基于切比雪夫混沌映射和PUF的RFID三方认证协议

针对射频识别（RFID）三方认证协议存在的安全需求和资源开销的平衡问题，利用切比雪夫多项式的半群性质以及混沌性质提出了一个基于切比雪夫混沌映射和物理不可克隆函数（PUF）的RFID三方认证协议：使用切比雪夫混沌映射来实现标签、阅读器和服务器三方共享秘密；使用随机数实现协议每轮会话的新鲜性以抵抗重放攻击，同时也实现了阅读器与标签的匿名性；使用PUF函数实现标签本身的安全认证以及抵抗物理克隆攻击。安全分析表明，该协议能有效抵抗追踪、重放、物理克隆和去同步攻击等多种恶意攻击，使用BAN逻辑分析方法和Scyther工具验证了其安全性。与近期协议对比分析表明，该协议弥补了同类RFID协议的安全缺陷，在满足各种安全属性需求的同时尽量平衡硬件开销，契合了RFID硬件资源受限的处境，适用于RFID三方认证场景。

RFID tripartite authentication protocol based on Chebyshev chaos mapping and PUF

In order to balance the security requirements and resource costs of the three party authentication protocols for radio frequency identification(RFID), this paper proposed a protocol based on Chebyshev chaotic mapping and physical unclonable function(PUF), taking advantage of the semi-group property and chaotic property of Chebyshev polynomials. It used Chebyshev chaotic mapping to achieve secret sharing among tags, readers, and servers, and used random numbers to achieve freshness of each session which could resist replay attack, and also to realize the anonymity of readers and tags. It used the PUF function to achieve the authentication of the label and to resist physical cloning attacks. Security analysis shows that this protocol can effectively resist various malicious attacks such as tracking, replay, physical cloning, and de-synchronization attacks. Moreover, it verified the security properties of the protocol using formal methods, including BAN logic and Scyther tool. Compared with recent studies, this protocol compensates for the security deficiencies of similar RFID protocols, balancing hardware costs as much as possible while meeting various security attribute requirements, and still fitting the limited hardware resources of RFID. It is suitable for third-party authentication scenarios in RFID.