CN112364339B - Improved safe lightweight RFID authentication method - Google Patents
Improved safe lightweight RFID authentication method Download PDFInfo
- Publication number
- CN112364339B CN112364339B CN202010849580.7A CN202010849580A CN112364339B CN 112364339 B CN112364339 B CN 112364339B CN 202010849580 A CN202010849580 A CN 202010849580A CN 112364339 B CN112364339 B CN 112364339B
- Authority
- CN
- China
- Prior art keywords
- reader
- product
- auxiliary information
- tag
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 19
- 238000013475 authorization Methods 0.000 claims description 6
- 238000004891 communication Methods 0.000 description 16
- 238000004364 calculation method Methods 0.000 description 11
- 230000002457 bidirectional effect Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 230000004044 response Effects 0.000 description 6
- 238000012544 monitoring process Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000002147 L01XE04 - Sunitinib Substances 0.000 description 1
- KFSLWBXXFJQRDL-UHFFFAOYSA-N Peracetic acid Chemical compound CC(=O)OO KFSLWBXXFJQRDL-UHFFFAOYSA-N 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010367 cloning Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013481 data capture Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- LBWFXVZLPYTWQI-IPOVEDGCSA-N n-[2-(diethylamino)ethyl]-5-[(z)-(5-fluoro-2-oxo-1h-indol-3-ylidene)methyl]-2,4-dimethyl-1h-pyrrole-3-carboxamide;(2s)-2-hydroxybutanedioic acid Chemical compound OC(=O)[C@@H](O)CC(O)=O.CCN(CC)CCNC(=O)C1=C(C)NC(\C=C/2C3=CC(F)=CC=C3NC\2=O)=C1C LBWFXVZLPYTWQI-IPOVEDGCSA-N 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 229940034785 sutent Drugs 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
- G06K17/0022—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
- G06K17/0029—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device the arrangement being specially adapted for wireless interrogation of grouped or bundled articles tagged with wireless record carriers
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses an improved safe lightweight RFID authentication method, which comprises the following steps: 1) the reader R obtains a product information list L which can be read by the reader R; 2) r sends a connection request, an identifier ID _ R and x1 to tag T; 3) t calculates a ═ h (f (ID _ R, K) | | | x1| | | y) | K and sends it to R; 4) r searches the item m matched with the value A from L to obtain a secondary auxiliary information secret key k of the item mmnAnd calculates B ═ h (f (ID _ r, K)m) Y) and sends it with x2 to T; 5) t calculates C ═ h (f (ID _ R, K) | | x2| | y) | ID _ T and D ═ h (f (ID _ R, K) | | x2| | y) | s, to be sent to R; 6) r calculates h (f (ID _ R, K)m) | x2| | y) to obtain ID _ t and s if s ═ f (ID _ t, k)mn) If yes, the authentication is finished.
Description
Technical Field
The invention relates to an improved safe lightweight RFID authentication method, and belongs to the technical field of Internet of things.
Background
With the rapid development of the internet and the internet of things, a Radio-Frequency Identification (RFID) technology is widely used. RFID systems are generally composed of two main components: RFID tags and RFID readers. RFID, which uses radio frequency signals to automatically identify objects and humans, is an automatic identification and data capture technology that can provide read/write functionality (while bar codes are read-only) and does not require contact with a reader. A tag is attached to a product or a human body, and an RFID reader communicates with the tag to identify an object and collect tag information. With the application of RFID systems in the Internet of Things (IoT), it also requires a third component called a backend server. The back-end server is responsible for authenticating the tag and the RFID reader. In the RFID-based Internet of things system, the RFID tag transmits sensed information to the RFID reader through the antenna, and then the reader sends the information of the tag to the back-end server. Typically, the communication channel between the reader and the back-end server is the internet.
Because the RFID system is used in the Internet of things, and the RFID reader can be a mobile handheld device or a tablet computer, the RFID system faces many security threats, an attacker can attack a legal reader and access the tag by using secret information of an attacked party, and thus the threat of information leakage is caused. For example, anyone can read the RFID information, and an attacker can cheat a legitimate tag reader to obtain the tag information. For example, a mobile device that is a reader may be easily stolen by an attacker, or a user may inadvertently install malware thereon, making the device vulnerable to reader leakage. Therefore, a reader leakage attack must be considered as a serious security threat when designing an RFID authentication protocol. Meanwhile, a wireless channel between the reader-writer and the tag is not safe and fixed, and an RFID authentication protocol is also required.
Document 1 (wanger, waning academy. improved lightweight mobile RFID mutual authentication protocol [ J ]. computer engineering and design, 2018,39(4): 912-. In document 2 (sutent, safety authentication protocol [ J ] oriented to passive RFID, computer engineering and design, 2017,38(7): 1697-1701), an offline and online authentication protocol is designed according to whether a database is connected with a reader in practical application, so that the authentication workload is increased. In the document 3 (ma yuan jia, liu wei. an improved RFID bidirectional authentication protocol [ J ] meeting the backward security, computer engineering and application, 2017,53(9):136-140.), the RFID bidirectional authentication protocol based on the Rabin encryption algorithm is realized, and the problems of synchronization and backward security are solved. Document 4 (thubin, cheng, trebao, mobile RFID authentication protocol [ J ] for low-cost tags computer engineering and applications, 2018,54(16):68-75.) a mobile RFID authentication protocol is implemented using a one-way function, a random number generator, and a hash function and a timestamp in a reader, which conform to the EPC-C1G2 standard. Document 5 (li xiyuan, grandson super, zheng. RFID mutual authentication protocol based on a pseudorandom function [ J ]. computer engineering and applications, 2018,54(17):67-70.) proposes an improved RFID security authentication protocol based on a pseudorandom function by encrypting transmission information. In document 6 (Shanghai, mobile RFID bidirectional authentication protocol [ J ] based on cross bit operation, computer engineering and application, 2019,55(7):120-126.) in order to ensure the communication security of mobile RFID, the information to be transmitted is encrypted by adopting the cross bit operation, and three-party authentication is required. Document 7(Fan K, Ge N, Gong Y, et al. an ultra-light RFID authentication scheme for mobile communication [ J ]. Peer-to-Peer Networking and Applications,2017,10(2): 368-. In document 8(Tan C, Sheng B, Li q, secure and server RFID authentication and search protocols [ J ]. IEEE Transactions on Wireless Communications,2008,7(4): 1400-. Document 9(Weis S A, Sarma S E, Rivest R L, et al, Security and privacy aspects of low-cost radio frequency identification systems [ M ]. Securability in periodic computing. Springer Berlin Heidelberg,2004: 201. 212.) presents a randomized Hash-Lock protocol, document 10(Ohkubo M, Suzuki K, Kinoshita S. Hash-chain based detection scheme for low-cost RFID [ C ]// Proc. of the 2004Symposium Cryptographics and Information, Send. 724: 724.) presents a protocol in which the calculated amount of the Hash chain is 0, but with an increase in the calculation of the server side 719. Document 11 (hinge D, Muller P. Hash-based enhancement of location-specificity using varying identifiers [ C ]/Proc of the 2nd IEEE Annual Conference on Pervarying Computing and communicating. Los Alamides (IEEE) IEEE Computer protocol, 2004:149-, the calculation amount of the server side is in direct proportion to the number n of the labels.
In the RFID authentication system based on the background database, a reader must keep safe and complete communication with the database, and the real-time performance of communication is ensured, so that the aim is difficult to achieve by a plurality of systems with larger involved ranges. The lightweight RFID authentication protocol device suitable for the mobile environment reduces communication with a background database, realizes bidirectional authentication of a new tag and a reader-writer, improves authentication efficiency, and meets the requirement of safety.
Disclosure of Invention
The invention provides an improved lightweight RFID bidirectional authentication protocol for improving the calculation performance and the safety of an RFID authentication protocol and aiming at the problems of the existing RFID authentication protocol based on a background-free server.
