CN107994992A - A kind of RFID bidirectional identification protocols method and device - Google Patents

A kind of RFID bidirectional identification protocols method and device Download PDF

Info

Publication number
CN107994992A
CN107994992A CN201711105510.5A CN201711105510A CN107994992A CN 107994992 A CN107994992 A CN 107994992A CN 201711105510 A CN201711105510 A CN 201711105510A CN 107994992 A CN107994992 A CN 107994992A
Authority
CN
China
Prior art keywords
vector
message
message vector
reader
label
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711105510.5A
Other languages
Chinese (zh)
Other versions
CN107994992B (en
Inventor
姜晓
林国营
党三磊
林佳
赵闻
胡皓鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Electric Power Research Institute of Guangdong Power Grid Co Ltd
Original Assignee
Electric Power Research Institute of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electric Power Research Institute of Guangdong Power Grid Co Ltd filed Critical Electric Power Research Institute of Guangdong Power Grid Co Ltd
Priority to CN201711105510.5A priority Critical patent/CN107994992B/en
Publication of CN107994992A publication Critical patent/CN107994992A/en
Application granted granted Critical
Publication of CN107994992B publication Critical patent/CN107994992B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of RFID bidirectional identification protocols method and device, communicated by two-wheeled, transmit five message vectors, certification of the label to reader is realized using strong common hash function f and pointer value, and the 3rd message vector b is hidden using strong common hash function g, realize the safe transmission of the 3rd message vector b, resist man-in-the-middle attack, man-in-the-middle attack can not be resisted by solving current Auth agreements, and LPNAP agreements are not carried out the technical problem of two-way authentication.

