CN109711218B - Lightweight RFID (radio frequency identification device) rapid authentication method - Google Patents
Lightweight RFID (radio frequency identification device) rapid authentication method Download PDFInfo
- Publication number
- CN109711218B CN109711218B CN201811601331.5A CN201811601331A CN109711218B CN 109711218 B CN109711218 B CN 109711218B CN 201811601331 A CN201811601331 A CN 201811601331A CN 109711218 B CN109711218 B CN 109711218B
- Authority
- CN
- China
- Prior art keywords
- key
- tag
- reader
- equal
- label
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Lock And Its Accessories (AREA)
- Storage Device Security (AREA)
Abstract
The invention disclosesA lightweight RFID fast authentication method comprises the following steps: s101, the reader generates a random number R and sends a request message R to the tag; s102, after the tag receives the request message of the reader, M ═ H (key) and M ═ H (key) are calculated
And the left half of N is divided into NLAnd M is sent to the reader; s103, the reader receives the message < M, NLAfter that, M is judged to be
Whether they are equal; s104, receiving N by the labelRThen judging self-calculation
And NRIf the two are equal, the tag authenticates the reader as legal and updates the secret key
If not, the protocol is terminated. The invention not only can ensure safe bidirectional authentication, but also can ensure the lightweight of the protocol; and the Hash operation is only carried out once at the tag end, so that the hardware resource limitation of the RFID tag is met.
Description
Technical Field
The invention relates to the technical field of RFID (radio frequency identification devices), in particular to a lightweight RFID rapid authentication method.
Background
RFID is the key technology of the perception layer in the Internet of things, and is an effective way for realizing the interconnection of everything. The RFID electronic tag is attached to an object, identity information is given to the object, rapid object identification and authentication can be achieved, and background data related to the object can be obtained. However, the vulnerability of the air interface of the radio frequency technology causes various security threats to the wireless radio frequency technology, and an attacker tracks the label by searching for a unique rule of data presentation generated by the same label in the authentication process. Replay attacks are implemented by re-sending legitimate messages spoofing the reader that were generated by the tag in the previous authentication. An attacker may also obtain internal information of the tag by combining the intercepted data and impersonate the tag based on that information. Through the tracking attack, the attacker causes the disclosure of the position privacy of the target. Through replay and impersonation attacks, an attacker can acquire related rights and provide convenience for later malicious behaviors, such as acquiring privacy data related to an object. In addition to the above few common attacks, the protocol may also present denial of service attacks, as well as forward privacy issues that enhance the ability of the attacker. To ensure security, most protocol designs employ complex cryptographic primitives and complex protocol logic to ensure protocol security. These protocols solve the security problem in the authentication process to some extent, but most of them have no practicability in consideration of the reality that the resources of the passive RFID tag are limited.
Disclosure of Invention
The present invention aims to solve the problems mentioned in the background section above by a lightweight RFID fast authentication method.
In order to achieve the purpose, the invention adopts the following technical scheme:
a light-weight RFID rapid authentication method comprises the following steps:
s101, the reader generates a random number R and sends a request message R to the tag;
s102, after the tag receives the request message of the reader, M ═ H (key) and M ═ H (key) are calculated
And the left half of N is divided into NLAnd M is sent to the reader;
s103, the reader receives the message < M, NLAfter that, M is judged to be
Whether they are equal;
s104, receiving N by the labelRThen judging self-calculation
And NRIf the two are equal, the tag authenticates the reader as legal and updates the secret key
If not, the protocol is terminated.
Specifically, the step S103 specifically includes: reader receives message < M, NLAfter that, M is judged to be
Is equal or not, if equal, passes
Find the corresponding ID, bring the ID into
Judgment of
If the equality is established, the label is successfully authenticated and the authentication is passed
Updating the two new and old secret keys; if M is equal to
If they are not equal, further judging M is equal to
Is equal or not, if equal, passes
Find the corresponding ID, bring the ID into
Judgment of
If the equality is established, the label is successfully authenticated and the authentication is passed
Updating the old key, and keeping the new key unchanged; if M is equal to
If not, the protocol is terminated, and then the reader sends NRAnd (4) giving a label.
