CN104184733A - RFID lightweight-class bidirectional authentication method based on CRC coding - Google Patents

Abstract

The invention provides an RFID lightweight-class bidirectional authentication method based on CRC coding. The RFID lightweight-class bidirectional authentication method based on CRC coding comprises the steps that a label extracts the inherent CRC code of the label and provides a randomizer, a random number Rr generated by a reader, a random number Rt generated by the label, a label temporary identifier IDT, secret key information K1 and secret key information K2 are encrypted through simple logical operation and CRC coding operation, so that a random cryptograph changing dynamically is generated and is used as identity authentication information of the reader and the label, and then mutual authentication of the reader and the label is achieved. The RFID lightweight-class bidirectional authentication method based on CRC coding is novel, practical and simple, does not need traditional large-scale data encryption or HASH operation and is suitable for an RFID system with limited hardware capability and limited calculation capability; in addition, by the adoption of the RFID lightweight-class bidirectional authentication method based on CRC coding, combination of high privacy safety and low label cost can be well achieved.

Description

A kind of RFID lightweight mutual authentication method based on CRC coding

Technical field

The invention belongs to REID field, relate to the safety certifying method of reader and label in a kind of rfid system.

Background technology

Radio-frequency (RF) identification (Radio Frequency Identification, RFID) be a kind of non-contact automatic identification technology, its principle is to utilize radiofrequency signal to pass through Space Coupling (alternating magnetic field or electromagnetic field) to obtain the related data of identifying destination object.Rfid system is made up of electronic tag, reader and back-end data base conventionally.Reader and back-end data base generally carry out transport communication under the wire message way of safety, are difficult under attack; And reader and label are by wireless channel transport communication, under this wireless transmission environment, the factors such as signal broadcast is limited with label resources easily cause communicating by letter between reader and label be interfered and block, and cause the safe privacy performance of rfid system to be on the hazard.

Now, Chinese scholars has proposed many effective safety authentication protocols for the security of rfid system, is mainly divided into based on physical method and the security mechanism based on cryptography method.Security mechanism based on physical method can solve the safety problem of rfid system to a certain extent, but extra physical equipment and components and parts have not only increased the cost of rfid system, and the flexibility of operation shortage, is unfavorable for applying of RFID technology.Security mechanism based on cryptography method is being subject to people's attention in recent years day by day, and it mainly adopts authentication means and cryptographic algorithm to ensure the communication security between reader and label, can meet preferably the safety requirements of rfid system.

The complexity and the cost size that realize according to the difference of rfid system security requirement, agreement, agreement mainly comprises three classes: weight, middle amount type and light-type agreement.Weight agreement adopts more ripe and safe cryptographic means, is mainly used in the safe field such as finance, military affairs, and label cost is higher.Middle amount type agreement is utilized the hash function computing mechanism of ensuring safety, mainly represent that agreement has: Hash-Lock agreement, randomization Hash-Lock agreement and Hash chain agreement, although it is relatively simple that the conventional logical circuit of Hash function is realized, easily exceed the resource limitation of label.Light-type agreement does not need the participation of Hash function, and this agreement meets EPC Class1Gen2 standard, only needs to adopt the simple operationss such as pseudorandom number generator PRNG and arithmetic logical operation, and its hardware implementation complexity is lower, is applicable to low cost RFID system.

Summary of the invention

The present invention is in order to solve the security in reader and label mutual authentication process; on the basis of rationally security performance, secret protection and the label cost of balance rfid system, utilize cyclic redundancy check (CRC) code (CRC code) computing and simply logical operation the RFID lightweight mutual authentication method (agreement) that a kind of safe key dynamically updates has been proposed.

The present invention shows by GNY logical proof and safety analysis, the present invention has not only improved the security performance of transfer of data communication in rfid system, and greatly reduce the encryption complexity of system and amount of calculation and the traffic of label, meet EPC Class1Gen2 standard, be the light-type authentication method of a low cost and safety simultaneously.

The present invention is achieved through the following technical solutions.

Based on a RFID lightweight mutual authentication method for CRC coding, for safety certification when radio communication between rfid system reader and label, described rfid system comprises reader, electronic tag and background data base, it is characterized in that:

(1) condition stub: suppose that reader and background data base always communicate under the environment of safety, reader and label all have pseudorandom number generator, and can both carry out CRC computing and simple logical operation.

(2) rfid system is carried out to initialization: be first all each tag storage record (IDT, ID, K at back-end data base and tab end ₁, K ₂), wherein ID is the unique identity code of electronic tag, defining its figure place is 64, and it remains unchanged in the verification process of agreement; IDT is the label temporary identifier of 64 that replaces its computing in the verification process of agreement in order to ensure the confidentiality of ID, take turns in verification process every, itself and ID keep one-to-one relationship, and after protocol authentication success, back-end data base and tab end all can synchronously be upgraded it; K ₁, K ₂the cipher key matrix that 1 row 64 of sharing for reader and label is listed as.

(3) mutual authentication process of agreement is mainly divided into 3 stages, as shown in Figure 1, is respectively verification process, label verification process to reader and the renewal process of label interim symbol and cipher key matrix of reader to label.

Concrete authenticating step of the present invention is as follows:

S01: reader produces a random number R _r, and send R to electronic tag _rwith an authentication request order Query.

S02: label is received the Query||R that reader is sent _rafter, first produce a random number R _t, and extract the cipher key matrix K that is stored in self ₁, K ₂and label ID and temporary identifier IDT, then the random number R forwarding in conjunction with reader _rcalculate following equation:

$A=R_t\⊕\mathrm{IDT}\⊕K_1\⊕K_2,$

Obtain after A, B, by B and R _tcarry out XOR, and the result after computing carried out to CRC coding, after end-of-encode again with IDT, K ₁carry out XOR:

$M_1=\mathrm{CRC}(B\⊕R_t)\⊕\mathrm{IDT}\⊕K_1.$

S03: after the cryptographic calculation of tab end finishes, label is by A||IDT||M ₁send to together reader.

S04: reader is received the information A||IDT||M that label sends ₁after, storage information is also transmitted to back-end data base by IDT.

S05: back-end data base is received after the forwarding information IDT of reader, according to IDT search reader and the shared cipher key matrix K of label ₁, K ₂with label ID, and send back to together reader.

S06: reader receives that back-end data base forwards the message K of coming ₁|| ID||K ₂after, first pass through equation ${R_t}^{\′}=A\⊕\mathrm{IDT}\⊕K_1\⊕K_2$ Obtain R _t', then calculate with after calculating, then compare M ₁' and M ₁whether equate, if they are unequal, illustrate that reader, to smart-tag authentication failure, finishes verification process; If equated, reader, to smart-tag authentication success, continues to calculate ${M_2}^{\′}=\mathrm{CRC}(C^{\′}\⊕{R_t}^{\′})\⊕\mathrm{IDT}.$

S07: reader calculated M ₂' after, be transmitted to label.

S08: label receives M ₂' after, calculate $M_2=\mathrm{CRC}(C\⊕R_t)\⊕\mathrm{IDT},$ And comparison M ₂and M ₂'.If both are unequal, represent that label, to reader authentification failure, stops verification process; If both equate, represent the mutual authentication success of reader and label, finish verification process, simultaneously the cipher key matrix K of tab end ₁, K ₂and label temporary identifier IDT carries out following renewal:

S09: after the mutual authentication success of reader and label, label sends authentication success order success to reader.

S10: reader is received after success order, the random number R that self is produced _rwith the label random number R calculating _tsend to together back-end data base.

S11: back-end data base receives the R that reader sends _r|| R _tafter, the K that self is stored ₁, K ₂and label temporary identifier IDT upgrades according to three of S08 equatioies, make the K of itself and tab end ₁, K ₂, IDT keeps synchronous.

RFID lightweight mutual authentication method based on CRC coding of the present invention, is characterized in that: label only need extract self intrinsic CRC code and randomizer is provided, and utilizes simple logical operation and the computing of CRC coding, by random number R _rand R _t, label temporary identifier IDT and key information K ₁and K ₂be encrypted and generate the ciphertext that stochastic and dynamic changes, the authentication information using this as label.The inventive method does not need to encrypt or HASH computing by traditional large-scale data, thereby reaches encryption effect of lightweight, guarantees to have feasibility in hardware or the limited rfid system of computing capability.

RFID lightweight mutual authentication method based on CRC coding of the present invention, is characterized in that the authentication of first reader to label, passes through M ₁' and M ₁relatively judged and realized.And label is also synchronously followed the tracks of certification to reader, pass through M ₂and M ₂' relatively judged and realize.The present invention can realize the two-way authentication between rfid system reader and the label based on CRC coding.

Feature of the present invention is:

(1) certification mutually: from the certification implementation of agreement, first reader judges the legitimacy of label by receiving the information of label transmission at S06, after success identity label, send M to label ₂'.After label receipt message, confirm whether the message that reader sends is distorted by attack, thereby realize the certification of label to reader, complete the two-way authentication between reader and label, prevent assailant's unauthorized access, increase the reliability of RFID New Deal.

(2) eavesdropping is attacked: although the radio communication channel between reader of the present invention and label is unsafe, reader only has 4 times with the number of times that label is communicated by letter in each mutual authentication process, and only has random number R _rbe to transmit with clear-text way with label temporary identifier IDT, other the communication information is all transmitted with cipher mode.Even if assailant has intercepted the random number R that reader sends _r, label temporary identifier IDT and encrypt after information, also cannot restore ID, cipher key matrix and other Useful Informations of label, therefore the leakage of these information cannot form security threat to New Deal in this paper, thereby avoids eavesdropping to attack.

(3) replay attack: the new authentication method proposing for the present invention, replay attack mainly comprises two kinds: the illegal assailant of the first reader that disguises oneself as, retransmits the authentication information M of reader to label ₂'; It two is the illegal assailant labels that disguise oneself as, and retransmits the authentication information M of label to reader ₁.Owing to participating in authentication information M ₁, M ₂' calculate random number R _t, R _r, label temporary identifier IDT and key information K ₁, K ₂after finishing, each certification all can synchronously be upgraded, so even if assailant has eavesdropped all message and resend, also cannot be by the checking of reader and label.Therefore new agreement can effectively be avoided replay attack.

(4) replication attacks: replication attacks refers to that assailant intercepts and captures and analyze the response message of legal label, thus be forged into legal electronic tag to obtain illegal economic interests etc.In the verification process proposing in the present invention, even if assailant has stolen message A, IDT, M in certain reciprocal process ₁, M ₂', can not obtain the information such as ID, cipher key matrix of label by analyzing these message, can not infer that label is next time about to send to the information of reader, thereby explanation the present invention can successfully resist replication attacks.

(5) asynchronous attack: asynchronous attack refers to that assailant is by destroying the key updating information of reader and label, makes its shared key difference cause protocol authentication failure.Mainly contain two kinds for asynchronous attack of the present invention: a kind of is the random number R that amendment label sends to reader _t, by amendment R _tmake IDT, the K at reader and label two ends ₁, K ₂be worth not identical, due to R of the present invention _tnot to send with plaintext form, so assailant is difficult to distort its value; Another kind is that assailant is by tackling the response message of label, make the renewal of back-end data base key value prior to label, but because just carry out after the mutual authentication success of agreement finishes in more new capital of back-end data base of the present invention and label key information, so after the response message of label is blocked, back-end data base will continue the old key value of storage until authentication success next time, so this attack pattern is also infeasible.Therefore, the present invention can effectively resist asynchronous attack.

Beneficial effect of the present invention comprises:

(1) low label cost: tab end has only adopted self intrinsic CRC check function.

(2) simplified the computing cost of rfid system: label with the communication interaction process of reader in, only adopt exclusive disjunction, with the simple logical operation such as computing and XOR.

(3) traffic is few: between reader and label, only have wireless interaction four times, be applicable to passivity and the mutual Authentication Design requirement of rfid system of low cost label, so the interaction times between reader of the present invention and label reaches and minimizes.

(4) variable of required storage is few: due in verification process, and the A in label and M ₁be concurrent operation, the result after calculating does not need to be stored in label, so only need to store ID, IDT, K in label ₁, K ₂, R _tand the result M of computing in verification process ₂' and M ₂.

(5) memory space taking is little: variable IDT, K that two-way authentication relates to ₁, K ₂, R _t, M ₂' and M ₂in the user storage area of label, shared capacity is 6*64=384bits, 18.75% of the RFID tagging user memory block headspace that the model that accounts for the production of TI company is TI2048, therefore, tag storage amount required for the present invention is less, meets the memory requirement of electronic tag.

In order more clearly to contrast the security performance of the present invention and existing RFID light-type authentication protocol, table 1 has carried out detailed comparison from safe privacy aspect of performances such as eavesdropping attack, certification mutually, replay attacks.Wherein: √ presentation protocol meets this index; × presentation protocol does not meet this index.

The fail safe comparison of several light-type agreements of table 1

Brief description of the drawings

Fig. 1 is the RFID bidirectional identification protocol process that the present invention proposes.Wherein: ID: be the unique identity code of electronic tag; IDT: a label temporary identifier that replaces ID computing; K ₁and K ₂: be reader and the shared cipher key matrix of label; R _r: the random number that reader produces; R _t: the random number that label produces; ⊕: binary system XOR.

Embodiment

Agreement of the present invention comprises that system initialization, certification mutually, key information upgrade three phases, are now described below the concrete reciprocal process between background data base, reader, label in agreement:

One, rfid system initialization

When rfid system initialization, be that globally unique length of each label distribution is the Identity Code ID of 64 by server or manufacturer, and 64 label temporary identifier IDT that replace its computing in order to ensure the confidentiality of ID, and the cipher key matrix K that is listed as of 1 row 64 ₁, K ₂.Meanwhile, in back-end data base, record the unique identification code ID of label and with the IDT of its maintenance one-to-one relationship and shared cipher key matrix K ₁, K ₂, subsequently, label is attached on object to be identified.

Two, system authentication process

As shown in Figure 1, step is as follows for rfid system safety certification process:

(1) reader sends inquiry request (Reader → Tag): first reader generates random number R _r, and send R to electronic tag _rwith an authentication request order Query.

(2) certification of reader to label:

1. (Tag → Reader → Server): label is received the Query||R that read write line is sent _rafter, first extract the key information K that is stored in self ₁, K ₂and label ID and temporary identifier IDT, generate random number R _t, then calculate: $A=R_t\⊕\mathrm{IDT}\⊕K_1\⊕K_2,$ $M_1=\mathrm{CRC}(B\⊕R_t)\⊕\mathrm{IDT}\⊕K_1.$ After calculating finishes, label is by A||IDT||M ₁send to together reader, reader receives after information, and storage information is also transmitted to back-end data base by IDT.

2. (Server → Reader): back-end data base is received after the forwarding information IDT of reader, according to IDT search reader and the shared cipher key matrix K of label ₁, K ₂with label ID, and send back to together reader.

3. Reader: reader receives that back-end data base forwards the message K of coming ₁|| ID||K ₂after, first pass through equation ${R_t}^{\′}=A\⊕\mathrm{IDT}\⊕K_1\⊕K_2$ Obtain R _t', then calculate ${M_1}^{\′}=\mathrm{CRC}(B^{\′}\⊕{R_t}^{\′})\⊕\mathrm{IDT}\⊕K_1,$ After calculating finishes, relatively M ₁' and M ₁whether equate, if they are unequal, illustrate that reader, to smart-tag authentication failure, finishes verification process; If equated, reader, to smart-tag authentication success, continues to calculate ${M_2}^{\′}=\mathrm{CRC}(C^{\′}\⊕{R_t}^{\′})\⊕\mathrm{IDT}.$

(3) certification of label to reader:

1. (Reader → Tag): the complete M of reader calculated ₂' after, be transmitted to label.

2. Tag: label receives M ₂' after, calculate $M_2=\mathrm{CRC}(C\⊕R_t)\⊕\mathrm{IDT},$ And comparison M ₂and M ₂'.If both are unequal, represent that label, to reader authentification failure, stops verification process; If both equate, represent the mutual authentication success of reader and label, finish verification process.

Three, key updating process:

1. (Tag → Reader): after the mutual authentication success of reader and label, label sends authentication success order success to reader, then carries out the renewal of key information according to following equation:

2. (Reader → Server): reader is received after success order, the random number R that self is produced _rwith the label random number R calculating _tsend to together back-end data base.

3. Server: back-end data base receives after the random number of reader transmission, the K that self is stored ₁, K ₂and label temporary identifier IDT upgrades according to three equatioies 1. in key updating process, make the K of itself and tab end ₁, K ₂, IDT keeps synchronous.

By above-mentioned operating process, complete the mutual authentication process between reader and label in rfid system, after authentication success, reader and label can carry out follow-up other and communicate by letter.

The present invention is in the security performance of reasonable balance rfid system, on the basis of secret protection and label cost, the RFID lightweight bidirectional identification protocol that a kind of safe key dynamically updates is proposed, reader utilizes the cyclic redundancy check (CRC) code that hardware implementation complexity is lower (CRC code) computing to intercom mutually with simple logical operation with label, meet EPC global C1G2 standard completely, there is low label cost, low carrying cost, low communication cost, algorithm is novel simple, be easy to the features such as realization, be applicable to low cost and there is the rfid system of higher safe privacy demand.

Claims (2)

1. the RFID lightweight mutual authentication method based on CRC coding, is characterized in that first rfid system being carried out to initialization: be all each tag storage record (IDT, ID, K at back-end data base and tab end ₁, K ₂), wherein ID is the unique identity code of electronic tag, defining its figure place is 64, and it remains unchanged in verification process; IDT is the label temporary identifier of 64 that replaces its computing in verification process in order to ensure the confidentiality of ID, take turns in verification process every, itself and ID keep one-to-one relationship, and after protocol authentication success, back-end data base and tab end all can synchronously be upgraded it; K ₁, K ₂the cipher key matrix that 1 row 64 of sharing for reader and label is listed as; Its authenticating step is as follows:

S01: reader produces a random number R _r, and send R to electronic tag _rwith an authentication request order Query;

S02: label is received the Query||R that reader is sent _rafter, first produce a random number R _t, and extract the cipher key matrix K that is stored in self ₁, K ₂and label ID and temporary identifier IDT, then the random number R forwarding in conjunction with reader _rcalculate following equation:

$A=R_t\⊕\mathrm{IDT}\⊕K_1\⊕K_2,$

Obtain after A, B, by B and R _tcarry out XOR, and the result after computing carried out to CRC coding, after end-of-encode again with IDT, K ₁carry out XOR:

$M_1=\mathrm{CRC}(B\⊕R_t)\⊕\mathrm{IDT}\⊕K_1;$

S03: after the cryptographic calculation of tab end finishes, label is by A||IDT||M ₁send to together reader;

S04: reader is received the information A||IDT||M that label sends ₁after, storage information is also transmitted to back-end data base by IDT;

S05: back-end data base is received after the forwarding information IDT of reader, according to IDT search reader and the shared cipher key matrix K of label ₁, K ₂with label ID, and send back to together reader;

S06: reader receives that back-end data base forwards the message K of coming ₁|| ID||K ₂after, first pass through equation ${R_t}^{\′}=A\⊕\mathrm{IDT}\⊕K_1\⊕K_2$ Obtain R _t', then calculate with after calculating, then compare M ₁' and M ₁whether equate, if they are unequal, illustrate that reader, to smart-tag authentication failure, finishes verification process; If equated, reader, to smart-tag authentication success, continues to calculate ${M_2}^{\′}=\mathrm{CRC}(C^{\′}\⊕{R_t}^{\′})\⊕\mathrm{IDT};$

S07: reader calculated M ₂' after, be transmitted to label;

S08: label receives M ₂' after, calculate $M_2=\mathrm{CRC}(C\⊕R_t)\⊕\mathrm{IDT},$ And comparison M ₂and M ₂'; If both are unequal, represent that label, to reader authentification failure, stops verification process; If both equate, represent the mutual authentication success of reader and label, finish verification process, cipher key matrix K1, K2 and the label temporary identifier IDT of tab end carry out following renewal simultaneously:

S09: after the mutual authentication success of reader and label, label sends authentication success order success to reader;

S10: reader is received after success order, the random number R that self is produced _rwith the label random number R calculating _tsend to together back-end data base;

S11: back-end data base receives the R that reader sends _r|| R _tafter, the K that self is stored ₁, K ₂and label temporary identifier IDT upgrades according to three of S08 equatioies, make the K of itself and tab end ₁, K ₂, IDT keeps synchronous.

2. the RFID lightweight mutual authentication method based on CRC coding according to claim 1, is characterized in that: label only need extract self intrinsic CRC code and randomizer is provided, and utilizes simple logical operation and the computing of CRC coding, by random number R _rand R _t, label temporary identifier IDT and key information K ₁and K ₂be encrypted and generate the ciphertext that stochastic and dynamic changes, the authentication information using this as label.