Description

A kind of RFID bidirectional identification protocols method and device
Technical field
The present invention relates to electric power system stability control field, more particularly to a kind of RFID bidirectional identification protocols method and dress Put.
Background technology
In Internet of Things, RFID technique carries substantial amounts of national goods and materials secret information, corporate client relation information and use Family personal information, for the consideration of national security, company interest and privacy of user, it is necessary to carried out to the RFID technique for identifying object Certification is protected, and otherwise will influence the reliability of Internet of Things.Therefore, realize that authentication property is now in the RFID system of low cost The only way of RFID technique development.Numerous cryptologists to the authentication property of RFID protocol study and obtain compared with great achievement Fruit, but most of agreements only pay attention to the safety certification to label at present, and the safety identification to reader is have ignored, so that not Authorised reader through safety certification, can still cause the leakage of label information.
The purpose of RFID two-way authentications is exactly to prevent unauthorized reader from browsing the part or all of information stored in label, And authorize the ability that legal reader distinguishes legitimate tag and illegal label.But the low cost of RFID and security requirement become The difficult point of Authentication protocol design.On the one hand, the calculating of label and program capability are restricted be subject to own cost in RFID system, this One requires to cause label to have very limited amount of computing capability, is only capable of carrying out simple logical operation;On the other hand, RFID The wireless communications environment of system causes RFID protocol to be prone to attack.
Based on LPN come design RFID authentication protocols have the characteristics that it is preferable:One is relatively low computation complexity, the second is Quantum attack can be resisted, can successfully be cracked in polynomial time because there is presently no the effective quantum algorithm of discovery LPN difficult problems.Hopper and Blum proposes the two-wheeled RFID authentication protocols of approved safe based on LPN first:HB agreements, but HB Agreement is only resistant to passive attack;Juels and Weis proposes the HB+ agreements with active safety, but Gilbert, The Robshaw and Sibert successfully GRS attacks to HB+ actualizings;Gilbert et al. proposes Random-HB# agreements, But Ouafi et al. implements the man-in-the-middle attack to Random-HB# agreements;Tang Jing and Ji Dongyao proposes a kind of HB# agreements, And the Security Proof of the anti-man-in-the-middle attack of HB# agreements is given under random oracle model, but Jiang Xiao et al. is found that HB# Security breaches existing for agreement and successful implementation man-in-the-middle attack;Kiltz et al. proposes two-wheeled, anti-active attack first Auth agreements and dexterously give security proving, but Auth agreements can not resist man-in-the-middle attack.The LPNAP agreements of two-wheeled Man-in-the-middle attack can be resisted, but LPNAP agreements are not carried out two-way authentication.
Accordingly, it is desirable to provide during a kind of RFID bidirectional identification protocols method and device can not be resisted with to solve current Auth agreements Between people attack, and LPNAP agreements are not carried out the technical problem of two-way authentication.
The content of the invention
The present invention provides a kind of RFID bidirectional identification protocols method and device, solve during current Auth agreements can not resist Between people attack, and LPNAP agreements are not carried out the technical problem of two-way authentication.
The present invention provides a kind of RFID bidirectional identification protocols method, including:
S1, label receive the first message vector a and second message vector m=f (T of reader transmissionS, c), calculating Obtain m'=f (TS, c-1) and judge that first message vector a meets wt (a)=l/2 and m=f (TS, c) and m'=f (TS,c-1) After equal, the 3rd message vector b of generation, the first random vector r and the 4th message vector e for obeying bernoulli distribution, wherein, F is strong common hash function, cipher key TsIt is associated for Toeplitz matrixes T with the vectorial s of non-uniform probability and (2l+n-1) bit, L is preset parameter, and n is the multinomial on l, and c is a preset constant;
S2, label according to the 3rd message vector b, the first random vector r and obey bernoulli be distributed the 4th message to Amount e carries out that the second random vector is calculatedIt is calculated further according to the second random vector z hiding Vector(r, z, y) is simultaneously sent to reader by final synthesis (r, z, y);
After S3, reader receive (r, the z, y) of label transmission, judge whether the first random vector r is equal to 0, if being equal to 0, then the execution of termination protocol, if not equal to 0, according to the second random vector z and hides vector y, the 5th message is calculated VectorWherein, g is strong common hash function;
S4, label get reader according to first message vector a, cipher key Ts, the first random vector r and the 5th message to The authentication result that amount b' is obtained, wherein, authentication result is correct for authentication error or certification.
Preferably, further included before step S1:
S0, reader generation first message vector a, meetThe overlapping wt (a) of Hamming of first message vector a= L/2, and calculate second message vector m=f (TS, c), by first message vector a and second message vector m=f (TS, c) it is sent to Label, wherein, f is strong common hash function, cipher key TsIt is Toeplitz matrixes T with non-uniform probability and (2l+n-1) bit Vectorial s is associated, and c is a preset constant.
Preferably, a kind of RFID bidirectional identification protocols method provided by the invention further includes:
Label receives the first message vector a and second message vector m=f (T of reader transmissionS, c), calculating To m'=f (TS, c-1) and judge that first message vector a is unsatisfactory for wt (a)=l/2 and/or m=f (TS, c) and m'=f (TS, C-1) after unequal, then the execution of termination protocol.
Preferably, step S4 is specifically included:
Label gets reader according to first message vector a, cipher key Ts, the first random vector r and the 5th message vector B', reader judgeWhether after setting up, obtained authentication result, wherein authentication result is recognize Card mistake or certification are correct, and wherein τ=1/4+ η/2, η are the parameter of bernoulli distribution.
Preferably, the 3rd message vectorThe Hamming of 3rd message vector b is overlapping to meet wt (b)=l/2, One random vector
Present invention also offers a kind of RFID bidirectional identification protocols device, including:
First receiving unit, the first message vector a and second message vector m=of reader transmission are received for label f(TS, c), m'=f (T are being calculatedS, c-1) and judge that first message vector a meets wt (a)=l/2 and m=f (TS,c) With m'=f (TS, c-1) it is equal after, generate the 3rd message vector b, the first random vector r and obey bernoulli distribution the 4th Message vector e, wherein, f is strong common hash function, cipher key TsIt is that Toeplitz matrixes T is compared with non-uniform probability and (2l+n-1) Special vectorial s is associated, and l is preset parameter, and n is the multinomial on l, and c is a preset constant;
First computing unit, according to the 3rd message vector b, the first random vector r and bernoulli point is obeyed for label 4th message vector e of cloth carries out that the second random vector is calculatedFurther according to the second random vector Z, which is calculated, hides vector(r, z, y) is simultaneously sent to reader by final synthesis (r, z, y);
Second computing unit, after (r, z, y) that label transmission is received for reader, judges that the first random vector r is No to be equal to 0, if equal to 0, the execution of termination protocol, if not equal to 0, according to the second random vector z and hides vector y, meter Calculation obtains the 5th message vectorWherein, g is strong common hash function;
Authentication unit, reader is got according to first message vector a, cipher key T for labels, the first random vector r and The authentication result that 5th message vector b' is obtained, wherein, authentication result is correct for authentication error or certification.
Preferably, a kind of RFID bidirectional identification protocols device provided by the invention further includes:
Generation unit, generates first message vector a for reader, meetsThe Hamming of first message vector a Overlapping wt (a)=l/2, and calculate second message vector m=f (TS, c), by first message vector a and second message vector m= f(TS, c) and label is sent to, wherein, f is strong common hash function, cipher key TsIt is Toeplitz matrixes T with non-uniform probability and (2l + n-1) the vectorial s of bit is associated, and c is a preset constant.
Preferably, a kind of RFID bidirectional identification protocols device provided by the invention further includes:
Second receiving unit, the first message vector a and second message vector m=of reader transmission are received for label f(TS, c), m'=f (T are being calculatedS, c-1) and judge that first message vector a is unsatisfactory for wt (a)=l/2 and/or m=f (TS, c) and m'=f (TS, c-1) it is unequal after, then the execution of termination protocol.
Preferably, authentication unit is additionally operable to label and gets reader according to first message vector a, cipher key Ts, first with Machine vector r and the 5th message vector b', reader judgeAfter whether setting up, obtained certification As a result, wherein authentication result is correct for authentication error or certification, wherein τ=1/4+ η/2, η are the parameter of bernoulli distribution.
Preferably, the 3rd message vectorThe Hamming of 3rd message vector b is overlapping to meet wt (b)=l/2, One random vector
From above technical scheme, the present invention has the following advantages:
The present invention provides a kind of RFID bidirectional identification protocols method, including:
S1, label receive the first message vector a and second message vector m=f (T of reader transmissionS, c), calculating Obtain m'=f (TS, c-1) and judge that first message vector a meets wt (a)=l/2 and m=f (TS, c) and m'=f (TS,c-1) After equal, the 3rd message vector b of generation, the first random vector r and the 4th message vector e for obeying bernoulli distribution, wherein, F is strong common hash function, cipher key TsIt is associated for Toeplitz matrixes T with the vectorial s of non-uniform probability and (2l+n-1) bit, L is preset parameter, and n is the multinomial on l, and c is a preset constant;S2, label according to the 3rd message vector b, first with Machine vector r and the 4th message vector e of obedience bernoulli distribution carry out that the second random vector is calculatedIt is calculated further according to the second random vector z and hides vectorFinally synthesize (r, z, Y) and by (r, z, y) it is sent to reader;S3, reader receive label transmission (r, z, y) after, judge first at random to Measure whether r is equal to 0, if equal to 0, the execution of termination protocol, if not equal to 0, according to the second random vector z and hides vector Y, is calculated the 5th message vectorWherein, g is strong common hash function;S4, label, which are got, to be read Device is read according to first message vector a, cipher key Ts, the obtained authentication result of the first random vector r and the 5th message vector b', its In, authentication result is correct for authentication error or certification.
In the present invention, communicated by two-wheeled, transmit five message vectors, it is real using strong common hash function f and pointer value Existing certification of the label to reader, and the 3rd message vector b is hidden using strong common hash function g, realize that the 3rd disappears The safe transmission of vector b is ceased, resists man-in-the-middle attack, man-in-the-middle attack, and LPNAP can not be resisted by solving current Auth agreements Agreement is not carried out the technical problem of two-way authentication.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is attached drawing needed in technology description to be briefly described, it should be apparent that, drawings in the following description are only this The embodiment of invention, for those of ordinary skill in the art, without creative efforts, can also basis The attached drawing of offer obtains other attached drawings.
Fig. 1 is that a kind of structure of one embodiment of the RFID bidirectional identification protocols device provided in the embodiment of the present invention is shown It is intended to;
Embodiment
An embodiment of the present invention provides a kind of RFID bidirectional identification protocols method and device, solves current Auth agreements Man-in-the-middle attack can not be resisted, and LPNAP agreements are not carried out the technical problem of two-way authentication.
Goal of the invention, feature, advantage to enable the present invention is more obvious and understandable, below in conjunction with the present invention Attached drawing in embodiment, is clearly and completely described the technical solution in the embodiment of the present invention, it is clear that disclosed below Embodiment be only part of the embodiment of the present invention, and not all embodiment.Based on the embodiments of the present invention, this area All other embodiment that those of ordinary skill is obtained without making creative work, belongs to protection of the present invention Scope.
A kind of one embodiment of RFID bidirectional identification protocols method provided in an embodiment of the present invention, including:
100th, reader generation first message vector a, meetsThe overlapping wt (a) of Hamming of first message vector a =l/2, and calculate second message vector m=f (TS, c), by first message vector a and second message vector m=f (TS, c) send To label, wherein, f is strong common hash function, cipher key TsIt is Toeplitz matrixes T with non-uniform probability and (2l+n-1) bit Vectorial s be associated, c is a preset constant.
Reader generates first message vector a, meetsThe overlapping wt (a) of Hamming=l/ of first message vector a 2, and calculate second message vector m=f (TS, c), by first message vector a and second message vector m=f (TS, c) and it is sent to mark Label, wherein, the overlapping wt (a) of Hamming=l/2 of first message vector a be in order to subsequently in the transmitting procedure of reader whether It there is a problem and judged and set.
101st, label receives the first message vector a and second message vector m=f (T of reader transmissionS, c), counting Calculation obtains m'=f (TS, c-1) and judge that first message vector a meets wt (a)=l/2 and m=f (TS, c) and m'=f (TS,c- 1) after equal, the 3rd message vector b of generation, the first random vector r and the 4th message vector e for obeying bernoulli distribution, its In, f is strong common hash function, cipher key TsIt is Toeplitz matrixes T with the vectorial s phases of non-uniform probability He (2l+n-1) bit Association, l are preset parameter, and n is the multinomial on l, and c is a preset constant;
It should be noted that label receives the first message vector a and second message vector m=f of reader transmission (TS, c), m'=f (T are being calculatedS, c-1) and judge that first message vector a is unsatisfactory for wt (a)=l/2 and/or m=f (TS, c) and m'=f (TS, c-1) it is unequal after, then the execution of termination protocol.
Certification of the label to reader, during anti-passive attack, transmission are realized using strong common hash function f Second message vector m=f (TS, c) it is different from every time, attacker can not intercept the correct and relevant information of key;
During anti-active attack, according to the one-way of hash function, to any given value m, to find x and meet H (x)=m, this is computationally infeasible.Therefore attacker is not knowing cipher key TsIn the case of pointer value c, one is chosen A numerical value is equal to m=f (TS, c) and it is infeasible, attacker also can not just cannot get any of label by the certification of label Response message.
102nd, label according to the 3rd message vector b, the first random vector r and obey bernoulli be distributed the 4th message to Amount e carries out that the second random vector is calculatedIt is calculated further according to the second random vector z hiding Vector(r, z, y) is simultaneously sent to reader by final synthesis (r, z, y);
It should be noted that label is according to the 3rd message vector b, the first random vector r and obeys what bernoulli was distributed 4th message vector e carries out that the second random vector is calculatedSo that first message vector a and Three message vector b participate in the transmission of message jointly, realize the randomization of communication key, are calculated further according to the second random vector z To hiding vector3rd message vector b is hidden, it is final to synthesize (r, z, y) and (r, z, y) is sent to reading Device.
During anti-man-in-the-middle attack, attacker is by way of " intercept message-modification message-transmission message " pair The agreement is attacked.The person of casting the first stone intercepts and captures the first message vector a and second message vector m=that reader is sent to label f(TS, c), then attacker can be to first message vector a and second message vector m=f (TS, c) modify to pass through mark The certification of label.According to the analysis of active attack part, attacker has no idea to change second message vector m=f (TS,c).At this In the case of kind, attacker is only possible to modify to message (a, r, z, y), but any in attacker's modification (a, r, z, y) One message, is all without by reader authentication, reason:First message vector a and the 3rd message vector b carry out common choice Sub-key (T used in this communicationS)↓(a||b), according to operation a | | b, as long as have modified first message vector a or the 3rd message Vectorial b, then communication key necessarily changes.Further, according to the property of strong common hash function, the second random vector z Also cannot change.Therefore attacker has no idea to obtain desired information, man-in-the-middle attack failure by changing message.
103rd, after reader receives (r, the z, y) of label transmission, judge whether the first random vector r is equal to 0, if waiting In 0, then the execution of termination protocol, if not equal to 0, according to the second random vector z and hides vector y, is calculated the 5th and disappears Breath vectorWherein, g is strong common hash function;
It should be noted that reader receive label transmission (r, z, y) after, judge the first random vector r whether etc. In 0, if equal to 0, certification of the label not over reader is represented, the execution of termination protocol, if not equal to 0, according to the Two random vector z and hiding vector y, are calculated the 5th message vectorWherein, g is strong uri hash Function.
104th, label gets reader according to first message vector a, cipher key Ts, the first random vector r and the 5th message The authentication result that vectorial b' is obtained, wherein, authentication result is correct for authentication error or certification.
It should be noted that label gets reader according to first message vector a, cipher key Ts, the first random vector r and 5th message vector b', reader judgeAfter whether setting up, obtained authentication result, wherein Authentication result is correct for authentication error or certification, and wherein τ=1/4+ η/2, η are the parameter of bernoulli distribution.
Symbol description in the embodiment of the present invention includes:
Z and R represents integer set and real number set, a, b ∈ R, [a, b]={ x ∈ R respectively:A < x < b };
Z2Representing finite field, computing thereon is the addition and multiplication of mould 2,Represent Z2On k dimensional linears space;
Represent fromMiddle basis is uniformly distributed binary vector r, wt (r) the representation vector r of sampling out Hamming weight;
rTThe transposition of representation vector r;
Assuming thatT↓vThe submatrix of representing matrix T, its operation are:If in v [i]=0, puncture table T The i-th row;
Ber (η) represents that the bernoulli that parameter is η is distributed (η ∈ [0,1/2]), i.e. Pr [x ← Ber (η):X=1]=η;Represent to tie up bit vectors from the n that bernoulli distribution samples out;
If a, b represent vector, then a | | b represents connection (such as a=(0,1,0,1), b=of this 2 vectors by bit (1,1,0,0), then a | | b=(0,1,0,1,1,1,0,0)).
The bidirectional identification protocol process of the embodiment of the present invention is as follows:
τ=1/4+ η/2, η are the parameter of bernoulli distribution.
In the embodiment of the present invention, communicated by two-wheeled, transmit five message vectors, using strong common hash function f with referring to Pin value realizes certification of the label to reader, and the 3rd message vector b is hidden using strong common hash function g, realizes The safe transmission of 3rd message vector b, resists man-in-the-middle attack, and man-in-the-middle attack can not be resisted by solving current Auth agreements, and LPNAP agreements are not carried out the technical problem of two-way authentication.
Above is a kind of one embodiment of RFID bidirectional identification protocols method provided in an embodiment of the present invention is carried out Illustrate, a kind of one embodiment of RFID bidirectional identification protocols device provided in an embodiment of the present invention will be illustrated below.
Referring to Fig. 1, the present invention provides a kind of one embodiment of RFID bidirectional identification protocols device, including:
First receiving unit 201, the first message vector a and second message vector of reader transmission are received for label M=f (TS, c), m'=f (T are being calculatedS, c-1) and judge that first message vector a meets wt (a)=l/2 and m=f (TS, C) with m'=f (TS, c-1) it is equal after, generate the 3rd message vector b, the first random vector r and obey the of bernoulli distribution Four message vector e, wherein, f is strong common hash function, cipher key TsIt is Toeplitz matrixes T with non-uniform probability and (2l+n-1) The vectorial s of bit is associated, and l is preset parameter, and n is the multinomial on l, and c is a preset constant;
First computing unit 202, for label according to the 3rd message vector b, the first random vector r and obedience bernoulli 4th message vector e of distribution carries out that the second random vector is calculatedFurther according to second at random to Amount z, which is calculated, hides vector(r, z, y) is simultaneously sent to reader by final synthesis (r, z, y);
Second computing unit 203, after (r, z, y) that label transmission is received for reader, judges the first random vector r Whether 0 is equal to, if equal to 0, the execution of termination protocol, if not equal to 0, according to the second random vector z and hides vector y, The 5th message vector is calculatedWherein, g is strong common hash function;
Authentication unit 204, reader is got according to first message vector a, cipher key T for labels, the first random vector The authentication result that r and the 5th message vector b' are obtained, wherein, authentication result is correct for authentication error or certification.
In the present embodiment, a kind of RFID bidirectional identification protocols device provided in an embodiment of the present invention further includes:
Generation unit 200, generates first message vector a for reader, meetsThe Chinese of first message vector a Bright overlapping wt (a)=l/2, and calculate second message vector m=f (TS, c), by first message vector a and second message vector m =f (TS, c) and label is sent to, wherein, f is strong common hash function, cipher key TsFor Toeplitz matrixes T with non-uniform probability and The vectorial s of (2l+n-1) bit is associated, and c is a preset constant;
Second receiving unit 205, the first message vector a and second message vector of reader transmission are received for label M=f (TS, c), m'=f (T are being calculatedS, c-1) and judge that first message vector a is unsatisfactory for wt (a)=l/2 and/or m= f(TS, c) and m'=f (TS, c-1) it is unequal after, then the execution of termination protocol.
Authentication unit is additionally operable to label and gets reader according to first message vector a, cipher key Ts, the first random vector r With the 5th message vector b', reader judgesAfter whether setting up, obtained authentication result, its Middle authentication result is correct for authentication error or certification, and wherein τ=1/4+ η/2, η are the parameter of bernoulli distribution.
In the embodiment of the present invention, the 3rd message vectorThe Hamming of 3rd message vector b is overlapping meet wt (b)= L/2, the first random vector
The embodiment of the present invention has the following advantages:
(1) embodiment of the present invention bases oneself upon Toeplitz-LPN to design, and cipher key matrix selects Toeplitz matrixes, realizes The low cost storage of label;
(2) agreement in the embodiment of the present invention is communicated using two-wheeled, and whole communication process only transmits 5 vectors, realizes Communication complexity is linear;
(3) embodiment of the present invention realizes label using strong common hash function f and pointer value c and the quick of reader is recognized The transmitting of card and message.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, may be referred to the corresponding process in preceding method embodiment, details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method can be with Realize by another way.For example, device embodiment described above is only schematical, for example, the unit Division, is only a kind of division of logic function, can there is other dividing mode, such as multiple units or component when actually realizing Another system can be combined or be desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or The mutual coupling, direct-coupling or communication connection discussed can be the indirect coupling by some interfaces, device or unit Close or communicate to connect, can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separate, be shown as unit The component shown may or may not be physical location, you can with positioned at a place, or can also be distributed to multiple In network unit.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs 's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units integrate in a unit.Above-mentioned integrated list Member can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If the integrated unit is realized in the form of SFU software functional unit and is used as independent production marketing or use When, it can be stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially The part to contribute in other words to the prior art or all or part of the technical solution can be in the form of software products Embody, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, server, or network equipment etc.) performs the complete of each embodiment the method for the present invention Portion or part steps.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey The medium of sequence code.
The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to before Embodiment is stated the present invention is described in detail, it will be understood by those of ordinary skill in the art that:It still can be to preceding State the technical solution described in each embodiment to modify, or equivalent substitution is carried out to which part technical characteristic;And these Modification is replaced, and the essence of appropriate technical solution is departed from the spirit and scope of various embodiments of the present invention technical solution.

Claims (10)

  1. A kind of 1. RFID bidirectional identification protocols method, it is characterised in that including:
    S1, label receive the first message vector a and second message vector m=f (T of reader transmissions, c), it is being calculated M '=f (Ts, c-1) and judge that first message vector a meets wt (a)=l/2 and m=f (Ts, c) and m '=f (Ts, c-1) and it is equal Afterwards, the 3rd message vector b, the first random vector r are generated and obeys the 4th message vector e of bernoulli distribution, wherein, f is Strong common hash function, cipher key TsIt is associated for Toeplitz matrixes T with the vectorial s of non-uniform probability and (2l+n-1) bit, l is Preset parameter, n are the multinomial on l, and c is a preset constant;
    S2, label according to the 3rd message vector b, the first random vector r and obey bernoulli be distributed the 4th message vector e into The second random vector is calculated in rowIt is calculated further according to the second random vector z and hides vector(r, z, y) is simultaneously sent to reader by final synthesis (r, z, y);
    After S3, reader receive (r, the z, y) of label transmission, judge whether the first random vector r is equal to 0, if equal to 0, The execution of termination protocol, if not equal to 0, according to the second random vector z and hides vector y, the 5th message vector is calculatedWherein, g is strong common hash function;
    S4, label get reader according to first message vector a, cipher key Ts, the first random vector r and the 5th message vector b ' Obtained authentication result, wherein, authentication result is correct for authentication error or certification.
  2. 2. RFID bidirectional identification protocols method according to claim 1, it is characterised in that further included before step S1:
    S0, reader generation first message vector a, meetThe overlapping wt (a) of Hamming=l/2 of first message vector a, And calculate second message vector m=f (Ts, c), by first message vector a and second message vector m=f (Ts, c) and it is sent to mark Label, wherein, f is strong common hash function, cipher key TsIt is Toeplitz matrixes T with non-uniform probability and the vector of (2l+n-1) bit S is associated, and c is a preset constant.
  3. 3. RFID bidirectional identification protocols method according to claim 1, it is characterised in that further include:
    Label receives the first message vector a and second message vector m=f (T of reader transmissions, c), be calculated m '= f(Ts, c-1) and judge that first message vector a is unsatisfactory for wt (a)=l/2 and/or m=f (Ts, c) and m '=f (Ts, c-1) not phase Deng after, then the execution of termination protocol.
  4. 4. RFID bidirectional identification protocols method according to claim 1, it is characterised in that step S4 is specifically included:
    Label gets reader according to first message vector a, cipher key Ts, the first random vector r and the 5th message vector b ', read Device is read to judgeWhether after setting up, obtained authentication result, wherein authentication result are wrong for certification By mistake or certification is correct, and wherein τ=1/4+ η/2, η are the parameter of bernoulli distribution.
  5. 5. RFID bidirectional identification protocols method as claimed in any of claims 1 to 4, it is characterised in that the 3rd disappears Breath vectorThe Hamming of 3rd message vector b is overlapping to meet wt (b)=l/2, the first random vector
  6. A kind of 6. RFID bidirectional identification protocols device, it is characterised in that including:
    First receiving unit, the first message vector a and second message vector m=f (T of reader transmission are received for labels, C), m '=f (T are being calculateds, c-1) and judge that first message vector a meets wt (a)=l/2 and m=f (Ts, c) and m '=f (Ts, c-1) it is equal after, generation the 3rd message vector b, the first random vector r and obey bernoulli distribution the 4th message to E is measured, wherein, f is strong common hash function, cipher key TsFor Toeplitz matrixes T with non-uniform probability and (2l+n-1) bit to Amount s is associated, and l is preset parameter, and n is the multinomial on l, and c is a preset constant;
    First computing unit, according to the 3rd message vector b, the first random vector r and obeys what bernoulli was distributed for label 4th message vector e carries out that the second random vector is calculatedCalculated further according to the second random vector z Obtain hiding vector(r, z, y) is simultaneously sent to reader by final synthesis (r, z, y);
    Second computing unit, for reader receive label transmission (r, z, y) after, judge the first random vector r whether etc. In 0, if equal to 0, the execution of termination protocol, if not equal to 0, according to the second random vector z and hides vector y, calculates To the 5th message vectorWherein, g is strong common hash function;
    Authentication unit, reader is got according to first message vector a, cipher key T for labels, the first random vector r and the 5th The authentication result that message vector b ' is obtained, wherein, authentication result is correct for authentication error or certification.
  7. 7. RFID bidirectional identification protocols device according to claim 6, it is characterised in that further include:
    Generation unit, generates first message vector a for reader, meetsThe Hamming of first message vector a is overlapping Wt (a)=l/2, and calculate second message vector m=f (Ts, c), by first message vector a and second message vector m=f (Ts, C) label is sent to, wherein, f is strong common hash function, cipher key TsIt is Toeplitz matrixes T with non-uniform probability and (2l+n-1) The vectorial s of bit is associated, and c is a preset constant.
  8. 8. RFID bidirectional identification protocols device according to claim 6, it is characterised in that further include:
    Second receiving unit, the first message vector a and second message vector m=f (T of reader transmission are received for labels, C), m '=f (T are being calculateds, c-1) and judge that first message vector a is unsatisfactory for wt (a)=l/2 and/or m=f (Ts, c) with M '=f (Ts, c-1) it is unequal after, then the execution of termination protocol.
  9. 9. RFID bidirectional identification protocols device according to claim 6, it is characterised in that authentication unit is additionally operable to label and obtains Reader is got according to first message vector a, cipher key Ts, the first random vector r and the 5th message vector b ', reader judgesWhether after setting up, obtained authentication result, wherein authentication result is authentication error or certification Correctly, wherein τ=1/4+ η/2, η are the parameter of bernoulli distribution.
  10. 10. the RFID bidirectional identification protocol devices according to any one in claim 6 to 9, it is characterised in that the 3rd disappears Breath vectorThe Hamming of 3rd message vector b is overlapping to meet wt (b)=l/2, the first random vector
CN201711105510.5A 2017-11-10 2017-11-10 RFID bidirectional authentication protocol method and device Active CN107994992B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711105510.5A CN107994992B (en) 2017-11-10 2017-11-10 RFID bidirectional authentication protocol method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711105510.5A CN107994992B (en) 2017-11-10 2017-11-10 RFID bidirectional authentication protocol method and device

Publications (2)

Publication Number Publication Date
CN107994992A true CN107994992A (en) 2018-05-04
CN107994992B CN107994992B (en) 2020-11-10

Family

ID=62030710

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711105510.5A Active CN107994992B (en) 2017-11-10 2017-11-10 RFID bidirectional authentication protocol method and device

Country Status (1)

Country Link
CN (1) CN107994992B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110011804A (en) * 2019-03-12 2019-07-12 南京邮电大学 A kind of extra lightweight RFID authentication protocol

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488179A (en) * 2008-01-18 2009-07-22 华为技术有限公司 Authentication method and apparatus for wireless radio frequency recognition system
US20100161999A1 (en) * 2008-12-19 2010-06-24 University Of Washington Scalable RFID systems: a privacy preserving protocol with constant-time identification
CN102739402A (en) * 2012-06-06 2012-10-17 天津大学 Strong safety certification method based on HB+ in RFID (Radio Frequency Identification Devices) system
CN103560881A (en) * 2013-10-16 2014-02-05 南京邮电大学 Radio frequency identification system safety certification and key agreement method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488179A (en) * 2008-01-18 2009-07-22 华为技术有限公司 Authentication method and apparatus for wireless radio frequency recognition system
US20100161999A1 (en) * 2008-12-19 2010-06-24 University Of Washington Scalable RFID systems: a privacy preserving protocol with constant-time identification
CN102739402A (en) * 2012-06-06 2012-10-17 天津大学 Strong safety certification method based on HB+ in RFID (Radio Frequency Identification Devices) system
CN103560881A (en) * 2013-10-16 2014-02-05 南京邮电大学 Radio frequency identification system safety certification and key agreement method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
姜晓,马昌社: "基于LPN抗中间人攻击的两轮认证协议", 《华南师范大学学报(自然科学版)》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110011804A (en) * 2019-03-12 2019-07-12 南京邮电大学 A kind of extra lightweight RFID authentication protocol
CN110011804B (en) * 2019-03-12 2022-03-04 南京邮电大学 Ultra-lightweight RFID communication authentication method

Also Published As

Publication number Publication date
CN107994992B (en) 2020-11-10

Similar Documents

Publication Publication Date Title
Lee et al. A lightweight authentication protocol for internet of things
Lee et al. Low-cost untraceable authentication protocols for RFID
CN102224705B (en) Non-networked rfid-puf authentication
Prada-Delgado et al. PUF-derived IoT identities in a zero-knowledge protocol for blockchain
Sun et al. A hash-based RFID security protocol for strong privacy protection
Zhuang et al. A new ultralightweight RFID protocol for low-cost tags: R 2 AP
CN107438230A (en) Safe wireless ranging
Niu et al. EPC Gen2v2 RFID standard authentication and ownership management protocol
CN106845304A (en) A kind of method and system for realizing reader and smart-tag authentication in rfid system
Lee et al. Security enhancement on an RFID ownership transfer protocol based on cloud
CN110147666A (en) Lightweight NFC identity identifying method, Internet of Things communications platform under scenes of internet of things
CN103532718A (en) Authentication method and authentication system
CN106792686B (en) RFID bidirectional authentication method
CN106576047A (en) Protecting against malicious modification in cryptographic operations
CN103152181B (en) A kind of RFID data encryption method
CN106100823A (en) Protection encryption apparatus
Xiao et al. Security Protocol for RFID System Conforming to EPC-C1G2 Standard.
Alavi et al. Security and privacy flaws in a recent authentication protocol for EPC C1 G2 RFID tags
CN107994992A (en) A kind of RFID bidirectional identification protocols method and device
Xu et al. Efficient mobile RFID authentication protocol for smart logistics targets tracking
Sadighian et al. Afmap: Anonymous forward-secure mutual authentication protocols for rfid systems
Adeli et al. Mdsbsp: a search protocol based on mds codes for rfid-based internet of vehicle
Habibi et al. Attacks on recent RFID authentication protocols
Yoon et al. Joint heterogeneous PUF-based security-enhanced IoT authentication
Baghery et al. Enhancing Privacy of Recent Authentication Schemes for Low-Cost RFID Systems.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant