KR101721510B1 - An Authentication Method for Privacy Protection in RFID Systems - Google Patents

An Authentication Method for Privacy Protection in RFID Systems Download PDF

Info

Publication number
KR101721510B1
KR101721510B1 KR1020160151035A KR20160151035A KR101721510B1 KR 101721510 B1 KR101721510 B1 KR 101721510B1 KR 1020160151035 A KR1020160151035 A KR 1020160151035A KR 20160151035 A KR20160151035 A KR 20160151035A KR 101721510 B1 KR101721510 B1 KR 101721510B1
Authority
KR
South Korea
Prior art keywords
tag
reader
dynamic
unique
key
Prior art date
Application number
KR1020160151035A
Other languages
Korean (ko)
Inventor
백이루
김지예
김상철
Original Assignee
에스지에이솔루션즈 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 에스지에이솔루션즈 주식회사 filed Critical 에스지에이솔루션즈 주식회사
Priority to KR1020160151035A priority Critical patent/KR101721510B1/en
Application granted granted Critical
Publication of KR101721510B1 publication Critical patent/KR101721510B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/122Hardware reduction or efficient architectures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

A RFID authentication method for privacy protection, which performs authentication in an RFID authentication system comprising a plurality of tags, at least one reader, and a server, the RFID authentication method comprising the steps of: (a) The server stores a unique ID, a dynamic ID generated from the unique ID, and a first unique key generated using a secret value of the server and a unique ID of the server, and the server stores a unique ID, a dynamic ID, Storing tag information; And (b) the reader generates and broadcasts a query message, receives a response to the query from the tag, authenticates the tag, updates the dynamic ID of the tag if the tag is successfully authenticated, Tag and a step of transmitting to the server.
By using the dynamic ID changed every communication session by the RFID authentication method as described above, it is possible to prevent the privacy invasion due to the exposure of the identification information of the tag and the tracking of the location.

Description

[0001] The present invention relates to an RFID authentication method for privacy protection,

The present invention relates to an RFID authentication method for privacy protection that solves the problem that a reader and a tag use the same key in a mutual authentication method between a tag and a reader and the key is not updated for a long time and is easily exposed to an attacker .

RFID (Radio Frequency Identification) is a sensor-based technology that attaches a tag with a microchip embedded in every object and the reader automatically recognizes and detects information of the object by wireless communication using a certain frequency band [ Non-Patent Documents 1-4]. The application of RFID technology is becoming common in various fields such as defense, medical, distribution, manufacturing, and service industries, and is expected to change our lives more widely in the future [Non-Patent Documents 5-8].

However, in RFID systems, tags and readers communicate with each other by using radio frequencies. Therefore, like other wireless communications, spoofing attacks, replay attacks, denial- of-service attacks (Non-Patent Documents 12 and 13). In addition, because RFID tags are attached and distributed to a large number of objects, the information stored inside them is not safe for physical attack by an attacker [Non-Patent Document 7]. Therefore, RFID systems must apply security technologies to achieve security requirements such as confidentiality and integrity of messages, and availability of services. The authentication protocol is one of the most essential and applicable security technologies [Non-Patent Document 16] Until recently, the mutual authentication technology between the components of the RFID system has been studied extensively [Non-Patent Document 1].

In 2012, Bae proposed a privacy-protected authentication protocol (DAP3-RS) in the RFID system [Non-Patent Documents 5 and 9]. In order to solve the vulnerability of existing protocols such as tag position tracking problem by fixed tag ID transmission, Bae has used random number of reader and tag to encrypt by AES encryption technique and used it for authentication process [5, 9]. However, Oh et al. In 2013 pointed out that Bae's protocol is still vulnerable to tag location attack and is not safe against spoofing attacks such as message retransmission [Non-Patent Document 5]. They proposed a mutual authentication protocol between tag and reader that exploits these vulnerabilities. This protocol exchanges random numbers generated by the reader and tag for mutual authentication. In this process, tags are efficient because they only perform symmetric key encryption / decryption and XOR operations.

However, in the RFID authentication method of Oh et al., All readers and tags store the same encryption / decryption key, and the key can be easily exposed to an attacker since it is a long-term key that is not updated throughout the lifetime of the tag. Moreover, since tags are vulnerable to physical attacks in an RFID system, an attacker can physically detach one of the tags and extract keys stored therein [Non-Patent Document 7].

In the RFID authentication method of Oh et al., Once an attacker finds a key once, he can disguise it as a different tag or reader by tapping the message. In this case, since the identification information of the tag is exposed to the attacker, the position of the tag can still be tracked. These attacks are even more serious, as only one tag is compromised, allowing an attacker to perform on all tags that are within the bounds of eavesdropping.

 R. S. Ahn, E. J. Yoon, K. D. Bu, and I. G. Nam, "Secure and efficient DB security and authentication scheme for RFID system," J. KICS, vol. 36, no. 4C, pp. 197-206, Nov. 2011.  D. H. Jeon, H. M. Kim, H. J. Kwon, and S. J. Kim, "Hash-based Mutual Authentication Protocol for RFID Environment," J. KICS, vol. 35, no. 1B, pp. 42-52, Oct. 2010.  K. Rhee, J. Kwak, S. Kim, and D. Won, "Challenge-response based RFID authentication protocol for distributed database environment," Security in Pervasive Computing, Springer, vol. 3450, pp. 70-84, Boppard, Germany, 2005.  J. K. Park, and Y. T. Shin, "RFID-Based Automatic Inspection System Design and Implementation for Manufacturing and Retail Industry," J. KICS, vol. 39, no. 1C, pp. 97-105, Jan. 2014.  S. Oh, C. Lee, T. Yun, K. Chung, and K. Ahn, "Improved authentication protocol for privacy protection in RFID systems," J. KICS, vol. 38, no. 1, pp. 12-18, Jan. 2013.  E. J. Yoon and K. Yoo, "Patient authentication system for medical information security using RFID," J. KICS, vol. 35, no. 6B, pp. 962-969, Jun. 2010.  "Design of PUF-Based Encryption Processor and Mutual Authentication Protocol for Low-Cost RFID Authentication," J. KICS, vol. W. Che, S. Kim, Y. Kim, K. Ahn, . 39, no. 12B, pp. 831-841, Dec. 2014.  S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels, "Security and privacy aspects of low-cost radio frequency identification systems," Security in Pervasive Computing, Springer, pp. 201-212, Boppard, Germany, 2004.  W. S. Bae, "Design of an authentication protocol for privacy protection in RFID systems," J. Digital Policy and Management, vol. 10, no. 3, pp. 155-160, Apr. 2012.  K. H. Chung, K. Y. Kim, S. J. Oh, J. K. Lee, Y. S. Park, and K. S. Ahn, "A mutual authentication protocol using key change step by step for RFID systems," J. KICS, vol. 35, no. 3B, pp. 462-473, Mar. 2010.  B. Toiruul, K. O. Lee, H. J. Lee, Y. H. Lee, and Y. Y. Park, "Mutual-authentication mechanism for RFID systems," Mobile Ad-hoc and Sensor Networks, Springer, pp. 449-460, Hong Kong, China, Dec. 2006.  A. Juels, "RFID security and privacy: A research survey," IEEE J. Sel. Areas in Commun., Vol. 24, no. 2, pp. 381-394, 2006.  S. E. Sarma, S. A. Weis, and D. W. Engels, "RFID systems and security and privacy implications," Cryptographic Hardware and Embedded Systems-CHES 2002, Springer, pp. 454-469, Redwood Shores, CA, USA, Aug. 2002.  J. Saito, J. C. Ryou, and K. Sakurai, "Enhancing privacy of universal re-encryption scheme for RFID tags," Embedded and Ubiquitous Computing, Springer, pp. 879-890, Aizu-Wakamatsu City, Japan, Aug. 2004.  S. Kim, K. Lee, S. Kim, and D. Won, "Security analysis on anonymous mutual authentication protocol for RFID tag without back-end database and its improvement," World Acad. Sci. Eng. Technol., Vol. 59, pp. 460-464, Nov. 2009.  K. Rhee, J. Kwak, W. S. Yi, C. Park, S. Park, H. Yang, S. Kim, and D. Won, "Efficient RFID authentication protocol for minimizing RFID tag computation," Advances in Hybrid Inf. Technol., Springer, pp. 607-616, Jeju Island, Korea, Nov. 2006.  M. Aigner and M. Feldhofer, "Secure symmetric authentication for RFID tags," Telecommun. Mob. Comput., Graz, Austria, 2005.

An object of the present invention is to solve the above-mentioned problems, and it is an object of the present invention to provide a method and a device for managing privacy, which assigns a unique key to each tag, manages the key in a tag information database of a server, And to provide an RFID authentication method for protection.

It is another object of the present invention to provide an RFID authentication method for privacy protection, which is configured such that even if a network general-purpose key is exposed to an attacker, it can not attack communication of another tag that has not been tampered with.

It is another object of the present invention to provide an RFID authentication method for privacy protection, which uses only encryption / decryption and XOR operations using symmetric key cryptography in consideration of limited hardware resources of a tag.

In order to achieve the above object, the present invention provides an RFID authentication method for privacy protection, which performs authentication in an RFID authentication system including a plurality of tags, at least one reader, and a server, Each tag having a unique ID, a dynamic ID generated from the unique ID, and a first unique key generated using a secret value of the server and a unique ID of the server, Storing a unique ID, a dynamic ID, and tag information of the tag; And (b) the reader generates and broadcasts a query message, receives a response to the query from the tag, and authenticates the tag, and (b) Generating a query message and broadcasting the query message; (b2) receiving the query message, encrypting the query message with its own unique key to generate a response message, and transmitting the response message to the reader together with the dynamic ID; (b3) the reader receives the dynamic ID and the response message of the tag, and transmits the dynamic ID of the tag to the server; (b4) The server searches for a unique ID and tag information corresponding to the dynamic ID of the received tag, generates a second unique key using the searched unique ID and the held secret value, and generates the generated second unique key To the reader; (b5) The reader decrypts the response message with the second inherent key, and performs authentication based on whether the decrypted response sentence is the same as the query sentence. If the authentication is successful, the reader updates the dynamic ID of the tag, Transmitting an updated dynamic ID to the server and the tag; And (b6) the tag receiving the updated dynamic ID and updating its own dynamic ID with the received dynamic ID.

According to another aspect of the present invention, there is provided an RFID authentication method for privacy protection, wherein each tag generates a random number, concatenates its own unique ID with a generated random number, performs a hash operation, .

According to another aspect of the present invention, there is provided an RFID authentication method for privacy protection, wherein the first or second inherent key is generated through a hash operation after concatenating a unique ID of a tag and a secret value of a server.

In the RFID authentication method for privacy protection, the random number is generated in step (b1), and the random number is encrypted with the shared key to generate the query.

In the RFID authentication method for privacy protection according to the present invention, in the step (b2), an XOR operation is performed with a first inherent key before encryption with a first inherent key in a query statement, And in the step (b5), an XOR operation is performed using the second inherent key before comparing the response sentence decrypted with the query, and the calculated query is compared with the response sentence.

According to another aspect of the present invention, there is provided an RFID authentication method for privacy protection, comprising the steps of: transmitting and receiving data through an insecure channel between the reader and a tag; transmitting and receiving data between the server and the reader via a secure channel; .

According to another aspect of the present invention, there is provided an RFID authentication method for privacy protection, comprising the steps of: (b5) if authentication is successful, encrypting a decrypted response message and an updated dynamic ID by using a second unique key, ; And in the step (b6), the tag decrypts the encrypted response message and the updated dynamic ID with the first unique key, authenticates the reader according to whether the decrypted response sentence is the same as the response sent by the tag, And updates its own dynamic ID if it succeeds.

In the RFID authentication method for privacy protection according to the present invention, in the step (b5), a unique ID is concatenated to a dynamic ID of a tag, and a hash operation is performed to update the dynamic ID of the tag .

According to another aspect of the present invention, there is provided an RFID authentication method for privacy protection, comprising the steps of: transmitting and receiving data through an insecure channel between the reader and a tag; transmitting and receiving data between the server and the reader via a secure channel; .

In addition, the present invention relates to a computer-readable recording medium on which a program for performing an RFID authentication method for privacy protection is recorded.

As described above, according to the RFID authentication method for privacy protection according to the present invention, it is possible to provide an improved RFID authentication method by analyzing and eliminating a security vulnerability of a conventional protocol.

In addition, according to the RFID authentication method for privacy protection according to the present invention, the use of the dynamic ID changed every communication session can prevent the privacy infringement due to the exposure of the identification information of the tag and the tracking of the location.

In addition, according to the RFID authentication method for privacy protection according to the present invention, the use of the dynamic ID changed every communication session can prevent the privacy infringement due to the exposure of the identification information of the tag and the tracking of the location.

In addition, according to the RFID authentication method for privacy protection according to the present invention, by using only the encryption / decryption and the XOR operation using the symmetric key cryptography, the computation amount can be reduced in consideration of limited hardware resources of the tag.

BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a diagram showing a configuration of an RFID authentication system for implementing the present invention; Fig.
2 is a table showing a notation for describing the RFID authentication method of the prior art and the present invention;
3 is a flowchart illustrating an RFID authentication method for privacy protection such as Oh in accordance with the related art.
4 is a flowchart illustrating a tag ID extraction process on an RFID authentication method according to the related art.
FIG. 5 is a flowchart illustrating a reader spoof attack process on the RFID authentication method according to the related art.
6 is a flowchart illustrating an RFID authentication method for privacy protection according to an embodiment of the present invention.
7 is a table showing a comparison of safety of the RFID authentication method for privacy protection according to the experiment of the present invention.
FIG. 8 is a table showing comparison of computational complexity of the RFID authentication method for privacy protection according to the experiment of the present invention. FIG.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the drawings.

In the description of the present invention, the same parts are denoted by the same reference numerals, and repetitive description thereof will be omitted.

First, examples of the configuration of the entire system for carrying out the present invention will be described with reference to Fig.

1, the RFID system for implementing the present invention includes a tag 10, a reader 20, and a server 30 for managing a tag information database (see Non-Patent Documents 1, 2, and 5, 6,7]. The reader 20 is installed in various places such as a small terminal or a fixed device [Non-Patent Document 1] and transmits a signal to the tag 10 through radio frequency and receives necessary information from the tag 10 7]. The tag 10 has a unique ID that can be identified and is attached to each entity one by one (Non-Patent Document 1). The tag 10 is limited in resources such as computational processing capacity and storage capacity compared to the reader 20 or the server 30 [Non-Patent Documents 6 and 10]. The server 30 manages the tag information database and information of the tags collected by the reader 20 is transmitted to the server 30 through the wired / wireless network [Non-Patent Document 1]. In the RFID system, the server 30 has no resource limitation (Non-Patent Document 1).

In the RFID system, a channel between the server 30 and the reader 20 is generally a secure channel, and a channel between the reader 20 and the tag 10 is an insecure channel ) [Non-Patent Document 6]. When the reader 20 first transmits the query information to the tag 10, the tag 10 transmits its unique ID to the reader 20. The reader 20 transmits the information collected from the tag 10 to the server 30 that manages the database (Non-Patent Documents 1, 6, 7, 15). The server 30 reconstructs the information collected from the tags into meaningful information required by the application system or informs the reader 20 of the tag information [Non-Patent Document 6].

Next, security requirements to be satisfied by the RFID authentication method of the present invention will be described.

As described above, in the RFID system, communication between the tag 10 and the reader 20 is assumed to be an open channel in which an attacker can eavesdrop or modulate a transmitted message. Therefore, the RFID authentication method should not allow the attacker to detect the information necessary for the attack through eavesdropping or tampering of the message. Generally, the authentication method (or protocol) of the RFID system should be designed considering the following security requirements.

First, it should be safe against spoofing attacks.

A spoofing attack means that an attacker masquerades as one of the legitimate communication subjects, that is, the server 30, the reader 20, or the tag 10 to obtain information or useful information necessary for authentication [Non-Patent Documents 2 and 6 , 7].

Also, it should be safe against man-in-the-middle attacks.

In an RFID system, a Man-In-The-Middle Attacks (MITM Attacks) is an attack by an attacker to intervene between a reader 20 and a tag 10, pretending to be a legitimate communication subject, It is an attack to obtain information [Non-Patent Document 7].

Next, it should be safe against retransmission attacks.

A retransmission attack is an attack in which an attacker stores a message transmitted between a tag 10 and a reader 20 and retransmits it in a next communication to authenticate with a legitimate tag 10 or a reader 20 [Non-patent document 2.6].

Next, we need to have tag anonymity.

Tag Anonymity means that unique identification information of a tag 10 such as an ID is not transmitted in a plain text form or can not be easily calculated using a message between the tag 10 and the reader 20 Patent Document 2, 6, 11].

Next, it should be safe for location tracking.

Location Tracking is a method for locating a location of a corresponding tag 10 by using a fixed response in which the tag 10 does not change whenever the reader 20 broadcasts a query message requesting communication in the RFID system [Non-Patent Documents 3 and 5]. The attacker installs illegal readers in various areas and tracks the movement of certain tags [Non-Patent Document 2]. If the user is holding a tagged item, the privacy of the user can be violated by tracking the position of the tag [Non-Patent Documents 6, 7, 14]. In order to solve the location tracking problem, each time a reader requests communication, the tag should be designed to respond with a different value [Non-Patent Document 7].

Next, it should be safe against physical attacks.

The physical attack is an attack technique for extracting in-memory information of the tag 10, and the tag 10 in the RFID system is vulnerable to physical attack [Non-Patent Document 7]. If a secret value stored in a tag is exposed as a physical attack, it may affect a large amount of tag information or safety of the entire system [Non-Patent Document 7]. A security protocol alone can not completely defend against a physical attack, but an undamaged tag or the entire network must be designed to be secure even if one or a few tags 10 are compromised by a physical attack.

Next, it should be safe against camouflage attacks.

Impersonation Attacks means that the other party deceives the attacker into a legitimate tag (10) or reader (20) of the corresponding RFID system [Non-Patent Document 2].

Next, mutual authentication must be possible.

The mutual authentication is a process of confirming both the reader 20 and the tag 10 in the RFID system through a legitimate communication or explicit authentication [Non-Patent Document 2, 17]. The secret value shared between the tag 10 and the reader 20 is confirmed or the same value is generated to authenticate the other party (Non-Patent Document 2).

Next, the notations used for the following explanation are summarized as the table of FIG.

Next, an RFID authentication method for privacy protection according to the related art will be described with reference to FIG. 3 is a flowchart illustrating an RFID authentication method for privacy protection such as Oh.

First, in the initialization step in which the reader 20 and the tag 10 are installed, the symmetric key K is stored in the reader Rdr j and the tag Tg i , respectively.

After the initialization step, if the reader Rdr j broadcasts a query message within its radio range, the authentication procedure is performed as follows (steps 1-6). At this time, it is assumed that the communication between the server Svr and the reader Rdr j is a secure channel, and the reader Rdr j and the tag Tg i communicate with each other through a public channel.

Step 1: The reader Rdr j generates the random number RN j and then encrypts RN j using the key K that was installed in the initialization step of the protocol (S1).

[Equation 1]

Figure 112016110872189-pat00001

The reader Rdr j broadcasts a query message {Query, C j } within its radio range.

Step 2: Upon receiving the query message {Query, C j } from the reader Rdr j, the tag Tg i generates its own random number RN i and decrypts C j using the key K (S2).

&Quot; (2) "

Figure 112016110872189-pat00002

Tag Tg i is "using keys own random number RN i, its identity ID i, and RN j 'j encrypts the RN.

&Quot; (3) "

Figure 112016110872189-pat00003

The tag Tg i transmits a response message {C i } to the reader Rdr j .

Step 3: The reader Rdr j decodes the random number RN j generated by itself using the random number RN j as a key (S3).

&Quot; (4) "

Figure 112016110872189-pat00004

Rdr j reader compares the values of the RN j 'that was included in the response message of the random number RN j and the tag Tg i where they are generated to the authentication tag Tg i. If these two values are the same, the reader Rdr j transmits the ID ID i * of the tag Tg i to the server Svr through the secure channel, otherwise, the authentication process is aborted.

Step 4: When the server Svr receives the ID i * from the reader Rdr j , it finds the information TagInfo i of the tag Tg i in its database and transmits it to the reader Rdr j through the secure channel (S4).

Step 5: The reader Rdr j XORs the RN i * received from the tag Tg i and its own random number RN j (S5).

&Quot; (5) "

Figure 112016110872189-pat00005

The reader Rdr j transmits the message {V} to the tag Tg i .

Step 6: Upon receiving the message {V} from the reader Rdr j, the tag Tg i XORs its own random number RN i and RN j 'received from the reader Rdr j (S6).

&Quot; (6) "

Figure 112016110872189-pat00006

The tag Tg i compares the values of V 'and V for authentication of the reader Rdr j . If these two values are equal, the reader Rdr j authentication of tag Tg i is successfully completed. On the other hand, if the two values are not the same, the protocol is aborted due to authentication failure.

Next, a weak point of the RFID authentication method such as Oh in accordance with the related art will be described with reference to FIG. 4 to FIG.

Oh, et al., The mutual authentication is performed using the random number generated by the reader and the tag, respectively. For this, the tag is efficient in the amount of computation since it performs symmetric key encryption / decryption and XOR operation only. However, in this protocol, the key K is a long-term key that is stored extensively in all the readers and tags and is not updated throughout the life of the system, Furthermore, tags are generally vulnerable to physical attacks in RFID systems [Non-Patent Document 7]. Therefore, an attacker can attach a large number of objects and physically take out one of the distributed tags to extract the key K stored therein. Once an attacker is exposed to a key K, he or she can interrogate the message to find the ID of the tag or track the location. It is also possible to use a spoofing attack to trick an opponent to be authenticated by a legitimate tag or reader. These attacks are even more serious in that an attacker can perform not only tags that are compromised to obtain a key K, but also all tags that are within the scope of eavesdropping.

First, we describe vulnerability of tag identification information exposure.

In the authentication method such as Oh, if the attacker finds the key K and eavesdrops on the message transmitted / received between the reader and the tags, the IDs of the tags can be recovered. For example, suppose an attacker finds key K from tag Tg i and then intercepts messages {Query, C j } and {C j + 1 } transmitted between leader Rdr j and another tag Tg i + 1 . As shown in FIG. 4, the attacker can decrypt C j of the message {Query, C j } because he knows the key RN j .

&Quot; (7) "

Figure 112016110872189-pat00007

Then, since the attacker has calculated the key RN j , it can also decode the response message {C j + 1 } of the tag Tg i + 1 .

&Quot; (8) "

Figure 112016110872189-pat00008

Therefore, an attacker can obtain the identity ID i + 1 of the tag Tg i + 1, and does not provide anonymity for the tag Tg i + 1.

Next, we describe vulnerabilities in tag location tracking.

In the authentication method such as Oh, the response message of the tag Tg i + 1 for the query message of the reader is changed every communication session since it is a cipher text including the random number. However, as shown in FIG. 4, if the attacker knows the key K, the tag ID can be obtained by intercepting a message exchanged between the reader and the tag. Therefore, if the attacker repeats the process of recovering the tag ID by intercepting the message transmitted / received near the reader installed in various regions, it is possible to trace the position of the tag Tg i + 1 .

Next, we describe vulnerabilities to tag spoofing attacks.

As shown in FIG. 4, if the attacker knows the key K, the tag ID can be obtained by intercepting the message exchanged between the reader and the tag. In this attack, the attacker can disguise the key K and the tag ID as a legitimate tag. For example, an attacker who knows the key K ID and the tag ID of the i + 1 i + 1 Tg generates a C, as follows: Upon receiving a query message {Query, C j} from the reader Rdr j.

&Quot; (9) "

Figure 112016110872189-pat00009

&Quot; (10) "

Figure 112016110872189-pat00010

If the attacker transmits the response message {C a } to the reader Rdr j , the reader Rdr j authenticates the attacker as a legitimate tag Tg i + 1 as follows.

&Quot; (11) "

Figure 112016110872189-pat00011

&Quot; (12) "

Figure 112016110872189-pat00012

Next, we describe vulnerabilities to reader spoofing attacks.

Suppose that the attacker has gotten the key K from the i -th tag Tg i . The attacker can disguise tags other than the tag Tg i as a legitimate reader by using the key K as shown in FIG. The attacker generates a random number RN a to start the authentication process and then encrypts it using the key K already obtained.

&Quot; (13) "

Figure 112016110872189-pat00013

When an attacker broadcasts a query message {Query, C a }, the attacker's tag Tg i + 1 in the radio range generates a random number RN i + 1 and decodes C a with key K.

&Quot; (14) "

Figure 112016110872189-pat00014

Tag Tg i + 1 is "to key his random number RN i + 1, its identity ID i + 1, and the received RN a" RN a encrypts then the result value C i + 1 in the response message To the attacker.

&Quot; (15) "

Figure 112016110872189-pat00015

Since the key RN a 'is the random number generated by the attacker, the attacker can decrypt C i + 1 . From the decryption result, it is possible to extract a random number RN i + 1 " required to authenticate as a legitimate reader from the ID of the tag Tg i + 1 and Tg i + 1 .

&Quot; (16) "

Figure 112016110872189-pat00016

The attacker XORs the RN i + 1 " received from the tag Tg i + 1 and the RN a it generates, and then transmits the result to the tag Tg i + 1 .

&Quot; (17) "

Figure 112016110872189-pat00017

The tag Tg i + 1 verifies the V value and authenticates the attacker as a legitimate reader.

Next, an RFID authentication method for privacy protection according to an embodiment of the present invention will be described with reference to FIG.

The RFID authentication method according to the present invention is an RFID authentication method for privacy protection which improves the weakness of the above-mentioned prior art. That is, the RFID authentication method according to the present invention should be secure against possible attacks on the RFID authentication protocol such as spoofing attack, man-in-the-middle attack, and retransmission attack. Also, in order to cope with camouflage attacks, mutual authentication process between tag and reader should be provided. In addition to providing anonymity of the tag to protect the privacy of the user, it should not be possible to trace the location of the tag. In addition, in the RFID authentication method according to the present invention, even if an attacker finds a secret value from one or a small number of tags, it should be designed such that it can not attack the communication of the untouched tag or threaten security of the whole network.

The RFID authentication method according to the present invention comprises an initialization step (S10) and an authentication step (S20), and steps of performing each step will be described in detail below.

First, the initialization process (S10) will be described.

The initialization step (S10) of the RFID authentication method according to the present invention is a step of installing information necessary for authentication in a server, a reader, and a tag, and performs the following steps once (Steps I-1 to I-3).

Step I-1: All readers and tags share key K (or shared key).

Step I-2: After generating the random number rn i for the tag Tg i , calculate the dynamic ID DID i by performing a hash operation on the concatenated values of the IDs (or unique IDs) ID i and rn i of Tg i .

&Quot; (18) "

Figure 112016110872189-pat00018

Calculates h (ID i ∥x s) by using the tag Tg i the identity ID i and the server secret value x s to generate the tag of unique key K i Tg i (or unique key). Depending on the nature of the one-way hash function, it is not possible for any other operator or attacker except the server to derive ID i or x s from K i .

&Quot; (19) "

Figure 112016110872189-pat00019

And stores DID i and K i generated before tag Tg i .

Step I-3: Store secret value x s in server Svr. This xs is not shared by any other server than the server.

The server Svr also adds the IDs of the tags and the tag information (or tag content) as well as the dynamic ID information to the tag information database managed by the server Svr. For example, for the tag Tg i , add the unique ID ID i , the dynamic ID DID i , and the tag information (or tag content) TagInfo i of the tag to the database of the server.

Next, the authentication process will be described.

In this process, the reader and the tag mutually authenticate and then update the dynamic ID of the tag for the next communication session. Like the existing assumption, the server and the reader communicate with each other through a secure channel, and the reader and the tag communicate with each other through a public channel. When the tags in the wireless communication range respond to the query message of the reader, the authentication step starts (Step A-1 to A-6). 6 shows an authentication process of the RFID authentication method according to the present invention.

Step A-1: The reader Rdr j generates the random number RN j and performs an XOR operation with the key K installed at the initial stage of the protocol.

&Quot; (20) "

Figure 112016110872189-pat00020

The reader Rdr j broadcasts a query message {Query, V} to all tags in its radio range. Let V be the query.

Step A-2: tag Tg i the message {Query, V} When using its key (or unique key) K i = K i i receives the V

Figure 112016110872189-pat00021
V.

Then tag Tg i is V i encrypt using its own key K i.

&Quot; (21) "

Figure 112016110872189-pat00022

The tag Tg i transmits a response message {DID i , C i } to the reader Rdr j . Here, C i is called a response statement.

Step A-3: When the reader Rdr j receives the message {DID i , C i } from the tag Tg i , it transmits the DID i to the server Svr through the secure channel.

Step A-4: The server Svr searches its own database to find ID ID i and tag information (or tag content) TagInfo i of tag Tg i .

The server Svr XORs the result of concatenating its secret value x s and ID i to generate a key K i '.

&Quot; (22) "

Figure 112016110872189-pat00023

Svr server is the tag Tg i Step A-4: Svr server searches its database to find the tag ID of the tag information and ID i Tg i (or tag content) TagInfo i. TagInfo i and key K i 'are transmitted to the reader Rdr j through a secure channel.

Step A-5: The reader Rdr j decrypts C i using the key K i 'received from the server Svr.

 &Quot; (23) "

Figure 112016110872189-pat00024

The reader Rdr j performs a XOR operation on the keys K i 'and V (K i '

Figure 112016110872189-pat00025
V) and the decoding result value V i * . If the two values are the same, the sender of the response message {DID i , C i } means the legitimate tag Tg i . If the two values are different, the authentication step is aborted due to an authentication failure.

The reader Rdr j updates the dynamic ID of the tag Tg i for the next communication session. New dynamic ID of tag Tg i

Figure 112016110872189-pat00026
Is generated by performing a hash operation on the value obtained by concatenating the current dynamic ID DID i and the key K i 'as follows.

&Quot; (24) "

Figure 112016110872189-pat00027

The reader Rdr j uses the key K i 'of the tag Tg i to calculate V i *

Figure 112016110872189-pat00028
.

&Quot; (25) "

Figure 112016110872189-pat00029

The leader Rdr j is the new dynamic ID of the tag Tg i

Figure 112016110872189-pat00030
To the server Svr so that the server Svr and the tag Tg i share
Figure 112016110872189-pat00031
And an encrypted message {C j } to the tag Tg i .

Step A-6: tag Tg i decodes the C j by using its own key K i when receiving the message from the reader Rdr {C j} j.

&Quot; (26) "

Figure 112016110872189-pat00032

The tag Tg i compares the values of V i * and V i to verify that the sender of the message {} is a legitimate leader. If the two values are equal, the sender of the message {C j } is a legitimate reader holding the key K i (= K i ') of the tag Tg i . However, if the two values are different, the authentication of the reader fails and the authentication phase is aborted.

The tag Tg i has its own dynamic ID DID i

Figure 112016110872189-pat00033
. On the other hand, the server Svr also stores the dynamic ID information of the tag Tg i in its own tag information database in the DID i
Figure 112016110872189-pat00034
.

Next, a safety analysis result of the RFID authentication method according to an embodiment of the present invention will be described.

The security of the authentication method according to the present invention will be discussed with reference to the security requirements described above. The table of FIG. 7 shows the comparison of the safety of the authentication method according to the present invention with the authentication method of the existing Oh et al.

First, the analysis results of mutual authentication are explained.

In the RFID system, the mutual authentication is a process of confirming whether the other party is a legitimate communicator by checking the secret values shared by the tag and the reader or generating the same value [Non-Patent Document 2]. In the method according to the present invention, upon receiving the message {DID i , C i }, the reader decrypts the cipher text C i using the key K i to authenticate that the message sender is a legitimate tag Tg i . If the decrypted plaintext V i * and K i '

Figure 112016110872189-pat00035
If the calculated values of V are identical, the other party that sent the message {DID i , C i } is a valid tag Tg i . Since only the server and the tag Tg i know the value of the key K i according to the initialization step of the method according to the present invention, only the server or the tag Tg i is V i * (= V i * = K i '
Figure 112016110872189-pat00036
V = K i
Figure 112016110872189-pat00037
V) can be calculated. On the other hand, when the message {C j } is received, the tag Tg i decrypts C j using the key K i to authenticate that the sender of the message is a legitimate leader. If the decrypted plaintext V i *
Figure 112016110872189-pat00038
If the values of V i * and V i are the same, then the sender of the message {C j } is a legitimate reader. Because only the server and the tag Tg i share the key K i in the initialization step of the method according to the present invention, only the leader communicating with the server or the server on the secure channel is allowed to read V i * (= K i
Figure 112016110872189-pat00039
V) because it can calculate a value, and generating a cipher text C j.

Next, we explain the analysis of safety against physical attacks.

In the method according to the present invention, even if an attacker finds a secret value stored in a certain tag, it can not effectively attack another tag's communication by using it. For example, it is assumed that an attacker could eavesdrop the messages which are sent and received between the tag Tg i secret value from K, i DID, and extracts the K i, then the reader Rdr j and (Tg i is not) other tag Tg i +1. First, the response message {DID i +1 , C i + 1 } transmitted from the tag Tg i +1 to the reader Rdr j can not be attacked using the three secret values of the tag Tg i . This is because DID i + 1 is the dynamic ID of the tag Tg i and C i + 1 is encrypted using the key K i + 1 of the tag Tg i +1 and thus has no relation with the three secret values of the tag Tg i . Similarly, since the message {C j '} transmitted from the reader Rdr j to the tag Tg i +1 is also encrypted using the key K i + 1 , it can not perform a meaningful attack using three secret values of the tag Tg i . Since the key K is a general-purpose key used by all tags and readers in the system, if an attacker eavesdrops on the query message {Query, V} broadcasted from the reader Rdr j , K

Figure 112016110872189-pat00040
By calculating V, the random number RN j of the leader Rdr j can be found. But only RN j, as well as not able to obtain the information necessary for the other to attack RN j is generated every new session. Therefore, the method according to the present invention does not affect the security of other tag or system which is not damaged even if one or a few tags are damaged.

Next, we describe the analysis of safety for camouflage, spoofing, and man-in-the-middle attacks.

Since the method according to the present invention provides a mutual authentication process between the tag and the reader, the attacker can not disguise it as a tag or a reader. Even if the attacker learns the secret values K, DID i , and K i stored in the tag Tg i through physical tag hijacking, etc., the attacker can not disguise the tag other than the tag Tg i . Therefore, the method according to the present invention is safe against spoofing attack or meson attack based on a camouflage attack.

Next, we explain the analysis results of tag anonymity and prevention of location tracking.

Tag anonymity means that the tag ID should not be exposed to the attacker. In the method according to the invention, the tag uses a dynamic ID instead of its own ID. The dynamic ID of the tag Tg i for the next communication session

Figure 112016110872189-pat00041
Is generated by hashing a value obtained by concatenating the unique key K i '(= K i ) of the tag Tg i with the dynamic ID DID i of the current communication session. Depending on the nature of the one-way hash function,
Figure 112016110872189-pat00042
Can not derive DID i , K i ', or ID i . Also, since the dynamic ID of the tag is changed every communication session and only the server and the corresponding tag share the value, the method according to the present invention is safe for tracking the tag position of the attacker.

Next, the analysis result of the retransmission attack will be described.

In the method according to the present invention, even if an attacker intercepts a message {Query, V}, {DID i , C i }, or {C j } transmitted between a reader and a tag Tg i and transmits again to another communication session, You can not disguise like tag Tg i or get the information you need for authentication. The messages {DID i , C i } and {C j } are not only encrypted ciphertext using the tag Tg i and the key K i known only to the server, but also a random number generated for each communication session It is impossible to do a retransmission attack because it contains.

Next, efficiency analysis of the method according to the present invention will be described.

Especially, efficiency is analyzed and compared in terms of computation amount and message transmission amount.

The table of FIG. 8 shows the results of an analysis of the method according to the present invention and the RFID authentication method of Oh et al. [Non-Patent Document 5] in terms of calculation amount. The table of FIG. 8 shows the types of operations and the number of operations performed in the two methods. The amount of computation in the server is 1S + 1H, Oh, and the computation amount in the reader is 1R + 1E + 1D + 1H + 2X, Oh The RFID authentication method is 1R + 1E + 1D + 1X. However, since the resource-limited node is a tag in the RFID system, it is necessary to concentrate more on the operation amount on the tag than the server or the reader. The amount of computation in the tag is 1E + 1D + 1X in the method according to the present invention, and the computation amount of the method according to the present invention is smaller than 1R + 1E + 1D + 1X in the RFID authentication method of Oh et al. This means that the method according to the present invention is more efficient in terms of computation than the RFID authentication method of Oh et al.

The total number of messages transmitted between the reader and the tag in the method according to the present invention is equal to the number of messages in the RFID authentication method of Oh and the like.

In the present invention, if the secret value is exposed from one tag through cryptanalysis or physical attack, the RFID authentication method proposed in the present invention may threaten the communication of another tag or the safety of the whole system Respectively. In order to solve this problem, the present invention proposes a method of managing a unique encryption key and a dynamic ID for each tag by the server. The RFID authentication method according to the present invention is safe for a spoof attack, a spoof attack, a man-in-the-middle attack, and a retransmission attack expected in an RFID system. In addition to providing the anonymity of the tag to protect the user's privacy, it is impossible to trace the location. The RFID authentication method according to the present invention is more efficient than the existing method in terms of the amount of operation of the tag despite the improved security.

Although the present invention has been described in detail with reference to the above embodiments, it is needless to say that the present invention is not limited to the above-described embodiments, and various modifications may be made without departing from the spirit of the present invention.

10: Tag 20: Reader
30: Server

Claims (10)

1. An RFID authentication method for privacy protection, which performs authentication in an RFID authentication system composed of a plurality of tags, at least one reader, and a server,
(a) all the readers and tags share a shared key, and each tag has a unique ID, a dynamic ID generated from the unique ID, and a first unique key generated using the secret value of the server and its own unique ID The server storing a unique ID, a dynamic ID, and a tag content of each tag; And
(b) the reader generates and broadcasts a query message, receives a response to the query from the tag, and authenticates the tag,
The step (b)
(b1) the reader generates and broadcasts a query message;
(b2) receiving the query message, encrypting the query message with its own unique key to generate a response message, and transmitting the response message to the reader together with the dynamic ID;
(b3) the reader receives the dynamic ID and the response message of the tag, and transmits the dynamic ID of the tag to the server;
(b4) The server searches for a unique ID and a tag content corresponding to the dynamic ID of the received tag, generates a second unique key using the searched unique ID and the held secret value, To the reader;
(b5) The reader decrypts the response message with the second inherent key, and performs authentication based on whether the decrypted response sentence is the same as the query sentence. If the authentication is successful, the reader updates the dynamic ID of the tag, Transmitting an updated dynamic ID to the server and the tag; And
(b6) receiving the updated dynamic ID and updating its own dynamic ID with the received dynamic ID.
The method according to claim 1,
In the step (a), each tag generates a random number, generates a dynamic ID by concatenating its own unique ID with the generated random number, and performing a hash operation.
The method according to claim 1,
Wherein the first or second inherent key is generated by concatenating a unique ID of a tag and a secret value of a server and then performing a hash operation.
The method according to claim 1,
Wherein the random number is generated and encrypted with the shared key to generate the query message in the step (b1).
The method according to claim 1,
In the step (b2), an XOR operation is performed on the query statement with the first inherent key before the encryption with the first inherent key, then the result is used to encrypt the query statement with the first inherent key,
Wherein in the step (b5), an XOR operation is performed using a second inherent key before comparing a response sentence decrypted with the query statement, and then the computed query statement is compared with the response sentence.
delete The method according to claim 1,
If the authentication is successful in step (b5), encrypting the decrypted response message and the updated dynamic ID with the second unique key, and transmitting the decrypted response ID and the updated dynamic ID to the tag; And
In step (b6), the tag decrypts the encrypted response sentence and the updated dynamic ID with the first inherent key, authenticates the reader according to whether the decrypted response sentence is the same as the response sent by the tag, And updates its own dynamic ID.
8. The method of claim 7,
The RFID authentication method for privacy protection according to claim 1, wherein, in the step (b5), a dynamic ID of the tag is updated by concatenating a second unique key with a dynamic ID of the tag and performing a hash operation.
The method according to any one of claims 1 to 5, 7, and 8,
And transmitting and receiving data through an insecure channel between the reader and the tag and transmitting and receiving data between the server and the reader through a secure channel.
A computer-readable recording medium having recorded thereon a program for performing the RFID authentication method for privacy protection according to any one of claims 1 to 5, 7, and 8.
KR1020160151035A 2016-11-14 2016-11-14 An Authentication Method for Privacy Protection in RFID Systems KR101721510B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020160151035A KR101721510B1 (en) 2016-11-14 2016-11-14 An Authentication Method for Privacy Protection in RFID Systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020160151035A KR101721510B1 (en) 2016-11-14 2016-11-14 An Authentication Method for Privacy Protection in RFID Systems

Publications (1)

Publication Number Publication Date
KR101721510B1 true KR101721510B1 (en) 2017-04-11

Family

ID=58580973

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020160151035A KR101721510B1 (en) 2016-11-14 2016-11-14 An Authentication Method for Privacy Protection in RFID Systems

Country Status (1)

Country Link
KR (1) KR101721510B1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107231231A (en) * 2017-06-16 2017-10-03 深圳市盛路物联通讯技术有限公司 A kind of method and system of terminal device secure accessing Internet of Things
KR102036725B1 (en) * 2018-10-08 2019-10-28 주식회사 케이씨인더스트리얼 Gateway apparatus and information processing method thereof
CN116456346A (en) * 2023-06-13 2023-07-18 山东科技大学 RFID group tag authentication method for dynamic grouping

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20070006526A (en) * 2005-07-08 2007-01-11 주식회사 비즈모델라인 System and method for assigning dynamic id to rfid tag, rfid tag, rfid terminal and recording medium
KR20100090672A (en) * 2010-07-08 2010-08-16 주식회사 비즈모델라인 Rfid tag
KR20120010604A (en) * 2010-07-20 2012-02-06 충남대학교산학협력단 A random ID-based RFID Mutual authentication method for detecting impersonation attack against a back-end server and a reader
KR20120101260A (en) * 2011-03-04 2012-09-13 충남대학교산학협력단 A low-cost rfid tag search method preventing the reuse of mobile reader's tag-list

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20070006526A (en) * 2005-07-08 2007-01-11 주식회사 비즈모델라인 System and method for assigning dynamic id to rfid tag, rfid tag, rfid terminal and recording medium
KR20100090672A (en) * 2010-07-08 2010-08-16 주식회사 비즈모델라인 Rfid tag
KR20120010604A (en) * 2010-07-20 2012-02-06 충남대학교산학협력단 A random ID-based RFID Mutual authentication method for detecting impersonation attack against a back-end server and a reader
KR20120101260A (en) * 2011-03-04 2012-09-13 충남대학교산학협력단 A low-cost rfid tag search method preventing the reuse of mobile reader's tag-list

Non-Patent Citations (17)

* Cited by examiner, † Cited by third party
Title
A. Juels, "RFID security and privacy: A research survey," IEEE J. Sel. Areas in Commun., vol. 24, no. 2, pp. 381-394, 2006.
B. Toiruul, K. O. Lee, H. J. Lee, Y. H. Lee, and Y. Y. Park, "Mutual-authentication mechanism for RFID systems," Mobile Ad-hoc and Sensor Networks, Springer, pp. 449-460, Hong Kong, China, Dec. 2006.
D. H. Jeon, H. M. Kim, H. J. Kwon, and S. J. Kim, "Hash-based Mutual Authentication Protocol for RFID Environment," J. KICS, vol. 35, no. 1B, pp. 42-52, Oct. 2010.
E. J. Yoon and K. Y. Yoo, "Patient authentication system for medical information security using RFID," J. KICS, vol. 35, no. 6B, pp. 962-969, Jun. 2010.
J. S. Kim, J. K. Park, and Y. T. Shin, "RFID-Based automatic inspection system design and implementation for manufacturing and retail industry," J. KICS, vol. 39, no. 1C, pp. 97-105, Jan. 2014.
J. Saito, J. C. Ryou, and K. Sakurai, "Enhancing privacy of universal re-encryption scheme for RFID tags," Embedded and Ubiquitous Computing, Springer, pp. 879-890, Aizu-Wakamatsu City, Japan, Aug. 2004.
K. H. Chung, K. Y. Kim, S. J. Oh, J. K. Lee, Y. S. Park, and K. S. Ahn, "A mutual authentication protocol using key change step by step for RFID systems," J. KICS, vol. 35, no. 3B, pp. 462-473, Mar. 2010.
K. Rhee, J. Kwak, S. Kim, and D. Won, "Challenge-response based RFID authenti- cation protocol for distributed database environment," Security in Pervasive Computing, Springer, vol. 3450, pp. 70-84, Boppard, Germany, 2005.
K. Rhee, J. Kwak, W. S. Yi, C. Park, S. Park, H. Yang, S. Kim, and D. Won, "Efficient RFID authentication protocol for minimizing RFID tag computation," Advances in Hybrid Inf. Technol., Springer, pp. 607-616, Jeju Island, Korea, Nov. 2006.
M. Aigner and M. Feldhofer, "Secure symmetric authentication for RFID tags," Telecommun. Mob. Comput., Graz, Austria, 2005.
R. S. Ahn, E. J. Yoon, K. D. Bu, and I. G. Nam, "Secure and efficient DB security and authentication scheme for RFID system," J. KICS, vol. 36, no. 4C, pp. 197-206, Nov. 2011.
S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels, "Security and privacy aspects of low-cost radio frequency identification systems," Security in Pervasive Computing, Springer, pp. 201-212, Boppard, Germany, 2004.
S. E. Sarma, S. A. Weis, and D. W. Engels, "RFID systems and security and privacy implications," Cryptographic Hardware and Embedded Systems-CHES 2002, Springer, pp. 454-469, Redwood Shores, CA, USA, Aug. 2002.
S. Kim, K. Lee, S. Kim, and D. Won, "Security analysis on anonymous mutual authentication protocol for RFID tag without back-end database and its improvement," World Acad. Sci. Eng. Technol., vol. 59, pp. 460-464, Nov. 2009.
S. Oh, C. Lee, T. Yun, K. Chung, and K. Ahn, "Improved authentication protocol for privacy protection in RFID systems," J. KICS, vol. 38, no. 1, pp. 12-18, Jan. 2013.
W. Che, S. Kim, Y. Kim, T. Yun, K. Ahn, and K. Han, "Design of PUF-Based encryption processor and mutual authentication protocol for Low-Cost RFID authentication," J. KICS, vol. 39, no. 12B, pp. 831-841, Dec. 2014.
W. S. Bae, "Design of an authentication protocol for privacy protection in RFID systems," J. Digital Policy and Management, vol. 10, no. 3, pp. 155-160, Apr. 2012.

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107231231A (en) * 2017-06-16 2017-10-03 深圳市盛路物联通讯技术有限公司 A kind of method and system of terminal device secure accessing Internet of Things
KR102036725B1 (en) * 2018-10-08 2019-10-28 주식회사 케이씨인더스트리얼 Gateway apparatus and information processing method thereof
CN116456346A (en) * 2023-06-13 2023-07-18 山东科技大学 RFID group tag authentication method for dynamic grouping
CN116456346B (en) * 2023-06-13 2023-08-25 山东科技大学 RFID group tag authentication method for dynamic grouping

Similar Documents

Publication Publication Date Title
Alladi et al. SecAuthUAV: A novel authentication scheme for UAV-ground station and UAV-UAV communication
Tewari et al. A lightweight mutual authentication protocol based on elliptic curve cryptography for IoT devices
Saxena et al. Authentication protocol for an IoT-enabled LTE network
Jang et al. Hybrid security protocol for wireless body area networks
Badra et al. A lightweight security protocol for NFC-based mobile payments
Abughazalah et al. Secure improved cloud-based RFID authentication protocol
Dehkordi et al. Improvement of the hash-based RFID mutual authentication protocol
KR101721510B1 (en) An Authentication Method for Privacy Protection in RFID Systems
Hamandi et al. A privacy-enhanced computationally-efficient and comprehensive LTE-AKA
Saeed et al. Preserving Privacy of User Identity Based on Pseudonym Variable in 5G.
Li et al. A hidden mutual authentication protocol for low‐cost RFID tags
Abdo et al. EC-AKA2 a revolutionary AKA protocol
Gope Anonymous mutual authentication with location privacy support for secure communication in M2M home network services
KR20120010604A (en) A random ID-based RFID Mutual authentication method for detecting impersonation attack against a back-end server and a reader
Syamsuddin et al. A survey on low-cost RFID authentication protocols
Kardaş et al. An efficient and private RFID authentication protocol supporting ownership transfer
WO2021088593A1 (en) Verification method, device and equipment and computer readable storage medium
Lee et al. Privacy challenges in RFID systems
Seo et al. Secure RFID authentication scheme for EPC class Gen2
KR101216993B1 (en) A Low-Cost RFID Tag Search Method Preventing the Reuse of Mobile Reader's Tag-List
Yin et al. Keep all mobile users′ whereabouts secure: A radio frequency identification protocol anti‐tracking in 5G
KR100760044B1 (en) System for reading tag with self re-encryption protocol and method thereof
Rajagopalan et al. A lightweight inter-zonal authentication protocol for moving objects in low powered RF systems
Niu et al. Security analysis of some recent authentication protocols for RFID
Munilla et al. Enhanced ownership transfer protocol for RFID in an extended communication model

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant