[go: up one dir, main page]

CN103532718A - Authentication method and authentication system - Google Patents

Authentication method and authentication system Download PDF

Info

Publication number
CN103532718A
CN103532718A CN201310492590.XA CN201310492590A CN103532718A CN 103532718 A CN103532718 A CN 103532718A CN 201310492590 A CN201310492590 A CN 201310492590A CN 103532718 A CN103532718 A CN 103532718A
Authority
CN
China
Prior art keywords
authentication
authentication message
mod
random number
label
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201310492590.XA
Other languages
Chinese (zh)
Inventor
石志强
金永明
孙利民
芦翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201310492590.XA priority Critical patent/CN103532718A/en
Publication of CN103532718A publication Critical patent/CN103532718A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

本发明涉及一种认证方法及系统。认证方法包括:读写器将自身产生的第一随机数r1发送给标签;标签接收到第一随机数r1后,产生第二随机数r2,并根据r1和r2计算第一认证消息M1和第二认证消息M2,把M1的全部位数的数据和M2的设定位数的数据发送给读写器,其中,M1=x⊕r2,M2=[(r1⊕r2 ⊕ID)2mod n]l;读写器接收第一认证消息M1和第二认证消息M2后,根据第一认证消息M1计算出所述第二随机数r2,r2=M1⊕x,然后验证是否存在(ID,x)满足等式M2=[(r1⊕r2 ⊕ID)2mod n]l,若存在则执行下一步;读写器计算第三认证消息M3,将该第三认证消息M3发送给标签,并将共享密钥x更新为[x2mod n]l;标签接收并验证第三认证消息M3是否正确,若正确则判定本次认证成功。本发明减少了认证算法的计算代价和存储代价。

Figure 201310492590

The invention relates to an authentication method and system. The authentication method includes: the reader sends the first random number r 1 generated by itself to the tag; after receiving the first random number r 1 , the tag generates the second random number r 2 and calculates the first random number r 2 according to r 1 and r 2 The authentication message M 1 and the second authentication message M 2 send the data of all the digits of M 1 and the data of the set digits of M 2 to the reader, wherein, M 1 =x⊕r 2 , M 2 = [(r 1 ⊕r 2 ⊕ID) 2 mod n] l ; After receiving the first authentication message M 1 and the second authentication message M 2 , the reader calculates the second random number according to the first authentication message M 1 r 2 ,r 2 =M 1 ⊕x, then verify whether (ID,x) exists to satisfy the equation M 2 =[(r 1 ⊕r 2 ⊕ID) 2 mod n] l , if it exists, go to the next step; read The writer calculates the third authentication message M 3 , sends the third authentication message M 3 to the tag, and updates the shared key x to [x 2 mod n] l ; the tag receives and verifies whether the third authentication message M 3 is correct , if it is correct, it is determined that the authentication is successful. The invention reduces the calculation cost and storage cost of the authentication algorithm.

Figure 201310492590

Description

一种认证方法及系统An authentication method and system

技术领域technical field

本发明涉及通信领域,尤其涉及一种认证方法及系统。The invention relates to the communication field, in particular to an authentication method and system.

背景技术Background technique

RFID(Radio Frequency Identification,无线射频识别)技术是一种利用射频信号实现无接触信息传递,并通过所传递的信息达到识别目的的技术。RFID系统一般由三部分组成:标签、读写器和后端数据库。标签包括芯片和天线,用于存放物品的标识。读写器通过射频信号来获得标签中的数据,然后传输给后端数据库。RFID (Radio Frequency Identification, Radio Frequency Identification) technology is a technology that uses radio frequency signals to achieve contactless information transmission, and achieves identification purposes through the transmitted information. RFID system generally consists of three parts: tags, readers and back-end database. Tags include chips and antennas for identification of stored items. The reader obtains the data in the tag through the radio frequency signal, and then transmits it to the back-end database.

一般情况下,假设后端数据库和读写器之间存在安全的通信信道,它们之间的安全问题,可以理解为传统的网络安全问题。RFID安全问题主要关注读写器和标签之间的射频通信安全问题。读写器和标签之间是射频无线通信,容易受到攻击者的攻击。攻击主要分为两类:一是被动攻击,二是主动攻击。被动攻击中,攻击者只是偷偷的嗅探或窃听读写器和标签之间的通信,然后根据获得的数据进行密码分析或进行跟踪等。主动攻击中,攻击者在读写器和标签之间作为第三人存在。攻击者会截获读写器和标签之间交互的数据,然后通过重放或篡改的方式发送给另一方。In general, assuming that there is a secure communication channel between the back-end database and the reader, the security issues between them can be understood as traditional network security issues. RFID security issues mainly focus on the radio frequency communication security issues between readers and tags. The radio frequency wireless communication between the reader and the tag is vulnerable to attackers. Attacks are mainly divided into two categories: one is passive attack, and the other is active attack. In the passive attack, the attacker just secretly sniffs or eavesdrops on the communication between the reader and the tag, and then conducts cryptanalysis or tracking based on the obtained data. In an active attack, the attacker acts as a third person between the reader and the tag. The attacker intercepts the data exchanged between the reader and the tag, and then sends it to the other party through replay or tampering.

目前,已经提出了很多的安全与隐私保护机制,其中RFID轻量级认证协议是常见的一种方法。一般来说,一个RFID认证协议应满足如下特点:(1)低成本。随着物联网的应用越来越广泛,特别是供应链环境,会有大量的物品需要RFID标签。而标签的成本已经成为影响物联网大规模应用的因素之一。为了能够适应低成本的RFID标签,RFID认证协议需要使用尽量少的计算资源和存储资源,满足低成本的要求。(2)双向认证。为了避免非法读写器的攻击,认证协议不仅能认证标签的合法性,而且能够认证读写器的合法性。(3)隐私保护。随着RFID应用越来越多,比如二代身份证、公交卡、门禁卡等,它们与人们的生活越来越密切相关。如何保护标签所有者的隐私,也是要考虑的问题之一。(4)能抵抗常见的攻击。At present, many security and privacy protection mechanisms have been proposed, among which RFID lightweight authentication protocol is a common method. Generally speaking, an RFID authentication protocol should meet the following characteristics: (1) Low cost. As the application of the Internet of Things becomes more and more widespread, especially in the supply chain environment, there will be a large number of items that require RFID tags. The cost of tags has become one of the factors affecting the large-scale application of the Internet of Things. In order to be able to adapt to low-cost RFID tags, the RFID authentication protocol needs to use as few computing resources and storage resources as possible to meet the low-cost requirements. (2) Two-way authentication. In order to avoid the attack of illegal readers, the authentication protocol can not only verify the legitimacy of tags, but also verify the legitimacy of readers. (3) Privacy protection. With more and more RFID applications, such as second-generation ID cards, bus cards, access control cards, etc., they are more and more closely related to people's lives. How to protect the privacy of label owners is also one of the issues to be considered. (4) Can resist common attacks.

目前,已经出现了很多针对RFID认证协议的攻击方式,比如伪造攻击、重放攻击、中间人攻击等。Ohkubo等人研究了标签的隐私问题,特别是前向安全性,即现在传输的信息不会因为未来标签信息的泄露而变得不安全。提出了一种基于哈希链的认证协议(M.Ohkubo,Suzuki K.,Kinoshita S.Cryptographic approach to“privacy-friendly”tags.in RFID PrivacyWorkshop),该协议可以提供前向安全性。该方案的缺点是需要使用两个哈希函数,并且容易受到重放攻击。Dimitriou等人提出了一个轻量级的RFID认证协议,可以保护用户隐私和抵抗克隆攻击(T.Dimitriou.A lightweightRFID protocol to protect against traceability and cloning attacks.in Proc.of the First International Conference on Security and Privacyfor Emerging Areas in Communications Networks)。该协议是基于挑战响应的认证协议,可以实现读写器和标签之间的双向认证。但是对于标签,哈希计算代价比较大。Lopez等人提出了一个非常轻量级的认证协议LMAP(P.Peris-Lopez,Hernandez-Castro J.C.,Estevez-Tapiador J.M.,RibagordaA.LMAP:A real lightweight mutual authentication protocol forlow-cost RFID tags.in Proc.of2nd Workshop on RFID Security)。该协议使用假名IDS(Index-Pseudonym,假名索引),作为标签的索引。LMAP没有使用哈希函数,只使用了位异或等简单运算。该协议不能抵抗异步攻击,即攻击者可以阻塞最后一步认证过程,让读写器无法认证标签,导致不能更新IDS和密钥K,而标签已经更新了密钥。另外,若攻击者对标签发送Hello消息,则标签会返回当前的IDS,攻击者就可以跟踪标签,不能保护用户的隐私。Chien等人分析了Karthikeyan等人协议和Duc等人协议的安全缺陷,提出了一种新的适用于EPC C1G2标签的双向认证协议(Hung-Yu Chien,ChenChe-Hao.Mutual authentication protocol for RFID conforming to EPCClass1Generation2standards.Computer Standards&Interfaces)。该协议基于GEN-2标准,使用了PRNG和CRC运算,可以抵抗异步攻击。Ma等人研究了RFID的两种隐私:不可区分性隐私和不可预测性隐私(C.Ma,LiY.,Deng R.H.,Li T.RFID privacy:relation between two notions,minimal condition,and efficient construction.in Proc.of the16thACM conference on Computer and communications security)。基于PRF(Pseudo Random Function,伪随机函数),提出了一个满足强不可预测性隐私的RFID单向认证协议。但是,该协议容易受到拒绝服务攻击,若攻击者不断发送挑战c给标签,则标签会更新自己的计数ctr,导致读写器遍历查询的时间增加。丁等人提出了一种基于Hash函数的RFID安全认证协议HSAP(Zhenhua Ding,Li Jintao,Feng Bo.Research on hash-based RFIDsecurity authentication protocol.Journal of Computer Research andDevelopment)。该协议在标签中仅仅使用Hash操作,标签中仅需要执行两次Hash运算,因此比较适合低成本的RFID系统。同时,HSAP是双向认证协议,可以抵抗假冒攻击、重放攻击、防止追踪、去同步化等问题。本质上,该协议是一个挑战响应协议。另外,它不具有前向安全性,若当前的ID泄漏的话,攻击者可以分析出以前的交互信息,跟踪标签的活动足迹。另外,研究学者还提出了很多超轻量级的认证协议。这些协议只使用异或、点乘等简单运算,并没有使用PRNG、CRC等密码学元素。为了满足强隐私要求,RFID认证协议至少需要具有伪随机数函数的能力。所以这些协议一般都会存在拟线性分析、差分攻击、异步攻击等。At present, there have been many attack methods against RFID authentication protocols, such as forgery attacks, replay attacks, and man-in-the-middle attacks. Ohkubo et al. studied the privacy issue of tags, especially the forward security, that is, the information transmitted now will not become insecure due to the leakage of tag information in the future. A hash chain based authentication protocol is proposed (M. Ohkubo, Suzuki K., Kinoshita S. Cryptographic approach to “privacy-friendly” tags.in RFID Privacy Workshop), which can provide forward security. The disadvantage of this scheme is that two hash functions need to be used, and it is vulnerable to replay attacks. A lightweight RFID protocol to protect against traceability and cloning attacks.in Proc.of the First International Conference on Security and Privacy for Dimitriou et al. Emerging Areas in Communications Networks). The protocol is an authentication protocol based on challenge response, which can realize two-way authentication between the reader and the tag. But for tags, the cost of hash calculation is relatively high. Lopez et al. proposed a very lightweight authentication protocol LMAP (P.Peris-Lopez, Hernandez-Castro J.C., Estevez-Tapiador J.M., Ribagorda A. LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags.in Proc. of2nd Workshop on RFID Security). The protocol uses the pseudonym IDS (Index-Pseudonym, pseudonym index) as the index of the label. LMAP does not use a hash function, but only uses simple operations such as bit XOR. The protocol cannot resist asynchronous attacks, that is, the attacker can block the last step of the authentication process, so that the reader cannot authenticate the tag, resulting in the inability to update the IDS and key K, while the tag has already updated the key. In addition, if the attacker sends a Hello message to the tag, the tag will return the current IDS, and the attacker can track the tag, which cannot protect the user's privacy. Chien et al. analyzed the security flaws in the protocols of Karthikeyan et al. and Duc et al., and proposed a new mutual authentication protocol for EPC C1G2 tags (Hung-Yu Chien, ChenChe-Hao. Mutual authentication protocol for RFID conforming to EPCClass1Generation2standards.Computer Standards&Interfaces). The protocol is based on the GEN-2 standard and uses PRNG and CRC operations to resist asynchronous attacks. Ma et al studied two kinds of privacy in RFID: indistinguishable privacy and unpredictability privacy (C.Ma, LiY., Deng R.H., Li T.RFID privacy: relation between two notions, minimal condition, and efficient construction.in Proc. of the16thACM conference on Computer and communications security). Based on PRF (Pseudo Random Function, pseudo-random function), a RFID one-way authentication protocol that satisfies strong unpredictability and privacy is proposed. However, the protocol is vulnerable to denial of service attacks. If the attacker continuously sends challenges c to the tag, the tag will update its count ctr, which will increase the time for the reader to traverse the query. Ding et al proposed a Hash-based RFID security authentication protocol HSAP (Zhenhua Ding, Li Jintao, Feng Bo. Research on hash-based RFID security authentication protocol. Journal of Computer Research and Development). This protocol only uses Hash operation in the tag, and only needs to perform two Hash operations in the tag, so it is more suitable for low-cost RFID systems. At the same time, HSAP is a two-way authentication protocol, which can resist impersonation attacks, replay attacks, prevent tracking, desynchronization and other problems. Essentially, the protocol is a challenge-response protocol. In addition, it does not have forward security. If the current ID is leaked, the attacker can analyze the previous interaction information and track the activity footprint of the tag. In addition, researchers have also proposed many ultra-lightweight authentication protocols. These protocols only use simple operations such as XOR and dot product, and do not use cryptographic elements such as PRNG and CRC. In order to meet the strong privacy requirements, the RFID authentication protocol must at least have the ability of pseudo-random number function. Therefore, these protocols generally have quasi-linear analysis, differential attacks, and asynchronous attacks.

发明内容Contents of the invention

本发明所要解决的技术问题是提供一种认证方法及系统,适用于低成本的RFID标签。The technical problem to be solved by the present invention is to provide an authentication method and system suitable for low-cost RFID tags.

为解决上述技术问题,本发明提出了一种认证方法,应用于无线射频识别系统,包括:In order to solve the above technical problems, the present invention proposes an authentication method applied to a radio frequency identification system, including:

步骤a,读写器将自身产生的第一随机数r1发送给标签;Step a, the reader sends the first random number r 1 generated by itself to the tag;

步骤b,标签接收到第一随机数r1后,产生第二随机数r2,并根据所述第一随机数r1和第二随机数r2计算第一认证消息M1和第二认证消息M2,把第一认证消息M1的全部位数的数据和第二认证消息M2的设定位数的数据发送给读写器,其中,M1=x⊕r2,M2=[(r1⊕r2 ⊕ID)2mod n]l,符号“⊕”表示异或运算,符号“mod”表示模平方运算,“[]l”表示取“[]”中密文的l位,x为已知的读写器和标签的共享密钥,ID为标签标识,n为模数;Step b, after receiving the first random number r1 , the tag generates the second random number r2 , and calculates the first authentication message M1 and the second authentication message M1 and the second authentication message according to the first random number r1 and the second random number r2 Message M 2 , sending the data of all digits of the first authentication message M 1 and the data of the set digits of the second authentication message M 2 to the reader, wherein, M 1 =x⊕r 2 , M 2 = [(r 1 ⊕r 2 ⊕ID) 2 mod n] l , the symbol "⊕" means the XOR operation, the symbol "mod" means the modular square operation, and "[] l " means to take the l of the ciphertext in "[]" Bit, x is the shared key of the known reader and tag, ID is the tag identification, n is the modulus;

步骤c,读写器接收第一认证消息M1和第二认证消息M2后,根据第一认证消息M1计算出所述第二随机数r2,r2=M1⊕x,然后验证是否存在(ID,x)满足等式M2=[(r1⊕r2 ⊕ID)2mod n]l,若存在则执行步骤d;Step c, after receiving the first authentication message M 1 and the second authentication message M 2 , the reader calculates the second random number r 2 according to the first authentication message M 1 , r 2 =M 1 ⊕x, and then verifies Whether (ID, x) satisfies the equation M 2 =[(r 1 ⊕r 2 ⊕ID) 2 mod n] l , if it exists, execute step d;

步骤d,读写器计算第三认证消息M3,将该第三认证消息M3发送给标签,并将共享密钥x更新为[x2mod n]lStep d, the reader calculates the third authentication message M 3 , sends the third authentication message M 3 to the tag, and updates the shared key x to [x 2 mod n] l ;

步骤e,标签接收并验证第三认证消息M3是否正确,若正确则判定本次认证成功。Step e, the tag receives and verifies whether the third authentication message M3 is correct, and if it is correct, it determines that the authentication is successful.

进一步地,上述认证方法还可具有以下特点,步骤c中,若不存在(ID,x)满足等式M2=[(r1⊕r2 ⊕ID)2mod n]l,则进一步验证是否存在(ID,x')满足等式M2=[(r1⊕r2 ⊕ID)2mod n]l,其中,x'为读写器中保存的本次认证的前一次认证时的共享密钥,若存在则用(ID,x')代替(ID,x)后执行所述步骤d。Further, the above-mentioned authentication method may also have the following characteristics. In step c, if there is no (ID, x) satisfying the equation M 2 =[(r 1 ⊕r 2 ⊕ID) 2 mod n] l , then further verify whether There exists (ID,x') that satisfies the equation M 2 =[(r 1 ⊕r 2 ⊕ID) 2 mod n] l , where x' is the share of the previous authentication stored in the reader. If the key exists, replace (ID, x) with (ID, x') and then execute the step d.

进一步地,上述认证方法还可具有以下特点,n使用梅森数,即n=2k-1,其中,k为共享密钥x的长度。Further, the above authentication method may also have the following characteristics, n uses a Mersenne number, that is, n=2 k −1, where k is the length of the shared key x.

进一步地,上述认证方法还可具有以下特点,所述设定位数小于或等于所述第二认证消息M2的总位数。Further, the above authentication method may also have the following feature, the set number of digits is less than or equal to the total number of digits of the second authentication message M2 .

进一步地,上述认证方法还可具有以下特点,若步骤e中,第三认证消息M3经过标签验证是正确的,则在判定本次认证成功后执行步骤f:标签将共享密钥x更新为[x2mod n]lFurther, the above authentication method may also have the following features, if in step e, the third authentication message M3 is correct after being verified by the label, then step f is executed after it is determined that the authentication is successful: the label updates the shared key x to [x 2 mod n] l .

为解决上述技术问题,本发明提出了一种认证系统,应用于无线射频识别系统,包括:In order to solve the above technical problems, the present invention proposes an authentication system, which is applied to a radio frequency identification system, including:

第一产生及发送模块,置于读写器中,用于将读写器自身产生的第一随机数r1发送给标签;The first generating and sending module is placed in the reader, and is used to send the first random number r1 generated by the reader to the tag;

第二产生及发送模块,置于标签中,用于接收第一随机数r1,产生第二随机数r2,并根据所述第一随机数r1和第二随机数r2计算第一认证消息M1和第二认证消息M2,把第一认证消息M1的全部位数的数据和第二认证消息M2的设定位数的数据发送给读写器,其中,M1=x⊕r2,M2=[(r1⊕r2 ⊕ID)2modn]l,符号“⊕”表示异或运算,符号“mod”表示模平方运算,“[]l”表示取“[]”中密文的l位,x为已知的读写器和标签的共享密钥,ID为标签标识,n为模数;The second generating and sending module is placed in the tag and is used to receive the first random number r 1 , generate the second random number r 2 , and calculate the first random number r 2 according to the first random number r 1 and the second random number r 2 The authentication message M 1 and the second authentication message M 2 send the data of all the digits of the first authentication message M 1 and the data of the set digits of the second authentication message M 2 to the reader, wherein M 1 = x⊕r 2 , M 2 =[(r 1 ⊕r 2 ⊕ID) 2 modn] l , the symbol "⊕" means XOR operation, the symbol "mod" means modular square operation, "[] l " means take "[ ]” in the ciphertext, x is the shared key of the known reader and tag, ID is the tag identification, and n is the modulus;

验证模块,置于读写器中,用于接收第一认证消息M1和第二认证消息M2,根据第一认证消息M1计算出所述第二随机数r2,r2=M1⊕x,然后验证是否存在(ID,x)满足等式M2=[(r1⊕r2 ⊕ID)2mod n]l,若存在则启动计算及更新模块;A verification module, placed in the reader, for receiving the first authentication message M 1 and the second authentication message M 2 , and calculating the second random number r 2 according to the first authentication message M 1 , r 2 =M 1 ⊕x, and then verify whether there is (ID, x) satisfying the equation M 2 =[(r 1 ⊕r 2 ⊕ID) 2 mod n] l , if it exists, start the calculation and update the module;

计算及更新模块,置于读写器中,用于计算第三认证消息M3,将该第三认证消息M3发送给标签,并将共享密钥x更新为[x2mod n]lThe calculation and update module is placed in the reader and is used to calculate the third authentication message M 3 , send the third authentication message M 3 to the tag, and update the shared key x to [x 2 mod n] l ;

判定模块,置于标签中,用于接收并验证第三认证消息M3是否正确,若正确则判定本次认证成功。The judging module, placed in the tag, is used to receive and verify whether the third authentication message M3 is correct, and if it is correct, judge that the authentication is successful.

进一步地,上述认证系统还可具有以下特点,所述验证模块包括再次验证单元,用于在不存在(ID,x)满足等式M2=[(r1⊕r2 ⊕ID)2mod n]l时,进一步验证是否存在(ID,x')满足等式M2=[(r1⊕r2 ⊕ID)2mod n]l,其中,x'为读写器中保存的本次认证的前一次认证时的共享密钥,若存在则用(ID,x')代替(ID,x)后启动所述计算及更新模块。Further, the above authentication system may also have the following features, the verification module includes a re-verification unit for satisfying the equation M 2 =[(r 1 ⊕r 2 ⊕ID) 2 mod n when there is no (ID, x) ] l , further verify whether (ID, x') satisfies the equation M 2 =[(r 1 ⊕r 2 ⊕ID) 2 mod n] l , where x' is the current authentication stored in the reader If there is a shared key in the previous authentication, replace (ID, x) with (ID, x') and start the calculation and update module.

进一步地,上述认证系统还可具有以下特点,n使用梅森数,即n=2k-1,其中,k为共享密钥x的长度。Further, the above authentication system may also have the following characteristics, n uses a Mersenne number, that is, n=2 k −1, where k is the length of the shared key x.

进一步地,上述认证系统还可具有以下特点,所述设定位数小于或等于所述第二认证消息M2的总位数。Further, the above authentication system may also have the following feature, the set number of digits is less than or equal to the total number of digits of the second authentication message M2 .

进一步地,上述认证系统还可具有以下特点,所述判定模块包括密钥更新单元,密钥更新单元用于在所述第三认证消息M3经过标签验证为正确的时,在判定本次认证成功后将标签中的共享密钥x更新为[x2mod n]lFurther, the above-mentioned authentication system may also have the following features, the determination module includes a key update unit, and the key update unit is used to determine the current authentication when the third authentication message M3 is verified as correct by the label. After success, update the shared key x in the label to [x 2 mod n] l .

本发明的认证方法及系统能够抵抗已知的攻击方法,包括重放攻击、异步攻击、中间人攻击,并能提供前向安全性;并且,本发明的认证方法及系统只使用伪随机函数,减少了认证算法的计算代价和存储代价,适合在低成本标签中应用。The authentication method and system of the present invention can resist known attack methods, including replay attacks, asynchronous attacks, and man-in-the-middle attacks, and can provide forward security; and, the authentication method and system of the present invention only use pseudo-random functions, reducing The calculation cost and storage cost of the authentication algorithm are reduced, and it is suitable for application in low-cost tags.

附图说明Description of drawings

图1为本发明中RFID轻量级双向认证的过程示意图;Fig. 1 is the process schematic diagram of RFID lightweight two-way authentication among the present invention;

图2为本发明实施例中认证方法的流程图;Fig. 2 is the flowchart of authentication method in the embodiment of the present invention;

图3为本发明实施例中认证系统的结构框图。Fig. 3 is a structural block diagram of the authentication system in the embodiment of the present invention.

具体实施方式Detailed ways

以下结合附图对本发明的原理和特征进行描述,所举实例只用于解释本发明,并非用于限定本发明的范围。The principles and features of the present invention are described below in conjunction with the accompanying drawings, and the examples given are only used to explain the present invention, and are not intended to limit the scope of the present invention.

RFID认证协议主要解决读写器与标签之间无线传输的安全与隐私问题。本文中主要讨论读写器R和标签T之间的交互过程。设读写器R和标签T之间的对称密钥为x,标签的标识为ID。按照读写器与标签的工作模式可以分为:读写器先讲(RTF)模式和标签先讲(TTF)模式。大部分低成本标签是被动式的,一般采用RTF模式。不失一般性,这里讨论RTF模式。The RFID authentication protocol mainly solves the security and privacy issues of wireless transmission between the reader and the tag. This paper mainly discusses the interaction process between the reader R and the tag T. Let the symmetric key between the reader R and the tag T be x, and the tag ID be ID. According to the working mode of the reader and the tag, it can be divided into: reader first talk (RTF) mode and tag first talk (TTF) mode. Most low-cost tags are passive, generally in RTF mode. Without loss of generality, the RTF mode is discussed here.

设读写器和标签在认证消息中,能够使用的参数集合为τ,则τ={ID,x,r1,r2}.设可以采用的轻量级运算符和密码学元素的集合为σ(即运算集合),则σ={⊕,←,·,CRC,PRNG,MAC,…},其中“⊕”为异或运算符,“←”为移位运算符,“·”为点乘运算,CRC为循环冗余校验,PRNG为伪随机发生器,MAC代表消息摘要函数,常见的比如Hash函数等.设认证消息的集合为ξ={Fi|i∈Ζ}。所有的认证消息函数Fi都是参数集合τ和运算集合σ的某种组合。为了保护标签的隐私,认证过程中不会直接把标签的ID明文传输给读写器来进行认证。因此,读写器在未完成认证时,并不知道当前要对哪个标签认证。因此,本发明中,通过认证消息M1和M2来产生一个关于ID和共享密钥x的恒等式,遍历查询要认证的标签身份。一般情况下,读写器会把这些信息发送给数据库,由数据库来遍历查询。对于数据库的计算能力来说,这样的遍历查询是可行的。另外,还可以通过提前计算、缓存、并行计算等其它机制来提供命中率。对于读写器来说,因为不知道是哪个标签参与认证,所以密钥x和随机数r2都是未知的。本发明中,设M1为x⊕r2,则读写器就可以用x表示出r2来,即r2=M1⊕x,从而可以构造关于x的恒等式。而消息M2则是在集合τ上的MAC函数。数据库查找到对应的记录后,把(ID,x)发送给读写器。读写器计算认证消息M3,发送给标签。M3的主要目的是标签对读写器的认证,读写器需要通过M3来表明它知道它们之间的秘密,比如共享密钥x,或随机数r2等。因为这些信息,只有合法的读写器才能通过认证消息M1和M2求解出来。本发明中RFID轻量级双向认证的过程如图1所示。Let the reader and tag in the authentication message, the set of parameters that can be used is τ, then τ={ID,x,r 1 ,r 2 }. Let the set of lightweight operators and cryptographic elements that can be used be σ (that is, the set of operations), then σ={⊕,←,·,CRC,PRNG,MAC,…}, where "⊕" is an XOR operator, "←" is a shift operator, and "·" is a point Multiplication operation, CRC is cyclic redundancy check, PRNG is pseudo-random generator, MAC stands for message digest function, common such as Hash function, etc. Let the set of authentication messages be ξ={F i |i∈Ζ}. All authentication message functions F i are some combination of parameter set τ and operation set σ. In order to protect the privacy of the tag, the ID of the tag will not be directly transmitted to the reader in plain text for authentication during the authentication process. Therefore, before the authentication is completed, the reader does not know which tag is currently to be authenticated. Therefore, in the present invention, an identity equation about ID and shared key x is generated through the authentication messages M 1 and M 2 , and the identity of the tag to be authenticated is traversed and queried. Under normal circumstances, the reader will send this information to the database, and the database will traverse the query. For the computing power of the database, such a traversal query is feasible. In addition, the hit rate can also be provided through other mechanisms such as calculation in advance, cache, and parallel calculation. For the reader, since it is unknown which tag participates in the authentication, both the key x and the random number r 2 are unknown. In the present invention, if M 1 is set to x⊕r 2 , then the reader can use x to express r 2 , that is, r 2 =M 1 ⊕x, so that an identity equation about x can be constructed. And the message M 2 is the MAC function on the set τ. After the database finds the corresponding record, it sends (ID,x) to the reader. The reader calculates the authentication message M3 and sends it to the tag. The main purpose of M3 is to authenticate the tag to the reader, and the reader needs to use M3 to show that it knows the secret between them, such as the shared key x, or the random number r 2 , etc. Because of this information, only legal readers can obtain it through authentication messages M 1 and M 2 . The process of RFID lightweight two-way authentication in the present invention is shown in FIG. 1 .

图2为本发明实施例中认证方法的流程图。该认证方法可以应用于无线射频识别系统。如图2所示,本实施例中,认证方法的流程可以包括如下步骤:Fig. 2 is a flow chart of the authentication method in the embodiment of the present invention. The authentication method can be applied to a radio frequency identification system. As shown in Figure 2, in this embodiment, the process of the authentication method may include the following steps:

步骤S201,读写器将自身产生的第一随机数r1发送给标签;Step S201, the reader sends the first random number r 1 generated by itself to the tag;

步骤S202,标签接收到第一随机数r1后,产生第二随机数r2,并根据所述第一随机数r1和第二随机数r2计算第一认证消息M1和第二认证消息M2,把第一认证消息M1的全部位数的数据和第二认证消息M2的设定位数的数据发送给读写器,其中,M1=x⊕r2,M2=[(r1⊕r2 ⊕ID)2mod n]l,符号“⊕”表示异或运算,符号“mod”表示模平方运算,“[]l”表示取“[]”中密文的l位,x为已知的读写器和标签的共享密钥,ID为标签标识,n为模数;Step S202, after receiving the first random number r1 , the tag generates the second random number r2 , and calculates the first authentication message M1 and the second authentication message M1 and the second authentication message according to the first random number r1 and the second random number r2 Message M 2 , sending the data of all digits of the first authentication message M 1 and the data of the set digits of the second authentication message M 2 to the reader, wherein, M 1 =x⊕r 2 , M 2 = [(r 1 ⊕r 2 ⊕ID) 2 mod n] l , the symbol "⊕" means the XOR operation, the symbol "mod" means the modular square operation, and "[] l " means to take the l of the ciphertext in "[]" Bit, x is the shared key of the known reader and tag, ID is the tag identification, n is the modulus;

r2的作用主要是为了防止攻击者根据标签返回的认证消息M1和M2来识别标签进行跟踪。若每次认证过程中,标签都产生自己的随机数r2,则协议就可以避免这种问题。可见,本发明在认证过程中,读写器和标签分别产生随机数r1和r2,因此能够有效地抵抗重放攻击。The function of r 2 is mainly to prevent the attacker from identifying the tag for tracking according to the authentication messages M 1 and M 2 returned by the tag. If the tag generates its own random number r 2 in each authentication process, the protocol can avoid this problem. It can be seen that in the authentication process of the present invention, the reader and the tag generate random numbers r 1 and r 2 respectively, so the replay attack can be effectively resisted.

在一个优选实施例中,n可以使用梅森数,即n=2k-1,其中,k为共享密钥x的长度。In a preferred embodiment, a Mersenne number can be used for n, that is, n=2 k −1, where k is the length of the shared key x.

其中,设定位数小于或等于第二认证消息M2的总位数。Wherein, the set number of digits is less than or equal to the total number of digits of the second authentication message M2 .

步骤S203,读写器接收第一认证消息M1和第二认证消息M2后,根据第一认证消息M1计算出所述第二随机数r2,r2=M1⊕x,然后验证是否存在(ID,x)满足等式M2=[(r1⊕r2 ⊕ID)2mod n]l,若存在则执行步骤S204;Step S203, after receiving the first authentication message M 1 and the second authentication message M 2 , the reader calculates the second random number r 2 according to the first authentication message M 1 , r 2 =M 1 ⊕x, and then verifies Whether there is (ID, x) that satisfies the equation M 2 =[(r 1 ⊕r 2 ⊕ID) 2 mod n] l , if it exists, execute step S204;

本步骤中,若不存在(ID,x)满足等式M2=[(r1⊕r2 ⊕ID)2mod n]l,则进一步验证是否存在(ID,x')满足等式M2=[(r1⊕r2 ⊕ID)2mod n]l,其中,x'为读写器中保存的本次认证的前一次认证时的共享密钥,若存在则用(ID,x')代替(ID,x)后执行步骤S204。In this step, if there is no (ID,x) that satisfies the equation M 2 =[(r 1 ⊕r 2 ⊕ID) 2 mod n] l , then further verify whether there is (ID,x') that satisfies the equation M 2 =[(r 1 ⊕r 2 ⊕ID) 2 mod n] l , where x' is the shared key of the previous authentication of this authentication stored in the reader, if it exists, use (ID,x' ) to replace (ID, x) and execute step S204.

由于读写器和标签之间射频通信的不确定性,或者由于攻击者的存在,会导致标签不能正确的收到M3.从而无法验证M3后,更新密钥。待下次认证时,标签使用旧的密钥产生消息M1和M2,读写器就无法找到正确的共享密钥x.为了解决这种情况,读写器需要保存上次的共享密钥x'(也即本次认证的前一次认证中的共享密钥),用来恢复因上次终止的认证过程而造成的密钥不一致。为了保证协议具有前向安全性,密钥更新函数F4(τ)应该是单向的。需要说明的是,这里的前向安全性,是针对标签的。因为读写器能够恢复前一次认证的密钥,所以读写器是无法做到前向安全的。Due to the uncertainty of the radio frequency communication between the reader and the tag, or due to the existence of an attacker, the tag cannot receive M 3 correctly, so that the key cannot be updated after verifying M 3 . In the next authentication, the tag uses the old key to generate messages M 1 and M 2 , and the reader cannot find the correct shared key x. In order to solve this situation, the reader needs to save the last shared key x' (that is, the shared key in the previous authentication of this authentication), which is used to restore the key inconsistency caused by the last terminated authentication process. In order to ensure the forward security of the protocol, the key updating function F 4 (τ) should be one-way. It should be noted that the forward security here is for tags. Because the reader can restore the key of the previous authentication, the reader cannot achieve forward security.

步骤S204,读写器计算第三认证消息M3,将该第三认证消息M3发送给标签,并将共享密钥x更新为[x2mod n]lStep S204, the reader calculates the third authentication message M 3 , sends the third authentication message M 3 to the tag, and updates the shared key x to [x 2 mod n] l ;

步骤S205,标签接收并验证第三认证消息M3是否正确,若正确则判定本次认证成功。Step S205, the tag receives and verifies whether the third authentication message M3 is correct, and if it is correct, it determines that the authentication is successful.

若步骤S205中,第三认证消息M3经过标签验证是正确的,则在判定本次认证成功后还可以进一步执行如下步骤:标签将共享密钥x更新为[x2modn]lIf in step S205, the third authentication message M 3 is correct after being verified by the tag, the following step may be further performed after determining that the authentication is successful: the tag updates the shared key x to [x 2 modn] l .

本发明的认证方法能够抵抗已知的攻击方法,包括重放攻击、异步攻击、中间人攻击,并能提供前向安全性;并且,本发明的认证方法只使用伪随机函数,减少了认证算法的计算代价和存储代价,适合在低成本标签中应用。The authentication method of the present invention can resist known attack methods, including replay attacks, asynchronous attacks, and man-in-the-middle attacks, and can provide forward security; and, the authentication method of the present invention only uses pseudo-random functions, which reduces the complexity of authentication algorithms. Computing cost and storage cost, suitable for application in low-cost tags.

本发明还提出了一种认证系统,用以实施上述的认证方法。The present invention also proposes an authentication system for implementing the above authentication method.

图3为本发明实施例中认证系统的结构框图。如图3所示,本实施例中,认证系统包括第一产生及发送模块310、第二产生及发送模块320、验证模块330、计算及更新模块340和判定模块550。第一产生及发送模块310、第二产生及发送模块320、验证模块330、计算及更新模块340和判定模块550顺次串联。其中,第一产生及发送模块310置于读写器中,用于将读写器自身产生的第一随机数r1发送给标签。第二产生及发送模块320置于标签中,用于接收第一随机数r1,产生第二随机数r2,并根据所述第一随机数r1和第二随机数r2计算第一认证消息M1和第二认证消息M2,把第一认证消息M1的全部位数的数据和第二认证消息M2的设定位数的数据发送给读写器,其中,M1=x⊕r2,M2=[(r1⊕r2 ⊕ID)2mod n]l,符号“⊕”表示异或运算,符号“mod”表示模平方运算,“[]l”表示取“[]”中密文的l位,x为已知的读写器和标签的共享密钥,ID为标签标识,n为模数。验证模块330置于读写器中,用于接收第一认证消息M1和第二认证消息M2,根据第一认证消息M1计算出所述第二随机数r2,r2=M1⊕x,然后验证是否存在(ID,x)满足等式M2=[(r1⊕r2 ⊕ID)2mod n]l,若存在则启动计算及更新模块。计算及更新模块340,置于读写器中,用于计算第三认证消息M3,将该第三认证消息M3发送给标签,并将共享密钥x更新为[x2mod n]l。判定模块550置于标签中,用于接收并验证第三认证消息M3是否正确,若正确则判定本次认证成功。Fig. 3 is a structural block diagram of the authentication system in the embodiment of the present invention. As shown in FIG. 3 , in this embodiment, the authentication system includes a first generation and transmission module 310 , a second generation and transmission module 320 , a verification module 330 , a calculation and update module 340 and a determination module 550 . The first generating and sending module 310 , the second generating and sending module 320 , the verifying module 330 , the calculating and updating module 340 and the judging module 550 are serially connected in series. Wherein, the first generating and sending module 310 is placed in the reader-writer, and is used for sending the first random number r 1 generated by the reader-writer itself to the tag. The second generating and sending module 320 is placed in the tag, and is used to receive the first random number r 1 , generate the second random number r 2 , and calculate the first random number r 2 according to the first random number r 1 and the second random number r 2 The authentication message M 1 and the second authentication message M 2 send the data of all the digits of the first authentication message M 1 and the data of the set digits of the second authentication message M 2 to the reader, wherein M 1 = x⊕r 2 , M 2 =[(r 1 ⊕r 2 ⊕ID) 2 mod n] l , the symbol "⊕" means the XOR operation, the symbol "mod" means the modular square operation, and "[] l " means to take " []” in the ciphertext, x is the shared key of the known reader and tag, ID is the tag identification, and n is the modulus. The verification module 330 is installed in the reader, for receiving the first authentication message M 1 and the second authentication message M 2 , and calculating the second random number r 2 according to the first authentication message M 1 , r 2 =M 1 ⊕x, and then verify whether there is (ID, x) satisfying the equation M 2 =[(r 1 ⊕r 2 ⊕ID) 2 mod n] l , if it exists, start the calculation and update the module. Calculation and update module 340, placed in the reader, used to calculate the third authentication message M 3 , send the third authentication message M 3 to the tag, and update the shared key x to [x 2 mod n] l . The determination module 550 is placed in the tag, and is used to receive and verify whether the third authentication message M3 is correct, and if it is correct, determine that the authentication is successful.

在本发明实施例中,验证模块330中可以包括再次验证单元。再次验证单元用于在不存在(ID,x)满足等式M2=[(r1⊕r2 ⊕ID)2mod n]l时,进一步验证是否存在(ID,x')满足等式M2=[(r1⊕r2 ⊕ID)2mod n]l,其中,x'为读写器中保存的本次认证的前一次认证时的共享密钥,若存在则用(ID,x')代替(ID,x)后启动计算及更新模块340。In the embodiment of the present invention, the verification module 330 may include a re-verification unit. The re-verification unit is used to further verify whether (ID, x') satisfies the equation M when there is no (ID, x) that satisfies the equation M 2 =[(r 1 ⊕r 2 ⊕ID) 2 mod n] l 2 =[(r 1 ⊕r 2 ⊕ID) 2 mod n] l , where x' is the shared key of the previous authentication of this authentication stored in the reader, if it exists, use (ID,x ') instead of (ID, x) to start the calculation and update module 340 .

其中,n可以使用梅森数,即n=2k-1,其中,k为共享密钥x的长度。Wherein, n may use a Mersenne number, that is, n=2 k −1, where k is the length of the shared key x.

其中,设定位数小于或等于第二认证消息M2的总位数。Wherein, the set number of digits is less than or equal to the total number of digits of the second authentication message M2 .

在本发明实施例中,判定模块550中可以包括密钥更新单元。密钥更新单元用于在第三认证消息M3经过标签验证为正确的时,在判定本次认证成功后将标签中的共享密钥x更新为[x2mod n]lIn this embodiment of the present invention, the determination module 550 may include a key update unit. The key updating unit is configured to update the shared key x in the tag to [x 2 mod n] l after judging that the authentication is successful when the third authentication message M 3 is verified to be correct by the tag.

本发明的认证系统能够抵抗已知的攻击方法,包括重放攻击、异步攻击、中间人攻击,并能提供前向安全性;并且,本发明的认证系统只使用伪随机函数,减少了认证算法的计算代价和存储代价,适合在低成本标签中应用。The authentication system of the present invention can resist known attack methods, including replay attacks, asynchronous attacks, and man-in-the-middle attacks, and can provide forward security; and, the authentication system of the present invention only uses pseudo-random functions, which reduces the complexity of authentication algorithms. Computing cost and storage cost, suitable for application in low-cost tags.

以上所述仅为本发明的较佳实施例,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included in the protection of the present invention. within range.

Claims (10)

1. an authentication method, is applied to radio frequency identification system, it is characterized in that, comprising:
Step a, the first random number r that read write line produces self 1send to label;
Step b, label receives the first random number r 1after, produce the second random number r 2, and according to described the first random number r 1with the second random number r 2calculate the first authentication message M 1with the second authentication message M 2, the first authentication message M 1data and the second authentication message M of whole figure places 2the data of setting figure place send to read write line, wherein, M 1=x ⊕ r 2, M 2=[(r 1⊕ r 2⊕ ID) 2mod n] l, symbol " ⊕ " represents XOR, symbol " mod " represents computing module-square, " [] l" representing to get the l position of ciphertext in " [] ", x is the shared key of known read write line and label, and ID is tag identifier, and n is modulus;
Step c, read write line receives the first authentication message M 1with the second authentication message M 2after, according to the first authentication message M 1calculate described the second random number r 2, r 2=M 1⊕ x, then whether checking exists (ID, x) to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] lif exist and perform step d;
Steps d, read write line calculates the 3rd authentication message M 3, by the 3rd authentication message M 3send to label, and shared key x is updated to [x 2mod n] l;
Step e, label receives and verifies the 3rd authentication message M 3whether correct, if correctly judge this authentication success.
2. authentication method according to claim 1, is characterized in that, in step c, if do not exist (ID, x) to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] l, further whether checking exists (ID, x') to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] l, wherein, x' is this authentication of preserving in read write line front shared key while once authenticating, and uses (ID, x') to replace carrying out described steps d after (ID, x) if exist.
3. authentication method according to claim 1, is characterized in that, n is used Mersenne number, i.e. n=2 k-1, wherein, k is the length of shared key x.
4. authentication method according to claim 1, is characterized in that, described setting figure place is less than or equal to described the second authentication message M 2total bit.
5. authentication method according to claim 1, is characterized in that, if in step e, and the 3rd authentication message M 3through label, checking is correct, after judging this authentication success, performs step f: label is updated to [x by shared key x 2mod n] l.
6. a Verification System, is applied to radio frequency identification system, it is characterized in that, comprising:
First produces and sending module, is placed in read write line, for the first random number r that read write line self is produced 1send to label;
Second produces and sending module, is placed in label, for receiving the first random number r 1, produce the second random number r 2, and according to described the first random number r 1with the second random number r 2calculate the first authentication message M 1with the second authentication message M 2, the first authentication message M 1data and the second authentication message M of whole figure places 2the data of setting figure place send to read write line, wherein, M 1=x ⊕ r 2, M 2=[(r 1⊕ r 2⊕ ID) 2modn] l, symbol " ⊕ " represents XOR, symbol " mod " represents computing module-square, " [] l" representing to get the l position of ciphertext in " [] ", x is the shared key of known read write line and label, and ID is tag identifier, and n is modulus;
Authentication module, is placed in read write line, for receiving the first authentication message M 1with the second authentication message M 2, according to the first authentication message M 1calculate described the second random number r 2, r 2=M 1⊕ x, then whether checking exists (ID, x) to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] lif exist and start and calculate and update module;
Calculate and update module, be placed in read write line, for calculating the 3rd authentication message M 3, by the 3rd authentication message M 3send to label, and shared key x is updated to [x 2mod n] l;
Determination module, is placed in label, for receiving and verify the 3rd authentication message M 3whether correct, if correctly judge this authentication success.
7. Verification System according to claim 6, is characterized in that, described authentication module comprises authentication unit again, for not existing (ID, x) to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] ltime, further whether checking exists (ID, x') to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] l, wherein, x' is this authentication of preserving in read write line front shared key while once authenticating, and uses (ID, x') to replace starting described calculating and update module after (ID, x) if exist.
8. Verification System according to claim 6, is characterized in that, n is used Mersenne number, i.e. n=2 k-1, wherein, k is the length of shared key x.
9. Verification System according to claim 6, is characterized in that, described setting figure place is less than or equal to described the second authentication message M 2total bit.
10. Verification System according to claim 6, is characterized in that, described determination module comprises key updating units, and key updating units is used at described the 3rd authentication message M 3through label, be verified as when correct, after judging this authentication success, the shared key x in label be updated to [x 2mod n] l.
CN201310492590.XA 2013-10-18 2013-10-18 Authentication method and authentication system Pending CN103532718A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310492590.XA CN103532718A (en) 2013-10-18 2013-10-18 Authentication method and authentication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310492590.XA CN103532718A (en) 2013-10-18 2013-10-18 Authentication method and authentication system

Publications (1)

Publication Number Publication Date
CN103532718A true CN103532718A (en) 2014-01-22

Family

ID=49934424

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310492590.XA Pending CN103532718A (en) 2013-10-18 2013-10-18 Authentication method and authentication system

Country Status (1)

Country Link
CN (1) CN103532718A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104901812A (en) * 2015-06-19 2015-09-09 四川理工学院 RFID system safety authentication method with ECC combining with lightweight Hash function
CN105530263A (en) * 2016-01-08 2016-04-27 广东工业大学 An ultra-lightweight RFID two-way authentication method based on tag ID
CN105721142A (en) * 2016-01-25 2016-06-29 广东工业大学 RFID system secret key generation method and devices based on tag ID
CN106411505A (en) * 2016-08-31 2017-02-15 广东工业大学 Bidirectional authentication method of mobile radio frequency identification and mobile radio frequency identification system
CN106658349A (en) * 2015-10-30 2017-05-10 中国电信股份有限公司 Method for automatically generating and updating shared key and system thereof
CN110677254A (en) * 2019-09-20 2020-01-10 广州城市职业学院 Ultra-lightweight RFID authentication method
CN110995432A (en) * 2020-03-05 2020-04-10 杭州字节物联安全技术有限公司 Internet of things sensing node authentication method based on edge gateway
CN112084801A (en) * 2020-07-23 2020-12-15 西安电子科技大学 A bidirectional authentication method for low-cost passive RFID systems
CN112364339A (en) * 2020-08-21 2021-02-12 中国科学院信息工程研究所 Improved safe lightweight RFID authentication method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051903A (en) * 2007-03-30 2007-10-10 中山大学 RFID random key two-way certifying method accord with EPC C1G2 standard
CN101217362A (en) * 2007-12-29 2008-07-09 中山大学 An RFID Communication Security Mechanism Based on Dynamic Randomized DRNTRU Public Key Encryption System
US20100001840A1 (en) * 2008-07-07 2010-01-07 You Sung Kang Method and system for authenticating rfid tag

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051903A (en) * 2007-03-30 2007-10-10 中山大学 RFID random key two-way certifying method accord with EPC C1G2 standard
CN101217362A (en) * 2007-12-29 2008-07-09 中山大学 An RFID Communication Security Mechanism Based on Dynamic Randomized DRNTRU Public Key Encryption System
US20100001840A1 (en) * 2008-07-07 2010-01-07 You Sung Kang Method and system for authenticating rfid tag

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
YONGMING JIN,HUIPING SUN,WEI XIN,SONG LUO,ZHONG CHEN: "Lightweight RFID Mutual Authentication Protocol against Feasible Problems", 《INFORMATION AND COMMUNICATIONS SECURITY》 *
郑嘉琦,陈兵,周勇: "一种RFID轻量认证协议GIMAP", 《小型微型计算机系统》 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104901812A (en) * 2015-06-19 2015-09-09 四川理工学院 RFID system safety authentication method with ECC combining with lightweight Hash function
CN104901812B (en) * 2015-06-19 2018-04-20 四川理工学院 A kind of RFID system safety certifying method of ECC combinations lightweight Hash functions
CN106658349B (en) * 2015-10-30 2020-11-20 中国电信股份有限公司 Method and system for automatically generating and updating shared secret key
CN106658349A (en) * 2015-10-30 2017-05-10 中国电信股份有限公司 Method for automatically generating and updating shared key and system thereof
CN105530263A (en) * 2016-01-08 2016-04-27 广东工业大学 An ultra-lightweight RFID two-way authentication method based on tag ID
CN105530263B (en) * 2016-01-08 2018-06-12 广东工业大学 A kind of extra lightweight RFID mutual authentication methods based on tag ID
CN105721142A (en) * 2016-01-25 2016-06-29 广东工业大学 RFID system secret key generation method and devices based on tag ID
CN106411505A (en) * 2016-08-31 2017-02-15 广东工业大学 Bidirectional authentication method of mobile radio frequency identification and mobile radio frequency identification system
CN106411505B (en) * 2016-08-31 2019-05-07 广东工业大学 A two-way authentication method for mobile radio frequency identification and mobile radio frequency identification system
CN110677254A (en) * 2019-09-20 2020-01-10 广州城市职业学院 Ultra-lightweight RFID authentication method
CN110677254B (en) * 2019-09-20 2022-06-10 广州城市职业学院 Ultra-lightweight RFID authentication method
CN110995432A (en) * 2020-03-05 2020-04-10 杭州字节物联安全技术有限公司 Internet of things sensing node authentication method based on edge gateway
CN112084801A (en) * 2020-07-23 2020-12-15 西安电子科技大学 A bidirectional authentication method for low-cost passive RFID systems
CN112084801B (en) * 2020-07-23 2022-04-22 西安电子科技大学 Bidirectional identity authentication method used in low-cost passive RFID system
CN112364339A (en) * 2020-08-21 2021-02-12 中国科学院信息工程研究所 Improved safe lightweight RFID authentication method

Similar Documents

Publication Publication Date Title
CN103532718A (en) Authentication method and authentication system
CN106712962B (en) Mobile RFID system two-way authentication method and system
CN103795543B (en) Safety bidirectional authentication method for RFID system
CN101488854B (en) Wireless RFID system authentication method and apparatus
CN101847199B (en) Security authentication method for radio frequency recognition system
CN102737260B (en) Method and apparatus for identifying and verifying RFID privacy protection
CN101950367B (en) RFID system introducing agent device and two-way authentification method thereof
CN104115442B (en) RFID bidirectional authentication method based on asymmetric secret key and Hash function
CN105721142B (en) RFID system key generation method based on tag ID and device
CN108304902A (en) A kind of mobile RFID system mutual authentication method of extra lightweight
CN102497264A (en) RFID security authentication method based on EPC C-1G-2 standard
CN106603539B (en) A Lightweight RFID Bidirectional Authentication Method Based on Time Factor Anti-Desynchronization
CN102693438B (en) Privacy protection radio frequency identification password protocol method and system
Pang et al. Secure and efficient mutual authentication protocol for RFID conforming to the EPC C-1 G-2 standard
CN106713329B (en) A RFID bidirectional authentication method based on cross bit operation and circular check function
CN101488179A (en) Authentication method and apparatus for wireless radio frequency recognition system
Zhou et al. A lightweight anti-desynchronization RFID authentication protocol
Qian et al. ACSP: A novel security protocol against counting attack for UHF RFID systems
Peng et al. Privacy protection based on key-changed mutual authentication protocol in internet of things
CN106027237B (en) Cipher key matrix safety certifying method based on group in a kind of RFID system
CN108566385A (en) The mutual authentication method of efficient secret protection based on cloud
Zhang et al. An efficient and secure RFID batch authentication protocol with group tags ownership transfer
Huang et al. An ultralightweight mutual authentication protocol for EPC C1G2 RFID tags
Kardaş et al. Providing resistance against server information leakage in RFID systems
Liu An efficient RFID authentication protocol for low-cost tags

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20140122

RJ01 Rejection of invention patent application after publication