In order to achieve the security objective, the RFID authentication protocol needs to implement bidirectional authentication of the reader and the tag. The RFID reader increasingly utilizes mobile handheld devices or tablet computers, access to a back-end database is reduced as much as possible in order to guarantee efficiency and communication safety, so that the cost of enterprises or organizations using the RFID system is greatly reduced, the portability and flexibility of the use of the RFID system are improved, the safety is improved, and the communication overhead is reduced. Therefore, the invention provides a lightweight RFID authentication protocol suitable for a mobile environment, reduces communication with a background database, realizes bidirectional authentication of a new tag and a reader-writer, improves authentication efficiency, and meets the requirement of safety.
In order to realize the expansion of a new tag without additional authentication of a background server, the RFID tag comprises two types of auxiliary information: primary auxiliary information (e.g., the hospital department to which the patient carrying the RFID tag belongs or the brand of the RFID-tagged product), which is relatively limited; secondary ancillary information (e.g., the ward in a hospital department or a subtype under the brand of a product) is also relatively limited, so it is contemplated that primary and secondary ancillary information may be added to the tag as authorization information for the authentication process. Therefore, the authentication between the tag and the reader is completed in an assisted manner by virtue of a small amount of auxiliary information, and a background server does not need to be accessed frequently, so that the security and the efficiency of the RFID authentication are improved.
In order to achieve the purpose, the invention adopts the specific technical scheme that the method comprises the following steps:
1) the reader R firstly obtains authorization authentication from an authentication center and obtains a product information list L;
2) the reader uses the first-level auxiliary information secret keys K and the second-level auxiliary information secret keys K to help realize mutual authentication between the tag and the reader.
The technical scheme of the invention is as follows:
an improved secure lightweight RFID authentication method, comprising the steps of:
1) the reader R obtains authorization authentication from the authentication center and obtains a product information list L which can be read by the reader R; each product information in the product information list L comprises an identifier ID _ R of the reader R, a primary auxiliary information key K and a secondary auxiliary information key K of the product; the label T of each product is provided with a primary auxiliary information key K, a secondary auxiliary information key K and a label key s of the product;
2) the reader R sends the connection request hello, the identifier ID _ R of the reader R and the random number x1 generated by the reader R to the tag T;
3) the tag T generates a random number y, then a value A is obtained through calculation by using a secondary auxiliary information key k in the tag T, the received identifier ID _ R and the random number x1, and the value A is sent to the reader R;
4) the reader R traverses all the items in the list L, judges whether an item matched with the value A exists or not, and if the matched item m exists, acquires a matched secondary auxiliary information secret key k in the matched item mmnThe reader R is according to ID _ R and KmAnd y calculates a value B and then sends the value B and the generated random number x2 to the tag T; the label T is according to ID _ r and KmX1 and y verify the reader R, and if the reader R passes the authentication, the step 5) is carried out; otherwise, rejecting the reader R and finishing the authentication; wherein KmThe primary auxiliary information key of the matching item m, and f (x, y) is a hash function;
5) the tag T calculates C ═ h (f (ID _ R, K) | | x2| | y) | ID _ T and D ═ h (f (ID _ R, K) | | x2| | y) | s, and sends C, D value to the reader R; wherein, ID _ T is the identifier of the tag T;
6) reader R calculates h (f (ID _ R, K)m) I | | x2| | y) obtains ID _ t and s, verifies s ═ f (ID _ t, k)mn) And if the authentication is established, the reader verifies the tag T, and the authentication is finished.
Further, the secondary auxiliary information of the product is sub-information of the primary auxiliary information of the product.
Further, the primary auxiliary information of the product is a department to which the product belongs, and the secondary auxiliary information of the product is a sub-department of the department; or the primary auxiliary information of the product is the brand of the product, and the secondary auxiliary information of the product is the sub-brand or different models of the brand.
Furthermore, a plurality of secondary auxiliary information keys are set for the product in the label T of each product, and different secondary auxiliary information keys correspond to different sub-models of the product; the nth item of product information in the product information list L is: f (ID _ r, K)n) Second level auxiliary information Key kn1,…,knj(ii) a Wherein, KnPrimary auxiliary information key, k, for the product corresponding to the nth labelnjAnd the secondary auxiliary information key is a secondary auxiliary information key of the jth sub-model of the product corresponding to the nth label.
Further, a ═ h (f (ID _ r, K) | | x1| | y) | K.
