Though there are per-tag authentication protocols and probabilistic approaches for total tag estimation in RFID systems, the RFID authentication protocols are mainly per-tag-based where the reader authenticates one tag at each time. For a batch of tags, current RFID systems have to identify them and then authenticate each tag sequentially, one at a time. This increases the protocol execution time due to the large volume of authentication data. In this paper, we propose to detect counterfeit tags in large-scale system using efficient batch authentication protocol. We propose FSA-based protocol, FTest, to meet the requirements of prompt and reliable batch authentication in large-scale RFID applications. FTest can determine the validity of a batch of tags with minimal execution time which is a major goal of large-scale RFID systems. FTest can reduce protocol execution time by ensuring that the percentage of potential counterfeit products is under the user-defined threshold. The experimental result demonstrates that FTest performs significantly better than the existing counterfeit detection approaches, for example, existing authentication techniques.     

Scalable RFID security protocols supporting tag ownership transfer

We identify privacy, security and performance requirements for radio frequency identification (RFID) protocols, as well as additional functional requirements such as tag ownership transfer. Many previously proposed protocols suffer from scalability issues because they require a linear search to identify or authenticate a tag. In support of scalability, some RFID protocols, however, only require constant time for tag identification, but, unfortunately, all previously proposed schemes of this type have serious shortcomings. We propose a novel scalable RFID authentication protocol based on the scheme presented in Song and Mitchell (2009) [1], that takes constant time to authenticate a tag. We also propose secret update protocols for tag ownership and authorisation transfer. The proposed protocols possess the identified privacy, security and performance properties and meet the requirements for secure ownership transfer identified here.     

RFID超轻量级认证协议RCIA形式化分析与改进

无线射频识别（RFID）是物联网中的一种非接触式的自动识别技术,被广泛运用于构建物物互联的RFID系统。RCIA是一种超轻量级RFID双向认证协议,提供高安全性并声称能抵御去同步攻击。形式化方法是安全协议分析的有力手段。运用模型检测工具SPIN对RCIA协议的认证性及一致性进行验证,结果表明RCIA协议存在去同步攻击漏洞。针对此漏洞,提出基于密钥同步机制的修补方案,对RCIA协议进行了改进。对改进后的协议进行形式化分析与验证,结果表明改进后的RCIA协议具有更高的安全性。提出的协议抽象建模方法对此类超轻量级RFID双向认证协议形式化分析具有重要借鉴意义;提出的基于密钥同步机制的漏洞修补方案,被证明能有效抵御去同步漏洞,可适用于此类超轻量级RFID双向认证协议的设计和分析。     

基于随机运算符的轻量级匿名射频识别系统双向认证协议

针对无线射频识别（RFID）系统容易遭受无线信道中的恶意攻击以及标签所有者隐私时常收到侵犯的问题,提出了一种支持匿名的轻量级RFID认证协议。首先,使用了随机数发生器生成不可预测的序列以指定参与协议的轻量级运算符;然后,通过指定种子以实现阅读器与标签之间的密钥协商;最后,实现双向认证与信息更新。通过与部分典型的轻量级方案的对比可知,所提出的方案相较同类的轻量级协议最多节省近42%的标签存储开销,同时其通信开销维持在同类方案的低水平位置,且能够支持多种安全需求。所提方案适用于低成本RFID系统。     

EMAP: An efficient mutual authentication protocol for passive RFID tags

Radio frequency identification (RFID) system is a contactless automatic identification system, which uses small and low cost RFID tags. The primary problem of current security and privacy preserving schemes is that, in order to identify only one single tag, these schemes require a linear computational complexity on the server side. We propose an efficient mutual authentication protocol for passive RFID tags that provides confidentiality, untraceability, mutual authentication, and efficiency. The proposed protocol shifts the heavy burden of asymmetric encryption and decryption operations on the more powerful server side and only leaves lightweight hash operation on tag side. It is also efficient in terms of time complexity, space complexity, and communication cost, which are very important for practical large-scale RFID applications.     

基于EPC-C1G2标准的RFID认证机制

分析EPC-C1G2标准认证机制和现有改进方案,针对超高频射频识别(RFID)认证机制存在的安全缺陷,提出一种轻量级RFID认证方案。该方案实现了读写器和标签的双向认证,其轻量级加密算法能在一定程度上保证消息的安全传输。分析结果表明该方案具有较高安全性,能满足超高频RFID的安全需求。     

A minimum disclosure approach to authentication and privacy in RFID systems

In this paper we present a novel approach to authentication and privacy in RFID systems based on the minimum disclosure property and in conformance to EPC Class-1 Gen-2 specifications. We present two security schemes that are suitable for both fixed reader and mobile/wireless reader environments, the mutual authentication and the collaborative authentication schemes respectively. Both schemes are suited to the computational constraints of EPC Class-1 Gen-2 passive RFID tags as only the cyclic redundancy check (CRC) and pseudo random number generator (PRNG) functions that passive RFID tags are capable of are used. Detailed security analysis of both our schemes show that they offer robust security properties in terms of tag anonymity, tag untraceability and reader privacy while at the same time being robust to replay, tag impersonation and desynchronisation attacks. Simulations results are also presented to study the scalability of the schemes and its impact on authentication delay. In addition, Yeh et al. (2010) [20] proposed a security scheme for EPC Class-1 Gen-2 based mobile/wireless RFID systems. We show that this scheme has a security vulnerability and is not suitable for mobile/wireless RFID systems.     

一个基于稳固加密RFID协议的安全性分析

稳固加密(insubvertible encryption)是一种新型的重加密技术,它在RFID安全协议设计中发挥着重要的作用.最近,Osaka等人基于稳固加密和守护代理提出了一种新的RFID认证协议,并声称该协议具有不可追踪性、标签不可欺骗性、抵抗替换攻击、拥有权可以安全转移、密钥安全同步更新等.利用该协议中读卡器随机数和守护代理随机数的差量恒等关系,提出了一种异步攻击方法：通过伪造差量恒等的随机数,可以有效地进行读卡器和后台服务器的所有认证计算,并使服务器上的密钥和标签密钥异步,从而导致合法标签被拒绝服务.研究结果表明：该协议在异步攻击下是很脆弱的.     

An efficient and secure authentication protocol for RFID systems

The use of radio frequency identification (RFID) tags may cause privacy violation of users carrying an RFID tag. Due to the unique identification number of the RFID tag, the possible privacy threats are information leakage of a tag, traceability of the consumer, denial of service attack, replay attack and impersonation of a tag, etc. There are a number of challenges in providing privacy and security in the RFID tag due to the limited computation, storage and communication ability of low-cost RFID tags. Many research works have already been conducted using hash functions and pseudorandom numbers. As the same random number can recur many times, the adversary can use the response derived from the same random number for replay attack and it can cause a break in location privacy. This paper proposes an RFID authentication protocol using a static identifier, a monotonically increasing timestamp, a tag side random number and a hash function to protect the RFID system from adversary attacks. The proposed protocol also indicates that it requires less storage and computation than previous existing RFID authentication protocols but offers a larger range of security protection. A simulation is also conducted to verify some of the privacy and security properties of the proposed protocol.     

Conformation of EPC Class 1 Generation 2 standards RFID system with mutual authentication and privacy protection

Radio frequency identification (RFID) technology has recently aroused great interest due to its convenience and economic efficiency. Through RFID become popular worldwide, it is susceptible to various attacks and security problems. Since RFID systems use wireless transmission, user privacy may be compromised by malicious people intercepting the information contained in the RFID tags. Many of the methods previously proposed to prevent such attacks do not adequately protect privacy or reduce database loading. In this paper, we propose a new authentication and encryption method that conforms to the EPC Class 1 Generation 2 standards to ensure RFID security between tags and readers. Our scheme not only reduces database loading, but also ensures user privacy. Finally, we survey our scheme from several security viewpoints, and prove its feasibility for use in several applications.     

基于ECC的支持标签所有权转移的RFID认证协议

针对射频识别（RFID）标签认证及其所有权转移过程的隐私泄露等安全问题,以及认证协议通常与标签所有权转移协议单独设计的现状,基于支持椭圆曲线加密（ECC）的标签,提出了一个适用于开放环境的兼具标签认证和所有权转移的协议。该协议结构类似于Diffie-Hellman密钥交换算法结构,协议的标签隐私保护基于椭圆曲线上的计算性Diffie-Hellman问题的难解性。经证明,该协议满足标签隐私保护要求及认证协议的其他安全需求。与近年来其他基于标签支持ECC的RFID认证协议相比,从支持标签所有权转移、标签计算开销、协议通信开销和标签隐私保护等多方面综合评估,所提出的认证协议优于对比协议。另外,针对较安全的应用场合,给出了阅读器单向认证标签的简化版协议。