CN102594550A - RFID internal mutual authentication safety protocol based on secret key array - Google Patents

RFID internal mutual authentication safety protocol based on secret key array Download PDF

Info

Publication number
CN102594550A
CN102594550A CN201210054852XA CN201210054852A CN102594550A CN 102594550 A CN102594550 A CN 102594550A CN 201210054852X A CN201210054852X A CN 201210054852XA CN 201210054852 A CN201210054852 A CN 201210054852A CN 102594550 A CN102594550 A CN 102594550A
Authority
CN
China
Prior art keywords
reader
label
server
key
circleplus
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201210054852XA
Other languages
Chinese (zh)
Inventor
白煜
轩秀巍
滕建辅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin University
Original Assignee
Tianjin University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin University filed Critical Tianjin University
Priority to CN201210054852XA priority Critical patent/CN102594550A/en
Publication of CN102594550A publication Critical patent/CN102594550A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention relates to an RFID system and discloses an RFID internal mutual authentication safety protocol based on a secret key array. The method is used in the RFID system possessing a plurality of servers. The each RFID system comprises a plurality of tags, a reader and a database. The method comprises the following steps: distributing one identification code for each server in advance; simultaneously, establishing only one authentication key for the server and the tag; storing the identification codes and the secret keys of all the servers in the tag; distributing only one pair of the shared secret key for one pair of the tag and the reader; when the reader reads the tag, carrying out authentication operation; firstly inspecting whether a memory of the tag comprises the server identification code corresponding to the reader by the tag; if identification code matching succeeds, carry out tag reading. Compared to the prior art, the protocol of the invention is suitable for the RFID field with a high safety requirement.

Description

The card security protocol is recognized each other in RFID inside based on the key array
Technical field
The present invention relates to the information security technology of rfid system, be applicable to that particularly radio frequency identification (is called for short, RFID) the safeguard protection agreement of the mutual authentication of internal system participant (company and consumer).
Background technology
In the prior art, early stage RFID technology is not considered safety problem, because early stage application only limits in logistics, industry or the enclosed environment, a typical example is exactly the intelligent repository shelf management system.Though the assailant possibly make workflow fall into chaos to the invasion of this type systematic, the assailant can't obtain any interests.Follow the development of technology and demand; The RFID technology worldwide is used widely; Especially when key areas such as RFID technology entering commerce, finance and national security; After E-Passport (E-passport), noncontact credit card (Contactless Credit Cards) and supply-chain management system, the safety problem of rfid system more and more receives publicity and payes attention to.
For example,, rfid system sets up the automatic identification and management systems of enterprise of participating in when being applied to supply chain or Internet of Things more, and as shown in Figure 1.Rfid system in this system has a plurality of servers, and intrasystem same label can be under the jurisdiction of the reader of different server and read.For example in bank transaction system, a user possibly have account in how tame bank, and these accounts are stored on the card.This card can be read through radiofrequency signal in the terminal of all banks.But need to give rfid card with the identifier allocation of each bank in advance, promptly need have the key between it and each bank on the rfid card.So, could guarantee under the normal operating position of rfid card, avoid the bank of no authorization identifying in these banks can not pretend to be other banks to steal economic interests.This shows that in above-mentioned multiserver rfid system, exist and internal attack risk, promptly some legal server can pretend to be other servers to read the data message that it is maintained secrecy in the system.This also is a letter of the present invention safety problem to be solved.
Summary of the invention
Problem based on above-mentioned prior art existence; The present invention proposes a kind of RFID inside and recognize each other the card security protocol based on the key array; Make electronic tag at first discern reader through corresponding authentication protocol, find corresponding key, reader could get into next cognitive phase then; With respect to the agreement of other same levels, this agreement more is applicable to the rfid system application that safety requirements is high.
The present invention proposes a kind of RFID inside and recognize each other the anti-view of card safety based on the key array; This method is used to have the rfid system of multiserver; Wherein each rfid system comprises a plurality of electronic tags, reader and database, it is characterized in that, this method may further comprise the steps:
Be identification code of each server-assignment in advance, set up unique authenticate key for server and label simultaneously;
The identification code and the key of storage Servers-all in label; Each distributes a pair of unique shared key to label and reader; When the reader label reading, carry out authentication operation: label at first checks whether comprise this reader corresponding server identification code in its internal memory; If mating, identification code successfully can carry out the label reading;
Said authentication operation may further comprise the steps:
Reader R iProduce random number R, encrypt IDR with all readers and label cipher key shared k iPR is then with key E k(IDR iPR) send to label T j
Label T jReceive E k(ID iPR) after, it is deciphered obtain reader R iIdentifier ID R i, utilize IDR iFind current label T jWith reader R iBetween shared key k Ij: if do not find the corresponding shared key, then communication process finishes; If find the corresponding shared key, label T jProduce random number r; Calculate M 1 = IDT j ⊕ r , M 2 = h ( IDT j ) Pr ⊕ R , M 3 = h ( IDT j PR ) ⊕ k Ij ; Simultaneously with M 1, M 2, M 3Send to reader R i
Reader R iAfter receiving the response of label, with this response and IDR i, R sends to server together;
After receiving the message of reader, server is sought in internal memory and is satisfied IDT j, and then find corresponding current label T jWith reader R iBetween shared key k IjWith reader Ri and label T jThe key of previous stage of communication
Figure BDA0000140646940000031
Then, server calculates And check k ' IjWhether with the k of server stores IjOr Equate.If unequal, show that the information of sending is unreliable, communication process finishes.If have one to equate, judge which value k IjOr With k IjEquate that server calculates M 4 = h ( IDR i ) ⊕ h ( IDT j Pr ) ⊕ k Ij Or M 4 = h ( IDR i ) ⊕ h ( IDT j Pr ) ⊕ k Ij Old ; Simultaneously, server is with key value
Figure BDA0000140646940000037
Be updated to k Ij, with k IjBe updated to PRNG (k Ij); Then, server sends to T with authentication information M4 through reader j
The M that label is relatively received 4Whether with
Figure BDA0000140646940000038
Equate,, confirm reader R if equate iBe legal, label is with key k IjBe updated to PRNG (k Ij).
Compared with prior art, the present invention proposes corresponding authentication security agreement, label is at first discerned reader, finds corresponding key, and reader could get into next cognitive phase then.With respect to the agreement of other same levels, this agreement more is applicable to the field that safety requirements is high.
Description of drawings
Fig. 1 is the rfid system fundamental diagram of background technology;
Fig. 2 is the automatic identification and management system sketch map of enterprise of participating in of the present invention more;
Fig. 3 recognizes each other the schematic flow sheet of card security protocol for the RFID inside based on the key array of the present invention;
Fig. 4 is a key authentication schematic flow sheet of the present invention.
Embodiment
Rfid system of the present invention refers to radio-frequency recognition system (RFID), and is as shown in Figure 1, mainly is made up of electronic tag (Tag), reader (Reader) and three parts of database (Database).Electronic tag is the real data medium of rfid system.Generally speaking, electronic tag is made up of label antenna and label special chip.Each label has unique electronic code (EPC), during use attached on the object.Reader is responsible for reading or writing label information, and basic function just provides the approach that carries out transfer of data with electronic tag.Simultaneously, functions such as signal condition control, parity check can also be provided.When label receives the signal that reader is launched, promptly waken up, corresponding action is accomplished in the instruction of sending according to reader then, and response message is launched back reader again.Data management system is mainly accomplished data information memory, the management of rfid system, can be database or supply chain system.
The multiserver rfid system is internaled attack easily.To this problem, this patent has proposed corresponding authentication protocol.Label is at first discerned reader, finds corresponding key, and reader could get into cognitive phase then.With respect to the agreement of other same levels, this agreement more is applicable to the field that safety requirements is high.The agreement that this patent proposed is applicable to multi-server system.As shown in Figure 2, be the system block diagram of multi-server system.Comprise a plurality of servers, each server belongs to a participant (company), and each server has a plurality of readers.Its workflow is after label gets into the sphere of action of reader antenna, and that can receive reader sends inquiry order and RF energy.The RF energy that obtains makes electronic tag be activated, and electronic tag begins to respond reader inquiry order.At first, reader and label are accomplished mutual authentication, and electronic tag sends data to reader then, and reader sends data to back-end data base and accomplishes tag recognition.
The card security protocol is recognized each other in RFID inside based on the key array of the present invention; The processing that this agreement is carried out may further comprise the steps: for the identification code of each server-assignment in the application system, set up unique authenticate key for server and label simultaneously in advance; The identification code and the key of storage Servers-all in label, each has unique shared key to label and reader, but when a reader label reading, label at first checks whether comprise this reader corresponding server identification code in its internal memory; If mating, identification code successfully can carry out the label reading.This flow chart is as shown in Figure 3.
Below in conjunction with accompanying drawing and preferred embodiment,, specify as follows according to embodiment provided by the invention, structure, characteristic and effect thereof.
As shown in Figure 4, the identifying procedure of security protocol of the present invention may further comprise the steps:
(1) reader R i(1≤i≤m, m are the reader number that system comprises) produces random number R, encrypts IDR with all readers and label cipher key shared k iPR is then with key E k(IDR iPR) send to label T j(1≤j≤n, n are the label number that system comprises);
(2) label T jReceive E k(IDR iPR) after, it is deciphered obtain reader R iIdentifier ID R i, utilize IDR iFind current label T jWith reader R iBetween shared key k Ij: if do not find the corresponding shared key, communication process finishes; If find the corresponding shared key, label T jProduce random number r; Calculate M 1 = IDT j ⊕ r , M 2 = h ( IDT j ) Pr ⊕ R , M 3 = h ( IDT j PR ) ⊕ k Ij (M 1, M 2, M 3Three variablees are respectively the ciphertext symbols after label information is encrypted); Simultaneously with M 1, M 2, M 3Send to reader R i
(3) reader R iThe response of receiving label (is M 1, M 2, M 3) after, with this response and IDR i, R sends to server together, and (specifically sending content is M 1, M 2, M 3And IDR i, R);
(4) receive the message of reader after, server is sought in internal memory and is satisfied
Figure BDA0000140646940000054
IDT j, and then find corresponding current label T jWith reader R iBetween shared key k IjWith reader Ri and label T jThe key of previous stage of communication
Figure BDA0000140646940000055
(initial value is null).Then, server calculates
Figure BDA0000140646940000056
And check k ' IjWhether with the k of server stores IjOr
Figure BDA0000140646940000057
Equate.If unequal, show that the information of sending is unreliable, communication process finishes.If have one to equate, according to which value
Figure BDA0000140646940000058
With k IjEquate that server calculates M 4 = h ( IDR i ) ⊕ h ( IDT j Pr ) ⊕ k Ij Or M 4 = h ( IDR i ) ⊕ h ( IDT j Pr ) ⊕ k Ij Old . Simultaneously, server is with key value
Figure BDA00001406469400000511
Be updated to k Ij, with k IjBe updated to PRNG (k Ij).Then, server sends to T with authentication information M4 through reader j
(5) M that relatively receives of label 4Whether with
Figure BDA00001406469400000512
Equate.If equate, confirm reader R iBe legal.Label is with key k IjBe updated to PRNG (k Ij).
Computing in the above flow process and function are represented the implication explanation as follows:
Ek () representative utilizes public keys k to carry out cryptographic calculation;
Dk () representative utilizes public keys k to carry out decrypt operation;
H () represents unidirectional hash function;
← representative substitutes computing;
Figure BDA0000140646940000061
represents XOR;
The P representative links computing.
Server initial allocation (IDT i, k, (IDR i, k Ij)) to label T jEach reader stores has its respective identifier R iWith key k.Server comprises information
Figure BDA0000140646940000062
The communication protocol that security protocol of the present invention can satisfy rfid system should have following characteristic, thereby guarantees safety and privacy:
One, confidentiality
In order to reduce the risk that eavesdropping and traffic analysis are attacked as much as possible, valuable information should be transmitted [5] with the form of encrypting like tag identifier and key.Undelegated reader also might obtain the private information [6] of label in server through the personation label.
Two, authentication each other
Authentication (checking mutually) should be carried out before label and reader communicate each other,, Replay Attack, man-in-the-middle attack and cloning attack etc. can be prevented like this to guarantee to have only the legal label and the reader ability access system of mandate.
Three, indistinguishability
Indistinguishability means that the information that the assailant can not utilize label to send makes a distinction itself and other label.It is the effective way that prevents Position Tracking that the data of transmission possess indistinguishability.In most of prior protocols, all comprise random number in the information that label and reader send, when making each reader inquiry, the response of same label is all different, like this assailant's Replay Attack will lose efficacy [7,8].
Four, forward security Forward security
Even forward security is meant that a label is captured, the assailant still can not obtain the signal intelligence in this label past.That is to say, obtained the data message of label, can not recall the communication data in label past even forward security has guaranteed the assailant.The method that reaches forward security is to upgrade communication key [5,8] continually.
Five, validity Efficiency
The equipment price of most of rfid systems is cheap, and computing capability is limited.Therefore, RFID communication protocol must be followed the principle of low-power consumption.When the number of labels of handling when needs was big, extensibility also was an aspect of authentication protocol validity.For avoiding poor search, the method identification label of some agreements through tabling look-up only needs the amount of calculation of O (1).

Claims (1)

1. the card security protocol is recognized each other in the RFID inside based on the key array, and this method is used to have the rfid system of multiserver, and wherein each rfid system comprises a plurality of electronic tags, reader and database, it is characterized in that, this method may further comprise the steps:
Be identification code of each server-assignment in advance, set up unique authenticate key for server and label simultaneously;
The identification code and the key of storage Servers-all in label; Each distributes a pair of unique shared key to label and reader; When the reader label reading, carry out authentication operation: label at first checks whether comprise this reader corresponding server identification code in its internal memory; If mating, identification code successfully can carry out the label reading;
Said authentication operation may further comprise the steps:
Reader R iProduce random number R, encrypt IDR with all readers and label cipher key shared k iPR is then with key E k(IDR iPR) send to label T j
Label T jReceive E k(ID iPR) after, it is deciphered obtain reader R iIdentifier ID R i, utilize IDR iFind current label T jWith reader R iBetween shared key k Ij: if do not find the corresponding shared key, then communication process finishes; If find the corresponding shared key, label T jProduce random number r; Calculate M 1 = IDT j ⊕ r , M 2 = h ( IDT j ) Pr ⊕ R , M 3 = h ( IDT j PR ) ⊕ k Ij , Simultaneously with M 1, M 2, M 3Send to reader R iM 1, M 2, M 3Three variablees are respectively the ciphertext symbols after label information is encrypted;
Reader R iReceive the response M of label 1, M 2, M 3After, with this response and IDR i, R sends to server together;
After receiving the message of reader, server is sought in internal memory and is satisfied
Figure FDA0000140646930000014
IDT j, and then find corresponding current label T jWith reader R iBetween shared key k IjWith reader Ri and label T jThe key of previous stage of communication
Figure FDA0000140646930000015
Then, server calculates
Figure FDA0000140646930000016
And check k ' IjWhether with the k of server stores IjOr
Figure FDA0000140646930000021
Equate; If unequal, show that the information of sending is unreliable, communication process finishes; If have one to equate, judge which value k IjOr
Figure FDA0000140646930000022
With k IjEquate that server calculates M 4 = h ( IDR i ) ⊕ h ( IDT j Pr ) ⊕ k Ij Or M 4 = h ( IDR i ) ⊕ h ( IDT j Pr ) ⊕ k Ij Old ; Simultaneously, server is with key value
Figure FDA0000140646930000025
Be updated to k Ij, with k IjBe updated to PRNG (k Ij); Then, server is with authentication information M 4Send to T through reader j
The M that label is relatively received 4Whether with
Figure FDA0000140646930000026
Equate,, confirm reader R if equate iBe legal, label is with key k IjBe updated to PRNG (k Ij).
CN201210054852XA 2012-03-05 2012-03-05 RFID internal mutual authentication safety protocol based on secret key array Pending CN102594550A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210054852XA CN102594550A (en) 2012-03-05 2012-03-05 RFID internal mutual authentication safety protocol based on secret key array

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210054852XA CN102594550A (en) 2012-03-05 2012-03-05 RFID internal mutual authentication safety protocol based on secret key array

Publications (1)

Publication Number Publication Date
CN102594550A true CN102594550A (en) 2012-07-18

Family

ID=46482775

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210054852XA Pending CN102594550A (en) 2012-03-05 2012-03-05 RFID internal mutual authentication safety protocol based on secret key array

Country Status (1)

Country Link
CN (1) CN102594550A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102880891A (en) * 2012-09-14 2013-01-16 中山大学 Radio frequency identification (RFID) safety communication method established according to ultra-lightweight RFID bidirectional authentication protocol
CN103763106A (en) * 2014-01-15 2014-04-30 东南大学 Position privacy protection method in Internet-of-Things authentication
CN104468570A (en) * 2014-12-04 2015-03-25 广东工业大学 Safety authentication method for sensing layer in internet of things for manufacture
CN105138934A (en) * 2015-06-30 2015-12-09 活点信息技术有限公司 RF communication method and system
CN105897872A (en) * 2016-04-04 2016-08-24 上海大学 Data sharing system supporting plurality of platforms and operation method thereof
CN106027237A (en) * 2016-06-06 2016-10-12 西北工业大学 Group based key array security authentication protocol in RFID (Radio Frequency Identification) system
CN106919963A (en) * 2015-12-25 2017-07-04 航天信息股份有限公司 Smart-tag authentication device, handling of goods and materials device and goods and material handling method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
丁治国等: "基于密钥阵列的RFID安全认证协议", 《电子与信息学》 *
轩秀巍等: "基于二次剩余的增强型 RFID 认证协议", 《计算机工程》 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102880891B (en) * 2012-09-14 2015-08-12 中山大学 The RFID safety communicating method that a kind of extra lightweight RFID bidirectional identification protocol is set up
CN102880891A (en) * 2012-09-14 2013-01-16 中山大学 Radio frequency identification (RFID) safety communication method established according to ultra-lightweight RFID bidirectional authentication protocol
CN103763106B (en) * 2014-01-15 2017-10-27 东南大学 A kind of location privacy protection method in Internet of Things certification
CN103763106A (en) * 2014-01-15 2014-04-30 东南大学 Position privacy protection method in Internet-of-Things authentication
CN104468570A (en) * 2014-12-04 2015-03-25 广东工业大学 Safety authentication method for sensing layer in internet of things for manufacture
CN104468570B (en) * 2014-12-04 2018-03-09 广东工业大学 The safety certifying method of sensing layer in a kind of manufacture Internet of Things
CN105138934B (en) * 2015-06-30 2018-01-19 活点信息技术有限公司 A kind of radio communication method and RF communication system
CN105138934A (en) * 2015-06-30 2015-12-09 活点信息技术有限公司 RF communication method and system
CN106919963A (en) * 2015-12-25 2017-07-04 航天信息股份有限公司 Smart-tag authentication device, handling of goods and materials device and goods and material handling method
CN106919963B (en) * 2015-12-25 2020-06-05 航天信息股份有限公司 Label authentication device, material management device and material management method
CN105897872A (en) * 2016-04-04 2016-08-24 上海大学 Data sharing system supporting plurality of platforms and operation method thereof
CN105897872B (en) * 2016-04-04 2019-04-16 上海大学 It is a kind of to support multi-platform data-sharing systems and its operation method
CN106027237A (en) * 2016-06-06 2016-10-12 西北工业大学 Group based key array security authentication protocol in RFID (Radio Frequency Identification) system
CN106027237B (en) * 2016-06-06 2019-01-29 西北工业大学 Cipher key matrix safety certifying method based on group in a kind of RFID system

Similar Documents

Publication Publication Date Title
US10341341B2 (en) RFID authentication architecture and methods for RFID authentication
US10084597B1 (en) RFID tags with dynamic key replacement
Cho et al. Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (RFID) tag mutual authentication protocol
US9773133B2 (en) RFID tag and reader characteristic determination using group keys
CN101847199B (en) Security authentication method for radio frequency recognition system
KR100931507B1 (en) Communication Data protection Method based on Symmetric Key Encryption in RFID system, AND APPARATUS FOR ENABLING THE METHOD
US9405945B1 (en) Network-enabled RFID tag endorsement
CN102594550A (en) RFID internal mutual authentication safety protocol based on secret key array
US9607286B1 (en) RFID tags with brand protection and loss prevention
CN104579688B (en) It is a kind of based on Hash function can synchronized update key RFID mutual authentication method
Kim et al. MARP: Mobile agent for RFID privacy protection
Jain et al. Analysis of vulnerabilities in radio frequency identification (RFID) systems
CN113988103B (en) RFID identification method based on multiple tags
Moradi et al. Security analysis and strengthening of an RFID lightweight authentication protocol suitable for VANETs
CN107046467B (en) Three-party verification method and system based on reader-writer, label and database
CN103763106A (en) Position privacy protection method in Internet-of-Things authentication
CN110650004B (en) Anti-quantum computation RFID authentication method and system based on symmetric key pool and online and offline signature
KR101053636B1 (en) Encryption/decryption method and system for rfid tag and reader using multi algorithm
CN107342864B (en) Three-party verification method and system based on reader-writer, label and database
KR101215155B1 (en) System for and method of protecting communication between reader and tag in rfid system
Chang et al. An improved certificate mechanism for transactions using radio frequency identification enabled mobile phone
Wu et al. RFID System Security
Sandhya et al. A secure and efficient authentication protocol for mobile RFID systems.
KR20080107188A (en) Efficient authentication method for a rfid system having distributed database and rfid system
Sandhya et al. A forward secured authentication protocol for mobile RFID systems

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20120718