CN107994992A - A kind of RFID bidirectional identification protocols method and device - Google Patents
A kind of RFID bidirectional identification protocols method and device Download PDFInfo
- Publication number
- CN107994992A CN107994992A CN201711105510.5A CN201711105510A CN107994992A CN 107994992 A CN107994992 A CN 107994992A CN 201711105510 A CN201711105510 A CN 201711105510A CN 107994992 A CN107994992 A CN 107994992A
- Authority
- CN
- China
- Prior art keywords
- vector
- message
- message vector
- reader
- label
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of RFID bidirectional identification protocols method and device, communicated by two-wheeled, transmit five message vectors, certification of the label to reader is realized using strong common hash function f and pointer value, and the 3rd message vector b is hidden using strong common hash function g, realize the safe transmission of the 3rd message vector b, resist man-in-the-middle attack, man-in-the-middle attack can not be resisted by solving current Auth agreements, and LPNAP agreements are not carried out the technical problem of two-way authentication.
Description
Technical field
The present invention relates to electric power system stability control field, more particularly to a kind of RFID bidirectional identification protocols method and dress
Put.
Background technology
In Internet of Things, RFID technique carries substantial amounts of national goods and materials secret information, corporate client relation information and use
Family personal information, for the consideration of national security, company interest and privacy of user, it is necessary to carried out to the RFID technique for identifying object
Certification is protected, and otherwise will influence the reliability of Internet of Things.Therefore, realize that authentication property is now in the RFID system of low cost
The only way of RFID technique development.Numerous cryptologists to the authentication property of RFID protocol study and obtain compared with great achievement
Fruit, but most of agreements only pay attention to the safety certification to label at present, and the safety identification to reader is have ignored, so that not
Authorised reader through safety certification, can still cause the leakage of label information.
The purpose of RFID two-way authentications is exactly to prevent unauthorized reader from browsing the part or all of information stored in label,
And authorize the ability that legal reader distinguishes legitimate tag and illegal label.But the low cost of RFID and security requirement become
The difficult point of Authentication protocol design.On the one hand, the calculating of label and program capability are restricted be subject to own cost in RFID system, this
One requires to cause label to have very limited amount of computing capability, is only capable of carrying out simple logical operation;On the other hand, RFID
The wireless communications environment of system causes RFID protocol to be prone to attack.
Based on LPN come design RFID authentication protocols have the characteristics that it is preferable:One is relatively low computation complexity, the second is
Quantum attack can be resisted, can successfully be cracked in polynomial time because there is presently no the effective quantum algorithm of discovery
LPN difficult problems.Hopper and Blum proposes the two-wheeled RFID authentication protocols of approved safe based on LPN first:HB agreements, but HB
Agreement is only resistant to passive attack;Juels and Weis proposes the HB+ agreements with active safety, but Gilbert,
The Robshaw and Sibert successfully GRS attacks to HB+ actualizings;Gilbert et al. proposes Random-HB# agreements,
But Ouafi et al. implements the man-in-the-middle attack to Random-HB# agreements;Tang Jing and Ji Dongyao proposes a kind of HB# agreements,
And the Security Proof of the anti-man-in-the-middle attack of HB# agreements is given under random oracle model, but Jiang Xiao et al. is found that HB#
Security breaches existing for agreement and successful implementation man-in-the-middle attack;Kiltz et al. proposes two-wheeled, anti-active attack first
Auth agreements and dexterously give security proving, but Auth agreements can not resist man-in-the-middle attack.The LPNAP agreements of two-wheeled
Man-in-the-middle attack can be resisted, but LPNAP agreements are not carried out two-way authentication.
Accordingly, it is desirable to provide during a kind of RFID bidirectional identification protocols method and device can not be resisted with to solve current Auth agreements
Between people attack, and LPNAP agreements are not carried out the technical problem of two-way authentication.
The content of the invention
The present invention provides a kind of RFID bidirectional identification protocols method and device, solve during current Auth agreements can not resist
Between people attack, and LPNAP agreements are not carried out the technical problem of two-way authentication.
