CN102916957B - Safe, reliable and low-cost RFID mutual authentication method - Google Patents

Safe, reliable and low-cost RFID mutual authentication method Download PDF

Info

Publication number
CN102916957B
CN102916957B CN201210390940.7A CN201210390940A CN102916957B CN 102916957 B CN102916957 B CN 102916957B CN 201210390940 A CN201210390940 A CN 201210390940A CN 102916957 B CN102916957 B CN 102916957B
Authority
CN
China
Prior art keywords
mrow
cur
key
rfid
msub
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201210390940.7A
Other languages
Chinese (zh)
Other versions
CN102916957A (en
Inventor
王超
李杨
樊秀梅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Technology BIT
Original Assignee
Beijing Institute of Technology BIT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Technology BIT filed Critical Beijing Institute of Technology BIT
Priority to CN201210390940.7A priority Critical patent/CN102916957B/en
Publication of CN102916957A publication Critical patent/CN102916957A/en
Application granted granted Critical
Publication of CN102916957B publication Critical patent/CN102916957B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a safe, reliable and low-cost RFID mutual authentication method, which belongs to the field of wireless network communication technology. The method provided by the invention is an RFID mutual authentication protocol based on a linear feedback shift register, a physical unclonable function and mapping array technology. The method comprises the following steps: performing key authentication after completion of repeated information interaction between a reader and a tag, so as to ensure that only legal reader and tag can realize data reading, and then completing mutual authentication between the RFID tag and the reader. The method is characterized in that the linear shift register is adopted to generate pseudorandom numbers so as to effectively reduce gate circuit numbers; the physical unclonable function is adopted to disguise tag ID information so as to avoid core information leakage; and the mapping array technology is adopted to protect the tag position privacy. The method provided by the invention not only can protect the privacy data of the tags from being stolen by illegal users, but also can effectively defense internal/external malicious system attack by users.

Description

Safe, reliable and low-cost RFID bidirectional authentication method
Technical Field
The invention relates to the technical field of identity authentication, in particular to a safe, reliable and low-cost RFID (radio frequency identification) mutual authentication method, and belongs to the technical field of wireless network communication.
Background
The rfid (radio Frequency identification) is a non-contact automatic identification technology, which automatically identifies a target object and acquires related data information through a radio Frequency signal. The RFID reader-writer sends a radio frequency signal with a certain frequency through the transmitting antenna, and when the RFID label enters a working area of the transmitting antenna, the label sends out information such as self coding and the like through the built-in transmitting antenna; the system receiving antenna receives a carrier signal sent from the tag, the carrier signal is transmitted to the reader-writer through the antenna regulator, the reader-writer demodulates and decodes the received signal, and then the signal is transmitted to the background database for relevant processing; the background database judges the validity of the card according to the logic operation, performs corresponding processing and control aiming at different settings, and sends out instruction signals to control the action of the executing mechanism. Due to high speed and easy reading, the novel multifunctional reading machine is widely applied to the fields of logistics, markets, parking lots and the like, and brings great convenience to human life.
The structure of the RFID automatic identification system is shown in fig. 1, and mainly includes an RFID tag, an RFID reader, and a background database. The RFID reader-writer and the background database are communicated in a wired connection mode, and the RFID tag and the RFID reader-writer are communicated by a wireless radio frequency technology. The RFID tag stores data through an internal memory chip.
The wireless communication mode between the RFID tag and the RFID reader-writer provides flexibility for system data acquisition, but meanwhile, data is exposed under the broad masses in the court, and the system becomes a great potential safety hazard. Obviously, without a reliable information security mechanism, the data information in the RFID tag cannot be effectively protected. If the information in the tag is stolen or even maliciously altered, it may cause immeasurable loss to the legitimate owner of the tag. In addition, the RFID label without a reliable information security mechanism has the potential safety hazards that sensitive information is easy to leak to an adjacent reader-writer, and the RFID label is easy to interfere and track. If the security of the RFID system is not sufficiently ensured, personal information, commercial secrets, and military secrets in the RFID system may be stolen or used by lawless persons, which will seriously affect economic, military, and national security.
Currently, the security of RFID systems has become an important factor that limits their widespread use. Meanwhile, RFID tags themselves have their own drawbacks, such as: the design of the RFID security authentication protocol is limited by the defects of limited storage capacity, limited computing capacity and limited battery power supply time. Therefore, designing an efficient, safe and low-cost security authentication protocol has become a major development direction of RFID technology internationally.
At present, the existing security authentication protocols mainly comprise a Hash chain protocol, a Hash-Lock protocol, a randomized Hash-Lock protocol, an LCAP protocol and the like.
The Hash chain protocol is a one-way authentication protocol, and has the following disadvantages: firstly, only the authentication of an RFID reader-writer to a label is realized, and the authentication of the RFID label to the reader-writer is not realized; secondly, the background database needs to be operated for many times in one authentication, and the calculated amount is quite large. The Hash-Lock protocol, the randomized Hash-Lock protocol and the LCAP protocol are bidirectional authentication protocols, and have the following defects: the Hash-Lock protocol has no dynamic ID updating mechanism, and key and ID plaintext are transmitted, which seriously affects the security of the system. ② the randomized Hash-Lock protocol has no forward security and cannot resist the position tracking attack. The LCAP protocol easily causes the problems of data asynchronization between the database and the RFID label, and the like, so the LCAP protocol is easy to suffer asynchronous attack.
Disclosure of Invention
The invention aims to overcome the defects of the existing safety authentication protocol applied to an RFID automatic identification system, provides a safe, reliable and low-cost RFID bidirectional authentication method, and realizes bidirectional authentication of an RFID label and a reader-writer.
The purpose of the invention is realized by the following technical scheme.
A safe, reliable and low-cost RFID mutual authentication method is used for performing safety authentication when wireless communication is performed between an RFID tag and an RFID reader-writer in an RFID automatic identification system, wherein the RFID automatic identification system comprises the RFID tag, the RFID reader-writer and a background database, and comprises the following steps:
(1) embedding a linear feedback shift register and a Physical Unclonable Function (PUF) in the RFID tag; wherein the linear feedback shift register functions to generate a pseudo-random number; the function of the physically unclonable function is to generate a masquerading Id corresponding to the Id (unique identification code) of the RFID tag, avoiding clear text transmission of the RFID tag Id and the secret key. Embedding a random number generator and a linear feedback shift register which is the same as the RFID label in a background database, wherein the random number generator has the function of generating any random number; the function of the linear feedback shift register in the background database is also to generate pseudo-random numbers.
(2) Initializing the RFID automatic identification system, specifically as follows:
loading a quadruplet { Id, Key in each RFID labelCUR,PCUR(Id),Array[m]Id represents the unique identification code of the RFID tag; key (R)CURA key representing the current session, the initial value of which is an arbitrary random number; pCUR(Id) represents the current camouflage Id of the RFID label, and is generated by a physical unclonable function, and the initial value is a result value obtained by applying the physical unclonable function to the label Id; array [ m ]]The array is an array with the length of m, the initial values of the elements of the array are all 0, m is a positive integer, and m is larger than or equal to 64.
Load a quintuple { ID, KEY in the background databaseCUR,PCUR(ID),KEYPRE,PPRE(ID) }. Wherein, the ID represents the unique identification code of the current communication RFID label; KEYCURThe current session key representing the current communication RFID label has the same initial value as the initial session key of the current communication RFID label; pCUR(ID) represents a current masquerading ID of the current communication RFID tag, and the initial value is the same as the initial masquerading ID of the current communication RFID tag; KEYPREThe initial value of the previous session key representing the current communication RFID label is null; pPRE(ID) represents the previous masquerading ID of the currently communicating RFID tag, the initial value of which is null.
(3) The verification process between the RFID tag and the RFID reader-writer specifically comprises the following steps:
step 1: and the random number generator in the background database generates a random number (represented by R) and sends the random number R to the RFID reader-writer, and the RFID reader-writer broadcasts the random number R and the communication request to the external RFID label.
Step 2: after the RFID tag receives a random number R and a communication request from a reader-writer, calculating the value of a temporary variable Temp through a formula (1); then look at Array Temp]Whether or not it is 1; if Array [ temp. ]]If the session number is 1, sending a rejection message to the RFID reader-writer, and ending the current session; otherwise, it willSending to RFID reader and setting Array Temp]= 1; wherein,indicating an exclusive-or operation, L (-) indicates applying a linear shift register function to the parameter in parentheses.
Temp=L(R)%m (1)
Wherein Temp is a temporary variable; % is the remainder operator symbol.
And step 3: and after receiving the message sent by the RFID label, the RFID reader judges whether the message is a rejection message, and if the message is the rejection message, the current session is ended. If not, the message is treated as a rejection messageRestoring the current session Key Key of the current communication RFID label according to the formula (2)CUR(ii) a Then, look up and Key in background databaseCURKEY of equal valueCURIf the value is found, the KEY is extractedCURCorresponding ID and PCUR(ID) and calculates a temporary variable Temp 'according to formula (3) and then transmits Temp' to the RFID tag; if not found, the Key is searched in the databaseCURKEY of equal valuePREValue, if found, extracted with the KEYPRECorresponding ID and PPRE(ID) and according to the publicationThe temporary variable Temp 'is calculated, and the Temp' is sent to the RFID label; otherwise, the current session is ended.
<math> <mrow> <msub> <mi>Key</mi> <mi>CUR</mi> </msub> <mo>=</mo> <mrow> <mo>(</mo> <mrow> <mo>(</mo> <msub> <mi>Key</mi> <mi>CUR</mi> </msub> <mo>&CirclePlus;</mo> <mi>L</mi> <mrow> <mo>(</mo> <mi>R</mi> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>L</mi> <mrow> <mo>(</mo> <mi>R</mi> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>2</mn> <mo>)</mo> </mrow> </mrow> </math>
<math> <mrow> <msup> <mi>Temp</mi> <mo>&prime;</mo> </msup> <mo>=</mo> <mrow> <mo>(</mo> <mi>L</mi> <mrow> <mo>(</mo> <mi>R</mi> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>ID</mi> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <msub> <mi>P</mi> <mi>CUR</mi> </msub> <mrow> <mo>(</mo> <mi>ID</mi> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>3</mn> <mo>)</mo> </mrow> </mrow> </math>
Where Temp' is a temporary variable.
<math> <mrow> <msup> <mi>Temp</mi> <mo>&prime;</mo> </msup> <mo>=</mo> <mrow> <mo>(</mo> <mi>L</mi> <mrow> <mo>(</mo> <mi>R</mi> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>ID</mi> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <msub> <mi>P</mi> <mi>PRE</mi> </msub> <mrow> <mo>(</mo> <mi>ID</mi> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>4</mn> <mo>)</mo> </mrow> </mrow> </math>
And 4, step 4: after the RFID tag receives the Temp ' value, the temporary variable Temp ' is calculated through a formula (5), then the Temp ' is compared with the Temp ', if the Temp ' and the Temp ' are equal, the RFID reader-writer is determined to be legal, the RFID tag calculates the temporary variable Temp1 according to a formula (6), and Temp1 and Temp ' are calculated,Andsent to an RFID reader-writer, wherein P (Key)CUR) Representing the effort of a physically unclonable function on KeyCUR,P(PCUR(Id)) means that a physical unclonable function is to be applied to PCUR(Id); and if the conversation is not equal, sending a rejection message to the RFID reader-writer, and ending the current conversation.
<math> <mrow> <msup> <mi>Temp</mi> <mrow> <mo>&prime;</mo> <mo>&prime;</mo> </mrow> </msup> <mo>=</mo> <mrow> <mo>(</mo> <mi>L</mi> <mrow> <mo>(</mo> <mi>R</mi> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>Id</mi> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <msub> <mi>P</mi> <mi>CUR</mi> </msub> <mrow> <mo>(</mo> <mi>Id</mi> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>5</mn> <mo>)</mo> </mrow> </mrow> </math>
Where Temp "is a temporary variable.
<math> <mrow> <mi>Temp</mi> <mn>1</mn> <mo>=</mo> <msub> <mi>P</mi> <mi>CUR</mi> </msub> <mrow> <mo>(</mo> <mi>Id</mi> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>L</mi> <mrow> <mo>(</mo> <mi>Id</mi> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>6</mn> <mo>)</mo> </mrow> </mrow> </math>
Temp1 is a temporary variable.
And 5: judging whether the message received by the RFID reader-writer is a rejection message, if so, ending the session; otherwise, calculating Temp2 by equation (7); and comparing Temp2 with Temp1, and if Temp2 is not equal to Temp1, determining that the RFID tag is illegal and ending the current session. Otherwise, the RFID label is determined to be legal, and the background database is updated; the update of the background database is divided into 2 cases:
case 1: as in step 3, in KEYCURFind and Key inCURIf equal, the KEY is updatedPREAnd PPRE(ID), let KEYPRE=KEYCUR,PPRE(ID)=PCUR(ID), and then recovering P (KEY) through the formula (8) and the formula (9)CUR) And P (P)CUR(ID)), KEYCURIs updated to P (KEY)CUR) A 1 is to PCURThe value of (ID) is updated to P (P)CUR(ID));
Case 2: as in step 3, in KEYPREFind and Key inCUREqual value, then KEY is maintainedPREAnd PPRE(ID) is not changed, and then P (KEY) is recovered through the formula (8) and the formula (9)CUR) And P (P)CUR(ID)), KEYCURIs updated to P (KEY)CUR) A 1 is to PCURThe value of (ID) is updated to P (P)CUR(ID));
<math> <mrow> <mi>Temp</mi> <mn>2</mn> <mo>=</mo> <msub> <mi>P</mi> <mi>CUR</mi> </msub> <mrow> <mo>(</mo> <mi>ID</mi> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>L</mi> <mrow> <mo>(</mo> <mi>ID</mi> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>7</mn> <mo>)</mo> </mrow> </mrow> </math>
Temp2 is a temporary variable.
<math> <mrow> <mi>P</mi> <mrow> <mo>(</mo> <msub> <mi>KEY</mi> <mi>CUR</mi> </msub> <mo>)</mo> </mrow> <mo>=</mo> <mrow> <mo>(</mo> <mi>L</mi> <mrow> <mo>(</mo> <msub> <mi>P</mi> <mi>CUR</mi> </msub> <mrow> <mo>(</mo> <mi>Id</mi> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>P</mi> <mrow> <mo>(</mo> <msub> <mi>Key</mi> <mi>CUR</mi> </msub> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>L</mi> <mrow> <mo>(</mo> <msub> <mi>P</mi> <mi>CUR</mi> </msub> <mrow> <mo>(</mo> <mi>ID</mi> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>8</mn> <mo>)</mo> </mrow> </mrow> </math>
<math> <mrow> <mi>P</mi> <mrow> <mo>(</mo> <msub> <mi>P</mi> <mi>CUR</mi> </msub> <mrow> <mo>(</mo> <mi>ID</mi> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>=</mo> <mrow> <mo>(</mo> <mi>L</mi> <mrow> <mo>(</mo> <mi>P</mi> <mrow> <mo>(</mo> <msub> <mi>Key</mi> <mi>CUR</mi> </msub> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>P</mi> <mrow> <mo>(</mo> <msub> <mi>P</mi> <mi>CUR</mi> </msub> <mrow> <mo>(</mo> <mi>Id</mi> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>L</mi> <mrow> <mo>(</mo> <mi>P</mi> <mrow> <mo>(</mo> <msub> <mi>KEY</mi> <mi>CUR</mi> </msub> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>9</mn> <mo>)</mo> </mrow> </mrow> </math>
Step 6: the RFID reader-writer sends an update success message and a KEYCURTo the RFID tag.
And 7: the RFID label receives the update message and sends KeyCURUpdate the value of (to) P (Key)CUR) A 1 is to PCURThe value of (Id) is updated to P (P)CUR(Id)); then reset the Array m in the tag]And (4) finishing updating the RFID tag and passing verification if the values of all the elements are 0.
Through the operation of the steps, the verification process between the RFID label and the RFID reader-writer is completed, and subsequent communication can be carried out through the verified RFID label and the verified RFID reader-writer.
Advantageous effects
Compared with the existing RFID authentication method, the safe, reliable and low-cost RFID bidirectional authentication method provided by the invention has the following advantages:
there is a dynamic ID update mechanism. After the RFID label and the database successfully complete one session, the disguised ID and the secret key are updated once, so that malicious retransmission attack can be avoided.
And plaintext transmission of data is avoided, and the safety of the system is enhanced. The present invention uses a physical unclonable function. The function relies on the relevant characteristics of the integrated circuit to generate random numbers and disguise the tag ID, and any method cannot clone the completely same tag so as to achieve the purpose of copying and generating the random numbers.
And thirdly, forward security is achieved. The present invention uses a linear feedback shift register. The linear feedback shift register is a good pseudo-random number generator, and after a seed number is input, the generated number has good randomness; meanwhile, the circuit cost of the linear feedback shift register is very low, only 268 gate circuits are needed for a 128-bit key, therefore, the linear feedback shift register is suitable for being used in a low-cost RFID tag, and can also prevent an attacker from calculating historical data according to current transmission data, so that the linear feedback shift register has forward security
And fourthly, defending against the position tracking attack. The invention adopts the mapping array technology, which can record all the random numbers adopted by the reader-writer in the round of communication, because the probability that the database adopts the same random number in the same round is extremely small, the label only receives the communication brought by the random number which is not adopted. Therefore, the technology can effectively resist the tracking of the position of the tag from the outside.
Drawings
FIG. 1 is a schematic diagram of an RFID automatic identification system in the prior art;
fig. 2 is a schematic diagram of an authentication process between an RFID tag and an RFID reader in an embodiment of the present invention.
Detailed Description
The invention is described in detail below by way of example with reference to the accompanying drawings.
A safe, reliable and low-cost RFID mutual authentication method is used for performing safety authentication when wireless communication is performed between an RFID tag and an RFID reader-writer in an RFID automatic identification system, wherein the RFID automatic identification system comprises the RFID tag, the RFID reader-writer and a background database, and comprises the following steps:
(1) embedding a linear feedback shift register and a Physical Unclonable Function (PUF) in the RFID tag; wherein the linear feedback shift register functions to generate a pseudo-random number; the function of the physically unclonable function is to generate a masquerading Id corresponding to the Id of the RFID tag, avoiding clear text transmission of the RFID tag Id and the key. Embedding a random number generator and a linear feedback shift register which is the same as the RFID label in a background database, wherein the random number generator has the function of generating any random number; the function of the linear feedback shift register in the background database is also to generate pseudo-random numbers.
(2) Initializing the RFID automatic identification system, specifically as follows:
loading a quadruplet { Id, Key in each RFID labelCUR,PCUR(Id),Array[m]Id represents the unique identification code of the RFID tag; key (R)CURThe key representing the current session is initialized to be any random number, and the random number is set to be a binary number with the length of 64 bits; pCUR(Id) represents the current camouflage Id of the RFID tag, and is generated by a physical unclonable function, the initial value is a result value obtained by applying the physical unclonable function to the tag Id, and the length of the value is also a binary number of 64 bits; array [ m ]]Is an array with length m, the initial values of the elements of the array are all 0, and m = 64.
Load a quintuple { ID, KEY in the background databaseCUR,PCUR(ID),KEYPRE,PPRE(ID) }. Wherein, the ID represents the unique identification code of the current communication RFID label; KEYCURThe current session key representing the current communication RFID label has the same initial value as the initial session key of the current communication RFID label; pCUR(ID) represents a current masquerading ID of the current communication RFID tag, and the initial value is the same as the initial masquerading ID of the current communication RFID tag; KEYPREThe initial value of the previous session key representing the current communication RFID label is null; pPRE(ID) represents the previous masquerading ID of the currently communicating RFID tag, the initial value of which is null.
(3) A schematic diagram of the verification process between the RFID tag and the RFID reader is shown in fig. 2, and the specific verification process is as follows:
step 1: and the random number generator in the background database generates a random number R and sends the random number R to the RFID reader-writer, and the RFID reader-writer broadcasts the random number R and the communication request to the external RFID label.
Step 2: after the RFID tag receives a random number R and a communication request from a reader-writer, calculating the value of a temporary variable Temp through a formula (1); then look at Array Temp]Whether or not it is 1; if Array [ temp. ]]If the session number is 1, sending a rejection message to the RFID reader-writer, and ending the current session; otherwise, it willSending to RFID reader and setting Array Temp]And = 1. For example: when m =64, l (r) =1010101010, Temp = (101010)2=(42)10Looking at Array [42 ]]Whether or not it is 1; wherein, (.)2Representing binary values, (.)10Representing a decimal value.
And step 3: and after receiving the message sent by the RFID label, the RFID reader judges whether the message is a rejection message, and if the message is the rejection message, the current session is ended. If not, the message is treated as a rejection messageRestoring the current session Key Key of the current communication RFID label according to the formula (2)CUR(ii) a Then, look up and Key in background databaseCURKEY of equal valueCURIf the value is found, the KEY is extractedCURCorresponding ID and PCUR(ID) and calculates a temporary variable Temp 'according to formula (3) and then transmits Temp' to the RFID tag; if not found, the Key is searched in the databaseCURKEY of equal valuePREValue, if found, extracted with the KEYPRECorresponding ID and PPRE(ID) and calculates a temporary variable Temp 'according to the bulletin (4), and sends Temp' to the RFID tag; otherwise, the current session is ended.
And 4, step 4: after the RFID tag receives the Temp ' value, the temporary variable Temp ' is calculated through a formula (5), then the Temp ' is compared with the Temp ', if the Temp ' and the Temp ' are equal, the RFID reader-writer is determined to be legal, the RFID tag calculates the temporary variable Temp1 according to a formula (6), and Temp1 and Temp ' are calculated,Andsent to an RFID reader-writer, wherein P (Key)CUR) Representing the effort of a physically unclonable function on KeyCUR,P(PCUR(Id)) means that a physical unclonable function is to be applied to PCUR(Id); and if the conversation is not equal, sending a rejection message to the RFID reader-writer, and ending the current conversation.
And 5: judging whether the message received by the RFID reader-writer is a rejection message, if so, ending the session; otherwise, calculating Temp2 by equation (7); and comparing Temp2 with Temp1, and if Temp2 is not equal to Temp1, determining that the RFID tag is illegal and ending the current session. Otherwise, the RFID label is determined to be legal, and the background database is updated; the update of the background database is divided into 2 cases:
case 1: as in step 3, in KEYCURFind and Key inCURIf equal, the KEY is updatedPREAnd PPRE(ID), let KEYPRE=KEYCUR,PPRE(ID)=PCUR(ID); then, P (KEY) is recovered through the formula (8) and the formula (9)CUR) And P (P)CUR(ID)), KEYCURIs updated to P (KEY)CUR) A 1 is to PCURThe value of (ID) is updated to P (P)CUR(ID));
Case 2: as in step 3, in KEYPREFind and Key inCUREqual value, then KEY is maintainedPREAnd PPRE(ID) is not changed, and then P (KEY) is recovered through the formula (8) and the formula (9)CUR) And P (P)CUR(ID)), KEYCURIs updated to P (KEY)CUR) A 1 is to PCURThe value of (ID) is updated to P (P)CUR(ID));
Step 6: the RFID reader-writer sends an update success message and a KEYCURTo the RFID tag.
And 7: the RFID label receives the update message and sends KeyCURUpdate the value of (to) P (Key)CUR) A 1 is to PCURThe value of (Id) is updated to P (P)CUR(Id)); then reset the Array m in the tag]And (4) finishing updating the RFID tag and passing verification if the values of all the elements are 0.
Through the operation of the steps, the verification process between the RFID label and the RFID reader-writer is completed, and subsequent communication can be carried out through the verified RFID label and the verified RFID reader-writer.
The above detailed description is intended to illustrate the objects, aspects and advantages of the present invention, and it should be understood that the above detailed description is only exemplary of the present invention, and is not intended to limit the scope of the present invention, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (1)

1. A safe, reliable and low-cost RFID bidirectional authentication method is used for performing safety authentication when an RFID label and an RFID reader-writer in an RFID automatic identification system are in wireless communication; the RFID automatic identification system comprises an RFID tag, an RFID reader-writer and a background database; the RFID mutual authentication method is characterized in that: the method comprises the following steps:
(1) embedding a linear feedback shift register and a physical unclonable function in an RFID label; wherein the linear feedback shift register functions to generate a pseudo-random number; the function of the physical unclonable function is to generate a camouflage Id corresponding to the unique identification code Id of the RFID label, so that plaintext transmission of the ID of the RFID label and a secret key is avoided; embedding a random number generator and a linear feedback shift register which is the same as the RFID label in a background database, wherein the random number generator has the function of generating any random number; the linear feedback shift register in the background database also has the function of generating pseudo-random numbers;
(2) initializing the RFID automatic identification system, specifically as follows:
loading a quadruplet { Id, Key in each RFID labelCUR,PCUR(Id),Array[m]Id represents the unique identification code of the RFID tag; key (R)CURA key representing the current session, the initial value of which is an arbitrary random number; pCUR(Id) represents the current camouflage Id of the RFID label, and is generated by a physical unclonable function, and the initial value is a result value obtained by applying the physical unclonable function to the label Id; array [ m ]]The array is an array with the length of m, the initial values of all elements of the array are 0, m is a positive integer, and m is more than or equal to 64;
load a quintuple { ID, KEY in the background databaseCUR,PCUR(ID),KEYPRE,PPRE(ID) }; wherein, the ID represents the unique identification code of the current communication RFID label; KEYCURThe current session key representing the current communication RFID label has the same initial value as the initial session key of the current communication RFID label; pCUR(ID) represents a current masquerading ID of the current communication RFID tag, and the initial value is the same as the initial masquerading ID of the current communication RFID tag; KEYPREThe initial value of the previous session key representing the current communication RFID label is null; pPRE(ID) represents the previous masquerading ID of the currently communicating RFID tag, and the initial value is null;
(3) the verification process between the RFID tag and the RFID reader-writer specifically comprises the following steps:
step 1: a random number generator in a background database generates a random number R and sends the random number R to an RFID reader-writer, and the RFID reader-writer broadcasts the random number R and a communication request to an external RFID label;
step 2: when the RFID tag receives the random number R from the reader-writer andafter the communication request, calculating the value of a temporary variable Temp through a formula (1); then look at Array Temp]Whether or not it is 1; if Array [ temp. ]]If the session number is 1, sending a rejection message to the RFID reader-writer, and ending the current session; otherwise, it willSending to RFID reader and setting Array Temp]1 is ═ 1; wherein,represents an exclusive-or operation, L (-) represents a linear shift register function applied to the parameter in parentheses;
Temp=L(R)%m (1)
wherein Temp is a temporary variable; % is a remainder operation symbol;
and step 3: after receiving the message sent by the RFID label, the RFID reader judges whether the message is a refusal message, if the message is a refusal message, the current session is ended; if not, the message is treated as a rejection messageRestoring the current session Key Key of the current communication RFID label according to the formula (2)CUR(ii) a Then, look up and Key in background databaseCURKEY of equal valueCURIf the value is found, the KEY is extractedCURCorresponding ID and PCUR(ID) and calculates a temporary variable Temp 'according to formula (3) and then transmits Temp' to the RFID tag; if not found, the Key is searched in the databaseCURKEY of equal valuePREValue, if found, extracted with the KEYPRECorresponding ID and PPRE(ID) and calculates a temporary variable Temp 'according to the bulletin (4), and sends Temp' to the RFID tag; otherwise, ending the current session;
<math> <mrow> <msub> <mi>Key</mi> <mi>CUR</mi> </msub> <mo>=</mo> <mrow> <mo>(</mo> <mrow> <mo>(</mo> <msub> <mi>Key</mi> <mi>CUR</mi> </msub> <mo>&CirclePlus;</mo> <mi>L</mi> <mrow> <mo>(</mo> <mi>R</mi> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>L</mi> <mrow> <mo>(</mo> <mi>R</mi> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>2</mn> <mo>)</mo> </mrow> </mrow> </math>
<math> <mrow> <msup> <mi>Temp</mi> <mo>&prime;</mo> </msup> <mo>=</mo> <mrow> <mo>(</mo> <mi>L</mi> <mrow> <mo>(</mo> <mi>R</mi> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>ID</mi> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <msub> <mi>P</mi> <mi>CUR</mi> </msub> <mrow> <mo>(</mo> <mi>ID</mi> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>3</mn> <mo>)</mo> </mrow> </mrow> </math>
wherein Temp' is a temporary variable;
<math> <mrow> <msup> <mi>Temp</mi> <mo>&prime;</mo> </msup> <mo>=</mo> <mrow> <mo>(</mo> <mi>L</mi> <mrow> <mo>(</mo> <mi>R</mi> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>ID</mi> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <msub> <mi>P</mi> <mi>PRE</mi> </msub> <mrow> <mo>(</mo> <mi>ID</mi> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>4</mn> <mo>)</mo> </mrow> </mrow> </math>
and 4, step 4: after the RFID tag receives the Temp ' value, the temporary variable Temp ' is calculated through a formula (5), then the Temp ' is compared with the Temp ', if the Temp ' and the Temp ' are equal, the RFID reader-writer is determined to be legal, the RFID tag calculates the temporary variable Temp1 according to a formula (6), and Temp1 and Temp ' are calculated,Andsent to an RFID reader-writer, wherein P (Key)CUR) Representing the effort of a physically unclonable function on KeyCUR,P(PCUR(Id)) means that a physical unclonable function is to be applied to PCUR(Id); if not, sending a rejection message to the RFID reader-writer, and ending the current session;
<math> <mrow> <msup> <mi>Temp</mi> <mrow> <mo>&prime;</mo> <mo>&prime;</mo> </mrow> </msup> <mo>=</mo> <mrow> <mo>(</mo> <mi>L</mi> <mrow> <mo>(</mo> <mi>R</mi> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>Id</mi> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <msub> <mi>P</mi> <mi>CUR</mi> </msub> <mrow> <mo>(</mo> <mi>Id</mi> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>5</mn> <mo>)</mo> </mrow> </mrow> </math>
wherein Temp "is a temporary variable;
<math> <mrow> <mi>Temp</mi> <mn>1</mn> <mo>=</mo> <msub> <mi>P</mi> <mi>CUR</mi> </msub> <mrow> <mo>(</mo> <mi>Id</mi> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>L</mi> <mrow> <mo>(</mo> <mi>Id</mi> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>6</mn> <mo>)</mo> </mrow> </mrow> </math>
wherein Temp1 is a temporary variable;
and 5: judging whether the message received by the RFID reader-writer is a rejection message, if so, ending the session; otherwise, calculating Temp2 by equation (7); comparing Temp2 with Temp1, if Temp2 is not equal to Temp1, determining that the RFID tag is illegal, and ending the current session; otherwise, the RFID label is determined to be legal, and the background database is updated; the update of the background database is divided into 2 cases:
case 1: as in step 3, in KEYCURFind and Key inCURIf equal, the KEY is updatedPREAnd PPRE(ID), let KEYPRE=KEYCUR,PPRE(ID)=PCUR(ID), and then recovering P (KEY) through the formula (8) and the formula (9)CUR) And P (P)CUR(ID)), KEYCURIs updated to P (KEY)CUR) A 1 is to PCURThe value of (ID) is updated to P (P)CUR(ID));
Case 2: as in step 3, in KEYPREFind and Key inCUREqual value, then KEY is maintainedPREAnd PPRE(ID) is not changed, and then P (KEY) is recovered through the formula (8) and the formula (9)CUR) And P (P)CUR(ID)), KEYCURIs updated to P (KEY)CUR) A 1 is to PCURThe value of (ID) is updated to P (P)CUR(ID));
<math> <mrow> <mi>Temp</mi> <mn>2</mn> <mo>=</mo> <msub> <mi>P</mi> <mi>CUR</mi> </msub> <mrow> <mo>(</mo> <mi>ID</mi> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>L</mi> <mrow> <mo>(</mo> <mi>ID</mi> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>7</mn> <mo>)</mo> </mrow> </mrow> </math>
Wherein Temp2 is a temporary variable;
<math> <mrow> <mi>P</mi> <mrow> <mo>(</mo> <msub> <mi>KEY</mi> <mi>CUR</mi> </msub> <mo>)</mo> </mrow> <mo>=</mo> <mrow> <mo>(</mo> <mi>L</mi> <mrow> <mo>(</mo> <msub> <mi>P</mi> <mi>CUR</mi> </msub> <mrow> <mo>(</mo> <mi>Id</mi> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>P</mi> <mrow> <mo>(</mo> <msub> <mi>Key</mi> <mi>CUR</mi> </msub> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>L</mi> <mrow> <mo>(</mo> <msub> <mi>P</mi> <mi>CUR</mi> </msub> <mrow> <mo>(</mo> <mi>ID</mi> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>8</mn> <mo>)</mo> </mrow> </mrow> </math>
<math> <mrow> <mi>P</mi> <mrow> <mo>(</mo> <msub> <mi>P</mi> <mi>CUR</mi> </msub> <mrow> <mo>(</mo> <mi>ID</mi> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>=</mo> <mrow> <mo>(</mo> <mi>L</mi> <mrow> <mo>(</mo> <mi>P</mi> <mrow> <mo>(</mo> <msub> <mi>Key</mi> <mi>CUR</mi> </msub> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>P</mi> <mrow> <mo>(</mo> <msub> <mi>P</mi> <mi>CUR</mi> </msub> <mrow> <mo>(</mo> <mi>Id</mi> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>&CirclePlus;</mo> <mi>L</mi> <mrow> <mo>(</mo> <mi>P</mi> <mrow> <mo>(</mo> <msub> <mi>KEY</mi> <mi>CUR</mi> </msub> <mo>)</mo> </mrow> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>9</mn> <mo>)</mo> </mrow> </mrow> </math>
step 6: the RFID reader-writer sends an update success message and a KEYCURProviding the RFID label;
and 7: the RFID label receives the update message and sends KeyCURUpdate the value of (to) P (Key)CUR) A 1 is to PCURThe value of (Id) is updated to P (P)CUR(Id)); then reset the Array m in the tag]The value of each element in the RFID tag is 0, the updating of the RFID tag is completed, and the RFID tag passes the verification;
through the operation of the steps, the verification process between the RFID label and the RFID reader-writer is completed, and subsequent communication can be carried out through the verified RFID label and the verified RFID reader-writer.
CN201210390940.7A 2012-10-15 2012-10-15 Safe, reliable and low-cost RFID mutual authentication method Expired - Fee Related CN102916957B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210390940.7A CN102916957B (en) 2012-10-15 2012-10-15 Safe, reliable and low-cost RFID mutual authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210390940.7A CN102916957B (en) 2012-10-15 2012-10-15 Safe, reliable and low-cost RFID mutual authentication method

Publications (2)

Publication Number Publication Date
CN102916957A CN102916957A (en) 2013-02-06
CN102916957B true CN102916957B (en) 2015-03-11

Family

ID=47615191

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210390940.7A Expired - Fee Related CN102916957B (en) 2012-10-15 2012-10-15 Safe, reliable and low-cost RFID mutual authentication method

Country Status (1)

Country Link
CN (1) CN102916957B (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103246903A (en) * 2013-05-10 2013-08-14 智坤(江苏)半导体有限公司 Method for enhancing radio-frequency identification information safety and privacy protection
CN103345690B (en) * 2013-07-19 2019-12-24 中山大学 Anti-counterfeiting method based on RFID and physical unclonable function
CN103905202B (en) * 2014-03-28 2017-07-11 广东工业大学 A kind of RFID lightweight mutual authentication methods based on PUF
CN104333537A (en) * 2014-10-22 2015-02-04 浙江中烟工业有限责任公司 RFID security authentication method based on physical unclonable function
CN105357015B (en) * 2015-12-02 2018-11-30 华北电力大学(保定) A kind of Internet of Things safety certifying method
CN105791317B (en) * 2016-04-29 2018-12-18 广东工业大学 A kind of method that RFID system key wirelessly generates
CN105959101B (en) * 2016-06-29 2019-08-13 广东工业大学 A method of RFID two-way authentication is realized using the unclonable technology of physics
JP7031673B2 (en) * 2017-09-08 2022-03-08 日本電産株式会社 Management system of the transported object, information processing device
CN109756323B (en) * 2017-11-01 2021-09-14 中国电信股份有限公司 Lightweight security authentication method and system, sending end and receiving end
CN108173662B (en) * 2018-02-12 2019-12-24 海信集团有限公司 Equipment authentication method and device
CN109040853A (en) * 2018-09-04 2018-12-18 国微集团(深圳)有限公司 A kind of digital stream media fingerprints watermark protection method and device
CN109245904A (en) * 2018-10-17 2019-01-18 南京航空航天大学 A kind of lightweight car networking system safety certifying method based on PUF
CN111404666B (en) * 2019-01-02 2024-07-05 中国移动通信有限公司研究院 Key generation method, terminal equipment and network equipment
CN110324151B (en) * 2019-06-25 2021-12-31 北京智涵芯宇科技有限公司 PUF (physical unclonable function) and zero knowledge proof based security chip, application method, system and medium
CN110677254B (en) * 2019-09-20 2022-06-10 广州城市职业学院 Ultra-lightweight RFID authentication method
CN115660021B (en) * 2022-12-29 2023-03-21 成都普什信息自动化有限公司 RFID anti-counterfeiting bidirectional authentication reading method and RFID anti-counterfeiting system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101783732A (en) * 2010-03-12 2010-07-21 西安西电捷通无线网络通信股份有限公司 Offline mutual authentication method and system based on pre-shared key
CN102510335A (en) * 2011-11-10 2012-06-20 西北工业大学 RFID (Radio Frequency Identification Device) mutual authentication method based on Hash

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100721520B1 (en) * 2005-11-03 2007-05-23 한국전자통신연구원 Apparatus and Method for Information Protection of RFID System

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101783732A (en) * 2010-03-12 2010-07-21 西安西电捷通无线网络通信股份有限公司 Offline mutual authentication method and system based on pre-shared key
CN102510335A (en) * 2011-11-10 2012-06-20 西北工业大学 RFID (Radio Frequency Identification Device) mutual authentication method based on Hash

Also Published As

Publication number Publication date
CN102916957A (en) 2013-02-06

Similar Documents

Publication Publication Date Title
CN102916957B (en) Safe, reliable and low-cost RFID mutual authentication method
Cho et al. Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (RFID) tag mutual authentication protocol
CN100405386C (en) Safety identification method in radio frequency distinguishing system
Duc et al. Enhancing security of EPCglobal Gen-2 RFID tag against traceability and cloning
CN103795543B (en) A kind of secure two-way authentication method for rfid system
CN101194274B (en) Method and device for increased rfid transmission security
CN104184733B (en) A kind of RFID lightweight mutual authentication methods encoded based on CRC
CN101719830B (en) Method and system of NFC authentication
CN114982197B (en) Authentication method, system and storage medium
CN103957186B (en) Method for effectively transferring label ownership in RFID system
CN105450673A (en) Security protocol authentication method based on mobile RFID system
CN106411505B (en) A kind of mutual authentication method and Mobile RFID system of Mobile RFID
CN102916956A (en) Hash function based RFID (Radio Frequency IDentification) mutual authentication method
CN110190965A (en) A kind of RFID cluster label authentication protocol based on hash function
CN102594550A (en) RFID internal mutual authentication safety protocol based on secret key array
CN101470795B (en) Communication method and apparatus in wireless radio frequency recognition system
CN102043973B (en) RFID ownership transfer method based on partially trusted centre
CN104333539A (en) RFID security authentication method based on Chebyshev mapping
JP2011108228A (en) Method and system for secure rfid communication between noisy reader and communicating object
CN107040363B (en) Lightweight RFID ownership transfer method and system based on chaotic encryption
CN101794402B (en) Wireless ultrahigh-frequency radio-frequency identification system and method thereof for resisting invalid quantity statistical attack
CN104579688A (en) RFID two-way authentication method based on Hash function and capable of updating keys synchronously
Kim et al. MARP: Mobile agent for RFID privacy protection
US20140307871A1 (en) Method for key establishment using anti-collision algorithm
CN109766966B (en) RFID tag random number synchronous updating method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20150311

Termination date: 20161015

CF01 Termination of patent right due to non-payment of annual fee