A kind ofly resist identification and show stolen RFID mutual authentication method
Technical field
The present invention relates to a kind of secure two-way authentication method for RFID automatic recognition system, the stolen huge potential safety hazard caused to system of identification table can be prevented, belong to communication technical field.
Background technology
Radio-frequency (RF) identification (Radio Frequency Identification – RFID) is that one utilizes radiofrequency signal and Space Coupling (inductance or electromagnetic coupled) transmission characteristic, realizes contactless automatic identification destination object and obtains the technology of related data.RFID technique can improve the efficiency of management of product, reduce management cost, but RFID initial application design be wide-open, this technology also makes the information wirelessly transmitted be exposed in public providing to system data acquisition flexibly and easily while, and this is undoubtedly the significant threat of information security.
A rfid system comprises three major parts usually: RFID label tag, rfid interrogator and back-end data base.RFID label tag comprises unique identifier---ID, key and some parameters, the information of the usual in store label of back-end data base and the information of label institute marker.Assailant's attacking system is not merely the ID obtaining label, and the information such as key, the more important thing is the corresponding relation obtaining label and marker.Therefore this corresponding relation is protected to be the important content ensured information security.
At present, the settlement mechanism of rfid system information security can be divided into two large classes: a class is Physics Security Tragedy, this security mechanism mainly relies on additional equipment or hardware capability to solve the safety problem of rfid system, as electrostatic screen, active interference, clip tag etc.; Equations of The Second Kind is cipher mechanism, mainly solves rfid system safety problem by the security protocol based on cryptographic technique.
Compared with the hardware security mechanism of physically based deformation method, realize cryptographic algorithm in circuit more flexible, and advantage of lower cost, therefore receive people based on the software safety mechanism of cryptographic technique more to favor, domestic and international many scholars are adopting based on the security protocol of cryptographic technique having been done a lot of work, propose a lot of scheme, but what existing scheme was more focused on protecting is message between label and read write line, and pay close attention to less to the protection of back-end server data, once the identification table in order to identification label that back-end server is preserved is lost, the whole label tape that will grasp to system carry out risk, this risk is globality.Read while write device and only act as the bridge beam action communicated between back-end server with label, control to lack necessary measure to the use of read write line.Therefore, existing agreement can not eliminate stolen the brought risk of the information of label information that back-end server preserves and label institute marker, also needs research further and improves.
Summary of the invention
The object of the invention is to the drawback for prior art, provide a kind of and resist identification and show stolen RFID mutual authentication method, to solve the information security issue of rfid system.
Problem of the present invention realizes with following technical proposals:
Resist identification and show a stolen RFID mutual authentication method, rfid system is divided into RFID label tag, rfid interrogator and back-end data base by an actuating logic and runs in such a system, time initial, RFID label tag preserves its unique identifier ID and cipher key T; Back-end data base except use symmetric cryptography function encrypting preserve the unique identifier ID ' of label and cipher key T ', make ID ≠ ID', T ≠ T ', preserve the information of the corresponding recognizate of label in addition, form the identification table to label, described symmetric cryptography function E () meets: ID '=E (ID) XOR Ku, T=E (T) XOR Ku, Ku is the parameter that user holds, during read write line read write tag, need receiving parameter Ku, realize the two-way authentication to label by this parameter sum functions E ().
The RFID mutual authentication method that above-mentioned opposing identification table is stolen, specifically carries out according to the following steps:
A. initialization
The label data < EID that Back end data library storage manages
i, ET
i, ET
oldi, Info
i>, i=1,2 ... the label number that n, n manage for back-end data base, ET
old, be the data that the RFID label tag last time uses, Info is the information of RFID label tag institute marking articles;
<ID is stored in label i
i, T
i>, i ∈ 1,2 ... n}
ID
i, T
iwith EID
i, ET
ipass be:
EID
i = E (ID
i)
Ku, ID
i= E
-1(EID
i)
Ku
ET
i= E (T
i) , T
i= E
-1(ET
i)
Wherein E () is a kind of cryptographic algorithm, E
-1() is decipherment algorithm, and the key used is dk, and in back-end server, safety is preserved; Ku is the parameter that user holds;
for XOR (XOR) computing;
B. the identification of RFID label tag
1. user's input parameter Ku is to rfid interrogator;
2. rfid interrogator is by an Arbitrary Digit R
rsend to RFID label tag;
3., after RFID label tag receives the read-write requests of rfid interrogator, oneself produces a random number R
t, be calculated as follows response message M afterwards
1, M
2and they are sent:
M
1=T
R
t,
M
2=f (T
R
r, R
t)
ID ,
Wherein, f () is another symmetric cryptography function;
4., after rfid interrogator receives the response message of RFID label tag, operation parameter Ku is to M
2do following computing:
M
2= M
2 Ku
Afterwards by M
1, M
2together with R
rback-end data base is sent to judge;
5. back-end data base does following calculating for each stored label information:
ID'=E
-1(EID )
T'=E
-1(ET)
R
t'=M
1 T
Checking:
M
2=f (T'
R
r, R'
t)
ID (1a)
Whether set up;
If be false, calculate:
T'
old=E
-1(ET
old)
R
t'=M
1 T
old
Checking:
M
2 =f (T'
old R
r, R'
t)
ID (1b)
Whether set up;
If (1a) be all false with (1b), then RFID label tag is not by certification, and verification process stops;
If there is (1a) or (1b) to set up, then represent that back-end data base finds the information of mark Echo Tag, prepare a message M afterwards
3:
M
3 = f (T', R'
t R
r)
ID'
Back-end data base performs renewal rewards theory subsequently, if (1a) sets up, then upgrades:
ET
old=ET
No matter (1a) sets up or (1b) establishment, all upgrades:
T
new= f (ID
R
r, T'
R'
t)
ET
new=E(T
new)
Wherein T
new, ET
newfor the data that label certification next time uses.
Then back-end data base is by M
3send to read write line;
6. read write line calculates
M
3 = M
3 Ku
By M
3send to RFID label tag;
7. label checking
M
3 = f (T, R
t R
r)
ID
If set up, then upgrade
T
new=f (ID
r
r, T
r
t) and complete verification process,
Otherwise verification process stops.
The present invention is provided with double shielding to identification table, and one is be encrypted identification table; Two be by parameters cut off the data of preserving in identification table and label preserve the direct corresponding relation of data, so just effectively prevent because of the stolen huge potential potential safety hazard to system generation of identification table.
Accompanying drawing explanation
Below in conjunction with accompanying drawing, the invention will be further described.
Fig. 1 is flow chart of data processing figure of the present invention.
In figure, each symbol is: M
1, M
2, M
3for message,
for believable message,
for incredible message,
for XOR.
In literary composition, each symbol is: Ku is the parameter that user holds, and ID is the unique identifier of RFID label tag, and T is the key of RFID label tag, ID
ibe the unique identifier of i-th RFID label tag, T
ibe the key of i-th RFID label tag, Info is the information of label institute marking articles, and E () is a kind of cryptographic algorithm, E
-1() is decipherment algorithm, and its key is dk, and in back-end server, safety is preserved and uses, R
rfor the number of initiating to inquire about to label that rfid interrogator produces, R
tfor RFID label tag produces a random number, f () is a symmetric cryptography function.
Embodiment
The present invention proposes the mutual authentication method between a kind of RFID label tag and read write line, relative to additive method, and the risk that this method can prevent the information of the label information because back-end server keeps and label institute marker stolen brought.
Concrete steps are:
1. initialization
The label data < EID that Back end data library storage manages
i, ET
i, ET
oldi, Info
i>, i=1,2 ... the label number that n, n manage for back-end data base, ET
old, be the data that the label last time uses, Info is the information of label institute marking articles.
<ID is stored in label i
i, T
i>, i ∈ 1,2 ... n}
ID
i, T
iand EID
i, ET
ipass is:
EID
i= E (ID
i)
Ku, ID
i= E
-1(EID
i)
Ku
ET
i= E (T
i) , T
i= E
-1(ET
i)
Read write line needs to carry out the work such as safety certification when connecting back-end server, sets up the escape way of believable Message Transmission.
2. identify
Step 0: prepare before running.User's input parameter Ku is to read write line.
Step 1:RFID read write line is by an Arbitrary Digit R
rsend to RFID label tag.
Step 2: after label receives the read-write requests of read write line, oneself produces a random number R
t, calculate response message M afterwards
1, M
2and they are sent:
M
1=T
R
t
M
2=f (T
R
r, R
t)
ID
Step 3: after read write line receives the message of the response of label, operation parameter Ku is to M
2do following computing:
M
2= M
2 Ku
Afterwards by M
1, M
2together with R
rback-end data base is sent to judge.
Step 4: back-end data base does following calculating for each stored label information:
ID'=E
-1(EID )
T'=E
-1(ET)
R
t'=M
1 T
Checking:
M
2=f(T'
R
r,R'
t)
ID (1a)
Whether set up.
If be false, calculate:
T'
old=E
-1(ET
old)
R
t'=M
1 T
old
Checking:
M
2=f (T'
old R
r, R'
t)
ID (1b)
Whether set up.
If (1a) be all false with (1b), then RFID label tag is not by certification, and verification process stops;
If there is (1a) or (1b) to set up, then represent that back-end data base finds the information of mark Echo Tag, prepare a message M afterwards
3:
M
3= f (T', R'
t R
r)
ID'
Back-end data base performs renewal rewards theory subsequently, if (1a) sets up, then upgrades:
ET
old=ET
No matter (1a) sets up or (1b) establishment, all upgrades:
T
new= f (ID
R
r, T'
R'
t)
ET
new=E(T
new)
Then back-end data base is by M
3send to read write line.
Step 5: read write line calculates
M
3 = M
3 Ku
By M
3send to label.
Step 6: label is verified
M
3 = f (T, R
t R
r)
ID
If set up, then upgrade
T
new = f (ID
R
r, T
R
t)
And complete process; Else process stops.