Further, in step 4), the reader pairs all the items f (ID _ r, K) in the list Li):ki1,…,kijGo through traversal, kijA secondary auxiliary information key, K, for the jth sub-model of the product corresponding to the ith labeliA primary auxiliary information key of a product corresponding to the ith label; calculating a hash value h (f (ID _ r, K)i)||x1||y)⊕kijJudging whether the value A is equal to the value A transmitted by the label; if m and n are present, such that h (f (ID _ r, K)m)||x1||y)⊕kmnThe value A transmitted by the label T is equal to the value A, and then the corresponding secondary auxiliary information key k is obtainedmnThe reader R changes B to h (f (ID _ R, K)m) Y) and the generated random number x2 are sent to the tag T; tag T uses h (f (ID _ r, K)m) | x1| | y) value, if calculated k is verified for the reader RmnAnd if the value is equal to the secondary auxiliary secret key value k maintained by the label, the authentication passes through the reader R.
Further, the tag calculates h (f (ID _ r, K)m) Verifying the reader R if the calculated k is less than the value of | | | x1| | y | |) amnAnd if the key value is equal to the secondary auxiliary secret key value k maintained by the label, the authentication passes through the reader.
Further, the key s ═ f (ID)_t,k)。
Compared with the prior art, the invention has the following positive effects:
the invention provides an improved safe lightweight RFID authentication protocol, which can add a new tag into a reader authentication system without frequently reading a background database by means of a small amount of external auxiliary information. The improved protocol is suitable for the current common mobile environment and has better safety performance.
The invention completes the bidirectional authentication between the reader and the tag by means of the authorization of a part of extra information, realizes the authentication of the newly added tag without communicating with a background server, avoids the safety risk and the communication overhead caused by the extra communication, and improves the expansibility of the tag. Compared with the existing RFID authentication protocol, the improved protocol does not frequently communicate with the background server, so that the communication overhead and the security risk caused by additional communication are reduced, and the requirements of backward security, mutual authentication, synchronism and non-denial of service can be met. The improved protocol is suitable for deployment in mobile RFID environments and on inexpensive RFID tags.
Drawings
FIG. 1 is a flow chart of the present invention.
Detailed Description
In order to make the technical solutions in the embodiments of the present invention better understood and make the objects, features and advantages of the present invention more obvious and understandable by those skilled in the art, the technical cores of the present invention are further described in detail with reference to the accompanying drawings and examples.
An improved secure lightweight RFID authentication protocol is proposed in the present invention.
The meanings of the symbols used in the improved protocol are shown in table 1.
Table 1 is a symbol meaning table
The information in the tag is done by both the certificate authority and the manufacturer, assuming that the process is completely secure. The identifier ID _ T of the tag T is assigned and unique by the manufacturer. Three key information are written to the tag T:
k: the primary auxiliary information key is unique;
k: the secondary auxiliary information key is unique;
s: key of tag, s ═ f (ID)_t,k)。
The information owned by the tag T is: (ID)_t,K,k,s)。
The reader R firstly obtains authorization authentication from an authentication center and obtains a product information list L:
there are multiple sub-models under a model, so each tag corresponds to multiple secondary auxiliary information keys, such as k11,…,k1i;KnA first-level auxiliary information key, k, of a product corresponding to the nth labelnjA secondary auxiliary information key of the jth sub-model of the product corresponding to the nth label; the mutual authentication process between the reader and the tag is shown in fig. 1.