In particular, the step S101 further includes, before: initialization: the reader stores the ID of the tag and negotiates a key with the tag in the initialization stage, M is calculated through M H (key), and the tag stores the ID and the key of the tag.
The lightweight RFID rapid authentication method provided by the invention not only can ensure safe bidirectional authentication, but also can ensure the lightweight of the protocol; and the Hash operation is only carried out once at the tag end, so that the hardware resource limitation of the RFID tag is met. The invention can realize bidirectional rapid authentication between the label and the reader, tracking attack, replay attack, label impersonation, forward privacy, DOS attack and the like.
Drawings
Fig. 1 is a flowchart of a lightweight RFID fast authentication method according to an embodiment of the present invention.
Detailed Description
The invention is further illustrated by the following figures and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It is also to be noted that, for the convenience of description, only a part of the contents, not all of the contents, which are related to the present invention, are shown in the drawings, and unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the present invention belongs. The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention.
Referring to fig. 1, fig. 1 is a flowchart of a lightweight RFID fast authentication method according to an embodiment of the present invention, in which Reader refers to a Reader and Tag refers to a Tag. The lightweight RFID fast authentication method in the embodiment specifically includes the following steps:
s101, the reader generates a random number R and sends a request message R to the tag.
S102, after the tag receives the request message of the reader, M ═ H (key) and M ═ H (key) are calculated
And the left half of N is divided into NLAnd M is sent to the reader.
S103, the reader receives the message < M, NLAfter that, M is judged to be
Whether or not equal.
In this embodiment, the reader receives the message < M, NLAfter that, M is judged to be
Whether equal specifically includes: reader receives message < M, NLAfter that, M is judged to be
Is equal or not, if equal, passes
Find the corresponding ID, bring the ID into
Judgment of
If the equality is established, the label is successfully authenticated and the authentication is passed
Updating the two new and old secret keys;if M is equal to
If they are not equal, further judging M is equal to
Is equal or not, if equal, passes
Find the corresponding ID, bring the ID into
Judgment of
If the equality is established, the label is successfully authenticated and the authentication is passed
Updating the old key, and keeping the new key unchanged; if M is equal to
If not, the protocol is terminated, and then the reader sends NRAnd (4) giving a label.
S104, receiving N by the labelRThen judging self-calculation
And NRIf the two are equal, the tag authenticates the reader as legal and updates the secret key
If not, the protocol is terminated.
In this embodiment, before the step S101, the method further includes: initialization: the reader stores the ID of the tag and negotiates a key with the tag in the initialization stage, M is calculated through M H (key), and the tag stores the ID and the key of the tag.
It should be noted that, in the above, ID refers to the identification of the tag,key refers to the key of the tag, keynewMeans for updating key of tag stored in readeroldThe reader stores an old key of a label, M refers to a Hash value of the key, R refers to a random number generated by the reader, and H (the.) refers to Hash operation.
The technical scheme of the invention not only can ensure safe bidirectional authentication, but also can ensure the lightweight of the protocol; and the Hash operation is only carried out once at the tag end, so that the hardware resource limitation of the RFID tag is met. The invention can realize bidirectional rapid authentication between the label and the reader, tracking attack, replay attack, label impersonation, forward privacy and DOS attack. The following is a detailed description of the advantages of the present invention:
bidirectional authentication: reader pass judgment
And if the equation is established, verifying the validity of the label. The illegal tag can not register corresponding ID and key at the reader end, so that
It can be seen that
Associated with ID and key, so that an illegal tag cannot generate a legal one
Passing judgment of the same reason label
Whether the validity is established can verify the validity of the reader.
Replay attacks: assuming that an attacker replays the response message of the ith round of tags in the (i + 1) th round of authentication, the reader calculates
Or
Due to Ri+1≠RiTherefore, it is not only easy to use
The reader cannot verify that the tag is legitimate. Assume that the attacker retransmits the random number R, however the tag response is updated every round, NL,i+1≠NL,iAnd Mi+1≠MiThrough this, the attacker cannot perform tracing on the tag.
Tracing attack:<R>、<M,NL> and<NRis randomly unpredictable. Wherein R is a random number, M needs to be updated with the update of the key in each round, and the update strategy adds the random number R, so that M is random and unpredictable. Due to the fact that
Function secret adding random number R, then NLAnd NRAnd are also randomly unpredictable.
Denial of service attacks: attacker blocking NRThe normal transmission of the tag causes the key update between the tag and the reader to be asynchronous, thereby causing denial of service. However, the protocol reader side stores two new and old round keys. Even if the attacker prevents the key at the tag end from being updated, in the next round of authentication, the tag calculates N through the old keyLThe reading end stores the old secret key of the label and can still successfully authenticate the label.
Forward privacy: assuming that an attacker corrupts a certain tag and acquires a secret key inside the tag, and the attacker already acquires some messages which are previously authenticated by the tag, the attacker is required to find out the message of the target tag from the acquired messages. The attacker obtains the current key, and the key is continuously updated in the authentication process, so that the previous message cannot be restored.
Fast authentication: and taking the M value as an index, the reader can quickly find out the corresponding secret Key Key, acquire the corresponding ID and bring the ID into an authentication function to verify whether the ID is legal or not.
Light weight: and dividing the N value into a left half part and a right half part, wherein the left half part is used for authenticating the label, and the right half part is used for authenticating the reader. The number of times of Hash operation is reduced, and the label only carries out two times of Hash operation in the whole authentication process, so that the lightness of the protocol can be ensured.
The technical scheme of the invention not only can ensure safe bidirectional authentication, but also can ensure the lightweight of the protocol; and the Hash operation is only carried out once at the tag end, so that the hardware resource limitation of the RFID tag is met. The invention can realize bidirectional rapid authentication between the label and the reader, tracking attack, replay attack, label impersonation, forward privacy, DOS attack and the like.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (3)
1. A light-weight RFID rapid authentication method is characterized by comprising the following steps:
s101, the reader generates a random number R and sends a request message R to the tag;
s102, after the tag receives the request message of the reader, M ═ H (key) and M ═ H (key) are calculated
And the left half of N is divided into NLSending M to the reader, wherein the key refers to the key value of the label, and the M refers to the Hash value of the key;
s103, the reader receives the message < M, NLAfter that, M is judged to be
Whether they are equal;
s104, receiving the labelTo NRThen judging self-calculation
And NRIf the two are equal, the tag authenticates the reader as legal and updates the secret key
If not, the protocol is terminated.
2. The lightweight RFID fast authentication method according to claim 1, wherein the step S103 specifically includes: reader receives message < M, NLAfter that, M is judged to be
Is equal or not, if equal, passes
Find the corresponding ID, bring the ID into
Judgment of
If the equality is established, the label is successfully authenticated and the authentication is passed
Updating the two new and old secret keys; if M is equal to
If they are not equal, further judging M is equal to
Is equal or not, if equal, passes
Find the corresponding ID, bring the ID into
Judgment of
If the equality is established, the label is successfully authenticated and the authentication is passed
Updating the old key, and keeping the new key unchanged; if M is equal to
If not, the protocol is terminated, and then the reader sends NRAnd (4) giving a label.
3. The lightweight RFID fast authentication method according to any one of claims 1 or 2, wherein the step S101 further comprises: initialization: the reader stores the ID of the tag and negotiates a key with the tag in the initialization stage, M is calculated through M H (key), and the tag stores the ID and the key of the tag.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811601331.5A CN109711218B (en) | 2018-12-26 | 2018-12-26 | Lightweight RFID (radio frequency identification device) rapid authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811601331.5A CN109711218B (en) | 2018-12-26 | 2018-12-26 | Lightweight RFID (radio frequency identification device) rapid authentication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109711218A CN109711218A (en) | 2019-05-03 |
| CN109711218B true CN109711218B (en) | 2022-03-11 |
Family
ID=66258477
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811601331.5A Active CN109711218B (en) | 2018-12-26 | 2018-12-26 | Lightweight RFID (radio frequency identification device) rapid authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109711218B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110598811A (en) * | 2019-08-23 | 2019-12-20 | 吴彬 | Off-line anti-counterfeiting identification method for vehicle filter element |
| CN111615108B (en) * | 2020-04-12 | 2022-04-01 | 西安电子科技大学 | Radio frequency identification data security authentication method, system, storage medium and terminal |
| CN112364339B (en) * | 2020-08-21 | 2022-07-12 | 中国科学院信息工程研究所 | Improved safe lightweight RFID authentication method |
| CN113553873B (en) * | 2021-07-30 | 2023-03-21 | 徐州医科大学 | Design method of cloud-based RFID bidirectional authentication protocol in epidemic situation prevention and control system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102737260B (en) * | 2011-04-15 | 2015-04-08 | 深联致远(北京)科技有限公司 | Method and apparatus for identifying and verifying RFID privacy protection |
| KR102012729B1 (en) * | 2012-08-29 | 2019-08-21 | 한국전자통신연구원 | Method of measuring the distance bound using radio frequency identification and system thereof |
| CN103338110B (en) * | 2013-06-19 | 2016-08-10 | 广东工业大学 | RFID safety authentication based on dynamic I D band search key |
| US9749418B2 (en) * | 2015-08-06 | 2017-08-29 | Koc University | Efficient dynamic proofs of retrievability |
| CN107395354B (en) * | 2017-06-02 | 2020-07-28 | 广东工业大学 | Lightweight mobile RFID system authentication method |
-
2018
- 2018-12-26 CN CN201811601331.5A patent/CN109711218B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109711218A (en) | 2019-05-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Alladi et al. | SecAuthUAV: A novel authentication scheme for UAV-ground station and UAV-UAV communication | |
| CN109711218B (en) | Lightweight RFID (radio frequency identification device) rapid authentication method | |
| Hong | P2P networking based internet of things (IoT) sensor node authentication by Blockchain | |
| Cho et al. | Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (RFID) tag mutual authentication protocol | |
| Mbarek et al. | An efficient mutual authentication scheme for internet of things | |
| US10284543B2 (en) | System and method for secure online authentication | |
| KR102177794B1 (en) | Distributed device authentication protocol in internet of things blockchain environment | |
| CN110147666B (en) | Lightweight NFC identity authentication method in scene of Internet of things and Internet of things communication platform | |
| WO2021208037A1 (en) | Authentication method and system and storage medium | |
| Mohsin et al. | Two factor vs multi-factor, an authentication battle in mobile cloud computing environments | |
| US20120166801A1 (en) | Mutual authentication system and method for mobile terminals | |
| Xu et al. | Authentication‐Based Vehicle‐to‐Vehicle Secure Communication for VANETs | |
| US20150180862A1 (en) | Method of generating one-time password and apparatus for performing the same | |
| CN110572392A (en) | Identity authentication method based on HyperLegger network | |
| Erguler et al. | Security flaws in a recent RFID delegation protocol | |
| CN102983979A (en) | Quick RFID authentication method based on secret information shared among tags | |
| KR20170043778A (en) | Vehicle Internal Network Security Method and System using OTP | |
| Moradi et al. | Security analysis and strengthening of an RFID lightweight authentication protocol suitable for VANETs | |
| CN110460972A (en) | A method of the lightweight inter-vehicle communication certification towards In-vehicle networking | |
| Safkhani et al. | On the security of RFID anti-counting security protocol (ACSP) | |
| Habibi et al. | Attacks on recent RFID authentication protocols | |
| Yang et al. | Mobile RFID mutual authentication and ownership transfer | |
| Safkhani et al. | Cryptanalysis of Chen\textit {et al.}'s RFID Access Control Protocol | |
| Yin et al. | Keep all mobile users′ whereabouts secure: A radio frequency identification protocol anti‐tracking in 5G | |
| CN110427748A (en) | A kind of method and system for authen session |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |