CN108304902B - Ultra-lightweight mobile RFID system bidirectional authentication method - Google Patents

Ultra-lightweight mobile RFID system bidirectional authentication method Download PDF

Info

Publication number
CN108304902B
CN108304902B CN201810106125.0A CN201810106125A CN108304902B CN 108304902 B CN108304902 B CN 108304902B CN 201810106125 A CN201810106125 A CN 201810106125A CN 108304902 B CN108304902 B CN 108304902B
Authority
CN
China
Prior art keywords
random number
database
tag
reader
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810106125.0A
Other languages
Chinese (zh)
Other versions
CN108304902A (en
Inventor
方建平
彭勃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201810106125.0A priority Critical patent/CN108304902B/en
Publication of CN108304902A publication Critical patent/CN108304902A/en
Application granted granted Critical
Publication of CN108304902B publication Critical patent/CN108304902B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/23Updating
    • G06F16/2365Ensuring data consistency and integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • G06K17/0022Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
    • G06K17/0029Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device the arrangement being specially adapted for wireless interrogation of grouped or bundled articles tagged with wireless record carriers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/004Arrangements for detecting or preventing errors in the information received by using forward error control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Abstract

The invention relates to the technical field of communication, in particular to a security authentication problem among a label, a reader and a back-end database in a mobile RFID system. The method comprises the following implementation steps: (1) the reader sends request information to the tag; (2) the reader sends the tag response request information and the self information to a database; (3) the database authenticates the reader and the tag; (4) a reader authentication database; (5) a tag authentication database. The protocol adopts a cyclic check function and simple XOR and cascade operation to encrypt the message to be transmitted, realizes the anonymity of the label and the bidirectional authentication of the system, and simultaneously effectively reduces the calculated amount of the database and the label. The label random number is generated by a back-end database random number generation mechanism and then forwarded to the label or self-updated by a cyclic check function, so that the hardware cost of the label is reduced. The invention utilizes dynamic ID and cyclic check function mechanism to make the system resist various attacks.

Description

Ultra-lightweight mobile RFID system bidirectional authentication method
Technical Field
The invention relates to the technical field of communication, in particular to a security authentication problem among a label, a reader and a back-end database in a mobile RFID system.
Background
Radio Frequency Identification (RFID) technology is a contactless automatic Identification technology. A complete set of RFID system is composed of reader, electronic tag and server. The basic working principle of the RFID technology is: after the tag enters a magnetic field, a radio frequency signal sent by the reader is received, product information (a passive tag or a passive tag) stored in the chip is sent out by means of energy obtained by induced current, or a signal with a certain frequency (an active tag or an active tag) is actively sent out by the tag, and the reader reads the information and decodes the information and sends the information to the server for related data processing. Compared with the traditional identification technology, the RFID is a flexible application technology which is easy to control, simple and practical and particularly suitable for automatic control, can freely work in various severe environments, short-distance radio frequency products are not afraid of severe environments such as oil stain and dust pollution, and can replace bar codes; the long-distance radio frequency product is mostly used in traffic, and the identification distance can reach dozens of meters.
Traditionally, the reader and the background database are connected by a twisted pair (wired) cable, and the communication between the two is generally regarded as safe. With the close combination of wireless communication and the internet of things, application services such as mobile electronic commerce and mobile payment are rapidly developed, and the mobile RFID system is widely concerned. The basic principle of the mobile RFID technology is the same as that of the conventional RFID technology, and the object is automatically identified and related data information is acquired through radio frequency signals without physical contact. In the mobile RFID system, the reader is mobile, and the reader is wirelessly connected to the back-end server. The communication between the reader-writer, the tag and the back-end server is generally regarded as unsafe, and is easy to be attacked maliciously, so that the privacy information of the user is revealed. Mobile RFID systems therefore have greater security and privacy concerns and are more challenging. To achieve integrity, privacy, and available functionality between RFID systems communicating information, the industry has proposed a number of solutions, which fall broadly into two categories: one is a physical solution, such as kill tags, faraday cages and deterrent tags; one is to apply Hash function encryption mechanism, such as randomized Hash-Lock, Hash chain protocol, LCAP protocol. The physical method has the defects of short service life, low efficiency, non-reusability and the like, and is widely used due to the unidirectional property and confidentiality of the Hash function based on a Hash function encryption mechanism. However, the existing security protocols cannot fully satisfy the security requirements of the mobile RFID system. Meanwhile, due to the fact that the computing capacity and the storage capacity of the tag are limited, complex operation and mass data storage cannot be conducted on the tag, and the cost of the tag is increased while the protocol security is guaranteed.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a bidirectional authentication method for an ultra-lightweight mobile RFID system. The method realizes mutual authentication among the tag, the reader and the back-end database, reduces the calculation amount in the authentication process, reduces the hardware cost of the tag, dynamically updates the tag pseudonym in the communication process, hides the real ID of the tag and prevents the tag from being tracked; through security analysis, the protocol realizes the anonymity of the label, and can effectively resist the capabilities of tracking attack, impersonation attack, replay attack, desynchronization attack, man-in-the-middle attack, brute force attack, forward and backward security and the like.
The technical idea of the invention is as follows: the reader firstly initiates a request to the label to obtain the encrypted information of the label with the identification, and then the encrypted information is sent to the database by combining the identification of the reader. The database authenticates the reader and the tag according to the obtained information, updates the tag identification after the authentication is successful, then sends the encrypted information to the tag and the reader, authenticates the back-end database, and updates the tag after the authentication is successful.
According to the technical idea, the technical scheme adopted for achieving the purpose is as follows:
an initialization stage: the back-end database stores the related Information (ID) of the labelTIDS, KT) and reader-related Information (ID)RKR) reader stores self Information (ID)RKR), the tag stores self-Information (ID)TKT, IDS, flag and t), the tag stores the random number t in the initialization stage, and stores a flag bit flag of 1 to indicate that the random number is legally updated (flag of 0 to indicate that the random number is not legally updated), and the random number t used by the tag in the authentication process is generated by a random number generation mechanism in a back-end database and then is sent to the tag.
And (3) a bidirectional authentication stage:
1) the reader generates a random number r, then issues a Query request to the tag, and transmits the random number to the tag.
2) After receiving a request initiated by a reader, a tag firstly judges the value of a flag bit flag of a random number to judge whether the random number is legally updated. If the flag is 1, which indicates that the last random number is successfully updated, t is used as a normal random number and the flag is set to 0; if the flag is 0, it indicates that the previous authentication is abnormal, at this time, the CRC () algorithm in the tag is used to update the random number, i.e. t is CRC (a), where a is IDS | | t | | r and is used as the random number of this time, and after the update of the random number is completed, the flag is still set to 0. Then, M1 ═ CRC (a ≦ KT ≦ r ≦ t) is calculated, and a message (M1, t) is sent to the reader.
3) When the reader receives the message, it first calculates M2 ═ CRC (ID)RKR ≦ r ≦ t), and then send the message (M1, M2, t, r) to the back-end database.
4) After receiving the message from the reader, the back-end database first verifies the validity of the reader identity and searches for the (ID) in the databaseRKR) and calculates M2' CRC (ID) by combining the received random numbers t and rR≧ KR ≦ r ≦ t), if M2 ≦ M2', it indicates that the reader identity is legal, that is, the database successfully authenticates the reader; if not, the reader identity is not legal, and the authentication is stopped. The validity of the tag identity is then determined and looked for in a database (IDS)new,KTnew) Calculate M1' ═ CRC ((IDS)new||t||r)⊕KTnew≧ r ≦ t), if M1 ≦ M1', the tag identity is legal, and the database successfully authenticates the tag. The database then generates a random number t' using its own random number generation mechanism, and then computes M3, M4, and B, where M3 is CRC (ID)R||(KR⊕r)||t),M4=CRC(IDSnew||(KTnew⊕t)||r),B=IDSnew⊕IDT≧ t', a message (M3, M4, B) is then sent to the reader while updating the data IDS in the databaseold= IDSnew,IDSnew=CRC(IDT||(IDSnewKT) and KTold=KTnew,KTnew=CRC((IDT⊕ KTnew) (ii) a If not, then look for (IDS) in the databaseold,KTold) Calculate M1 ″ -CRC ((IDS)old||t|| r)⊕KTold^ r ^ t), if M1 ^ M1 ", it is said that the label identity is legal, the database generates random number t' by self random number generation mechanism,calculate M3, M4 and B, where M3 ═ CRC (ID)R||(KR⊕r)|| t),M4=CRC(IDSold||(KTold⊕t)||r),B=IDSold⊕IDT≧ t', a message (M3, M4, B) is then sent to the reader while updating the data IDS in the databaseold=IDSold,IDSnew=CRC(IDT|| (IDSoldKT) and KTold=KTold,KTnew=CRC((IDT⊕KTold) (ii) a If not, the label identity is not legal, and the authentication is stopped.
5) After receiving the message sent by the back-end database, the reader stores the (ID) according to the selfRKR) and the self-generated random number r and the random number t of the received tag to calculate M3' ═ CRC (ID)RIf M3' is M3, the authentication of the database is successful, the back-end database is legal, and then the received message (M4, B) is sent to the tag; and if not, stopping authentication.
6) After receiving the message, the tag calculates M4 ═ CRC (IDS | | (KT |) | r) according to self storage (IDS, KT) and self random number t and received random number r, if M4 ═ M4, the tag successfully authenticates the backend database, the database is legal, and then the random number t ═ IDS | |, ID is calculatedTB, setting a flag position flag to be 1, and using the newly generated random number t for next bidirectional identity authentication to update data: IDS-CRC (ID)T| (| IDS |) KT) and KT | (ID ═ CRC | (ID |)TKT) and if not equal, the authentication is not successful.
The symbols appearing in the above-described security protocol are defined as follows:
Figure BDA0001567810730000041
the security authentication protocol of the invention has the following beneficial effects:
1. the 16bits cyclic check function adopted by the protocol is less than the number of gate circuits required by the pseudo-random function, the hardware cost of the label can be effectively reduced, meanwhile, a random number generation mechanism is not arranged in the label, the random number is generated by the random number generation mechanism in the back-end database and forwarded to the label, or the cyclic check function is utilized for self-updating, so that the calculation amount of the label end is reduced, and the operation speed is improved.
2. The tag pseudonym is dynamically updated in the communication process, the real ID of the tag is hidden, and the tag is prevented from being tracked; through security analysis, the protocol realizes the anonymity of the label, and can effectively resist tracking attack, impersonation attack, replay attack, desynchronization attack, man-in-the-middle attack, brute force attack, forward and backward security and the like.
1) Data reliability
The communication information in the protocol is encrypted by using the random number and the cyclic check, so that the communication information is not repeated every time, and a third party cannot cheat authentication in a tampering or replaying mode, thereby ensuring the reliability of data.
2) Tag anonymity and untraceability
An attacker can only obtain internal information about the tag by eavesdropping on the transmitted information, and the communication process does not involve the tag identity IDTThe tag pseudonym IDS and the key KT in the information contained in the tag are encrypted through a cyclic check function, and data updating is carried out in each authentication, so that any information about the identity of the tag cannot be obtained, and the tag meets anonymity; in the authentication process, the encrypted information transmitted by the tag each time contains the random number r generated by the reader and the random number t of the tag, so that the information transmitted each time is updated randomly and has no correlation with each other, an attacker cannot presume the position information of the tag according to the transmitted information, and the security of the forward privacy of the tag is ensured.
3) Reader-writer anonymity and untraceability
In a mobile RFID system, the mobility of the reader/writer may cause the privacy of the reader/writer to be revealed during wireless transmission. In the protocol, the reader-writer utilizes a cyclic check function to identify the ID information of the reader-writerRAnd the secret key KR is encrypted, so that the identity of the reader-writer is effectively hidden, and the privacy of the reader-writer is ensured. At the same time, because of the encrypted information packetThe random number r of the attacker and the random number t of the tag are contained, so that the freshness and the independence of transmission messages are ensured, and an attacker cannot position the reader-writer and cannot guess the position privacy of the reader-writer.
4) Resisting impersonation attacks
When an attacker tries to impersonate a reader-writer and sends intercepted information to deceive the label, because the reader can generate a new random number r and a new random number t of the received label every time the reader is authenticated, the message freshness is ensured, and the ID is passedRThe authentication information is generated by encrypting the secret key KR, and an attacker cannot obtain the identity information of the reader-writer, so that the consistent authentication information cannot be calculated, and the authentication cannot be passed; if the attacker impersonates the tag, the authentication information generated each time comprises the random number r sent by the reader, the random number t of the attacker, the tag pseudonym IDS and the tag identity IDTThe key KT is different from the key KT, so that the information intercepted by an attacker cannot pass verification, and therefore counterfeit attacks can be resisted.
5) Resisting replay attacks
When the protocol one-time authentication is finished, the tag and the back-end server can update data, and the random number r of the reader and the random number t of the tag used in each time are different, so that the messages transmitted in each authentication process are different, and the request message and the feedback message are not directly related. Even if an attacker intercepts the previous interaction information and replays the interaction information in the later communication, the interaction information cannot be authenticated by the label and the back-end server.
6) Resisting desynchronization attacks
If the attacker makes the data update between the tag and the backend database asynchronous by truncating the message, the backend server stores the session Information (ID) of the previous roundT,IDSold,KTold) When the session is initiated again, the back-end server can find the corresponding label information in the previous round of session information for authentication, and the random number of the reader and the random number of the label in the message are updated each time, so that the freshness and the difference of the messages are ensured, and an attacker cannot generate the number by cutting off the message and then simulating the reader to send the messageThe database and tag updates are not synchronized, so the protocol can resist desynchronization attacks.
7) Resisting man-in-the-middle attacks
If an attacker cheats authentication by tampering with the messages M1 and M4, the messages M1 or M4 are obtained by encrypting the tag pseudonym IDS and the key KT as well as the random numbers r and t, the attacker needs to obtain the identity information (IDS, KT) of the tag to pass the authentication, and the identity information of the tag is updated every time of communication, so that the attacker cannot obtain correct tag identity information and cannot pass the authentication, and the attack of a man-in-the-middle can be resisted.
8) Resisting brute force attack
When the text protocol runs, an attacker can intercept the message MiAnd the cyclic check code is obtained by a certain means, but the cascade operation and the XOR operation are used to hide the identity information of the tag and the reader-writer, and the dynamic property of the tag identity information (IDS, KT) prevents an attacker from cracking the identity information of the tag, so that the attack of brute force cracking can be resisted.
9) Forward and backward security
Front-to-back security. In each authentication process, the random numbers of the reader and the tag keep the freshness of authentication information, and the information is encrypted by a cyclic check function, so that even if an attacker acquires data of communication at a certain time, historical data sent by the tag or the reader and data to be sent cannot be calculated, and the protocol has forward and backward security.
Drawings
FIG. 1 is a simplified flow chart of a mobile RFID system mutual authentication method;
fig. 2 is a detailed flowchart of the mutual authentication method of the mobile RFID system.
DETAILED DESCRIPTION OF EMBODIMENT (S) OF INVENTION
The technical solution of the present invention will be further explained with reference to the embodiments.
Step 1: the reader generates a random number r, then issues a Query request to the tag, and transmits the random number to the tag.
Step 2: after receiving a request initiated by a reader, a tag firstly judges the value of a flag bit flag of a random number to judge whether the random number is legally updated. If the flag is 1, which indicates that the last random number is successfully updated, t is used as a normal random number and the flag is set to 0; if the flag is 0, it indicates that the previous authentication is abnormal, at this time, the CRC () algorithm in the tag is used to update the random number, i.e. t is CRC (a), where a is IDS | | t | | r and is used as the random number of this time, and after the update of the random number is completed, the flag is still set to 0. Then, M1 ═ CRC (a ≦ KT ≦ r ≦ t) is calculated, and a message (M1, t) is sent to the reader.
And step 3: when the reader receives the message, it first calculates M2 ═ CRC (ID)RKR ≦ r ≦ t), and then send the message (M1, M2, t, r) to the back-end database.
And 4, step 4: after receiving the message from the reader, the back-end database first verifies the validity of the reader identity and searches for the (ID) in the databaseRKR) and calculating in combination with the received random numbers t and r
Figure BDA0001567810730000071
Figure BDA0001567810730000072
If the M2 is M2', the reader identity is legal, namely the database successfully authenticates the reader; if not, the reader identity is not legal, and the authentication is stopped. The validity of the tag identity is then determined and looked for in a database (IDS)new,KTnew) Computing
Figure BDA0001567810730000073
Figure BDA0001567810730000074
If M1 is M1', the tag identity is legal, and the database successfully authenticates the tag. The database then generates random number t' using its own random number generation mechanism, and then calculates M3, M4 and B, where
Figure BDA0001567810730000075
Figure BDA0001567810730000076
Subsequently, messages (M3, M4, B) are sent to the reader, while updating the data IDS in the databaseold= IDSnew
Figure BDA0001567810730000077
And KTold=KTnew
Figure BDA0001567810730000078
Figure BDA0001567810730000079
If not, then look for (IDS) in the databaseold,KTold) Computing
Figure BDA00015678107300000710
Figure BDA00015678107300000711
If M1 ═ M1 ", then the label identity is legal, and the database also generates random number t' by using its own random number generation mechanism, and calculates M3, M4 and B, wherein
Figure BDA00015678107300000712
Figure BDA00015678107300000713
Subsequently, messages (M3, M4, B) are sent to the reader, while updating the data IDS in the databaseold=IDSold
Figure BDA00015678107300000714
Figure BDA00015678107300000715
And
Figure BDA00015678107300000716
if not, the label identity is not legalThen authentication is stopped.
And 5: after receiving the message sent by the back-end database, the reader stores the (ID) according to the selfRKR) and the self-generated random number r and the random number t of the received tag to calculate M3' ═ CRC (ID)RIf M3' is M3, the authentication of the database is successful, the back-end database is legal, and then the received message (M4, B) is sent to the tag; and if not, stopping authentication.
Step 6: after receiving the message, the tag calculates M4 ═ CRC (IDS | | (KT |) | r) according to self storage (IDS, KT) and self random number t and received random number r, if M4 ═ M4, the tag successfully authenticates the backend database, the database is legal, and then the random number t ═ IDS | |, ID is calculatedTB, setting a flag position flag to be 1, and using the newly generated random number t for next bidirectional identity authentication to update data: IDS-CRC (ID)T| (| IDS |) KT) and KT | (ID ═ CRC | (ID |)TKT) and if not equal, the authentication is not successful.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and additions can be made without departing from the principle of the present invention, and these should also be considered as the protection scope of the present invention.

Claims (7)

1. A bidirectional authentication method of an ultra-lightweight mobile RFID system is characterized by comprising the following steps: (1) the reader sends request information to the tag; (2) the reader sends the tag response request information and the self information to a database; (3) the database authenticates the reader and the tag; (4) a reader authentication database; (5) a tag authentication database;
the reader in the step (1) generates a random number r by using a random number generation mechanism thereof, then sends a Query request to the tag, and sends the random number to the tag;
after the tag receives the request initiated by the reader in the step (2), firstly, the value of a flag bit flag of the random number is judged to judge whether the random number is legally updated, when the flag is 1,if the random number is successfully updated last time, t is used as a normal random number and the flag is set to 0; when the flag is 0, the last authentication is abnormal, at the moment, the random number is updated by using a CRC () algorithm in the label, the CRC () is a cyclic check function, namely t is CRC (A), the IDS is a label pseudonym, and | l is cascade operation, wherein A is IDS | t | r, the IDS is used as the random number, after the random number is updated, the flag is still set to be 0, and then the random number is calculated
Figure FDA0002931798040000011
Figure FDA0002931798040000012
The KT tag shares a key with a back-end database
Figure FDA0002931798040000013
For the exclusive-or operation, the calculation is carried out and a message (M1, t) is sent to the reader, and after the reader receives the message, the calculation is carried out firstly
Figure FDA0002931798040000014
The IDRAnd for the identity of the reader, the KR is that the reader shares a secret key with a back-end database, and then sends a message (M1, M2, t, r) to the back-end database.
2. The ultra-lightweight mobile RFID system mutual authentication method according to claim 1, characterized in that: the authentication of the database to the reader and the tag in the step (3) is as follows: after receiving the message from the reader, the back-end database first verifies the validity of the reader identity and searches for the (ID) in the databaseRKR) and calculating in combination with the received random numbers t and r
Figure FDA0002931798040000021
Figure FDA0002931798040000022
If M2 ═ M2' is present, thenThe reader identity is legal, namely the database successfully authenticates the reader; if not, the reader identity is not legal, the authentication is stopped, then the validity of the tag identity is judged, and the tag identity is searched in a database (IDS)new,KTnew) The IDSnewCalculating a pseudonym after the tag is updated and stored in a database, wherein KTnew is a shared key used by the database and the tag in the current authentication, and calculating
Figure FDA0002931798040000023
Figure FDA0002931798040000024
If M1 is M1 ', the identity of the tag is legal, the database successfully authenticates the tag, then the database generates a random number t' by using a random number generation mechanism of the database, and then M3, M4 and B are calculated, wherein M1 is M1
Figure FDA0002931798040000025
Figure FDA0002931798040000026
The IDTFor tag identification, a message (M3, M4, B) is then sent to the reader, while the data IDS in the database is updatedold=IDSnew
Figure FDA0002931798040000027
Figure FDA0002931798040000028
And
Figure FDA0002931798040000029
if not, then look for (IDS) in the databaseold,KTold) The IDSoldFor the original pseudonym of the tag stored in the database, the KToldCalculating the shared secret key used for the last authentication of the database and the label
Figure FDA00029317980400000210
If M1 ═ M1 ", then the label identity is legal, and the database also generates random number t' by using its own random number generation mechanism, and calculates M3, M4 and B, wherein
Figure FDA00029317980400000211
Figure FDA00029317980400000212
Subsequently, messages (M3, M4, B) are sent to the reader, while updating the data IDS in the databaseold=IDSold
Figure FDA00029317980400000213
And KTold=KTold
Figure FDA0002931798040000031
If not, the label identity is not legal, and the authentication is stopped.
3. The ultra-lightweight mobile RFID system mutual authentication method according to claim 2, wherein the step (4) of authenticating the reader to the backend database is as follows: after receiving the message sent by the back-end database, the reader stores the ID according to itselfRKR) and the random number r generated by itself and the random number t of the received tag
Figure FDA0002931798040000032
Figure FDA0002931798040000033
If M3' is M3, the database is successfully authenticated, the backend database is legal, and then the received message (M4, B) is sent to the label; and if not, stopping authentication.
4. An ultra-lightweight according to claim 3The bidirectional authentication method of the mobile RFID system is characterized in that the tag of the step (5) authenticates the back-end database as follows: after receiving the message, the tag calculates the random number r according to the self storage (IDS, KT), the self random number t and the received random number r
Figure FDA0002931798040000034
If M4' is M4, the explanation label is successfully authenticated to the back-end database, the database identity is legal, and then the random number is calculated
Figure FDA0002931798040000035
And meanwhile, setting the flag position flag to be 1, using the newly generated random number t for next bidirectional identity authentication, and updating data:
Figure FDA0002931798040000036
Figure FDA0002931798040000037
and
Figure FDA0002931798040000038
if not, the authentication is unsuccessful.
5. The ultra-lightweight mobile RFID system mutual authentication method according to any one of claims 1 to 4, wherein: the adopted 16-bits cyclic check function and simple cascade and exclusive-or operation ensure the anonymity of the message and the bidirectional authentication of the system.
6. The ultra-lightweight mobile RFID system mutual authentication method according to claim 5, wherein: the back-end database has a random number generation mechanism, the label has no random number generation mechanism, a random number flag bit flag is added in the label to mark whether the random number is updated, if the flag is 1, the last time of the random number update is successful, the random number is generated by the random number generation mechanism of the background database and then is forwarded to the label to be used as a normal random number, and meanwhile, the flag is set to 0; if the flag is 0, it indicates that the previous authentication is abnormal, at this time, the CRC () algorithm in the tag is used to update the random number, i.e. t is CRC (a), where a is IDS | | t | | r and is used as the random number of this time, and after the update of the random number is completed, the flag is still set to 0.
7. The ultra-lightweight mobile RFID system mutual authentication method according to claim 5, wherein: the random number generated by the random number generation mechanism in the database adopts in the process of forwarding to the label
Figure FDA0002931798040000041
In a form that is computationally simple and avoids leakage.
CN201810106125.0A 2018-02-02 2018-02-02 Ultra-lightweight mobile RFID system bidirectional authentication method Active CN108304902B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810106125.0A CN108304902B (en) 2018-02-02 2018-02-02 Ultra-lightweight mobile RFID system bidirectional authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810106125.0A CN108304902B (en) 2018-02-02 2018-02-02 Ultra-lightweight mobile RFID system bidirectional authentication method

Publications (2)

Publication Number Publication Date
CN108304902A CN108304902A (en) 2018-07-20
CN108304902B true CN108304902B (en) 2021-05-04

Family

ID=62864343

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810106125.0A Active CN108304902B (en) 2018-02-02 2018-02-02 Ultra-lightweight mobile RFID system bidirectional authentication method

Country Status (1)

Country Link
CN (1) CN108304902B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110190965B (en) * 2019-05-17 2021-10-26 西安电子科技大学 RFID group label authentication protocol based on hash function
CN110769404B (en) * 2019-09-20 2023-07-14 郑州大学 Bidirectional authentication method of near field communication technology
CN110762007B (en) * 2019-10-31 2021-05-25 上海斯可络压缩机有限公司 Automatic identification system for variable-frequency screw compressor controller
CN111615108B (en) * 2020-04-12 2022-04-01 西安电子科技大学 Radio frequency identification data security authentication method, system, storage medium and terminal
CN111680531B (en) * 2020-05-29 2021-04-27 西安电子科技大学 Bidirectional identity authentication method for ultra-lightweight RFID authentication protocol
CN111709011B (en) * 2020-06-20 2022-08-02 江苏师范大学 Light-weight RFID (radio frequency identification device) bidirectional authentication method based on PUF (physical unclonable function)
CN112084801B (en) * 2020-07-23 2022-04-22 西安电子科技大学 Bidirectional identity authentication method used in low-cost passive RFID system
CN112260837B (en) * 2020-09-30 2023-12-12 中国航天系统科学与工程研究院 RFID (radio frequency identification) security interaction authentication system and method based on SM7 cryptographic algorithm
CN112887286B (en) * 2021-01-15 2021-11-19 西安电子科技大学 Lightweight RFID identity authentication method and system based on cloud server

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090072840A (en) * 2007-12-29 2009-07-02 엘지히다찌 주식회사 Security system of tag data with rfid middleware and method for processing the same
CN101488854A (en) * 2008-01-18 2009-07-22 华为技术有限公司 Wireless RFID system authentication method and apparatus
CN106411505A (en) * 2016-08-31 2017-02-15 广东工业大学 Bidirectional authentication method of mobile radio frequency identification and mobile radio frequency identification system
CN106446663A (en) * 2016-08-30 2017-02-22 德阳市闪通思动科技有限责任公司 Tag reader and database three-way authentication system and method
CN107395354A (en) * 2017-06-02 2017-11-24 广东工业大学 A kind of mobile RFID system authentication method of lightweight

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080094220A1 (en) * 2006-10-19 2008-04-24 Joseph Foley Methods and Systems for Improving RFID Security

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090072840A (en) * 2007-12-29 2009-07-02 엘지히다찌 주식회사 Security system of tag data with rfid middleware and method for processing the same
CN101488854A (en) * 2008-01-18 2009-07-22 华为技术有限公司 Wireless RFID system authentication method and apparatus
CN106446663A (en) * 2016-08-30 2017-02-22 德阳市闪通思动科技有限责任公司 Tag reader and database three-way authentication system and method
CN106411505A (en) * 2016-08-31 2017-02-15 广东工业大学 Bidirectional authentication method of mobile radio frequency identification and mobile radio frequency identification system
CN107395354A (en) * 2017-06-02 2017-11-24 广东工业大学 A kind of mobile RFID system authentication method of lightweight

Also Published As

Publication number Publication date
CN108304902A (en) 2018-07-20

Similar Documents

Publication Publication Date Title
CN108304902B (en) Ultra-lightweight mobile RFID system bidirectional authentication method
CN106712962B (en) Bidirectional authentication method and system for mobile RFID system
Kim et al. The swiss-knife RFID distance bounding protocol
JP6417036B2 (en) Entity authentication method and apparatus based on pre-shared key
CN104184733B (en) A kind of RFID lightweight mutual authentication methods encoded based on CRC
CN110381055B (en) RFID system privacy protection authentication protocol method in medical supply chain
Gao et al. An ultralightweight RFID authentication protocol with CRC and permutation
Chen et al. An ownership transfer scheme using mobile RFIDs
CN104363097B (en) The RFID inter-authentication methods of lightweight on elliptic curve
CN104333539B (en) A kind of RFID safety authentication based on Chebyshev map
KR101284155B1 (en) authentication process using of one time password
CN104883681A (en) Mobile RFID mutual authentication method based on dynamic shared secret key
Liu et al. A Lightweight RFID Authentication Protocol based on Elliptic Curve Cryptography.
CN107276742B (en) RFID system authentication method
CN109766966B (en) RFID tag random number synchronous updating method
CN104980280B (en) A kind of RFID safety authentication based on Cai Shi multi-scroll chaotic sequence
CN107040363B (en) Lightweight RFID ownership transfer method and system based on chaotic encryption
Xiaohong et al. RFID mutual-authentication protocol with synchronous updated-keys based on Hash function
Bilal et al. Ultra-lightweight mutual authentication protocols: Weaknesses and countermeasures
Abyaneh On the privacy of two tag ownership transfer protocols for RFIDs
CN107342864B (en) Three-party verification method and system based on reader-writer, label and database
Munilla et al. Enhanced ownership transfer protocol for RFID in an extended communication model
Wei et al. A lightweight authentication protocol scheme for RFID security
KR100618316B1 (en) Rfid authentication system and its method
CN112260837B (en) RFID (radio frequency identification) security interaction authentication system and method based on SM7 cryptographic algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant