CN103532718A - Authentication method and authentication system - Google Patents

Authentication method and authentication system Download PDF

Info

Publication number
CN103532718A
CN103532718A CN201310492590.XA CN201310492590A CN103532718A CN 103532718 A CN103532718 A CN 103532718A CN 201310492590 A CN201310492590 A CN 201310492590A CN 103532718 A CN103532718 A CN 103532718A
Authority
CN
China
Prior art keywords
authentication
label
authentication message
write line
read write
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201310492590.XA
Other languages
Chinese (zh)
Inventor
石志强
金永明
孙利民
芦翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201310492590.XA priority Critical patent/CN103532718A/en
Publication of CN103532718A publication Critical patent/CN103532718A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to an authentication method and an authentication system. The authentication method comprises the following steps that a reading and writing device sends a first random number r1 generated by the reading and writing device to a label; after receiving the first random number r1, the label generates a second random number r2, a first authentication message M1 and a second authentication message M2 are calculated according to the r1 and the r2, and the data of all digits of the M1 and the data of set digits of the M2 are sent to the reading and writing device, wherein M1 is equal to x XOR r2, and M2 is equal to [(r1 XOR r2 XOR ID) <2>mod n]1; after receiving the first authentication message M1 and the second authentication message M2, the reading and writing device calculates the second random number r2 according to the first authentication message M1 and verifies whether (ID, x) which satisfies the equation that M2 is equal to [(r1 XOR r2 XOR ID)<2>mod n]1 exists or not, wherein the r2 is equal to M1 XOR x, if so, the next step is executed; the reading and writing device calculates a third authentication message M3, sends the third authentication message M3 to the label and updates a share key x into [x<2>mod n]1; the label receives the third authentication message M3 and verifies whether the third authentication message M3 is correct or not, if so, the authentication is judged to be successful. The calculation cost and the storage cost of an authentication algorithm are reduced.

Description

A kind of authentication method and system
Technical field
The present invention relates to the communications field, relate in particular to a kind of authentication method and system.
Background technology
RFID (Radio Frequency Identification, radio frequency identification) technology is that a kind of radiofrequency signal of utilizing realizes contactless information transmission, and passes through the technology that transmitted information reaches identifying purpose.Rfid system is generally comprised of three parts: label, read write line and back-end data base.Label comprises chip and antenna, for the sign of storing articles.Read write line obtains the data in label by radiofrequency signal, is then transferred to back-end data base.
Generally, suppose to have safe communication channel between back-end data base and read write line, the safety problem between them, can be understood as traditional network security problem.RFID safety problem is mainly paid close attention to the radio communication safety problem between read write line and label.Between read write line and label, be Radio-Frequency Wireless Communication, easy person's under attack attack.Attack and be mainly divided into two classes: the one, passive attack, the 2nd, active attack.In passive attack, assailant just stealthily smell visit or eavesdropping read write line and label between communication, then according to the data that obtain, carry out cryptanalysis or follow the tracks of etc.In active attack, assailant exists as the 3rd people between read write line and label.Assailant can intercept and capture data mutual between read write line and label, then by the mode of resetting or distort, sends to the opposing party.
At present, proposed a lot of safety and Privacy Preservation Mechanism, wherein RFID light-weight authentication agreement is a kind of common method.In general, a RFID authentication protocol should meet following features: (1) low cost.Along with the application of Internet of Things is more and more extensive, supply chain environment particularly, having a large amount of article needs RFID label.And the cost of label has become one of factor of ectocrine networking large-scale application.In order to adapt to RFID label cheaply, RFID authentication protocol need to be used try one's best few computational resource and storage resources, meets requirement cheaply.(2) two-way authentication.For fear of the attack of illegal read write line, the legitimacy that authentication protocol can not only authenticating tag, and can authenticate the legitimacy of read write line.(3) secret protection.Along with RFID application is more and more, such as China second-generation identity card, mass transit card, access card etc., they and people's life is more and more closely related.How protecting the possessory privacy of label, is also one of the problem that will consider.(4) can resist common attack.
At present, a lot of attack patterns for RFID authentication protocol have been there are, such as forgery attack, Replay Attack, man-in-the-middle attack etc.The people such as Ohkubo have studied the privacy concern of label, forward security particularly, and the information of transmission can not become dangerous because of the leakage of following label information now.A kind of authentication protocol (M.Ohkubo based on hash chain has been proposed, Suzuki K., Kinoshita S.Cryptographic approach to " privacy-friendly " tags.in RFID Privacy Workshop), this agreement can provide forward security.The shortcoming of this scheme is to use two hash functions, and is easily subject to Replay Attack.The people such as Dimitriou have proposed the RFID authentication protocol of a lightweight, can protect privacy of user and opposing cloning attack (T.Dimitriou.A lightweight RFID protocol to protect against traceability and cloning attacks.in Proc.of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks).This agreement is the authentication protocol based on challenge responses, can realize the two-way authentication between read write line and label.But for label, Hash calculation cost is larger.The people such as Lopez have proposed a very authentication protocol LMAP (P.Peris-Lopez for lightweight, Hernandez-Castro J.C., Estevez-Tapiador J.M., Ribagorda A.LMAP:A real lightweight mutual authentication protocol for low-cost RFID tags.in Proc.of2nd Workshop on RFID Security).This agreement pseudonymity IDS(Index-Pseudonym, assumed name index), as the index of label.LMAP is not used hash function, has only used the simple operations such as position XOR.This agreement can not resisting asynchronously be attacked, and assailant can block final step verification process, allows the read write line cannot authenticating tag, cause upgrading IDS and key K, and label has upgraded key.In addition, if assailant sends Hello message to label, label can return to current IDS, and assailant just can tracking tags, can not protect user's privacy.The people such as Chien have analyzed the safety defect of people's agreements such as people's agreements such as Karthikeyan and Duc; a kind of new bidirectional identification protocol that is applicable to EPC C1G2 label (Hung-Yu Chien, Chen Che-Hao.Mutual authentication protocol for RFID conforming to EPC Class1Generation2standards.Computer Standards&amp have been proposed; Interfaces).This agreement, based on GEN-2 standard, has been used PRNG and CRC computing, can resisting asynchronously attack.The people such as Ma have studied two kinds of privacies of RFID: indistinguishability privacy and unpredictability privacy (C.Ma, Li Y., Deng R.H., Li T.RFID privacy:relation between two notions, minimal condition, and efficient construction.in Proc.of the16th ACM conference on Computer and communications security).Based on PRF(Pseudo Random Function, pseudo-random function), a RFID unilateral authentication agreement that meets strong unpredictability privacy has been proposed.But this agreement is easily subject to Denial of Service attack, if assailant constantly sends challenge c to label, label can upgrade the counting ctr of oneself, causes the time of read write line traversal queries to increase.The people such as fourth have proposed a kind of RFID safety authentication protocol HSAP (Zhenhua Ding based on Hash function, Li Jintao, Feng Bo.Research on hash-based RFID security authentication protocol.Journal of Computer Research andDevelopment).This agreement is only used Hash operation in label, only needs to carry out twice Hash computing in label, is therefore relatively applicable to rfid system cheaply.Meanwhile, HSAP is bidirectional identification protocol, can resist impersonation attack, Replay Attack, prevent the problems such as tracking, desynchronization.In essence, this agreement is a challenge-response protocol.In addition, it does not have forward security, if current ID leaks, assailant can analyze former interactive information, the movable footprint of tracking tags.In addition, researcher has also proposed the authentication protocol of a lot of extra lightweights.These agreements are only used the simple operations such as XOR, dot product, do not use the cryptography elements such as PRNG, CRC.In order to meet strong privacy requirement, RFID authentication protocol at least needs to have the ability of pseudo random number function.So generally all can there are pseudo-linear analysis, differential attack, asynchronous attacks etc. in these agreements.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of authentication method and system, is applicable to RFID label cheaply.
For solving the problems of the technologies described above, the present invention proposes a kind of authentication method, be applied to radio frequency identification system, comprising:
Step a, the first random number r that read write line produces self 1send to label;
Step b, label receives the first random number r 1after, produce the second random number r 2, and according to described the first random number r 1with the second random number r 2calculate the first authentication message M 1with the second authentication message M 2, the first authentication message M 1data and the second authentication message M of whole figure places 2the data of setting figure place send to read write line, wherein, M 1=x ⊕ r 2, M 2=[(r 1⊕ r 2⊕ ID) 2mod n] l, symbol " ⊕ " represents XOR, symbol " mod " represents computing module-square, " [] l" representing to get the l position of ciphertext in " [] ", x is the shared key of known read write line and label, and ID is tag identifier, and n is modulus;
Step c, read write line receives the first authentication message M 1with the second authentication message M 2after, according to the first authentication message M 1calculate described the second random number r 2, r 2=M 1⊕ x, then whether checking exists (ID, x) to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] lif exist and perform step d;
Steps d, read write line calculates the 3rd authentication message M 3, by the 3rd authentication message M 3send to label, and shared key x is updated to [x 2mod n] l;
Step e, label receives and verifies the 3rd authentication message M 3whether correct, if correctly judge this authentication success.
Further, above-mentioned authentication method also can have following characteristics, in step c, if do not exist (ID, x) to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] l, further whether checking exists (ID, x') to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] l, wherein, x' is this authentication of preserving in read write line front shared key while once authenticating, and uses (ID, x') to replace carrying out described steps d after (ID, x) if exist.
Further, above-mentioned authentication method also can have following characteristics, and n is used Mersenne number, i.e. n=2 k-1, wherein, k is the length of shared key x.
Further, above-mentioned authentication method also can have following characteristics, and described setting figure place is less than or equal to described the second authentication message M 2total bit.
Further, above-mentioned authentication method also can have following characteristics, if in step e, and the 3rd authentication message M 3through label, checking is correct, after judging this authentication success, performs step f: label is updated to [x by shared key x 2mod n] l.
For solving the problems of the technologies described above, the present invention proposes a kind of Verification System, be applied to radio frequency identification system, comprising:
First produces and sending module, is placed in read write line, for the first random number r that read write line self is produced 1send to label;
Second produces and sending module, is placed in label, for receiving the first random number r 1, produce the second random number r 2, and according to described the first random number r 1with the second random number r 2calculate the first authentication message M 1with the second authentication message M 2, the first authentication message M 1data and the second authentication message M of whole figure places 2the data of setting figure place send to read write line, wherein, M 1=x ⊕ r 2, M 2=[(r 1⊕ r 2⊕ ID) 2modn] l, symbol " ⊕ " represents XOR, symbol " mod " represents computing module-square, " [] l" representing to get the l position of ciphertext in " [] ", x is the shared key of known read write line and label, and ID is tag identifier, and n is modulus;
Authentication module, is placed in read write line, for receiving the first authentication message M 1with the second authentication message M 2, according to the first authentication message M 1calculate described the second random number r 2, r 2=M 1⊕ x, then whether checking exists (ID, x) to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] lif exist and start and calculate and update module;
Calculate and update module, be placed in read write line, for calculating the 3rd authentication message M 3, by the 3rd authentication message M 3send to label, and shared key x is updated to [x 2mod n] l;
Determination module, is placed in label, for receiving and verify the 3rd authentication message M 3whether correct, if correctly judge this authentication success.
Further, above-mentioned Verification System also can have following characteristics, and described authentication module comprises authentication unit again, for not existing (ID, x) to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] ltime, further whether checking exists (ID, x') to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] l, wherein, x' is this authentication of preserving in read write line front shared key while once authenticating, and uses (ID, x') to replace starting described calculating and update module after (ID, x) if exist.
Further, above-mentioned Verification System also can have following characteristics, and n is used Mersenne number, i.e. n=2 k-1, wherein, k is the length of shared key x.
Further, above-mentioned Verification System also can have following characteristics, and described setting figure place is less than or equal to described the second authentication message M 2total bit.
Further, above-mentioned Verification System also can have following characteristics, and described determination module comprises key updating units, and key updating units is used at described the 3rd authentication message M 3through label, be verified as when correct, after judging this authentication success, the shared key x in label be updated to [x 2mod n] l.
Authentication method of the present invention and system can be resisted known attack method, comprise Replay Attack, asynchronous attacks, man-in-the-middle attack, and forward security can be provided; And authentication method of the present invention and system are only used pseudo-random function, reduced calculation cost and the storage cost of identifying algorithm, be adapted at applying in low-cost label.
Accompanying drawing explanation
Fig. 1 is the process schematic diagram of RFID lightweight two-way authentication in the present invention;
Fig. 2 is the flow chart of authentication method in the embodiment of the present invention;
Fig. 3 is the structured flowchart of Verification System in the embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing, principle of the present invention and feature are described, example, only for explaining the present invention, is not intended to limit scope of the present invention.
RFID authentication protocol mainly solves safety and the privacy concern of wireless transmission between read write line and label.Reciprocal process between read write line R and label T is mainly discussed herein.If the symmetric key between read write line R and label T is x, label be designated ID.According to the mode of operation of read write line and label, can be divided into: read write line first says that (RTF) pattern and label first say (TTF) pattern.Most of low-cost label is passive type, generally adopts RTF pattern.Without loss of generality, RTF pattern is discussed here.
If read write line and label are in authentication message, the parameter sets that can use is τ, τ={ ID, x, r 1, r 2. establishing the lightweight operator that can adopt and the set of cryptography element is σ (being computing set), σ=⊕, ←,, CRC, PRNG, MAC ..., wherein " ⊕ " is xor operator, " ← " is shift operation symbol, " " is point multiplication operation, and CRC is cyclic redundancy check (CRC), and PRNG is pseudo-random generator, MAC represents message digest function, common such as Hash function etc. the set of setting authentication message is ξ={ F i| i ∈ Ζ }.All authentication message function F iit is all certain combination of parameter sets τ and computing set σ.In order to protect the privacy of label, in verification process, can directly the ID plaintext transmission of label not authenticated to read write line.Therefore, read write line does not complete when authentication, and do not know current will to which smart-tag authentication.Therefore, in the present invention, by authentication message M 1and M 2produce one about the identity of ID and shared key x, the label identity that traversal queries will authenticate.Generally, read write line can send to database these information, by database, carrys out traversal queries.For the computing capability of database, such traversal queries is feasible.In addition, can also provide hit rate by other mechanism such as calculating in advance, buffer memory, parallel computations.For read write line, because do not know it is which label participates in authentication, so key x and random number r 2all unknown.In the present invention, establish M 1for x ⊕ r 2, read write line just can be expressed r with x 2come, i.e. r 2=M 1⊕ x, thus can construct the identity about x.And message M 2it is the MAC function on set τ.Database lookup, after corresponding record, sends to read write line (ID, x).Read write line calculates authentication message M3, sends to label.The main purpose of M3 is the authentication of label to read write line, and read write line need to show that it knows the secret between them by M3, such as shared key x, or random number r 2deng.Because these information, only have legal read write line could pass through authentication message M 1and M 2solve out.In the present invention, the process of RFID lightweight two-way authentication as shown in Figure 1.
Fig. 2 is the flow chart of authentication method in the embodiment of the present invention.This authentication method can be applied to radio frequency identification system.As shown in Figure 2, in the present embodiment, the flow process of authentication method can comprise the steps:
Step S201, the first random number r that read write line produces self 1send to label;
Step S202, label receives the first random number r 1after, produce the second random number r 2, and according to described the first random number r 1with the second random number r 2calculate the first authentication message M 1with the second authentication message M 2, the first authentication message M 1data and the second authentication message M of whole figure places 2the data of setting figure place send to read write line, wherein, M 1=x ⊕ r 2, M 2=[(r 1⊕ r 2⊕ ID) 2mod n] l, symbol " ⊕ " represents XOR, symbol " mod " represents computing module-square, " [] l" representing to get the l position of ciphertext in " [] ", x is the shared key of known read write line and label, and ID is tag identifier, and n is modulus;
R 2effect be mainly the authentication message M in order to prevent that assailant from returning according to label 1and M 2come identification label to follow the tracks of.If in each verification process, label all produces the random number r of oneself 2, agreement just can be avoided this problem.Visible, the present invention is in verification process, and read write line and label produce respectively random number r 1and r 2, therefore can effectively resist Replay Attack.
In a preferred embodiment, n can be used Mersenne number, i.e. n=2 k-1, wherein, k is the length of shared key x.
Wherein, set figure place and be less than or equal to the second authentication message M 2total bit.
Step S203, read write line receives the first authentication message M 1with the second authentication message M 2after, according to the first authentication message M 1calculate described the second random number r 2, r 2=M 1⊕ x, then whether checking exists (ID, x) to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] lif exist and perform step S204;
In this step, if do not exist (ID, x) to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] l, further whether checking exists (ID, x') to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] l, wherein, x' is this authentication of preserving in read write line front shared key while once authenticating, and uses (ID, x') to replace execution step S204 after (ID, x) if exist.
Due to the uncertainty of radio communication between read write line and label, or due to assailant's existence, can cause the M that receives that label can not be correct 3thereby. cannot verify M 3after, new key more.When authenticate next time, label is used old key to produce message M 1and M 2read write line just cannot find correct shared key x. in order to solve this situation, the shared key x'(that read write line need to be preserved last time is also the shared key in the front once authentication of this authentication), be used for recovering the key that causes because of the verification process that stopped last time inconsistent.For guarantee agreement has forward security, key updating function F 4(τ) should be unidirectional.It should be noted that, the forward security here, for label.Because the key that read write line once authenticates before can recovering, so read write line cannot be accomplished forward secrecy.
Step S204, read write line calculates the 3rd authentication message M 3, by the 3rd authentication message M 3send to label, and shared key x is updated to [x 2mod n] l;
Step S205, label receives and verifies the 3rd authentication message M 3whether correct, if correctly judge this authentication success.
If in step S205, the 3rd authentication message M 3through label, checking is correct, after judging this authentication success, can also further carry out following steps: label is updated to [x by shared key x 2modn] l.
Authentication method of the present invention can be resisted known attack method, comprises Replay Attack, asynchronous attacks, man-in-the-middle attack, and forward security can be provided; And authentication method of the present invention is only used pseudo-random function, reduced calculation cost and the storage cost of identifying algorithm, be adapted at applying in low-cost label.
The invention allows for a kind of Verification System, in order to implement above-mentioned authentication method.
Fig. 3 is the structured flowchart of Verification System in the embodiment of the present invention.As shown in Figure 3, in the present embodiment, Verification System comprises that the first generation and sending module 310, second produce and sending module 320, authentication module 330, calculating and update module 340 and determination module 550.The first generation and sending module 310, the second generation and sending module 320, authentication module 330, calculating and update module 340 and determination module 550 are in sequential series.Wherein, the first generation and sending module 310 are placed in read write line, for the first random number r that read write line self is produced 1send to label.The second generation and sending module 320 are placed in label, for receiving the first random number r 1, produce the second random number r 2, and according to described the first random number r 1with the second random number r 2calculate the first authentication message M 1with the second authentication message M 2, the first authentication message M 1data and the second authentication message M of whole figure places 2the data of setting figure place send to read write line, wherein, M 1=x ⊕ r 2, M 2=[(r 1⊕ r 2⊕ ID) 2mod n] l, symbol " ⊕ " represents XOR, symbol " mod " represents computing module-square, " [] l" representing to get the l position of ciphertext in " [] ", x is the shared key of known read write line and label, and ID is tag identifier, and n is modulus.Authentication module 330 is placed in read write line, for receiving the first authentication message M 1with the second authentication message M 2, according to the first authentication message M 1calculate described the second random number r 2, r 2=M 1⊕ x, then whether checking exists (ID, x) to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] lif exist and start and calculate and update module.Calculate and update module 340, be placed in read write line, for calculating the 3rd authentication message M 3, by the 3rd authentication message M 3send to label, and shared key x is updated to [x 2mod n] l.Determination module 550 is placed in label, for receiving and verify the 3rd authentication message M 3whether correct, if correctly judge this authentication success.
In embodiments of the present invention, in authentication module 330, can comprise authentication unit again.Authentication unit is not for existing (ID, x) to meet equation M again 2=[(r 1⊕ r 2⊕ ID) 2mod n] ltime, further whether checking exists (ID, x') to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] l, wherein, x' is this authentication of preserving in read write line front shared key while once authenticating, and uses (ID, x') to replace starting and calculating and update module 340 after (ID, x) if exist.
Wherein, n can be used Mersenne number, i.e. n=2 k-1, wherein, k is the length of shared key x.
Wherein, set figure place and be less than or equal to the second authentication message M 2total bit.
In embodiments of the present invention, in determination module 550, can comprise key updating units.Key updating units is used at the 3rd authentication message M 3through label, be verified as when correct, after judging this authentication success, the shared key x in label be updated to [x 2mod n] l.
Verification System of the present invention can be resisted known attack method, comprises Replay Attack, asynchronous attacks, man-in-the-middle attack, and forward security can be provided; And Verification System of the present invention is only used pseudo-random function, reduced calculation cost and the storage cost of identifying algorithm, be adapted at applying in low-cost label.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.

Claims (10)

1. an authentication method, is applied to radio frequency identification system, it is characterized in that, comprising:
Step a, the first random number r that read write line produces self 1send to label;
Step b, label receives the first random number r 1after, produce the second random number r 2, and according to described the first random number r 1with the second random number r 2calculate the first authentication message M 1with the second authentication message M 2, the first authentication message M 1data and the second authentication message M of whole figure places 2the data of setting figure place send to read write line, wherein, M 1=x ⊕ r 2, M 2=[(r 1⊕ r 2⊕ ID) 2mod n] l, symbol " ⊕ " represents XOR, symbol " mod " represents computing module-square, " [] l" representing to get the l position of ciphertext in " [] ", x is the shared key of known read write line and label, and ID is tag identifier, and n is modulus;
Step c, read write line receives the first authentication message M 1with the second authentication message M 2after, according to the first authentication message M 1calculate described the second random number r 2, r 2=M 1⊕ x, then whether checking exists (ID, x) to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] lif exist and perform step d;
Steps d, read write line calculates the 3rd authentication message M 3, by the 3rd authentication message M 3send to label, and shared key x is updated to [x 2mod n] l;
Step e, label receives and verifies the 3rd authentication message M 3whether correct, if correctly judge this authentication success.
2. authentication method according to claim 1, is characterized in that, in step c, if do not exist (ID, x) to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] l, further whether checking exists (ID, x') to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] l, wherein, x' is this authentication of preserving in read write line front shared key while once authenticating, and uses (ID, x') to replace carrying out described steps d after (ID, x) if exist.
3. authentication method according to claim 1, is characterized in that, n is used Mersenne number, i.e. n=2 k-1, wherein, k is the length of shared key x.
4. authentication method according to claim 1, is characterized in that, described setting figure place is less than or equal to described the second authentication message M 2total bit.
5. authentication method according to claim 1, is characterized in that, if in step e, and the 3rd authentication message M 3through label, checking is correct, after judging this authentication success, performs step f: label is updated to [x by shared key x 2mod n] l.
6. a Verification System, is applied to radio frequency identification system, it is characterized in that, comprising:
First produces and sending module, is placed in read write line, for the first random number r that read write line self is produced 1send to label;
Second produces and sending module, is placed in label, for receiving the first random number r 1, produce the second random number r 2, and according to described the first random number r 1with the second random number r 2calculate the first authentication message M 1with the second authentication message M 2, the first authentication message M 1data and the second authentication message M of whole figure places 2the data of setting figure place send to read write line, wherein, M 1=x ⊕ r 2, M 2=[(r 1⊕ r 2⊕ ID) 2modn] l, symbol " ⊕ " represents XOR, symbol " mod " represents computing module-square, " [] l" representing to get the l position of ciphertext in " [] ", x is the shared key of known read write line and label, and ID is tag identifier, and n is modulus;
Authentication module, is placed in read write line, for receiving the first authentication message M 1with the second authentication message M 2, according to the first authentication message M 1calculate described the second random number r 2, r 2=M 1⊕ x, then whether checking exists (ID, x) to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] lif exist and start and calculate and update module;
Calculate and update module, be placed in read write line, for calculating the 3rd authentication message M 3, by the 3rd authentication message M 3send to label, and shared key x is updated to [x 2mod n] l;
Determination module, is placed in label, for receiving and verify the 3rd authentication message M 3whether correct, if correctly judge this authentication success.
7. Verification System according to claim 6, is characterized in that, described authentication module comprises authentication unit again, for not existing (ID, x) to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] ltime, further whether checking exists (ID, x') to meet equation M 2=[(r 1⊕ r 2⊕ ID) 2mod n] l, wherein, x' is this authentication of preserving in read write line front shared key while once authenticating, and uses (ID, x') to replace starting described calculating and update module after (ID, x) if exist.
8. Verification System according to claim 6, is characterized in that, n is used Mersenne number, i.e. n=2 k-1, wherein, k is the length of shared key x.
9. Verification System according to claim 6, is characterized in that, described setting figure place is less than or equal to described the second authentication message M 2total bit.
10. Verification System according to claim 6, is characterized in that, described determination module comprises key updating units, and key updating units is used at described the 3rd authentication message M 3through label, be verified as when correct, after judging this authentication success, the shared key x in label be updated to [x 2mod n] l.
CN201310492590.XA 2013-10-18 2013-10-18 Authentication method and authentication system Pending CN103532718A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310492590.XA CN103532718A (en) 2013-10-18 2013-10-18 Authentication method and authentication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310492590.XA CN103532718A (en) 2013-10-18 2013-10-18 Authentication method and authentication system

Publications (1)

Publication Number Publication Date
CN103532718A true CN103532718A (en) 2014-01-22

Family

ID=49934424

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310492590.XA Pending CN103532718A (en) 2013-10-18 2013-10-18 Authentication method and authentication system

Country Status (1)

Country Link
CN (1) CN103532718A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104901812A (en) * 2015-06-19 2015-09-09 四川理工学院 RFID system safety authentication method with ECC combining with lightweight Hash function
CN105530263A (en) * 2016-01-08 2016-04-27 广东工业大学 Ultra-lightweight RFID bidirectional authentication method based on label ID
CN105721142A (en) * 2016-01-25 2016-06-29 广东工业大学 RFID system secret key generation method and devices based on tag ID
CN106411505A (en) * 2016-08-31 2017-02-15 广东工业大学 Bidirectional authentication method of mobile radio frequency identification and mobile radio frequency identification system
CN106658349A (en) * 2015-10-30 2017-05-10 中国电信股份有限公司 Method for automatically generating and updating shared key and system thereof
CN110677254A (en) * 2019-09-20 2020-01-10 广州城市职业学院 Ultra-lightweight RFID authentication method
CN110995432A (en) * 2020-03-05 2020-04-10 杭州字节物联安全技术有限公司 Internet of things sensing node authentication method based on edge gateway
CN112084801A (en) * 2020-07-23 2020-12-15 西安电子科技大学 Bidirectional identity authentication method used in low-cost passive RFID system
CN112364339A (en) * 2020-08-21 2021-02-12 中国科学院信息工程研究所 Improved safe lightweight RFID authentication method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051903A (en) * 2007-03-30 2007-10-10 中山大学 RFID random key two-way certifying method accord with EPC C1G2 standard
CN101217362A (en) * 2007-12-29 2008-07-09 中山大学 RFID communication security mechanism established based on dynamic randomization DRNTRU public key encryption system
US20100001840A1 (en) * 2008-07-07 2010-01-07 You Sung Kang Method and system for authenticating rfid tag

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051903A (en) * 2007-03-30 2007-10-10 中山大学 RFID random key two-way certifying method accord with EPC C1G2 standard
CN101217362A (en) * 2007-12-29 2008-07-09 中山大学 RFID communication security mechanism established based on dynamic randomization DRNTRU public key encryption system
US20100001840A1 (en) * 2008-07-07 2010-01-07 You Sung Kang Method and system for authenticating rfid tag

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
YONGMING JIN,HUIPING SUN,WEI XIN,SONG LUO,ZHONG CHEN: "Lightweight RFID Mutual Authentication Protocol against Feasible Problems", 《INFORMATION AND COMMUNICATIONS SECURITY》 *
郑嘉琦,陈兵,周勇: "一种RFID轻量认证协议GIMAP", 《小型微型计算机系统》 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104901812A (en) * 2015-06-19 2015-09-09 四川理工学院 RFID system safety authentication method with ECC combining with lightweight Hash function
CN104901812B (en) * 2015-06-19 2018-04-20 四川理工学院 A kind of RFID system safety certifying method of ECC combinations lightweight Hash functions
CN106658349B (en) * 2015-10-30 2020-11-20 中国电信股份有限公司 Method and system for automatically generating and updating shared secret key
CN106658349A (en) * 2015-10-30 2017-05-10 中国电信股份有限公司 Method for automatically generating and updating shared key and system thereof
CN105530263A (en) * 2016-01-08 2016-04-27 广东工业大学 Ultra-lightweight RFID bidirectional authentication method based on label ID
CN105530263B (en) * 2016-01-08 2018-06-12 广东工业大学 A kind of extra lightweight RFID mutual authentication methods based on tag ID
CN105721142A (en) * 2016-01-25 2016-06-29 广东工业大学 RFID system secret key generation method and devices based on tag ID
CN106411505A (en) * 2016-08-31 2017-02-15 广东工业大学 Bidirectional authentication method of mobile radio frequency identification and mobile radio frequency identification system
CN106411505B (en) * 2016-08-31 2019-05-07 广东工业大学 A kind of mutual authentication method and Mobile RFID system of Mobile RFID
CN110677254A (en) * 2019-09-20 2020-01-10 广州城市职业学院 Ultra-lightweight RFID authentication method
CN110677254B (en) * 2019-09-20 2022-06-10 广州城市职业学院 Ultra-lightweight RFID authentication method
CN110995432A (en) * 2020-03-05 2020-04-10 杭州字节物联安全技术有限公司 Internet of things sensing node authentication method based on edge gateway
CN112084801A (en) * 2020-07-23 2020-12-15 西安电子科技大学 Bidirectional identity authentication method used in low-cost passive RFID system
CN112084801B (en) * 2020-07-23 2022-04-22 西安电子科技大学 Bidirectional identity authentication method used in low-cost passive RFID system
CN112364339A (en) * 2020-08-21 2021-02-12 中国科学院信息工程研究所 Improved safe lightweight RFID authentication method

Similar Documents

Publication Publication Date Title
CN103532718A (en) Authentication method and authentication system
CN101847199B (en) Security authentication method for radio frequency recognition system
CN104115442B (en) RFID bidirectional authentication method based on asymmetric secret key and Hash function
CN104184733B (en) A kind of RFID lightweight mutual authentication methods encoded based on CRC
CN106712962A (en) Mobile RFID system bidirectional authentication method and system
CN103795543A (en) Bidirectional security authentication method for RFIP system
CN102497264B (en) RFID security authentication method based on EPC C-1G-2 standard
CN110147666B (en) Lightweight NFC identity authentication method in scene of Internet of things and Internet of things communication platform
CN105100112A (en) Cloud-storing based radio frequency identification (RFID) group tag ownership transferring method
CN106845304A (en) A kind of method and system for realizing reader and smart-tag authentication in rfid system
CN104112106A (en) Physical unclonability-based RFID lightweight class authentication method
CN104333539B (en) A kind of RFID safety authentication based on Chebyshev map
CN101488179A (en) Authentication method and apparatus for wireless radio frequency recognition system
CN110190965A (en) A kind of RFID cluster label authentication protocol based on hash function
CN102684872B (en) Safety communication method for ultrahigh frequency radio-frequency identification air interface based on symmetrical encryption
Liu et al. A Lightweight RFID Authentication Protocol based on Elliptic Curve Cryptography.
Chen et al. A secure ownership transfer protocol using EPCglobal Gen-2 RFID
Zhou A Quadratic Residue-Based Lightweight RFID Mutual Authentication Protocol with Constant-Time Identification.
CN104579688B (en) It is a kind of based on Hash function can synchronized update key RFID mutual authentication method
CN106027237B (en) Cipher key matrix safety certifying method based on group in a kind of RFID system
CN108566385A (en) The mutual authentication method of efficient secret protection based on cloud
CN103699863B (en) A kind of asynchronous attack resistant ultra-lightweight radio frequency identification authentication method
CN104506533A (en) RFID (radio frequency identification) label ownership transfer method based on PUF (physical unclonable function)
Jin et al. PUF-based RFID authentication protocol against secret key leakage
Xiao et al. Security Protocol for RFID System Conforming to EPC-C1G2 Standard.

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20140122