Description of A, B, C, D in FIG. 1:
A=h(f(ID_r,K)||x1||y)⊕k
B=h(f(ID_r,K)||y)
C=h(f(ID_r,K)||x2||y)⊕ID_t
D=h(f(ID_r,K)||x2||y)⊕s
the authentication steps of the improved protocol are as follows:
step 1: firstly, the reader sends the following information to the tag: a connection request hello, which sends an identifier ID _ r of the reader, starts a new authentication period and sends a random number x1 generated by the reader;
step 2: the tag generates a random number y, calculates the value of A ═ h (f (ID _ r, K) | | x1| | | y) | K by using a secondary auxiliary key K of the tag, an identifier ID _ r sent by the reader and a random number x1, and sends the value to the reader;
and step 3: reader pairs all items f (ID _ r, K) in the list Li):ki1,…,kijGo through traversal, wherein kijFor the ith label pairSecondary auxiliary information key, K, for jth sub-model of productiA primary auxiliary information key of a product corresponding to the ith label; calculate the hash value h (f (ID _ r, K)i)||x1||y)⊕kijAnd judging whether the value A is equal to the value A transmitted by the label. If m and n are present, such that h (f (ID _ r, K)m)||x1||y)⊕kmnThe value A transmitted by the label is equal, and the nth secondary auxiliary information key k corresponding to the mth label is obtainedmnThe reader sets B to h (f (ID _ r, K)m) Y) and the generated random number x2 to the tag;
tag computation h (f (ID _ r, K)m) The value of | x1| | y |) A verifies the reader R, if calculated kmnIf the value is equal to the secondary auxiliary secret key value k maintained by the label, authenticating the reader, turning to the step 4, if the value is not equal, rejecting the reader, and ending authentication; wherein k ismnThe reader traverses all secondary auxiliary information in the L and calculates the secondary auxiliary information one by one to obtain the secondary auxiliary information;
and 4, step 4: the tag calculates the values of C ═ h (f (ID _ r, K) | | x2| | y) | ID _ t and D ═ h (f (ID _ r, K) | | x2| | y) | s, and sends the values to the reader;
and 5: the reader uses f (ID _ r, K) obtained in the third stepm) Calculate h (f (ID _ r, K)m) | x2| | y) to obtain ID _ t and s, and verify s ═ f (ID _ t, k)mn) And if the authentication is established, the reader verifies the tag T, and the authentication is finished.
And (3) safety analysis:
step 1: resisting basic privacy disclosure. In the improved RFID authentication protocol, each time a reader reads information of a tag T, the T respectively generates new random responses h (f (ID _ r, K) | | x1| | | y) | K and h (f (ID _ r, K) | | x2| | y) in the two response processes, an attacker cannot obtain any information of the tag T from the new random responses h, and the function of preventing privacy leakage of the tag is realized.
Step 2: tracking and cloning attacks. In the improved RFID authentication protocol, the number of traversals is within an acceptable range in consideration of the magnitude of the primary auxiliary information and the secondary auxiliary information, and h (f (ID _ r, K) | x1| | y) | K is used for all traversals to prevent tracking attack.
In order to prevent the trace clone attack, the reader generates two different random numbers x1 (for the tag verification reader) and x2 (for the tag verification tag) in a session with the tag, so as to ensure that the response information of each time of the tag is different; whereas the tag uses only one random number in view of computational overhead.
If the security of the authentication protocol is further enhanced, a random number may be regenerated in the second stage of the tag responding to the reader, and the new random number is used for verification calculation.
And step 3: and (6) monitoring. The attacker can obtain the data transmitted in the spark process of the reader and the tag by monitoring: ID _ r, x1, x2, y, A, B, C, D. In the modified RFID authentication protocol, each time a reader R and a tag T make a session, random numbers x1, x2, and y are generated. In the process of monitoring by an attacker, even if monitoring is carried out on the same tag T for multiple times, the attacker can obtain different response information each time. Thus, the improved RFID protocol can prevent secret information from being obtained by way of listening. Suppose an attacker forges a tag T' with the information that is being listened to, but the attacker cannot control the values of the random numbers x1 and x2 that the reader generates in this session because in the improved RFID authentication protocol, the two authentication stages of each new query generate completely new hash function values a and C. Since the attacker cannot obtain f (ID _ r, K), even if the attacker obtains the correct random number, the correct hash value cannot be calculated.
And 4, step 4: front/back security discussion. After the attacker successfully attacks the reader R, the list L and the ID _ R can be obtained, so that the reader R can be disguised to acquire information from the tag T. It is necessary to prevent an attacker from using this information to generate a counterfeit tag T 'to be authenticated by other legitimate readers R'. The information available from the list L is f (ID _ r, K) and K, and the construction T ' requires the calculation of f (ID _ r ', K) because the function values of f (,) are different for different readers, i.e. f (ID _ r ', K) ≠ f (ID _ r, K). So even if the attacker obtains f (ID _ R, K), writes it into tag T ', it cannot pass the authentication of tag R'. Since f (,) is a one-way hash function, it is also not feasible to compute s from ID _ r and f (ID _ r, k).
The attacker successfully attacks the tag T to obtain ID _ T, K, K and s, and the attacker can imitate one tag TxAnd the tag with the same K and K can be forged under the same level of auxiliary information, so that the reader R is deceived to pass the authentication. The improved RFID authentication protocol can only prevent an attacker from generating a fake label under other primary auxiliary information. Assuming that the generated other primary auxiliary information has a forged label TxThe attacker needs to generate the correct f (ID _ r)x,Kx). However, the class key K of the tag T cannot be used to calculate the other class keys KxTherefore, the label T under other primary auxiliary information cannot be forgedxCheating RxThe authentication of (2) ensures the backward safety.
And 5: denial of service (DoS). In the improved RFID authentication protocol, a reader only needs to perform authentication and data transmission with a background server once to obtain a primary secret key K and a corresponding secondary secret key K1,…kn. DoS attacks cannot pose a threat to the protocol.
Table 2 is a security comparison of the present invention with the authentication protocol proposed by the predecessor. Check represents resistance to a certain attack, and x represents resistance to failure. It can be seen that the invention has better safety performance.
Table 2 is a safety comparison table
As can be seen from table 2, the authentication protocol proposed by the present invention has better security performance than the predecessor.
And (3) calculating overhead analysis:
table 3 compares the computational performance of the present invention with the authentication protocol proposed by the predecessor.
Table 3 is a comparison table of calculation overhead of RFID authentication protocol
Step 1: computingAnd analyzing the overhead. The authentication protocol provided by the invention introduces two levels of auxiliary information, increases the calculated amount, but reduces the authentication problem of the new label and avoids the communication overhead of the new label and the background server. The following conventions are made: h represents the execution of a hash function, C represents an encryption operation, G represents the computation of a pseudorandom number function, GTRepresents the generation of a time stamp, Cro represents the cross-bit operation, l represents the length of the hash value, g represents the length of the pseudorandom number, and d represents the length of the reader or tag identifier. n represents the number of labels, and n' represents the maximum number of secondary auxiliary information. Table 3 compares the data computation of this protocol with other protocols proposed by the predecessors.
The RFID protocol encrypted by Rabin and the pseudo-random RFID protocol use Rabin encryption algorithm, and a background server of the literature participates in authentication, and hash calculation is carried out for 4 times; the calculated amount of the mobile RFID protocol server is larger than that of the improved protocol provided by the invention, the RFID protocol of cross bit operation uses cross bit operation, although the calculated amount is small, the server also participates in the authentication process, and the communication overhead and the transmission risk are increased; ULRMAPC, although the reader computation is small, all require the server to participate in the authentication process, taking additional communication overhead. Considering n' < n, the improvement of the protocol on the calculation efficiency of the reader is obvious, but compared with the literature, the label calculation amount is increased by one hash calculation; although the calculated amount of the reader is 0 in the randomized Hash-Lock protocol and the Hash chain protocol, the calculated amount of the server is obviously increased, and the calculated amount of the server based on the ID change protocol of Hash, the distributed query-response RFID and the LCAP protocol is in direct proportion to the number n of the tags and is much larger than that of the protocol.
Although specific details of the invention, algorithms and figures are disclosed for illustrative purposes, these are intended to aid in the understanding of the contents of the invention and the implementation in accordance therewith, as will be appreciated by those skilled in the art: various substitutions, changes and modifications are possible without departing from the spirit and scope of the present invention and the appended claims. The invention should not be limited to the preferred embodiments and drawings disclosed herein, but rather should be defined only by the scope of the appended claims.
Claims (5)
1. An improved secure lightweight RFID authentication method, comprising the steps of:
1) the reader R obtains authorization authentication from the authentication center and obtains a product information list L which can be read by the reader R; each product information in the product information list L comprises an identifier ID _ R of the reader R, a primary auxiliary information key K and a secondary auxiliary information key K of the product; the label T of each product is provided with a primary auxiliary information key K, a secondary auxiliary information key K and a label key s of the product;
2) the reader R sends the connection request hello, the identifier ID _ R of the reader R and the random number x1 generated by the reader R to the tag T;
3) generating a random number y by the tag T, calculating A to h (f (ID _ R, K) | | x1| | y) | K by using a secondary auxiliary information key K in the tag T and the received identifier ID _ R and the random number x1, and sending the obtained A value to the reader R;
4) the reader checks all items f (ID _ r, K) in the product information list Li):ki1,…,kijGo through traversal, kijA secondary auxiliary information key, K, of the jth sub-model of the product corresponding to the ith labeliA primary auxiliary information key of a product corresponding to the ith label; calculating a hash value h (f (ID _ r, K)i)||x1||y)⊕kijJudging whether the value A is equal to the value A transmitted by the label; if m and n are present, such that h (f (ID _ r, K)m)||x1||y)⊕kmnThe value A transmitted by the label T is equal to the value A, and then the corresponding secondary auxiliary information key k is obtainedmnThe reader R changes B to h (f (ID _ R, K)m) Y) and the generated random number x2 are sent to the tag T; tag T calculates h (f (ID _ r, K)m) Verifying the reader R if the calculated k is less than the value of | | | x1| | y | |) amnIf the value is equal to the value k of the secondary auxiliary key maintained by the label, the authentication passes through the reader R, and the step 5) is carried out; otherwise, rejecting the reader R and finishing the authentication; wherein KmThe primary auxiliary information key of the matching item m, and f (x, y) is a hash function;
5) the tag T calculates C ═ h (f (ID _ R, K) | | x2| | y) | ID _ T and D ═ h (f (ID _ R, K) | | x2| | y) | s, and sends C, D value to the reader R; wherein, ID _ T is the identifier of the tag T;
6) reader R calculates h (f (ID _ R, K)m) | x2| | y) to obtain ID _ t and s, and verify s ═ f (ID _ t, k)mn) And if the authentication is established, the reader verifies the tag T, and the authentication is finished.
2. The method of claim 1, wherein the secondary auxiliary information of a product is a sub-information of the primary auxiliary information of the product.
3. The method according to claim 1 or 2, wherein the primary auxiliary information of a product is a department to which the product belongs, and the secondary auxiliary information of a product is a sub-department of the department; or the primary auxiliary information of the product is the brand of the product, and the secondary auxiliary information of the product is the sub-brand or different models of the brand.
4. The method according to claim 1 or 2, wherein a plurality of secondary auxiliary information keys are set for each product in the tag T of the product, and different secondary auxiliary information keys correspond to different sub-models of the product; the nth item of product information in the product information list L is: f (ID _ r, K)n) Second level auxiliary information key kn1,…,knj(ii) a Wherein, KnPrimary auxiliary information key, k, for the product corresponding to the nth labelnjAnd the secondary auxiliary information key is a secondary auxiliary information key of the jth sub-model of the product corresponding to the nth label.
5. The method of claim 1, wherein a key s ═ f (ID _ t, k).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010849580.7A CN112364339B (en) | 2020-08-21 | 2020-08-21 | Improved safe lightweight RFID authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010849580.7A CN112364339B (en) | 2020-08-21 | 2020-08-21 | Improved safe lightweight RFID authentication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112364339A CN112364339A (en) | 2021-02-12 |
| CN112364339B true CN112364339B (en) | 2022-07-12 |
Family
ID=74516718
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010849580.7A Active CN112364339B (en) | 2020-08-21 | 2020-08-21 | Improved safe lightweight RFID authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112364339B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106209768A (en) * | 2016-06-20 | 2016-12-07 | 广东工业大学 | A kind of extendible RFID mutual authentication method |
| CN109711218A (en) * | 2018-12-26 | 2019-05-03 | 无锡泛太科技有限公司 | A kind of RFID rapid authentication method of lightweight |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101183423A (en) * | 2007-12-21 | 2008-05-21 | 北京航空航天大学 | Management system for reader-writer to read RFID label event |
| CN101488854B (en) * | 2008-01-18 | 2011-11-09 | 华为技术有限公司 | Wireless RFID system authentication method and apparatus |
| US8234502B2 (en) * | 2008-08-29 | 2012-07-31 | International Business Machines Corporation | Automated password authentication |
| CN101882197B (en) * | 2010-05-31 | 2012-07-04 | 北京航空航天大学 | RFID (Radio Frequency Identification Device) inquiring-response safety certificate method based on grading key |
| CN202582594U (en) * | 2012-05-07 | 2012-12-05 | 苏州工业职业技术学院 | Sensor system based on RFID technology |
| CN102750561B (en) * | 2012-06-07 | 2015-08-12 | 中国科学技术大学 | A kind of method of efficient active safety radio frequency identification authentication |
| WO2014201585A1 (en) * | 2013-06-20 | 2014-12-24 | 华北电力大学(保定) | Rfid bidirectional authentication method based on asymmetric key and hash function |
| CN103532718A (en) * | 2013-10-18 | 2014-01-22 | 中国科学院信息工程研究所 | Authentication method and authentication system |
-
2020
- 2020-08-21 CN CN202010849580.7A patent/CN112364339B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106209768A (en) * | 2016-06-20 | 2016-12-07 | 广东工业大学 | A kind of extendible RFID mutual authentication method |
| CN109711218A (en) * | 2018-12-26 | 2019-05-03 | 无锡泛太科技有限公司 | A kind of RFID rapid authentication method of lightweight |
Non-Patent Citations (2)
| Title |
|---|
| Lightweight Distance bound Protocol for Low Cost RFID Tags;Eslam Gamal Ahmed等;《IJCSIS》;20100507;第7卷(第3期);全文 * |
| 轻量级移动RFID认证协议研究设计;位书敏等;《计算机与现代化》;20161121;第2016卷(第11期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112364339A (en) | 2021-02-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Jiang et al. | Three-factor authentication protocol using physical unclonable function for IoV | |
| Zhou et al. | A lightweight anti-desynchronization RFID authentication protocol | |
| CN110147666B (en) | Lightweight NFC identity authentication method in scene of Internet of things and Internet of things communication platform | |
| Chen et al. | An ownership transfer scheme using mobile RFIDs | |
| JP5355685B2 (en) | Wireless tag authentication method using radio wave reader | |
| CN107147498B (en) | Authentication method and encryption method for transmitting information in RFID authentication process | |
| CN108566385B (en) | Bidirectional authentication method based on cloud efficient privacy protection | |
| Park et al. | Tagora: A collision-exploitative RFID authentication protocol based on cross-layer approach | |
| Wei et al. | An authentication protocol for low-cost RFID tags | |
| CN107480564B (en) | Improved RFID group authentication method | |
| Chen et al. | Enhancement of the RFID security method with ownership transfer | |
| CN107276742B (en) | RFID system authentication method | |
| CN102983979A (en) | Quick RFID authentication method based on secret information shared among tags | |
| Gao et al. | A security protocol resistant to intermittent position trace attacks and desynchronization attacks in RFID systems | |
| CN115550002B (en) | TEE-based intelligent home remote control method and related device | |
| Wang et al. | Provable Secure for the Ultra-lightweight RFID Tag Ownership Transfer Protocol in the Context of IoT Commerce. | |
| Yang | Lightweight authentication protocol for mobile RFID networks | |
| CN112364339B (en) | Improved safe lightweight RFID authentication method | |
| Morshed et al. | Efficient mutual authentication protocol for radiofrequency identification systems | |
| Chabbi et al. | RFID and NFC authentication protocol for securing a payment transaction | |
| Azad et al. | A lightweight protocol for RFID authentication | |
| KR100955880B1 (en) | Security method in RFID environment, Recording medium and System using by the same | |
| KR20090005834A (en) | Low-cost rfid authentication protocol method for distributed database environment | |
| Xiaohong et al. | RFID mutual-authentication protocol with synchronous updated-keys based on Hash function | |
| Lin et al. | Lightweight and serverless RFID authentication and search protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |