应对密钥攻击的低成本RFID改进安全协议

针对低成本RFID协议中攻击者仅需要对截获信息进行特定的异或运算,并采用穷举运算即可分析出标签密码信息的漏洞,提出了一种应对密钥攻击的改进型安全协议.在发送端将协议中标签的随机数与标签识别码的随机函数值进行异或运算来加密传输,以免被攻击者窃取,在服务器端通过相关反运算,与服务器保存的标签EPC随机函数值进行异或运算,获取本次通信的随机数,并与服务器密钥进行数值运算,判断认证是否成功.结果表明:该协议切实可行,同时能抵御窃听、重放、跟踪、阻断、模拟等多种攻击,并且该协议对存储空间和计算能力等方面的要求更低,适合低成本标签使用.

A low-cost RFID improved security protocol for key attack

Aiming at the loophole that in the low-cost RFID protocol, the attacker only needs to make the specific exclusive operation for the intercepted information and then uses the traversal operation to obtain easily the password information of tags, an improved security protocol for the key attack was proposed. At the sending side, the exclusive operation was performed for the random number generated in the protocol and the random function value of tag identification code in order to encrypt the transmission and to avoid being stolen by the attacker. At the server side, through the relative reverse operation and the exclusive operation of EPC random function of tag saved in the server, the random number of communication was obtained. At the same time, the calculation of concerning with the server key was performed to determine whether the authentication was successful. The results show that the protocol is feasible, and can resist such attacks as eavesdropping, replaying, tracking, blocking and simulation. The improved RFID protocol has less demand in the storage space and computing capacity, and is suitable for the low-cost tags.