一种基于公钥的低成本RFID双向认证协议

基于目前资源消耗最少的RFID 公钥认证方案cryptoGPS 协议,提出了一种低成本双向认证协议,采用有效的密钥管理方法、改进的快速Rabin 加密算法、低汉明重量（LHW）模值以及轻量级流密码算法Grain V1,并设计使用新型低资源乘法器完成标签的大数模乘,在节省资源的同时克服了cryptoGPS 密钥管理不灵活和认证单向性的缺点。安全性分析和基于Design Complier平台Smic 0.25 μm工艺的仿真结果表明,该方案有足够的安全性且标签只需4 530个门即可完成双向认证,适用于资源受限的RFID系统。     

A Lightweight Authentication Protocol for Low-Cost RFID

As low-cost RFIDs with limited resources will dominate most of the RFID market, it is imperative to design lightweight RFID authentication protocols for these low-cost RFIDs. However, most of existing RFID authentication protocols either suffer from some security weaknesses or require costly operations that are not available on low-cost tags. In this paper, we analyze the security vulnerabilities of a lightweight authentication protocol recently proposed by Li et al. (2006), and then propose a new lightweight protocol to improve the security and to reduce the computational cost for identifying a tag from O(n) to O(1).     

基于ISO18000-6C标准的RFID认证协议

RFID技术应用越来越广,给人们带来便利的同时安全和隐私问题也相随而生,如何提高RFID系统的安全防范能力已成为该领域的重点研究方向。许多研究者提出了基于RFID空中接口通信的认证协议,但复杂的算法难以适用于符合ISO18000-6C标准的电子标签。论文根据ISO18000-6C标准提出了一种新的适合低成本标签的认证协议,为RFID安全提供了一套解决方案。     

基于PRESENT算法的RFID安全认证协议

物联网中RFID技术的应用非常广泛,但是RFID系统的安全性却存在着很大隐患。在RFID系统中标签与读写器间的通信信道是最易受到攻击,传输数据的完整性与保密性得不到保障,因而需要加强RFID系统通信的安全机制。考虑到RFID系统的硬件条件与成本限制,需要建立一个适合RFID系统的安全认证协议,来解决在RFID系统中信息传输所遇到的安全问题。PRESENT算法是轻量级的分组加密算法,将PRESENT结合到RFID系统的安全认证协议中,形成了新的RFID安全认证协议PRSA(PRESENT based RFID security authentication)。此协议可以增强RFID系统的安全性而又不会占用过多的硬件资源,从而能够适用于低成本的RFID系统的通信安全。     

Enhancing Privacy and Security of RFID System with Serverless Authentication and Search Protocols in Pervasive Environments

One of the recent realms that gathered attention of researchers is the security issues of Radio Frequency Identification (RFID) systems that have tradeoff between controlled costs and improved efficiency. Evolvement and benefits of RFID technology signifies that it can be low-cost, efficient and secured solution to many pervasive applications. But RFID technology will not intermingle into human lives until prevailing and flexible privacy mechanisms are conceived. However, ensuring strong privacy has been an enormous challenge due to extremely inadequate computational storage of typical RFID tags. So in order to relieve tags from responsibility, privacy protection and security assurance was guaranteed by central server. In this paper, we suggest serverless, forward secure and untraceable authentication protocol for RFID tags. This authentication protocol safeguards both tag and reader against almost all major attacks without the intervention of server. Though it is very critical to guarantee untraceability and scalability simultaneously, here we are proposing a scheme to make our protocol more scalable via ownership transfer. To the best of our knowledge this feature is incorporated in the serverless system for the first time in pervasive environments. One extension of RFID authentication is RFID tag searching, which has not been given much attention so far. But we firmly believe that in near future tag searching will be a significant issue RFID based pervasive systems. So in this paper we propose a serverless RFID tag searching protocol in pervasive environments. This protocol can search a particular tag efficiently without server’s intervention. Furthermore they are secured against major security threats.     

基于码分多址防碰撞的射频识别认证协议

该文针对射频识别(RFID)领域中的安全认证协议和多标签防碰撞算法两个研究热点,设计了一种基于码分多址防碰撞算法的RFID安全认证协议。协议支持密钥的动态更新并引入标志位机制选择备用密钥来抵御数据库同步攻击,同时结合码分多址技术,应用重传随机数进行扩频码的选择,实现一次重传解决多标签识别中因数据碰撞造成的标签不识别的问题。首先,描述协议的流程及防碰撞原理;其次,应用SVO逻辑对认证协议的正确性进行证明;最后,对应用该认证协议的系统吞吐效率进行数值分析,分析表明其吞吐效率高于传统防碰撞算法。     

一种具有阅读器匿名功能的射频识别认证协议

在射频识别(RFID)的应用中,安全问题特别是用户隐私问题正日益凸显。因此,(用户)标签信息的隐私保护的需求越来越迫切。在RFID系统中,标签的隐私保护不仅是对外部攻击者,也应该包括阅读器。而现有许多文献提出的认证协议的安全仅针对外部攻击者,甚至在外部攻击者的不同攻击方法下也并不能完全保证安全。该文提出两个标签对阅读器匿名的认证协议:列表式RFID认证协议和密钥更新式RFID认证协议。这两个协议保证了阅读器对标签认证时,标签的信息不仅对外部攻击者是安全的而且对阅读器也保持匿名和不可追踪。相较于Armknecht等人提出的对阅读器匿名和不可追踪的认证协议,该文所提的协议不再需要增加第三方帮助来完成认证。并且密钥更新式RFID匿名认证协议还保证了撤销后的标签对阅读器也是匿名性和不可追踪的。     

Efficient P2P-based mutual authentication protocol for RFID system security of EPC network using asymmetric encryption algorithm

Internet of Things (IoT) is a new vision of the future technological ubiquity in ubiquitous computing, which becomes the mapping from the real world to the digital one. Radio frequency identification (RFID) technology is a key enabler of the future IoT and it has a great economical potential. However, the RFID system uses of Electronic Product Code (EPC) tags can drastically threaten the security of applications. With the widespread use of RFID technology, its security problems become the hot topic in the academic and industrial fields. Aiming at the RFID network's security problems, we propose a novel P2P based RFID network architecture (P2P-RFID), and analyze the security problems in this kind of network. And a feasible and scalable protocol to guarantee P2P-RFID network security is also presented in this paper. The proposed protocol uses P2P storage technology together with the utilizing of asymmetric encryption algorithm (RSA) based authentication. An analysis proves that the presented protocol is secure. Moreover, the protocol authentication does not require a Certificate Authentication (CA) database, which avoids the single-point bottleneck.     

可证明安全的RFID标签所有权转移协议

随着物品所有权的转移,其上附着的RFID标签的所有权也需要转移。安全和隐私问题是标签所有权转移过程中需要研究的重点问题。在通用可组合框架下,形式化定义了RFID标签所有权转移的理想函数。提出了一个新的轻量级RFID标签所有权转移协议,并证明了该协议安全地实现了所定义的理想函数,即具有双向认证、标签匿名性、抗异步攻击、后向隐私保护和前向隐私保护等安全属性。与已有的RFID标签所有权转移协议相比,新协议中RFID标签的计算复杂度和存储空间需求都较低,并且与新旧所有者的交互较少,能够更加高效地实现低成本标签的所有权转移。     

A practical quadratic residues based scheme for authentication and privacy in mobile RFID systems

In this paper we propose a novel approach to authentication and privacy in mobile RFID systems based on quadratic residues and in conformance to EPC Class-1 Gen-2 specifications. Recently, Chen et al. (2008) [10] and Yeh et al. (2011) [11] have both proposed authentication schemes for RFID systems based on quadratic residues. However, these schemes are not suitable for implementation on low-cost passive RFID tags as they require the implementation of hash functions on the tags. Consequently, both of these current methods do not conform to the EPC Class-1 Gen-2 standard for passive RFID tags which from a security perspective requires tags to only implement cyclic redundancy checks (CRC) and pseudo-random number generators (PRNG) leaving about 2.5k–5k gates available for any other security operations. Further, due to secure channel assumptions both schemes are not suited for mobile/wireless reader applications. We present the collaborative authentication scheme suitable for mobile/wireless reader RFID systems where the security of the server–reader channel cannot be guaranteed. Our schemes achieves authentication of the tag, reader and back-end server in the RFID system and protects the privacy of the communication without the need for tags to implement expensive hash functions. Our scheme is the first quadratic residues based scheme to achieve compliance to EPC Class-1 Gen-2 specifications. Through detailed security analysis we show that the collaborative authentication scheme achieves the required security properties of tag anonymity, reader anonymity, reader privacy, tag untraceability and forward secrecy. In addition, it is resistant to replay, impersonation and desynchronisation attacks. We also show through strand space analysis that the proposed approach achieves the required properties of agreement, originality and secrecy between the tag and the server.     

ITPMAP: An Improved Three-Pass Mutual Authentication Protocol for Secure RFID Systems

Radio frequency identification (RFID) is a wireless technology used in various applications to minimize the complexity of everyday life. However, it opens a large number of security and privacy issues that require to be addressed before its successful deployment. Many RFID authentication protocols are proposed in recent years to address security and privacy issues, and most of them are based on lightweight cryptographic techniques such as pseudo-random number generators (PRNGs), or bitwise logical operations. However, the existing RFID authentication protocols suffer from security weaknesses, and cannot solve most of the security and privacy problems. A new solution is necessary to address security and privacy issues. In this paper, an improved three-pass mutual authentication protocol (ITPMAP) for low-cost RFID tags is proposed to offer an adequate security level for RFID systems. The proposed ITPMAP protocol uses one PRNG on the tag side and heavy-weighted cryptographic techniques (i.e., digital signature and password-based encryption schemes) on the back-end server side instead of lightweight cryptographic techniques to address the security and privacy issues. The ITPMAP protocol is secure against various attacks such as cloning, spoofing, replay, and desynchronization attacks. Furthermore, as a proof of concept, the ITPMAP protocol is adopted to propose the design of three real-life RFID systems; namely: Signing and Verification of Graduation Certificate System, issuing and verification of e-ticketing system, and charging and discharging of prepaid card system. The Unified Modeling Language is used to demonstrate the design of the proposed ITPMAP protocol and systems. Java language is used for the implementation of the proposed systems. In addition, the “Mifare Classic” tags and readers are used as RFID apparatuses for the proposed systems.     

Security Enhanced RFID Authentication Protocols for Healthcare Environment

RFID technology, which is concerned as one of the core technologies of Internet of Things, has been widely deployed in healthcare environment and brings a lot of convenience for people’s daily life. However, the security and privacy challenges of RFID authentication protocols are receiving more and more attention. One of the problems is that the current RFID protocols usually use a backend server to store the detailed information of tagged objects, which may lead to the issue of information leakage if the server is hacked or attacked by the adversary. To address this challenge, in this paper, we propose a security enhanced RFID authentication protocol for healthcare environment using the technique of indistinguishability obfuscation, which prevents the leakage of sensitive data from the backend server. Meanwhile, we extend the protocol to fit for the scenario of cloud environment where the tags’ information is stored in the cloud server. To our knowledge, our protocols are the first applications of indistinguishability obfuscation in the field of RFID authentication system. Moreover, our protocols are scalable and practical, and they are analyzed to achieve most of the security properties of the RFID system.

     

标准模型下可证明安全的RFID双向认证协议

目前RFID(radio frequency identification)系统安全问题日益突出,为了实现RFID系统信息安全与隐私保护,在标准模型提出了一个基于HB协议的RFID双向安全认证协议。利用规约技术证明协议的安全性,将攻击者的困难规约到伪随机函数与真正随机函数的不可区分性上。协议仅使用轻量级的伪随机发生器以及向量点乘运算,具有较高的安全性和效率。通过从安全性及性能两方面与其他认证协议进行比较,表明协议适用于低成本及存储资源受限的RFID标签。     

轻量级RFID系统的认证协议研究

由于标签强大的追踪能力,无线射频识别(RFID,Radio Frequency Identification)技术越来越多地被应用到与安全相关的各个领域,从而对安全功能的要求也随之提高。针对轻量级RFID标签在使用中的安全问题,对现有的认证协议潜在的危险进行了深入的分析,在此基础上提出了一种基于流密码的认证协议。在此安全协议中,标签和阅读器之间进行多次的双向认证,可以确保通信双方的合法性;并充分考虑了在实际应用中,标签的低成本要求。     

一种RFID系统的Tag-Reader双向安全认证协议

为了保证RFID系统的信息安全,本文在分析现有RFID认证协议的基础上,提出一种基于Grain-Mac流密码加密算法的双向安全认证协议,采用流密码和密钥动态更新的方法实现了标签与阅读器的双向认证。仿真结果表明,该协议成本低、效率高、安全性好,且能够有效抵抗拒绝服务攻击,达到了预期的效果。     

Are RNGs Achilles’ Heel of RFID Security and Privacy Protocols?

Security and privacy concerns have been growing with the increased utilisation of RFID technology in our daily lives. To mitigate these issues, numerous privacy-friendly authentication protocols have been published in the last decade. Random number generators (RNGs) are necessarily used in RFID tags to provide security and privacy. However, low-end RNGs can be the weakest point in a protocol scheme and using them might undesirably cause severe security and privacy problems. On the other hand, having a secure RNG with large entropy might be a trade-off between security and cost for low-cost RFID tags. Furthermore, RNGs used in low-cost RFID tags might not work properly in time. Therefore, we claim that the vulnerability of using an RNG deeply influences the security and privacy level of the RFID system. To the best of our knowledge, this concern has not been considered in the RFID literature. Motivated by this need, in this study, we first revisit Vaudenay’s privacy model which combines the early models and presents a new mature privacy model with different adversary classes. Then, we extend the model by introducing RANDOMEYE privacy, which allows analyzing the security of RNGs in RFID protocols. We further apply our extended model to two existing RFID schemes.     

A New Scalable Lightweight Grouping Proof Protocol for RFID systems

Radio-frequency Identification (RFID) grouping proof protocol is widely used in medical healthcare industry, transportation industry, crime forensics and so on,it is a research focus in the field of information security. The RFID grouping proof protocol is to prove that some tags belong to the same group and exist simultaneously. To improve the applicability of the RFID grouping proof protocol in low cost tag applications, this paper proposes a new scalable lightweight RFID grouping proof protocol. Tags in the proposed protocol only generate pseudorandom numbers and execute exclusive-or(XOR) operations. An anti-collision algorithm based on adaptive 4-ary pruning query tree (A4PQT) is used to identify the response message of tags. Updates to secret information in tags are kept synchronized with the verifier during the entire grouping proof process. Based on these innovations, the proposed protocol resolves the scalability issue for low-cost tag systems and improves the efficiency and security of the authentication that is generated by the grouping proof. Compared with other state-of-the art protocols, it is shows that the proposed protocol requires lower tag-side computational complexity, thereby achieving an effective balance between protocol security and efficiency.     

一种基于Hash函数的RFID安全认证方法

近年来,射频识别(RFID)技术得到越来越多的应用,随之而来的是各种RFID安全问题。对现有的基于Hash函数的RFID认证协议进行分析,针对现有技术存在的不足,提出了一种基于Hash函数的低成本的RFID双向安全认证方法,该方法只需要进行一次Hash函数计算,且加入了标签ID动态更新机制,通过在后台数据库中存储旧的标签ID解决同步问题,与现有技术相比具有一定的优越性。     

一种轻量级隐私保护的RFID群组证明协议

设计高效安全的群组证明协议有利于RFID(Radio Frequency Identification)系统的广泛应用.本文提出了一种轻量级隐私保护的RFID群组证明协议LPGP(Lightweight Privacy-Preserving Grouping Proof),LPGP协议只使用计算复杂度比较小的伪随机发生器和散列运算来提高协议的运行效率,并且LPGP协议具有认证性、隐私性和可证明安全性,满足了RFID系统群组证明协议的安全性要求.与现有的群组证明协议相比,LPGP协议的标签只需较小的计算复杂度和存储空间,具有较高的效率.     

Security Problems in an RFID System

This paper focuses on the security and privacy threats being faced by the low-cost RFID communication system, the most challenging of which relate to eavesdropping, impersonation, and tag cloning problems. The security issues can be improved and solved by utilizing both prevention and detection strategies. Prevention technique is needed since it offers resistance capabilities toward eavesdroppers and impersonators. Detection technique is vital to minimize the negative effects of tag cloning threats. This paper proposes the use of both prevention and detection techniques to make RFID communication more secure. Lightweight cryptographic algorithm, which conforms to the EPC Class-1 Generation-2 standard, is used in the proposed mutual authentication protocol for RFID system to raise security levels. In addition, electronic fingerprinting system is deployed in the proposed solution as a detection method to distinguish counterfeit and legitimate tags.