一种轻量级RFID安全协议

在分析了几种现有的典型RFID安全协议的特点和缺陷的基础上,提出了一种轻量级的RFID安全协议,该协议将一次性密码本与询问一应答机制相结合,实现了安全高效的读取访问控制,最后建立该协议的理想化模型,利用BAN逻辑对该协议进行了形式化分析,在理论上证明其安全性.     

Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value

Radio Frequency IDentification (RFID ) system is a contactless automatic identification system using small, low-cost RFID tags. It enables recognition of the tag information via radio frequency communication, by attaching an RFID tag to an animate or inanimate object. Since an RFID system has the advantage of simultaneously recognizing massive amounts of information, it is expected to replace the bar-code system. The most important problem with an RFID system is that an adversary can access the tag information, which gives rise to privacy and forgery problems. This paper presents a hash-based mutual authentication protocol as a solution. The proposed protocol is designed to send a random number generated by a tag to a back-end server without disclosure. Moreover it substitutes a random number with a secret value, which is employed in a response message. The properties of the proposed protocol enable constant creation of distinct response messages without interferences from intended or meaningless requests generated by an adversary, while the secret value is not directly transmitted. Our proposed protocol make is difficult for an attacker to launch successful brute-force attacks against our approach.     

Metadata for anomaly-based security protocol attack deduction

Anomaly-based intrusion detection systems (IDS) have been widely recognized for their potential to prevent and reduce damage to information systems. In order to build their profiles and to generate their requisite behavior observations, these systems rely on access to payload data, either in the network or on the host system. With the growing reliance on encryption technology, less and less payload data is available for analysis. In order to accomplish intrusion detection in an encrypted environment, a new data representation must emerge. We present a knowledge engineering approach to allow intrusion detection in an encrypted environment. Our approach relies on gathering and analyzing several forms of metadata relating to session activity of the principals involved and the protocols that they employ. We then apply statistical and pattern recognition methods to the metadata to distinguish between normal and abnormal activity and then to distinguish between legitimate and malicious behavior.     

A novel low-noise high-linearity CMOS transmitter for mobile UHF RFID reader

A novel CMOS transmitter with low TX noise and high linearity is implemented in a 0.18μm 1P6M standard CMOS process for Mobile UHF RFID reader.Adopting double-sideband amplitude-shift-keying(DSBASK)as the only modulation is supported,this transmitter has very low power consumption.A novel analog baseband circuit is proposed to reduce the transmitter noise.With a G′′m–cancellation technology,a highly linear up-conversion active mixer and a power amplifier driver are designed.The transmitter has a measured output1 dB compression point of 13.4 dBm.Occupying a silicon area of about 1 mm2and consuming 144 mW from a1.8 V voltage supply,the transmitter makes the Mobile UHF RFID reader communicate with a transponder in a distance of 1 m conveniently.     

A novel compact low-power direct conversion receiver for mobile UHF RFID reader

A novel direct conversion receiver with low cost and low power is implemented in a 0.18 μm 1P6M standard CMOS process for a Mobile UHF RFID reader.A highly linear active mixer with low flicker noise and low noise active load is proposed.An efficient and low cost on-chip DC offset voltage canceling scheme is adopted with a high-input-impedance four-input OPAMP to buffer the output of the DC offset canceller(DCOC) block.The receiver has a measured input 1 dB compression point of 2 dBm and a sensitivity of 72 dBm in the presence of the large leakage signal from the transmitter.Only occupying a silicon area of 2.5 mm 2 and consuming 21 mA from a 1.8 V supply,the receiver makes the mobile UHF RFID reader to communicate with a transponder in a distance of 1 m conveniently.     

抗同步化攻击的轻量级RFID双向认证协议

针对现有的RFID认证协议在安全认证过程中,由于协议的设计缺陷,导致协议安全性不足的问题,提出了一种利用同步化随机数以及PUF改进的轻量级RFID认证协议。首先提出了一种对RFID协议的去同步化攻击方法,并分析其原因;然后通过在标签和读写器两端设置一个同步化随机数,增强协议抗去同步化攻击的能力;最后,在标签中引入了PUF,通过PUF的不可克隆性提高了标签密钥的抗攻击能力。分析结果表明,新协议能有效地抵抗多种攻击,在保证一定效率和开销的同时具有更高的安全性。     

A genetic tango attack against the David–Prasad RFID ultra‐lightweight authentication protocol

Radio frequency identification (RFID) is a powerful technology that enables wireless information storage and control in an economical way. These properties have generated a wide range of applications in different areas. Due to economic and technological constrains, RFID devices are seriously limited, having small or even tiny computational capabilities. This issue is particularly challenging from the security point of view. Security protocols in RFID environments have to deal with strong computational limitations, and classical protocols cannot be used in this context. There have been several attempts to overcome these limitations in the form of new lightweight security protocols designed to be used in very constrained (sometimes called ultra‐lightweight) RFID environments. One of these proposals is the David–Prasad ultra‐lightweight authentication protocol. This protocol was successfully attacked using a cryptanalysis technique named Tango attack. The capacity of the attack depends on a set of boolean approximations. In this paper, we present an enhanced version of the Tango attack, named Genetic Tango attack, that uses Genetic Programming to design those approximations, easing the generation of automatic cryptanalysis and improving its power compared to a manually designed attack. Experimental results are given to illustrate the effectiveness of this new attack.     

Experimental platform for waveform optimization in passive UHF RFID systems

The article presents an experimental platform, so called “RFID Waveformer,” dedicated to the study of waveform optimization in the radio frequency identification (RFID) context. It is a flexible solution that enables waveform design and their energetic performance evaluation in a ultra high frequency (UHF) RFID link following the ISO‐18000 GEN2 standard protocol. It consists of a reader emulated by a LabVIEW interface controlling radiofrequency laboratory instruments, which perform real time tag response detection. Its interconnection with MATLAB routines enables the design and the evaluation of arbitrarily shaped RFID waveforms. In this article, for illustration, three waveforms are tested with RFID Waveformer in a complex propagation environment: pulsed wave (PW) and time reversal (TR) modes compared to the traditional continuous wave (CW) mode. Experimental results show that both PW and TR modes improve the energetic efficiency of the forward link and so the RFID read range compared to CW mode. Furthermore, TR presents the optimal efficiency in complex propagation medium. The RFID Waveformer enables tag response detection in the three modes offering ease of use and repeatability of measurements. The RFID Waveformer being not limited to the scenario considered in this article, it is a versatile solution extendable to other contexts.     

一类可抵抗恶意攻击的隐私集合交集协议

针对安全两方计算中隐私集合交集计算问题,提出了一种改进的基于Bloom Filter数据结构的隐私集合交集协议。该协议能够保证双方在各自隐私安全的前提下,计算出两者数据集合的交集,其中只有一方能够计算出交集元素,另外一方无法计算得到交集,并且双方都不能获得或推测出对方除交集以外的任何集合元素,确保了参与双方敏感信息的安全保密。所提协议引入了基于身份的密钥协商协议,能够抵抗非法用户的恶意攻击,达到隐私保护和安全防御的目的,抵御了密钥泄露的风险,减少了加解密的运算量,并且具备支持较大规模集合数据的运算能力。     

A novel vector-space-based lightweight privacy-preserving RFID authentication protocol for IoT environment

The Journal of Supercomputing - Internet of Things (IoT) is a novel paradigm that connects several physical devices and the cyber world over the Internet. IoT technology is growing rapidly and soon...     

基于秘密身份的高安全性RFID网络协议

针对现有的RFID安全协议计算成本较高及无法抵御完全的主流RFID攻击,提出一种基于秘密身份与单向hash函数的轻量级安全协议。第一阶段,标签向数据库注册,数据库为标签分配一个一次性的秘密身份与一个唯一的秘钥;第二阶段,基于一次性秘密身份与单向hash函数进行标签-阅读器-数据库之间的双向认证,实现了对各种攻击的检测与抵御能力。最终,将本协议与近期性能较好的双向认证协议进行比较。结果表明,本协议与其他协议的计算成本、内存需求接近,且具有完全的攻击抵御能力。     

基于超椭圆曲线密码体制的RFID安全协议

为了解决RFID系统的安全和成本问题,提出了一种基于超椭圆曲线密码体制的RFID安全协议.利用新的签密算法,在RFID阅读器和电子标签之间实现了信息的加密和认证.与现有的签密算法比较,该协议具有前向安全和可公开验证,能避免恶意信息的攻击.协议的安全性和性能分析结果表明,该协议达到了RFID系统高隐私安全和低标签成本的结合.     

一种双层/双向认证的随机Hash锁RFID安全协议

基于 Hash 锁的 RFID 安全协议以其低成本优势得到了普遍应用,但其安全性能尚不完善。在分析已有 Hash 锁安全协议的执行过程及优缺点的基础上,提出了一种将双层认证与双向认证相结合的随机 Hash 锁安全协议,分析了协议的基本思想,描述了协议的执行过程,对协议的性能分析表明,该协议符合低成本、高效率、高安全的 RFID 实用性要求。     

基于动态密钥的移动RFID安全认证协议

针对现有RFID安全认证协议可移动性差,以及现有协议密钥更新失败导致的跟踪、数据不同步问题,提出了一种基于动态密钥的移动RFID安全认证协议。采用随机数来动态选取认证密钥,既保证了密钥新鲜性,又避免跟踪与数据不同步问题,并且在服务器上对阅读器进行一个预处理操作,有效地阻止了外部非法阅读器对服务器发起的假冒攻击和拒绝服务攻击。分析了协议的性能和安全性,分析结果表明该协议达到了安全性要求且移动性强,计算复杂度低,适用于大规模移动RFID系统。     

基于多叉树的RFID克隆攻击快速检测

为了提高克隆标签检测的准确度和效率,提出了一个基于多叉树的RFID克隆攻击检测方法(MT-CAI).MT-CAI用一个多叉树防碰撞算法来发现不可调解的碰撞,可以高效地发现所有的克隆标签.从性能分析和仿真实验可以看到,MT-CAI不仅能够检测出所有克隆标签,而且其执行时间远小于GREAT的执行时间.MT-CAI方法在检测时间和检测的准确度方面都优于现有的克隆标签检测协议.     

An efficient and secure authentication protocol for RFID systems

The use of radio frequency identification (RFID) tags may cause privacy violation of users carrying an RFID tag. Due to the unique identification number of the RFID tag, the possible privacy threats are information leakage of a tag, traceability of the consumer, denial of service attack, replay attack and impersonation of a tag, etc. There are a number of challenges in providing privacy and security in the RFID tag due to the limited computation, storage and communication ability of low-cost RFID tags. Many research works have already been conducted using hash functions and pseudorandom numbers. As the same random number can recur many times, the adversary can use the response derived from the same random number for replay attack and it can cause a break in location privacy. This paper proposes an RFID authentication protocol using a static identifier, a monotonically increasing timestamp, a tag side random number and a hash function to protect the RFID system from adversary attacks. The proposed protocol also indicates that it requires less storage and computation than previous existing RFID authentication protocols but offers a larger range of security protection. A simulation is also conducted to verify some of the privacy and security properties of the proposed protocol.     

一种抗恶意攻击的RFID双向认证协议

针对现有无线射频识别（RFID）认证机制存在的安全缺陷,提出一种新型抗恶意攻击的RFID双向认证协议,并基于GNY逻辑给出了协议的安全性证明。该协议将公钥加密算法和对称密钥加密算法相结合,采用阅读器双重认证及预认证阶段刷新密钥的方法,通过在标签中添加保护密钥同步的恶意攻击标记Tm,解决了当前协议中存在的认证效率较低,标签密钥更新失败导致位置跟踪和非法更新标签/服务器内部密钥造成拒绝服务（DoS）等问题,可抵抗重传,标签/阅读器假冒,通信量分析和去同步化等多种恶意攻击。分析结果表明：该协议具有安全性好,效率高,计算复杂度低等特点,适合于标签的大规模应用。     

移动型RFID安全协议及其GNY逻辑分析

针对现有基于Hash函数无线射频识别（RFID)安全协议移动性差、不能满足某些应用领域需求的不足,提出一种移动型RFID安全协议,并利用GNY逻辑进行了证明。分析表明,移动型RFID安全协议移动性强,具备一定的安全性,适用于民用物流运输途中、军事应用中在运资产、战时野战环境等对读写器移动性要求高的领域。