The present invention provides a kind of RFID bidirectional identification protocols method, including:
S1, label receive the first message vector a and second message vector m=f (T of reader transmissionS, c), calculating
Obtain m'=f (TS, c-1) and judge that first message vector a meets wt (a)=l/2 and m=f (TS, c) and m'=f (TS,c-1)
After equal, the 3rd message vector b of generation, the first random vector r and the 4th message vector e for obeying bernoulli distribution, wherein,
F is strong common hash function, cipher key TsIt is associated for Toeplitz matrixes T with the vectorial s of non-uniform probability and (2l+n-1) bit,
L is preset parameter, and n is the multinomial on l, and c is a preset constant;
S2, label according to the 3rd message vector b, the first random vector r and obey bernoulli be distributed the 4th message to
Amount e carries out that the second random vector is calculatedIt is calculated further according to the second random vector z hiding
Vector(r, z, y) is simultaneously sent to reader by final synthesis (r, z, y);
After S3, reader receive (r, the z, y) of label transmission, judge whether the first random vector r is equal to 0, if being equal to
0, then the execution of termination protocol, if not equal to 0, according to the second random vector z and hides vector y, the 5th message is calculated
VectorWherein, g is strong common hash function;
S4, label get reader according to first message vector a, cipher key Ts, the first random vector r and the 5th message to
The authentication result that amount b' is obtained, wherein, authentication result is correct for authentication error or certification.
Preferably, further included before step S1:
S0, reader generation first message vector a, meetThe overlapping wt (a) of Hamming of first message vector a=
L/2, and calculate second message vector m=f (TS, c), by first message vector a and second message vector m=f (TS, c) it is sent to
Label, wherein, f is strong common hash function, cipher key TsIt is Toeplitz matrixes T with non-uniform probability and (2l+n-1) bit
Vectorial s is associated, and c is a preset constant.
Preferably, a kind of RFID bidirectional identification protocols method provided by the invention further includes:
Label receives the first message vector a and second message vector m=f (T of reader transmissionS, c), calculating
To m'=f (TS, c-1) and judge that first message vector a is unsatisfactory for wt (a)=l/2 and/or m=f (TS, c) and m'=f (TS,
C-1) after unequal, then the execution of termination protocol.
Preferably, step S4 is specifically included:
Label gets reader according to first message vector a, cipher key Ts, the first random vector r and the 5th message vector
B', reader judgeWhether after setting up, obtained authentication result, wherein authentication result is recognize
Card mistake or certification are correct, and wherein τ=1/4+ η/2, η are the parameter of bernoulli distribution.
Preferably, the 3rd message vectorThe Hamming of 3rd message vector b is overlapping to meet wt (b)=l/2,
One random vector
Present invention also offers a kind of RFID bidirectional identification protocols device, including:
First receiving unit, the first message vector a and second message vector m=of reader transmission are received for label
f(TS, c), m'=f (T are being calculatedS, c-1) and judge that first message vector a meets wt (a)=l/2 and m=f (TS,c)
With m'=f (TS, c-1) it is equal after, generate the 3rd message vector b, the first random vector r and obey bernoulli distribution the 4th
Message vector e, wherein, f is strong common hash function, cipher key TsIt is that Toeplitz matrixes T is compared with non-uniform probability and (2l+n-1)
Special vectorial s is associated, and l is preset parameter, and n is the multinomial on l, and c is a preset constant;
First computing unit, according to the 3rd message vector b, the first random vector r and bernoulli point is obeyed for label
4th message vector e of cloth carries out that the second random vector is calculatedFurther according to the second random vector
Z, which is calculated, hides vector(r, z, y) is simultaneously sent to reader by final synthesis (r, z, y);
Second computing unit, after (r, z, y) that label transmission is received for reader, judges that the first random vector r is
No to be equal to 0, if equal to 0, the execution of termination protocol, if not equal to 0, according to the second random vector z and hides vector y, meter
Calculation obtains the 5th message vectorWherein, g is strong common hash function;
Authentication unit, reader is got according to first message vector a, cipher key T for labels, the first random vector r and
The authentication result that 5th message vector b' is obtained, wherein, authentication result is correct for authentication error or certification.
Preferably, a kind of RFID bidirectional identification protocols device provided by the invention further includes:
Generation unit, generates first message vector a for reader, meetsThe Hamming of first message vector a
Overlapping wt (a)=l/2, and calculate second message vector m=f (TS, c), by first message vector a and second message vector m=
f(TS, c) and label is sent to, wherein, f is strong common hash function, cipher key TsIt is Toeplitz matrixes T with non-uniform probability and (2l
+ n-1) the vectorial s of bit is associated, and c is a preset constant.
Preferably, a kind of RFID bidirectional identification protocols device provided by the invention further includes:
Second receiving unit, the first message vector a and second message vector m=of reader transmission are received for label
f(TS, c), m'=f (T are being calculatedS, c-1) and judge that first message vector a is unsatisfactory for wt (a)=l/2 and/or m=f
(TS, c) and m'=f (TS, c-1) it is unequal after, then the execution of termination protocol.
Preferably, authentication unit is additionally operable to label and gets reader according to first message vector a, cipher key Ts, first with
Machine vector r and the 5th message vector b', reader judgeAfter whether setting up, obtained certification
As a result, wherein authentication result is correct for authentication error or certification, wherein τ=1/4+ η/2, η are the parameter of bernoulli distribution.
Preferably, the 3rd message vectorThe Hamming of 3rd message vector b is overlapping to meet wt (b)=l/2,
One random vector
From above technical scheme, the present invention has the following advantages:
The present invention provides a kind of RFID bidirectional identification protocols method, including:
S1, label receive the first message vector a and second message vector m=f (T of reader transmissionS, c), calculating
Obtain m'=f (TS, c-1) and judge that first message vector a meets wt (a)=l/2 and m=f (TS, c) and m'=f (TS,c-1)
After equal, the 3rd message vector b of generation, the first random vector r and the 4th message vector e for obeying bernoulli distribution, wherein,
F is strong common hash function, cipher key TsIt is associated for Toeplitz matrixes T with the vectorial s of non-uniform probability and (2l+n-1) bit,
L is preset parameter, and n is the multinomial on l, and c is a preset constant;S2, label according to the 3rd message vector b, first with
Machine vector r and the 4th message vector e of obedience bernoulli distribution carry out that the second random vector is calculatedIt is calculated further according to the second random vector z and hides vectorFinally synthesize (r, z,
Y) and by (r, z, y) it is sent to reader;S3, reader receive label transmission (r, z, y) after, judge first at random to
Measure whether r is equal to 0, if equal to 0, the execution of termination protocol, if not equal to 0, according to the second random vector z and hides vector
Y, is calculated the 5th message vectorWherein, g is strong common hash function;S4, label, which are got, to be read
Device is read according to first message vector a, cipher key Ts, the obtained authentication result of the first random vector r and the 5th message vector b', its
In, authentication result is correct for authentication error or certification.
In the present invention, communicated by two-wheeled, transmit five message vectors, it is real using strong common hash function f and pointer value
Existing certification of the label to reader, and the 3rd message vector b is hidden using strong common hash function g, realize that the 3rd disappears
The safe transmission of vector b is ceased, resists man-in-the-middle attack, man-in-the-middle attack, and LPNAP can not be resisted by solving current Auth agreements
Agreement is not carried out the technical problem of two-way authentication.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is attached drawing needed in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
The embodiment of invention, for those of ordinary skill in the art, without creative efforts, can also basis
The attached drawing of offer obtains other attached drawings.
Fig. 1 is that a kind of structure of one embodiment of the RFID bidirectional identification protocols device provided in the embodiment of the present invention is shown
It is intended to;
Embodiment
An embodiment of the present invention provides a kind of RFID bidirectional identification protocols method and device, solves current Auth agreements
Man-in-the-middle attack can not be resisted, and LPNAP agreements are not carried out the technical problem of two-way authentication.
Goal of the invention, feature, advantage to enable the present invention is more obvious and understandable, below in conjunction with the present invention
Attached drawing in embodiment, is clearly and completely described the technical solution in the embodiment of the present invention, it is clear that disclosed below
Embodiment be only part of the embodiment of the present invention, and not all embodiment.Based on the embodiments of the present invention, this area
All other embodiment that those of ordinary skill is obtained without making creative work, belongs to protection of the present invention
Scope.
A kind of one embodiment of RFID bidirectional identification protocols method provided in an embodiment of the present invention, including:
100th, reader generation first message vector a, meetsThe overlapping wt (a) of Hamming of first message vector a
=l/2, and calculate second message vector m=f (TS, c), by first message vector a and second message vector m=f (TS, c) send
To label, wherein, f is strong common hash function, cipher key TsIt is Toeplitz matrixes T with non-uniform probability and (2l+n-1) bit
Vectorial s be associated, c is a preset constant.
Reader generates first message vector a, meetsThe overlapping wt (a) of Hamming=l/ of first message vector a
2, and calculate second message vector m=f (TS, c), by first message vector a and second message vector m=f (TS, c) and it is sent to mark
Label, wherein, the overlapping wt (a) of Hamming=l/2 of first message vector a be in order to subsequently in the transmitting procedure of reader whether
It there is a problem and judged and set.
101st, label receives the first message vector a and second message vector m=f (T of reader transmissionS, c), counting
Calculation obtains m'=f (TS, c-1) and judge that first message vector a meets wt (a)=l/2 and m=f (TS, c) and m'=f (TS,c-
1) after equal, the 3rd message vector b of generation, the first random vector r and the 4th message vector e for obeying bernoulli distribution, its
In, f is strong common hash function, cipher key TsIt is Toeplitz matrixes T with the vectorial s phases of non-uniform probability He (2l+n-1) bit
Association, l are preset parameter, and n is the multinomial on l, and c is a preset constant;
It should be noted that label receives the first message vector a and second message vector m=f of reader transmission
(TS, c), m'=f (T are being calculatedS, c-1) and judge that first message vector a is unsatisfactory for wt (a)=l/2 and/or m=f
(TS, c) and m'=f (TS, c-1) it is unequal after, then the execution of termination protocol.
Certification of the label to reader, during anti-passive attack, transmission are realized using strong common hash function f
Second message vector m=f (TS, c) it is different from every time, attacker can not intercept the correct and relevant information of key;
During anti-active attack, according to the one-way of hash function, to any given value m, to find x and meet H
(x)=m, this is computationally infeasible.Therefore attacker is not knowing cipher key TsIn the case of pointer value c, one is chosen
A numerical value is equal to m=f (TS, c) and it is infeasible, attacker also can not just cannot get any of label by the certification of label
Response message.
102nd, label according to the 3rd message vector b, the first random vector r and obey bernoulli be distributed the 4th message to
Amount e carries out that the second random vector is calculatedIt is calculated further according to the second random vector z hiding
Vector(r, z, y) is simultaneously sent to reader by final synthesis (r, z, y);
It should be noted that label is according to the 3rd message vector b, the first random vector r and obeys what bernoulli was distributed
4th message vector e carries out that the second random vector is calculatedSo that first message vector a and
Three message vector b participate in the transmission of message jointly, realize the randomization of communication key, are calculated further according to the second random vector z
To hiding vector3rd message vector b is hidden, it is final to synthesize (r, z, y) and (r, z, y) is sent to reading
Device.
During anti-man-in-the-middle attack, attacker is by way of " intercept message-modification message-transmission message " pair
The agreement is attacked.The person of casting the first stone intercepts and captures the first message vector a and second message vector m=that reader is sent to label
f(TS, c), then attacker can be to first message vector a and second message vector m=f (TS, c) modify to pass through mark
The certification of label.According to the analysis of active attack part, attacker has no idea to change second message vector m=f (TS,c).At this
In the case of kind, attacker is only possible to modify to message (a, r, z, y), but any in attacker's modification (a, r, z, y)
One message, is all without by reader authentication, reason:First message vector a and the 3rd message vector b carry out common choice
Sub-key (T used in this communicationS)↓(a||b), according to operation a | | b, as long as have modified first message vector a or the 3rd message
Vectorial b, then communication key necessarily changes.Further, according to the property of strong common hash function, the second random vector z
Also cannot change.Therefore attacker has no idea to obtain desired information, man-in-the-middle attack failure by changing message.
103rd, after reader receives (r, the z, y) of label transmission, judge whether the first random vector r is equal to 0, if waiting
In 0, then the execution of termination protocol, if not equal to 0, according to the second random vector z and hides vector y, is calculated the 5th and disappears
Breath vectorWherein, g is strong common hash function;
It should be noted that reader receive label transmission (r, z, y) after, judge the first random vector r whether etc.
In 0, if equal to 0, certification of the label not over reader is represented, the execution of termination protocol, if not equal to 0, according to the
Two random vector z and hiding vector y, are calculated the 5th message vectorWherein, g is strong uri hash
Function.
104th, label gets reader according to first message vector a, cipher key Ts, the first random vector r and the 5th message
The authentication result that vectorial b' is obtained, wherein, authentication result is correct for authentication error or certification.
It should be noted that label gets reader according to first message vector a, cipher key Ts, the first random vector r and
5th message vector b', reader judgeAfter whether setting up, obtained authentication result, wherein
Authentication result is correct for authentication error or certification, and wherein τ=1/4+ η/2, η are the parameter of bernoulli distribution.
Symbol description in the embodiment of the present invention includes:
Z and R represents integer set and real number set, a, b ∈ R, [a, b]={ x ∈ R respectively:A < x < b };
Z2Representing finite field, computing thereon is the addition and multiplication of mould 2,Represent Z2On k dimensional linears space;
Represent fromMiddle basis is uniformly distributed binary vector r, wt (r) the representation vector r of sampling out
Hamming weight;
rTThe transposition of representation vector r;
Assuming thatT↓vThe submatrix of representing matrix T, its operation are:If in v [i]=0, puncture table T
The i-th row;
Ber (η) represents that the bernoulli that parameter is η is distributed (η ∈ [0,1/2]), i.e. Pr [x ← Ber (η):X=1]=η;Represent to tie up bit vectors from the n that bernoulli distribution samples out;
If a, b represent vector, then a | | b represents connection (such as a=(0,1,0,1), b=of this 2 vectors by bit
(1,1,0,0), then a | | b=(0,1,0,1,1,1,0,0)).
The bidirectional identification protocol process of the embodiment of the present invention is as follows:
τ=1/4+ η/2, η are the parameter of bernoulli distribution.
In the embodiment of the present invention, communicated by two-wheeled, transmit five message vectors, using strong common hash function f with referring to
Pin value realizes certification of the label to reader, and the 3rd message vector b is hidden using strong common hash function g, realizes
The safe transmission of 3rd message vector b, resists man-in-the-middle attack, and man-in-the-middle attack can not be resisted by solving current Auth agreements, and
LPNAP agreements are not carried out the technical problem of two-way authentication.
Above is a kind of one embodiment of RFID bidirectional identification protocols method provided in an embodiment of the present invention is carried out
Illustrate, a kind of one embodiment of RFID bidirectional identification protocols device provided in an embodiment of the present invention will be illustrated below.
Referring to Fig. 1, the present invention provides a kind of one embodiment of RFID bidirectional identification protocols device, including:
First receiving unit 201, the first message vector a and second message vector of reader transmission are received for label
M=f (TS, c), m'=f (T are being calculatedS, c-1) and judge that first message vector a meets wt (a)=l/2 and m=f (TS,
C) with m'=f (TS, c-1) it is equal after, generate the 3rd message vector b, the first random vector r and obey the of bernoulli distribution
Four message vector e, wherein, f is strong common hash function, cipher key TsIt is Toeplitz matrixes T with non-uniform probability and (2l+n-1)
The vectorial s of bit is associated, and l is preset parameter, and n is the multinomial on l, and c is a preset constant;
First computing unit 202, for label according to the 3rd message vector b, the first random vector r and obedience bernoulli
4th message vector e of distribution carries out that the second random vector is calculatedFurther according to second at random to
Amount z, which is calculated, hides vector(r, z, y) is simultaneously sent to reader by final synthesis (r, z, y);
Second computing unit 203, after (r, z, y) that label transmission is received for reader, judges the first random vector r
Whether 0 is equal to, if equal to 0, the execution of termination protocol, if not equal to 0, according to the second random vector z and hides vector y,
The 5th message vector is calculatedWherein, g is strong common hash function;
Authentication unit 204, reader is got according to first message vector a, cipher key T for labels, the first random vector
The authentication result that r and the 5th message vector b' are obtained, wherein, authentication result is correct for authentication error or certification.
In the present embodiment, a kind of RFID bidirectional identification protocols device provided in an embodiment of the present invention further includes:
Generation unit 200, generates first message vector a for reader, meetsThe Chinese of first message vector a
Bright overlapping wt (a)=l/2, and calculate second message vector m=f (TS, c), by first message vector a and second message vector m
=f (TS, c) and label is sent to, wherein, f is strong common hash function, cipher key TsFor Toeplitz matrixes T with non-uniform probability and
The vectorial s of (2l+n-1) bit is associated, and c is a preset constant;
Second receiving unit 205, the first message vector a and second message vector of reader transmission are received for label
M=f (TS, c), m'=f (T are being calculatedS, c-1) and judge that first message vector a is unsatisfactory for wt (a)=l/2 and/or m=
f(TS, c) and m'=f (TS, c-1) it is unequal after, then the execution of termination protocol.
Authentication unit is additionally operable to label and gets reader according to first message vector a, cipher key Ts, the first random vector r
With the 5th message vector b', reader judgesAfter whether setting up, obtained authentication result, its
Middle authentication result is correct for authentication error or certification, and wherein τ=1/4+ η/2, η are the parameter of bernoulli distribution.
In the embodiment of the present invention, the 3rd message vectorThe Hamming of 3rd message vector b is overlapping meet wt (b)=
L/2, the first random vector
The embodiment of the present invention has the following advantages:
(1) embodiment of the present invention bases oneself upon Toeplitz-LPN to design, and cipher key matrix selects Toeplitz matrixes, realizes
The low cost storage of label;
(2) agreement in the embodiment of the present invention is communicated using two-wheeled, and whole communication process only transmits 5 vectors, realizes
Communication complexity is linear;
(3) embodiment of the present invention realizes label using strong common hash function f and pointer value c and the quick of reader is recognized
The transmitting of card and message.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, may be referred to the corresponding process in preceding method embodiment, details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method can be with
Realize by another way.For example, device embodiment described above is only schematical, for example, the unit
Division, is only a kind of division of logic function, can there is other dividing mode, such as multiple units or component when actually realizing
Another system can be combined or be desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or
The mutual coupling, direct-coupling or communication connection discussed can be the indirect coupling by some interfaces, device or unit
Close or communicate to connect, can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separate, be shown as unit
The component shown may or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
In network unit.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units integrate in a unit.Above-mentioned integrated list
Member can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If the integrated unit is realized in the form of SFU software functional unit and is used as independent production marketing or use
When, it can be stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially
The part to contribute in other words to the prior art or all or part of the technical solution can be in the form of software products
Embody, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can be personal computer, server, or network equipment etc.) performs the complete of each embodiment the method for the present invention
Portion or part steps.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey
The medium of sequence code.
The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to before
Embodiment is stated the present invention is described in detail, it will be understood by those of ordinary skill in the art that:It still can be to preceding
State the technical solution described in each embodiment to modify, or equivalent substitution is carried out to which part technical characteristic;And these
Modification is replaced, and the essence of appropriate technical solution is departed from the spirit and scope of various embodiments of the present invention technical solution.
Claims (10)
- A kind of 1. RFID bidirectional identification protocols method, it is characterised in that including:S1, label receive the first message vector a and second message vector m=f (T of reader transmissions, c), it is being calculated M '=f (Ts, c-1) and judge that first message vector a meets wt (a)=l/2 and m=f (Ts, c) and m '=f (Ts, c-1) and it is equal Afterwards, the 3rd message vector b, the first random vector r are generated and obeys the 4th message vector e of bernoulli distribution, wherein, f is Strong common hash function, cipher key TsIt is associated for Toeplitz matrixes T with the vectorial s of non-uniform probability and (2l+n-1) bit, l is Preset parameter, n are the multinomial on l, and c is a preset constant;S2, label according to the 3rd message vector b, the first random vector r and obey bernoulli be distributed the 4th message vector e into The second random vector is calculated in rowIt is calculated further according to the second random vector z and hides vector(r, z, y) is simultaneously sent to reader by final synthesis (r, z, y);After S3, reader receive (r, the z, y) of label transmission, judge whether the first random vector r is equal to 0, if equal to 0, The execution of termination protocol, if not equal to 0, according to the second random vector z and hides vector y, the 5th message vector is calculatedWherein, g is strong common hash function;S4, label get reader according to first message vector a, cipher key Ts, the first random vector r and the 5th message vector b ' Obtained authentication result, wherein, authentication result is correct for authentication error or certification.
- 2. RFID bidirectional identification protocols method according to claim 1, it is characterised in that further included before step S1:S0, reader generation first message vector a, meetThe overlapping wt (a) of Hamming=l/2 of first message vector a, And calculate second message vector m=f (Ts, c), by first message vector a and second message vector m=f (Ts, c) and it is sent to mark Label, wherein, f is strong common hash function, cipher key TsIt is Toeplitz matrixes T with non-uniform probability and the vector of (2l+n-1) bit S is associated, and c is a preset constant.
- 3. RFID bidirectional identification protocols method according to claim 1, it is characterised in that further include:Label receives the first message vector a and second message vector m=f (T of reader transmissions, c), be calculated m '= f(Ts, c-1) and judge that first message vector a is unsatisfactory for wt (a)=l/2 and/or m=f (Ts, c) and m '=f (Ts, c-1) not phase Deng after, then the execution of termination protocol.
- 4. RFID bidirectional identification protocols method according to claim 1, it is characterised in that step S4 is specifically included:Label gets reader according to first message vector a, cipher key Ts, the first random vector r and the 5th message vector b ', read Device is read to judgeWhether after setting up, obtained authentication result, wherein authentication result are wrong for certification By mistake or certification is correct, and wherein τ=1/4+ η/2, η are the parameter of bernoulli distribution.
- 5. RFID bidirectional identification protocols method as claimed in any of claims 1 to 4, it is characterised in that the 3rd disappears Breath vectorThe Hamming of 3rd message vector b is overlapping to meet wt (b)=l/2, the first random vector
- A kind of 6. RFID bidirectional identification protocols device, it is characterised in that including:First receiving unit, the first message vector a and second message vector m=f (T of reader transmission are received for labels, C), m '=f (T are being calculateds, c-1) and judge that first message vector a meets wt (a)=l/2 and m=f (Ts, c) and m '=f (Ts, c-1) it is equal after, generation the 3rd message vector b, the first random vector r and obey bernoulli distribution the 4th message to E is measured, wherein, f is strong common hash function, cipher key TsFor Toeplitz matrixes T with non-uniform probability and (2l+n-1) bit to Amount s is associated, and l is preset parameter, and n is the multinomial on l, and c is a preset constant;First computing unit, according to the 3rd message vector b, the first random vector r and obeys what bernoulli was distributed for label 4th message vector e carries out that the second random vector is calculatedCalculated further according to the second random vector z Obtain hiding vector(r, z, y) is simultaneously sent to reader by final synthesis (r, z, y);Second computing unit, for reader receive label transmission (r, z, y) after, judge the first random vector r whether etc. In 0, if equal to 0, the execution of termination protocol, if not equal to 0, according to the second random vector z and hides vector y, calculates To the 5th message vectorWherein, g is strong common hash function;Authentication unit, reader is got according to first message vector a, cipher key T for labels, the first random vector r and the 5th The authentication result that message vector b ' is obtained, wherein, authentication result is correct for authentication error or certification.
- 7. RFID bidirectional identification protocols device according to claim 6, it is characterised in that further include:Generation unit, generates first message vector a for reader, meetsThe Hamming of first message vector a is overlapping Wt (a)=l/2, and calculate second message vector m=f (Ts, c), by first message vector a and second message vector m=f (Ts, C) label is sent to, wherein, f is strong common hash function, cipher key TsIt is Toeplitz matrixes T with non-uniform probability and (2l+n-1) The vectorial s of bit is associated, and c is a preset constant.
- 8. RFID bidirectional identification protocols device according to claim 6, it is characterised in that further include:Second receiving unit, the first message vector a and second message vector m=f (T of reader transmission are received for labels, C), m '=f (T are being calculateds, c-1) and judge that first message vector a is unsatisfactory for wt (a)=l/2 and/or m=f (Ts, c) with M '=f (Ts, c-1) it is unequal after, then the execution of termination protocol.
- 9. RFID bidirectional identification protocols device according to claim 6, it is characterised in that authentication unit is additionally operable to label and obtains Reader is got according to first message vector a, cipher key Ts, the first random vector r and the 5th message vector b ', reader judgesWhether after setting up, obtained authentication result, wherein authentication result is authentication error or certification Correctly, wherein τ=1/4+ η/2, η are the parameter of bernoulli distribution.
- 10. the RFID bidirectional identification protocol devices according to any one in claim 6 to 9, it is characterised in that the 3rd disappears Breath vectorThe Hamming of 3rd message vector b is overlapping to meet wt (b)=l/2, the first random vector
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711105510.5A CN107994992B (en) | 2017-11-10 | 2017-11-10 | RFID bidirectional authentication protocol method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711105510.5A CN107994992B (en) | 2017-11-10 | 2017-11-10 | RFID bidirectional authentication protocol method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107994992A true CN107994992A (en) | 2018-05-04 |
CN107994992B CN107994992B (en) | 2020-11-10 |
Family
ID=62030710
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711105510.5A Active CN107994992B (en) | 2017-11-10 | 2017-11-10 | RFID bidirectional authentication protocol method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107994992B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110011804A (en) * | 2019-03-12 | 2019-07-12 | 南京邮电大学 | A kind of extra lightweight RFID authentication protocol |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101488179A (en) * | 2008-01-18 | 2009-07-22 | 华为技术有限公司 | Authentication method and apparatus for wireless radio frequency recognition system |
US20100161999A1 (en) * | 2008-12-19 | 2010-06-24 | University Of Washington | Scalable RFID systems: a privacy preserving protocol with constant-time identification |
CN102739402A (en) * | 2012-06-06 | 2012-10-17 | 天津大学 | Strong safety certification method based on HB+ in RFID (Radio Frequency Identification Devices) system |
CN103560881A (en) * | 2013-10-16 | 2014-02-05 | 南京邮电大学 | Radio frequency identification system safety certification and key agreement method |
-
2017
- 2017-11-10 CN CN201711105510.5A patent/CN107994992B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101488179A (en) * | 2008-01-18 | 2009-07-22 | 华为技术有限公司 | Authentication method and apparatus for wireless radio frequency recognition system |
US20100161999A1 (en) * | 2008-12-19 | 2010-06-24 | University Of Washington | Scalable RFID systems: a privacy preserving protocol with constant-time identification |
CN102739402A (en) * | 2012-06-06 | 2012-10-17 | 天津大学 | Strong safety certification method based on HB+ in RFID (Radio Frequency Identification Devices) system |
CN103560881A (en) * | 2013-10-16 | 2014-02-05 | 南京邮电大学 | Radio frequency identification system safety certification and key agreement method |
Non-Patent Citations (1)
Title |
---|
姜晓,马昌社: "基于LPN抗中间人攻击的两轮认证协议", 《华南师范大学学报(自然科学版)》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110011804A (en) * | 2019-03-12 | 2019-07-12 | 南京邮电大学 | A kind of extra lightweight RFID authentication protocol |
CN110011804B (en) * | 2019-03-12 | 2022-03-04 | 南京邮电大学 | Ultra-lightweight RFID communication authentication method |
Also Published As
Publication number | Publication date |
---|---|
CN107994992B (en) | 2020-11-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Lee et al. | A lightweight authentication protocol for internet of things | |
Lee et al. | Low-cost untraceable authentication protocols for RFID | |
CN102224705B (en) | Non-networked rfid-puf authentication | |
Prada-Delgado et al. | PUF-derived IoT identities in a zero-knowledge protocol for blockchain | |
Sun et al. | A hash-based RFID security protocol for strong privacy protection | |
Zhuang et al. | A new ultralightweight RFID protocol for low-cost tags: R 2 AP | |
CN107438230A (en) | Safe wireless ranging | |
Niu et al. | EPC Gen2v2 RFID standard authentication and ownership management protocol | |
CN106845304A (en) | A kind of method and system for realizing reader and smart-tag authentication in rfid system | |
Lee et al. | Security enhancement on an RFID ownership transfer protocol based on cloud | |
CN110147666A (en) | Lightweight NFC identity identifying method, Internet of Things communications platform under scenes of internet of things | |
CN103532718A (en) | Authentication method and authentication system | |
CN106792686B (en) | RFID bidirectional authentication method | |
CN106576047A (en) | Protecting against malicious modification in cryptographic operations | |
CN103152181B (en) | A kind of RFID data encryption method | |
CN106100823A (en) | Protection encryption apparatus | |
Xiao et al. | Security Protocol for RFID System Conforming to EPC-C1G2 Standard. | |
Alavi et al. | Security and privacy flaws in a recent authentication protocol for EPC C1 G2 RFID tags | |
CN107994992A (en) | A kind of RFID bidirectional identification protocols method and device | |
Xu et al. | Efficient mobile RFID authentication protocol for smart logistics targets tracking | |
Sadighian et al. | Afmap: Anonymous forward-secure mutual authentication protocols for rfid systems | |
Adeli et al. | Mdsbsp: a search protocol based on mds codes for rfid-based internet of vehicle | |
Habibi et al. | Attacks on recent RFID authentication protocols | |
Yoon et al. | Joint heterogeneous PUF-based security-enhanced IoT authentication | |
Baghery et al. | Enhancing Privacy of Recent Authentication Schemes for Low-Cost RFID Systems. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |