CN102594550A - RFID internal mutual authentication safety protocol based on secret key array - Google Patents
RFID internal mutual authentication safety protocol based on secret key array Download PDFInfo
- Publication number
- CN102594550A CN102594550A CN201210054852XA CN201210054852A CN102594550A CN 102594550 A CN102594550 A CN 102594550A CN 201210054852X A CN201210054852X A CN 201210054852XA CN 201210054852 A CN201210054852 A CN 201210054852A CN 102594550 A CN102594550 A CN 102594550A
- Authority
- CN
- China
- Prior art keywords
- reader
- label
- server
- key
- circleplus
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to an RFID system and discloses an RFID internal mutual authentication safety protocol based on a secret key array. The method is used in the RFID system possessing a plurality of servers. The each RFID system comprises a plurality of tags, a reader and a database. The method comprises the following steps: distributing one identification code for each server in advance; simultaneously, establishing only one authentication key for the server and the tag; storing the identification codes and the secret keys of all the servers in the tag; distributing only one pair of the shared secret key for one pair of the tag and the reader; when the reader reads the tag, carrying out authentication operation; firstly inspecting whether a memory of the tag comprises the server identification code corresponding to the reader by the tag; if identification code matching succeeds, carry out tag reading. Compared to the prior art, the protocol of the invention is suitable for the RFID field with a high safety requirement.
Description
Technical field
The present invention relates to the information security technology of rfid system, be applicable to that particularly radio frequency identification (is called for short, RFID) the safeguard protection agreement of the mutual authentication of internal system participant (company and consumer).
Background technology
In the prior art, early stage RFID technology is not considered safety problem, because early stage application only limits in logistics, industry or the enclosed environment, a typical example is exactly the intelligent repository shelf management system.Though the assailant possibly make workflow fall into chaos to the invasion of this type systematic, the assailant can't obtain any interests.Follow the development of technology and demand; The RFID technology worldwide is used widely; Especially when key areas such as RFID technology entering commerce, finance and national security; After E-Passport (E-passport), noncontact credit card (Contactless Credit Cards) and supply-chain management system, the safety problem of rfid system more and more receives publicity and payes attention to.
For example,, rfid system sets up the automatic identification and management systems of enterprise of participating in when being applied to supply chain or Internet of Things more, and as shown in Figure 1.Rfid system in this system has a plurality of servers, and intrasystem same label can be under the jurisdiction of the reader of different server and read.For example in bank transaction system, a user possibly have account in how tame bank, and these accounts are stored on the card.This card can be read through radiofrequency signal in the terminal of all banks.But need to give rfid card with the identifier allocation of each bank in advance, promptly need have the key between it and each bank on the rfid card.So, could guarantee under the normal operating position of rfid card, avoid the bank of no authorization identifying in these banks can not pretend to be other banks to steal economic interests.This shows that in above-mentioned multiserver rfid system, exist and internal attack risk, promptly some legal server can pretend to be other servers to read the data message that it is maintained secrecy in the system.This also is a letter of the present invention safety problem to be solved.
Summary of the invention
Problem based on above-mentioned prior art existence; The present invention proposes a kind of RFID inside and recognize each other the card security protocol based on the key array; Make electronic tag at first discern reader through corresponding authentication protocol, find corresponding key, reader could get into next cognitive phase then; With respect to the agreement of other same levels, this agreement more is applicable to the rfid system application that safety requirements is high.
The present invention proposes a kind of RFID inside and recognize each other the anti-view of card safety based on the key array; This method is used to have the rfid system of multiserver; Wherein each rfid system comprises a plurality of electronic tags, reader and database, it is characterized in that, this method may further comprise the steps:
Be identification code of each server-assignment in advance, set up unique authenticate key for server and label simultaneously;
The identification code and the key of storage Servers-all in label; Each distributes a pair of unique shared key to label and reader; When the reader label reading, carry out authentication operation: label at first checks whether comprise this reader corresponding server identification code in its internal memory; If mating, identification code successfully can carry out the label reading;
Said authentication operation may further comprise the steps:
Reader R
iProduce random number R, encrypt IDR with all readers and label cipher key shared k
iPR is then with key E
k(IDR
iPR) send to label T
j
Label T
jReceive E
k(ID
iPR) after, it is deciphered obtain reader R
iIdentifier ID R
i, utilize IDR
iFind current label T
jWith reader R
iBetween shared key k
Ij: if do not find the corresponding shared key, then communication process finishes; If find the corresponding shared key, label T
jProduce random number r; Calculate
Simultaneously with M
1, M
2, M
3Send to reader R
i
Reader R
iAfter receiving the response of label, with this response and IDR
i, R sends to server together;
After receiving the message of reader, server is sought in internal memory and is satisfied
IDT
j, and then find corresponding current label T
jWith reader R
iBetween shared key k
IjWith reader Ri and label T
jThe key of previous stage of communication
Then, server calculates
And check k '
IjWhether with the k of server stores
IjOr
Equate.If unequal, show that the information of sending is unreliable, communication process finishes.If have one to equate, judge which value k
IjOr
With k
IjEquate that server calculates
Or
Simultaneously, server is with key value
Be updated to k
Ij, with k
IjBe updated to PRNG (k
Ij); Then, server sends to T with authentication information M4 through reader
j
The M that label is relatively received
4Whether with
Equate,, confirm reader R if equate
iBe legal, label is with key k
IjBe updated to PRNG (k
Ij).
Compared with prior art, the present invention proposes corresponding authentication security agreement, label is at first discerned reader, finds corresponding key, and reader could get into next cognitive phase then.With respect to the agreement of other same levels, this agreement more is applicable to the field that safety requirements is high.
Description of drawings
Fig. 1 is the rfid system fundamental diagram of background technology;
Fig. 2 is the automatic identification and management system sketch map of enterprise of participating in of the present invention more;
Fig. 3 recognizes each other the schematic flow sheet of card security protocol for the RFID inside based on the key array of the present invention;
Fig. 4 is a key authentication schematic flow sheet of the present invention.
Embodiment
Rfid system of the present invention refers to radio-frequency recognition system (RFID), and is as shown in Figure 1, mainly is made up of electronic tag (Tag), reader (Reader) and three parts of database (Database).Electronic tag is the real data medium of rfid system.Generally speaking, electronic tag is made up of label antenna and label special chip.Each label has unique electronic code (EPC), during use attached on the object.Reader is responsible for reading or writing label information, and basic function just provides the approach that carries out transfer of data with electronic tag.Simultaneously, functions such as signal condition control, parity check can also be provided.When label receives the signal that reader is launched, promptly waken up, corresponding action is accomplished in the instruction of sending according to reader then, and response message is launched back reader again.Data management system is mainly accomplished data information memory, the management of rfid system, can be database or supply chain system.
The multiserver rfid system is internaled attack easily.To this problem, this patent has proposed corresponding authentication protocol.Label is at first discerned reader, finds corresponding key, and reader could get into cognitive phase then.With respect to the agreement of other same levels, this agreement more is applicable to the field that safety requirements is high.The agreement that this patent proposed is applicable to multi-server system.As shown in Figure 2, be the system block diagram of multi-server system.Comprise a plurality of servers, each server belongs to a participant (company), and each server has a plurality of readers.Its workflow is after label gets into the sphere of action of reader antenna, and that can receive reader sends inquiry order and RF energy.The RF energy that obtains makes electronic tag be activated, and electronic tag begins to respond reader inquiry order.At first, reader and label are accomplished mutual authentication, and electronic tag sends data to reader then, and reader sends data to back-end data base and accomplishes tag recognition.
The card security protocol is recognized each other in RFID inside based on the key array of the present invention; The processing that this agreement is carried out may further comprise the steps: for the identification code of each server-assignment in the application system, set up unique authenticate key for server and label simultaneously in advance; The identification code and the key of storage Servers-all in label, each has unique shared key to label and reader, but when a reader label reading, label at first checks whether comprise this reader corresponding server identification code in its internal memory; If mating, identification code successfully can carry out the label reading.This flow chart is as shown in Figure 3.
Below in conjunction with accompanying drawing and preferred embodiment,, specify as follows according to embodiment provided by the invention, structure, characteristic and effect thereof.
As shown in Figure 4, the identifying procedure of security protocol of the present invention may further comprise the steps:
(1) reader R
i(1≤i≤m, m are the reader number that system comprises) produces random number R, encrypts IDR with all readers and label cipher key shared k
iPR is then with key E
k(IDR
iPR) send to label T
j(1≤j≤n, n are the label number that system comprises);
(2) label T
jReceive E
k(IDR
iPR) after, it is deciphered obtain reader R
iIdentifier ID R
i, utilize IDR
iFind current label T
jWith reader R
iBetween shared key k
Ij: if do not find the corresponding shared key, communication process finishes; If find the corresponding shared key, label T
jProduce random number r; Calculate
(M
1, M
2, M
3Three variablees are respectively the ciphertext symbols after label information is encrypted); Simultaneously with M
1, M
2, M
3Send to reader R
i
(3) reader R
iThe response of receiving label (is M
1, M
2, M
3) after, with this response and IDR
i, R sends to server together, and (specifically sending content is M
1, M
2, M
3And IDR
i, R);
(4) receive the message of reader after, server is sought in internal memory and is satisfied
IDT
j, and then find corresponding current label T
jWith reader R
iBetween shared key k
IjWith reader Ri and label T
jThe key of previous stage of communication
(initial value is null).Then, server calculates
And check k '
IjWhether with the k of server stores
IjOr
Equate.If unequal, show that the information of sending is unreliable, communication process finishes.If have one to equate, according to which value
With k
IjEquate that server calculates
Or
Simultaneously, server is with key value
Be updated to k
Ij, with k
IjBe updated to PRNG (k
Ij).Then, server sends to T with authentication information M4 through reader
j
(5) M that relatively receives of label
4Whether with
Equate.If equate, confirm reader R
iBe legal.Label is with key k
IjBe updated to PRNG (k
Ij).
Computing in the above flow process and function are represented the implication explanation as follows:
Ek () representative utilizes public keys k to carry out cryptographic calculation;
Dk () representative utilizes public keys k to carry out decrypt operation;
H () represents unidirectional hash function;
← representative substitutes computing;
The P representative links computing.
Server initial allocation (IDT
i, k, (IDR
i, k
Ij)) to label T
jEach reader stores has its respective identifier R
iWith key k.Server comprises information
The communication protocol that security protocol of the present invention can satisfy rfid system should have following characteristic, thereby guarantees safety and privacy:
One, confidentiality
In order to reduce the risk that eavesdropping and traffic analysis are attacked as much as possible, valuable information should be transmitted [5] with the form of encrypting like tag identifier and key.Undelegated reader also might obtain the private information [6] of label in server through the personation label.
Two, authentication each other
Authentication (checking mutually) should be carried out before label and reader communicate each other,, Replay Attack, man-in-the-middle attack and cloning attack etc. can be prevented like this to guarantee to have only the legal label and the reader ability access system of mandate.
Three, indistinguishability
Indistinguishability means that the information that the assailant can not utilize label to send makes a distinction itself and other label.It is the effective way that prevents Position Tracking that the data of transmission possess indistinguishability.In most of prior protocols, all comprise random number in the information that label and reader send, when making each reader inquiry, the response of same label is all different, like this assailant's Replay Attack will lose efficacy [7,8].
Four, forward security Forward security
Even forward security is meant that a label is captured, the assailant still can not obtain the signal intelligence in this label past.That is to say, obtained the data message of label, can not recall the communication data in label past even forward security has guaranteed the assailant.The method that reaches forward security is to upgrade communication key [5,8] continually.
Five, validity Efficiency
The equipment price of most of rfid systems is cheap, and computing capability is limited.Therefore, RFID communication protocol must be followed the principle of low-power consumption.When the number of labels of handling when needs was big, extensibility also was an aspect of authentication protocol validity.For avoiding poor search, the method identification label of some agreements through tabling look-up only needs the amount of calculation of O (1).
Claims (1)
1. the card security protocol is recognized each other in the RFID inside based on the key array, and this method is used to have the rfid system of multiserver, and wherein each rfid system comprises a plurality of electronic tags, reader and database, it is characterized in that, this method may further comprise the steps:
Be identification code of each server-assignment in advance, set up unique authenticate key for server and label simultaneously;
The identification code and the key of storage Servers-all in label; Each distributes a pair of unique shared key to label and reader; When the reader label reading, carry out authentication operation: label at first checks whether comprise this reader corresponding server identification code in its internal memory; If mating, identification code successfully can carry out the label reading;
Said authentication operation may further comprise the steps:
Reader R
iProduce random number R, encrypt IDR with all readers and label cipher key shared k
iPR is then with key E
k(IDR
iPR) send to label T
j
Label T
jReceive E
k(ID
iPR) after, it is deciphered obtain reader R
iIdentifier ID R
i, utilize IDR
iFind current label T
jWith reader R
iBetween shared key k
Ij: if do not find the corresponding shared key, then communication process finishes; If find the corresponding shared key, label T
jProduce random number r; Calculate
Simultaneously with M
1, M
2, M
3Send to reader R
iM
1, M
2, M
3Three variablees are respectively the ciphertext symbols after label information is encrypted;
Reader R
iReceive the response M of label
1, M
2, M
3After, with this response and IDR
i, R sends to server together;
After receiving the message of reader, server is sought in internal memory and is satisfied
IDT
j, and then find corresponding current label T
jWith reader R
iBetween shared key k
IjWith reader Ri and label T
jThe key of previous stage of communication
Then, server calculates
And check k '
IjWhether with the k of server stores
IjOr
Equate; If unequal, show that the information of sending is unreliable, communication process finishes; If have one to equate, judge which value k
IjOr
With k
IjEquate that server calculates
Or
Simultaneously, server is with key value
Be updated to k
Ij, with k
IjBe updated to PRNG (k
Ij); Then, server is with authentication information M
4Send to T through reader
j
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210054852XA CN102594550A (en) | 2012-03-05 | 2012-03-05 | RFID internal mutual authentication safety protocol based on secret key array |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210054852XA CN102594550A (en) | 2012-03-05 | 2012-03-05 | RFID internal mutual authentication safety protocol based on secret key array |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102594550A true CN102594550A (en) | 2012-07-18 |
Family
ID=46482775
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210054852XA Pending CN102594550A (en) | 2012-03-05 | 2012-03-05 | RFID internal mutual authentication safety protocol based on secret key array |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102594550A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102880891A (en) * | 2012-09-14 | 2013-01-16 | 中山大学 | Radio frequency identification (RFID) safety communication method established according to ultra-lightweight RFID bidirectional authentication protocol |
CN103763106A (en) * | 2014-01-15 | 2014-04-30 | 东南大学 | Position privacy protection method in Internet-of-Things authentication |
CN104468570A (en) * | 2014-12-04 | 2015-03-25 | 广东工业大学 | Safety authentication method for sensing layer in internet of things for manufacture |
CN105138934A (en) * | 2015-06-30 | 2015-12-09 | 活点信息技术有限公司 | RF communication method and system |
CN105897872A (en) * | 2016-04-04 | 2016-08-24 | 上海大学 | Data sharing system supporting plurality of platforms and operation method thereof |
CN106027237A (en) * | 2016-06-06 | 2016-10-12 | 西北工业大学 | Group based key array security authentication protocol in RFID (Radio Frequency Identification) system |
CN106919963A (en) * | 2015-12-25 | 2017-07-04 | 航天信息股份有限公司 | Smart-tag authentication device, handling of goods and materials device and goods and material handling method |
-
2012
- 2012-03-05 CN CN201210054852XA patent/CN102594550A/en active Pending
Non-Patent Citations (2)
Title |
---|
丁治国等: "基于密钥阵列的RFID安全认证协议", 《电子与信息学》 * |
轩秀巍等: "基于二次剩余的增强型 RFID 认证协议", 《计算机工程》 * |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102880891B (en) * | 2012-09-14 | 2015-08-12 | 中山大学 | The RFID safety communicating method that a kind of extra lightweight RFID bidirectional identification protocol is set up |
CN102880891A (en) * | 2012-09-14 | 2013-01-16 | 中山大学 | Radio frequency identification (RFID) safety communication method established according to ultra-lightweight RFID bidirectional authentication protocol |
CN103763106B (en) * | 2014-01-15 | 2017-10-27 | 东南大学 | A kind of location privacy protection method in Internet of Things certification |
CN103763106A (en) * | 2014-01-15 | 2014-04-30 | 东南大学 | Position privacy protection method in Internet-of-Things authentication |
CN104468570A (en) * | 2014-12-04 | 2015-03-25 | 广东工业大学 | Safety authentication method for sensing layer in internet of things for manufacture |
CN104468570B (en) * | 2014-12-04 | 2018-03-09 | 广东工业大学 | The safety certifying method of sensing layer in a kind of manufacture Internet of Things |
CN105138934B (en) * | 2015-06-30 | 2018-01-19 | 活点信息技术有限公司 | A kind of radio communication method and RF communication system |
CN105138934A (en) * | 2015-06-30 | 2015-12-09 | 活点信息技术有限公司 | RF communication method and system |
CN106919963A (en) * | 2015-12-25 | 2017-07-04 | 航天信息股份有限公司 | Smart-tag authentication device, handling of goods and materials device and goods and material handling method |
CN106919963B (en) * | 2015-12-25 | 2020-06-05 | 航天信息股份有限公司 | Label authentication device, material management device and material management method |
CN105897872A (en) * | 2016-04-04 | 2016-08-24 | 上海大学 | Data sharing system supporting plurality of platforms and operation method thereof |
CN105897872B (en) * | 2016-04-04 | 2019-04-16 | 上海大学 | It is a kind of to support multi-platform data-sharing systems and its operation method |
CN106027237A (en) * | 2016-06-06 | 2016-10-12 | 西北工业大学 | Group based key array security authentication protocol in RFID (Radio Frequency Identification) system |
CN106027237B (en) * | 2016-06-06 | 2019-01-29 | 西北工业大学 | Cipher key matrix safety certifying method based on group in a kind of RFID system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10341341B2 (en) | RFID authentication architecture and methods for RFID authentication | |
US10084597B1 (en) | RFID tags with dynamic key replacement | |
Cho et al. | Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (RFID) tag mutual authentication protocol | |
US9773133B2 (en) | RFID tag and reader characteristic determination using group keys | |
CN101847199B (en) | Security authentication method for radio frequency recognition system | |
KR100931507B1 (en) | Communication Data protection Method based on Symmetric Key Encryption in RFID system, AND APPARATUS FOR ENABLING THE METHOD | |
US9405945B1 (en) | Network-enabled RFID tag endorsement | |
CN102594550A (en) | RFID internal mutual authentication safety protocol based on secret key array | |
US9607286B1 (en) | RFID tags with brand protection and loss prevention | |
CN104579688B (en) | It is a kind of based on Hash function can synchronized update key RFID mutual authentication method | |
Kim et al. | MARP: Mobile agent for RFID privacy protection | |
Jain et al. | Analysis of vulnerabilities in radio frequency identification (RFID) systems | |
CN113988103B (en) | RFID identification method based on multiple tags | |
Moradi et al. | Security analysis and strengthening of an RFID lightweight authentication protocol suitable for VANETs | |
CN107046467B (en) | Three-party verification method and system based on reader-writer, label and database | |
CN103763106A (en) | Position privacy protection method in Internet-of-Things authentication | |
CN110650004B (en) | Anti-quantum computation RFID authentication method and system based on symmetric key pool and online and offline signature | |
KR101053636B1 (en) | Encryption/decryption method and system for rfid tag and reader using multi algorithm | |
CN107342864B (en) | Three-party verification method and system based on reader-writer, label and database | |
KR101215155B1 (en) | System for and method of protecting communication between reader and tag in rfid system | |
Chang et al. | An improved certificate mechanism for transactions using radio frequency identification enabled mobile phone | |
Wu et al. | RFID System Security | |
Sandhya et al. | A secure and efficient authentication protocol for mobile RFID systems. | |
KR20080107188A (en) | Efficient authentication method for a rfid system having distributed database and rfid system | |
Sandhya et al. | A forward secured authentication protocol for mobile RFID systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120718 |