CN103699863B - A kind of asynchronous attack resistant ultra-lightweight radio frequency identification authentication method - Google Patents

Abstract

The invention discloses a kind of asynchronous attack resistant ultra-lightweight radio frequency identification authentication method, label is additionally arranged session key N_tAs flag bit, the random number that this flag bit produces to reader in last time verification process is relevant, and keeps dynamic refresh, and the message making assailant reset lost efficacy, it is possible to the effectively problem of the resisting asynchronous attack of solution；Have employed mutual authentication method to realize the certification of identity, and (x, y) carrys out the message in coded communication, improves the confidentiality that radio frequency identification system communicates in open environment, safer to introduce the nonlinear function NLMC of extra lightweight.The composite can be widely applied to radio frequency identification field.

Description

A kind of asynchronous attack resistant ultra-lightweight radio frequency identification authentication method

Technical field

The present invention relates to radio frequency identification field, especially a kind of asynchronous attack resistant ultra-lightweight radio frequency identification Authentication method.

Background technology

In prior art, radio frequency identification (RFID, Radio Frequency Identification) be numerous from The one of dynamic identification technology, its ultimate principle is to utilize radiofrequency signal and Space Coupling (inductance or electromagnetic coupled) transmission characteristic, Realize the automatic identification to identified object.Based on the advantage that RFID is numerous, RFID obtained quite varied application and Receive more and more attention.

Existing extra lightweight radio frequency identification authentication method based on XOR is low to the requirement of hardware, its label Not having the ability producing pseudo random number, but the defect of this authentication method is, when assailant eavesdrop and reset message time, service Device end is difficult to verify the legitimacy of this message, so that illegal label certification is passed through, causes the data of server end and tab end Update asynchronous, the problem causing asynchronous attacks.

Summary of the invention

In order to solve above-mentioned technical problem, it is an object of the invention to: the super of the high and anti-asynchronous attacks of a kind of safety is provided Lightweight radio frequency identification authentication method.

The technical solution adopted for the present invention to solve the technical problems is: the extra lightweight of a kind of anti-asynchronous attacks is wireless to be penetrated Frequently identification authentication method, including:

S1, the randomizer of reader produce random number N₁, then send message Query to the label chosen | | N₁；

S2, tag computation go out A=(IDS ∨ K₂)+N_tValue, and through NLMC(x, y) nonlinear function computing, ROT(x, y) B=(K1 K is obtained after functional operation and XOR₂ ^*)+(K₁ ^*⊕K₂) value, be then passed through reader by message id S | | A | | B | | N1 is transmitted to background server；Described K₁ ^*=ROT(K₁⊕Nm,K₁), K₂ ^*=ROT(K₂⊕Nm,K₂), Nm=NLMC (N_t,N₁)；Its In, IDS represents the assumed name of label, N_tRepresent the session key in radio frequency identification system communication process, K₁、K₂All represent and disappear The encryption key of breath, " ∨ " represents logical addition computing, and " " represents XOR；

S3, background server check whether its IDS data stored store can with message id S | | A | | B | | in N1 The data of IDS data match；If it is not, represent the failure of reader authentication label, termination protocol, flow process terminates；Otherwise, then perform Step S4；

S4, background server are from message id S, and | | A | | B | | extracts N N1_t＇=A-(IDS ∨ K₂), and with IDS data Corresponding K₁、K₂Calculate B ＇=(K1 K₂ ^*)+(K₁ ^*⊕K₂)；Then judge whether B ＇ is equal to B, if it is not, represent reader authentication Label failure, termination protocol, flow process terminates；Otherwise, then step S5 is performed；

S5, reader generate random number N₂, label assumed name IDS, secret key K to background server₁, secret key K₂Close with session Key N_tIt is updated, and through NLMC(x, y) nonlinear function computing, ROT(x, y) sent out after functional operation and XOR Give data C and the D of label；

S6, label go out data N from the extracting data received₂＇, and through NLMC(x, y) nonlinear function computing, ROT (x y) obtains data D ＇ after functional operation and XOR, then judges label pair according to data D are the most equal with data D ＇ Whether reader is proved to be successful.

Further, described step S5, comprising:

S51, reader generate random number N₂, and by label assumed name IDS current for reader, secret key K₁, secret key K₂As old Label assumed name IDS, old secret key K₁, old secret key K₂Store to background server；

S52, reader are to data N₁、N_2、IDS、K₁、K₂Calculate, thus obtain new label assumed name IDS^new, new secret key K₁ ^new, new secret key K₂ ^newWith new session key N_t ^new, and by IDS^new、K₁ ^new、K₂ ^newAnd N_t ^newStore to background server；

S53, reader to through NLMC(x, y) nonlinear function computing, ROT(x, y) functional operation and XOR, from And obtain being sent to data C of label and D.

Further, described new label assumed name IDS^new, new secret key K₁ ^new, new secret key K₂ ^newWith new session key N_t ^newMeter Calculation formula is as follows:

Wherein, ID represents the identity indications of label.

Further, in described step C53, the computing formula of described data C is: C=ROT(K₁⊕K₂, Nm ＇) and N₂；Institute The computing formula stating data D is: D=(K2^*+ Nx) ((K1 K2) ∨ K1^*).

Further, described step S6, comprising:

S61, label go out data N from the extracting data received₂＇, described data N₂The computing formula of ＇ is:

N₂＇=C ROT (K₁⊕K₂, Nm ＇)；

The N that S62, basis extract₂Data D ＇ is calculated by ＇, and the computing formula of described data D ＇ is:

D ＇=(K₂ ^*+ Nx ＇) ((K₁⊕K₂)∨K₁ ^*), wherein, Nx ＇=NLMC(N₂＇, N_t＇)；

S63, judge that data D are the most equal with data D ＇, if equal, then IDS data, secret key K to label₁, secret key K₂With Data N_tIt is updated, thus IDS data ID S after being updated^new, secret key K₁ ^new, secret key K₂ ^newWith data N_t ^new；Wherein, IDS^new=(IDS+ID) (Nm ＇+K₁ ^*), K₁ ^new=K₁ ^*, K₂ ^new=K₂ ^*, N_t ^new=Nx ＇.

Further, by IDS in described step S52^new、K₁ ^new、K₂ ^newAnd N_t ^newThe step for of storage to background server, its Particularly as follows:

Judge the IDS calculated^newThe most identical with arbitrary IDS data of background server storage, the most again give birth to Become random number N₂And calculate the IDS of correspondence^new、K₁ ^new、K₂ ^newAnd N_t ^new；Otherwise, then by IDS^new、K₁ ^new、K₂ ^newAnd N_t ^newDeposit Storage is to background server.

The invention has the beneficial effects as follows: be additionally arranged session key N in the label_tAs flag bit, this flag bit and last time The random number that in verification process, reader produces is correlated with, and keeps dynamic refresh, and the message making assailant reset lost efficacy, it is possible to have The problem that effect solves resisting asynchronous attack；Have employed mutual authentication method to realize the certification of identity, and introduce extra lightweight (x, y) carrys out the message in coded communication to nonlinear function NLMC, improves radio frequency identification system and communicates in open environment Confidentiality, safer.

Accompanying drawing explanation

The invention will be further described with embodiment below in conjunction with the accompanying drawings.

Fig. 1 is the flow chart of steps of a kind of asynchronous attack resistant ultra-lightweight radio frequency identification authentication method of the present invention；

Fig. 2 is nonlinear function NLMC (x, concrete operation flow chart y)；

Fig. 3 is the schematic diagram of radio frequency identification verification process of the present invention.

Detailed description of the invention

With reference to Fig. 1, a kind of asynchronous attack resistant ultra-lightweight radio frequency identification authentication method, including:

S1, the randomizer of reader produce random number N₁, then send message Query to the label chosen | | N₁；

S2, tag computation go out A=(IDS ∨ K₂)+N_tValue, and through NLMC(x, y) nonlinear function computing, ROT(x, y) B=(K1 K is obtained after functional operation and XOR₂ ^*)+(K₁ ^*⊕K₂) value, be then passed through reader by message id S | | A | | B | | N1 is transmitted to background server；Described K₁ ^*=ROT(K₁⊕Nm,K₁), K₂ ^*=ROT(K₂⊕Nm,K₂), Nm=NLMC (N_t,N₁)；Its In, IDS represents the assumed name of label, N_tRepresent the session key in radio frequency identification system communication process, K₁、K₂All represent and disappear The encryption key of breath, " ∨ " represents logical addition computing, and " " represents XOR；

S3, background server check whether its IDS data stored store can with message id S | | A | | B | | in N1 The data of IDS data match；If it is not, represent the failure of reader authentication label, termination protocol, flow process terminates；Otherwise, then perform Step S4；

S4, background server are from message id S, and | | A | | B | | extracts N N1_t＇=A-(IDS ∨ K₂), and with IDS data Corresponding K₁、K₂Calculate B ＇=(K1 K₂ ^*)+(K₁ ^*⊕K₂)；Then judge whether B ＇ is equal to B, if it is not, represent reader authentication Label failure, termination protocol, flow process terminates；Otherwise, then step S5 is performed；

S5, reader generate random number N₂, label assumed name IDS, secret key K to background server₁, secret key K₂Close with session Key N_tIt is updated, and through NLMC(x, y) nonlinear function computing, ROT(x, y) sent out after functional operation and XOR Give data C and the D of label；

S6, label go out data N from the extracting data received₂＇, and through NLMC(x, y) nonlinear function computing, ROT (x y) obtains data D ＇ after functional operation and XOR, then judges label pair according to data D are the most equal with data D ＇ Whether reader is proved to be successful.

Wherein, nonlinear function NLMC (x, is y) to use genetic programming thought, by introducing ultralight operand assembly, from And the nonlinearity function obtained.(x, y) function only require on hardware that label has right displacement behaviour to realize NLMC on label The ability made, this function has the character of extra lightweight, and its concrete operations are as shown in Figure 2.ROT(x, y) function is left-handed function, For by left-handed for the value of x y position.N_t＇ is the session key of background server end, if communication is correct, with N_tUnanimously.The calculating of B ＇ Journey and the formula used are consistent with B, differ only in N_tChange N into_t＇.N₂＇ is the random number that tab end is extracted, if communication Correct then N with reader end₂Unanimously.The calculating process of D ＇ and the formula used are consistent with D, differ only in N₂Change into N₂＇.

It is further used as preferred embodiment, described step S5, comprising:

S51, reader generate random number N₂, and by label assumed name IDS current for reader, secret key K₁, secret key K₂As old Label assumed name IDS, old secret key K₁, old secret key K₂Store to background server；

S52, reader are to data N₁、N_2、IDS、K₁、K₂Calculate, thus obtain new label assumed name IDS^new, new secret key K₁ ^new, new secret key K₂ ^newWith new session key N_t ^new, and by IDS^new、K₁ ^new、K₂ ^newAnd N_t ^newStore to background server；

S53, reader to through NLMC(x, y) nonlinear function computing, ROT(x, y) functional operation and XOR, from And obtain being sent to data C of label and D.

It is further used as preferred embodiment, described new label assumed name IDS^new, new secret key K₁ ^new, new secret key K₂ ^newWith New session key N_t ^newComputing formula as follows:

Wherein, ID represents the identity indications of label.

Being further used as preferred embodiment, in described step C53, the computing formula of described data C is: C=ROT (K₁⊕K₂, Nm ＇) and N₂；The computing formula of described data D is: D=(K2^*+ Nx) ((K1 K2) ∨ K1^*).

It is further used as preferred embodiment, described step S6, comprising:

S61, label go out data N from the extracting data received₂＇, described data N₂The computing formula of ＇ is:

N₂＇=C ROT (K₁⊕K₂, Nm ＇)；

The N that S62, basis extract₂Data D ＇ is calculated by ＇, and the computing formula of described data D ＇ is:

D ＇=(K₂ ^*+ Nx ＇) ((K₁⊕K₂)∨K₁ ^*), wherein, Nx ＇=NLMC(N₂＇, N_t＇)；

S63, judge that data D are the most equal with data D ＇, if equal, then IDS data, secret key K to label₁, secret key K₂With Data N_tIt is updated, thus IDS data ID S after being updated^new, secret key K₁ ^new, secret key K₂ ^newWith data N_t ^new；Wherein, IDS^new=(IDS+ID) (Nm ＇+K₁ ^*), K₁ ^new=K₁ ^*, K₂ ^new=K₂ ^*, N_t ^new=Nx ＇.

It is further used as preferred embodiment, by IDS in described step S52^new、K₁ ^new、K₂ ^newAnd N_t ^newStore to rear The step for of station server, itself particularly as follows:

Judge the IDS calculated^newThe most identical with arbitrary IDS data of background server storage, the most again give birth to Become random number N₂And calculate the IDS of correspondence^new、K₁ ^new、K₂ ^newAnd N_t ^new；Otherwise, then by IDS^new、K₁ ^new、K₂ ^newAnd N_t ^newDeposit Storage is to background server.

Below in conjunction with Figure of description and specific embodiment, the present invention is described in further detail.

Reference Fig. 3, the first embodiment of the present invention:

One asynchronous attack resistant ultra-lightweight radio frequency identification authentication method of the present invention, for radio frequency identification system System carries out between label and reader safety certification during radio communication.The radio frequency identification system of the present invention includes mark Label, reader and background server.Wherein passive read-write formula label selected by label, and the inside EEPROM of label stores data, Its interior door circuit is not required to produce pseudo random number, it is only necessary to meet bit arithmetic (XOR, shift operation etc.) operation, and energy Realize NLMC (x, y) function of function operation.

The invention mainly comprises certification initial phase, the two-way authentication stage, label assumed name and key updating stage this three The individual stage.

Certification initial phase, specific as follows:

Five-tuple (ID, IDS, K it is loaded in each label₁,K₂,N_t), wherein ID represents the identity indications of label；IDS Representing the assumed name of label, initial value is the binary number of 96bit, and its value is Hash (ID)；The ID of label is unique, therefore, After Hash operation, unique IDS can be obtained；K₁、K₂Representing the encryption key of message, its initial value is 96bit's Binary system random number；N_tRepresenting the session key in radio frequency identification system communication process, arranging its initial value is 96bit bis- System number, its value is through function NLMC (N₁, N₂) result after computing, wherein N₁,N₂Produce for reader pseudorandom number generator Raw random number.

One seven tuple (ID, IDS is retained in background server^new,IDS^old,K₁ ^new,K₁ ^old,K₂ ^new,K₂ ^old).Wherein ID represents the identity indications of label；(IDS^new,K₁ ^new, K₂ ^new) this is recognized to represent the assumed name of this certification of label, label respectively The K of card₁、K₂Key, they are all the binary numbers of 96bit, and initial value is equal to tag ID S, the initial value of label key K1, K2； (IDS^old,K₁ ^old,K₂ ^old) represent the key of label in the assumed name IDS of label in last time verification process, last time verification process respectively (IDS, K1, K2) initial value of K1, K2, their initial value and label is identical, is all the binary number of 96bit.

With reference to Fig. 3, the concrete execution process of the verification process of radio frequency identification system is as follows:

Randomizer in a, reader produces random number N₁；Then to the label chosen send message (Query | | N₁)。

B, label receive data N that reader sends over₁After communication request, calculate A=(IDS ∨ K according to formula₂) +N_t、Nm=NLMC(N_t,N₁)、K₁ ^*=ROT(K₁⊕Nm,K₁)、K₂ ^*=ROT(K₂⊕Nm,K₂)、B=(K₁⊕K₂ ^*)+(K₁ ^*⊕K₁)；Then Message (IDS | | A | | B) is sent to reader, and reader is again by message (IDS | | A | | B | | N₁) it is transmitted to background server； Wherein NLMC (x, the parameter during y) representative function acts on bracket.

After c, server receive message, first look for the IDS in backstage^newAnd IDS^oldRecord, verifies the two data energy No with receive message id S | | the A | | IDS in B and mate；If the match is successful, from message, just extract N_t=A-IDS ∨ K₂, so After according to the computing formula in label, with the K corresponding with IDS₁、K₂Calculate B '=(K₁⊕K₂ ^*)+(K₁ ^*⊕K₂), it is used for verifying B '=B Whether set up；If equation is set up, then reader checking label success, and forward step d to；Otherwise authentification failure, terminates current Session.After server and reader success identity label, generate random number N₂, calculate N_x=NLMC(Nm,N₂)、C=ROT(K₁⊕ K₂,Nm)⊕N₂、D=(K₂ ^*+Nx)⊕((K₁⊕K₂)∨K₁ ^*)；The most more new data K₁ ^new=K₁ ^*、K₁ ^old=K₁、K₂ ^new=K₂ ^*、K₂ ^old= K₂、IDS^old=IDS、IDS^new=(IDS+ID)⊕(Nm+K₁ ^*), by message C | | D is sent to label.

D, label receive message C | | after D, from message, first extract N₂=C⊕ROT(K₁⊕K₂,Nm)；Then with rear The formula that station server is identical calculates whether D ', checking equation D '=D set up, wherein D '=(K₂ ^*+Nx)⊕((K₁⊕K₂)∨= K₁ ^*)；If equation is set up, then update data ID S=(IDS+ID) (Nm+=K₁ ^*), K₁==K₁ ^*、K₂==K₂ ^*、N_t=Nx。

The present invention operation by step a to d, it is achieved that label and the two-way authentication of reader, and the mark being proved to be successful Sign and reader can carry out subsequent communications.

Compared with prior art, the invention have the advantages that

(1) hardware aspect

The lowest computing cost: label has only to meet bit arithmetic, include the behaviour such as logical operations, XOR, shift operation Make；

B. low communication cost: agreement only needs the traffic (with reference to Fig. 3) of 3 samsaras, and the quantity of information of exchange is few；

C. the hardware spending on label is little: label need not the function with pseudorandom number generator, required gate circuit number Amount greatly reduces；

D. the operand on label is few: label only need to be performed 16 logical operation, 3 ROT (x, y) function behaviour Make, (x, y) function operation just can realize the authentication between RFID label tag and RFID reader to 2 NLMC.

(2) present invention is provided with data N in the label_t, these data and the reader in last time verification process produce with Machine number is correlated with, and keeps dynamic refresh, is thus equivalent to label and is also provided with the ability producing random number, but need not again Increase extra hardware, it is possible to efficient solution award of bid label and back-end data base data synchronization problems.

(3) the radio frequency identification system authentication that the present invention is realized by two-way authentication, improves less radio-frequency The confidentiality that identification system communicates in open environment, can resisting asynchronous attack, man-in-the-middle attack, Replay Attack, refusal service The attack pattern that the radio frequency identification systems such as attack are common.

(4) present invention has the advantage that algorithm is novel simply, fast response time, resource requirement are few, be easily achieved, it is adaptable to Solve the safety problem of low cost RFID label.

It is above the preferably enforcement of the present invention is illustrated, but the invention is not limited to described enforcement Example, those of ordinary skill in the art also can make all equivalent variations on the premise of spirit of the present invention or replace Changing, deformation or the replacement of these equivalents are all contained in the application claim limited range.

Claims (5)

1. an asynchronous attack resistant ultra-lightweight radio frequency identification authentication method, it is characterised in that: including:

S1, the randomizer of reader produce random number N₁, then send message Query to the label chosen | | N₁；

S2, tag computation go out A=(IDS ∨ K₂)+N_tValue, and through NLMC (x, y) nonlinear function computing, ROT (x, y) letter Number computing obtains B=(K1 K after XOR₂ ^*)+(K₁ ^*⊕K₂) value, be then passed through reader by message id S | | A | | B | | N1 is transmitted to background server；Described K₁ ^*=ROT (K₁⊕Nm,K₁), K₂ ^*=ROT (K₂⊕Nm,K₂), Nm=NLMC (N_t,N₁)； Wherein, IDS represents the assumed name of label, N_tRepresent the session key in radio frequency identification system communication process, K₁、K₂All represent The encryption key of message, " ∨ " represents logical addition computing, and " " represents XOR；

S3, background server check whether its IDS data stored store can with message id S | | A | | the B | | IDS in N1 The data of data match；If it is not, represent the failure of reader authentication label, termination protocol, flow process terminates；Otherwise, then step is performed Rapid S4；

S4, background server are from message id S, and | | A | | B | | extracts N N1_t＇=A-(IDS ∨ K₂), and with relative with IDS data The K answered₁、K₂Calculate B ＇=(K1 K₂ ^*)+(K₁ ^*⊕K₂)；Then judge whether B ＇ is equal to B, if it is not, represent reader authentication mark Signing unsuccessfully, termination protocol, flow process terminates；Otherwise, then step S5 is performed；

S5, reader generate random number N₂, label assumed name IDS, secret key K to background server₁, secret key K₂With session key N_tEnter Row updates, and (x, (x y) obtains being sent to mark after functional operation and XOR for y) nonlinear function computing, ROT through NLMC Data C signed and D；

S6, label go out data N from the extracting data received₂＇, and through NLMC (x, y) nonlinear function computing, ROT (x, y) Obtain data D ＇ after functional operation and XOR, then judge that label is to reading according to data D are the most equal with data D ＇ Whether device is proved to be successful；

Described step S5, comprising:

S51, reader generate random number N₂, and by label assumed name IDS current for reader, secret key K₁, secret key K₂As old label Assumed name IDS, old secret key K₁, old secret key K₂Store to background server；

S52, reader are to data N₁、N₂、IDS、K₁、K₂Calculate, thus obtain new label assumed name IDS^new, new secret key K₁ ^new、 New secret key K₂ ^newWith new session key N_t ^new, and by IDS^new、K₁ ^new、K₂ ^newAnd N_t ^newStore to background server；

S53, reader to through NLMC (x, y) nonlinear function computing, ROT (x, y) functional operation and XOR, thus To data C and the D that are sent to label.

A kind of asynchronous attack resistant ultra-lightweight radio frequency identification authentication method the most according to claim 1, its feature It is: described new label assumed name IDS^new, new secret key K₁ ^new, new secret key K₂ ^newWith new session key N_t ^newComputing formula such as Under:

$\left\{\begin{array}{c}{\mathrm{Nm}}^{\′}=NLMC({N_t}^{\′},N_1)\\ N_x=NLMC({N_m}^{\′},N_2)\\ {\mathrm{IDS}}^{new}=(IDS+ID)\⊕(N_x+{K_1}^{*})\\ {K_1}^{new}={K_1}^{*}\\ {K_2}^{new}={K_2}^{*}\\ {N_t}^{new}=N_x\end{array}\right.$

Wherein, ID represents the identity indications of label.

A kind of asynchronous attack resistant ultra-lightweight radio frequency identification authentication method the most according to claim 2, its feature Being: in described step S53, the computing formula of described data C is: C=ROT (K₁⊕K₂, Nm ＇) and N₂；Described data D Computing formula is: D=(K2^*+Nx)⊕((K1⊕K2)∨K1^*)。

A kind of asynchronous attack resistant ultra-lightweight radio frequency identification authentication method the most according to claim 3, its feature It is: described step S6, comprising:

S61, label go out data N from the extracting data received₂＇, described data N₂The computing formula of ＇ is:

N₂＇=C ROT (K₁⊕K₂, Nm ＇)；

The N that S62, basis extract₂Data D ＇ is calculated by ＇, and the computing formula of described data D ＇ is:

D ＇=(K₂ ^*+ Nx ＇) ((K₁⊕K₂)∨K₁ ^*), wherein, Nx ＇=NLMC (N₂＇, N_t＇)；

S63, judge that data D are the most equal with data D ＇, if equal, then IDS data, secret key K to label₁, secret key K₂And data N_tIt is updated, thus IDS data ID S after being updated^new, secret key K₁ ^new, secret key K₂ ^newWith data N_t ^new；Wherein, IDS^new =(IDS+ID) (Nm ＇+K₁ ^*),K₁ ^new=K₁ ^*, K₂ ^new=K₂ ^*, N_t ^new=Nx ＇.

A kind of asynchronous attack resistant ultra-lightweight radio frequency identification authentication method the most according to claim 4, its feature It is: by IDS in described step S52^new、K₁ ^new、K₂ ^newAnd N_t ^newThe step for of storage to background server, itself particularly as follows:

Judge the IDS calculated^newWhether the most identical with arbitrary IDS data of background server storage, the most then regenerate with Machine number N₂And calculate the IDS of correspondence^new、K₁ ^new、K₂ ^newAnd N_t ^new；Otherwise, then by IDS^new、K₁ ^new、K₂ ^newAnd N_t ^newStore to Background server.