CN104883681B - A kind of mobile RFID mutual authentication method based on Dynamic-shared key - Google Patents

A kind of mobile RFID mutual authentication method based on Dynamic-shared key Download PDF

Info

Publication number
CN104883681B
CN104883681B CN201510222060.2A CN201510222060A CN104883681B CN 104883681 B CN104883681 B CN 104883681B CN 201510222060 A CN201510222060 A CN 201510222060A CN 104883681 B CN104883681 B CN 104883681B
Authority
CN
China
Prior art keywords
reader
label
tag
shared key
tables
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201510222060.2A
Other languages
Chinese (zh)
Other versions
CN104883681A (en
Inventor
王国伟
张敏
郭海儒
薛曼君
彭维平
贾宗璞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Henan University of Technology
Original Assignee
Henan University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Henan University of Technology filed Critical Henan University of Technology
Priority to CN201510222060.2A priority Critical patent/CN104883681B/en
Publication of CN104883681A publication Critical patent/CN104883681A/en
Application granted granted Critical
Publication of CN104883681B publication Critical patent/CN104883681B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of mutual authentication method of the stochastic and dynamic shared key for mobile wireless radio frequency identification, stationary problem for the Dynamic-shared key security update for solving to face in radio frequency identification authentication method and after being attacked and other security threats being subject to.Technical solution improves tradition and only carries out identity authentication method using random number, not only make the random number that label produces as the parameter being mutually authenticated between label and background data base, it is updated the seed of shared key as background data base, reader and label dynamic, realize shared key safety and stochastic and dynamic renewal;Scheme uses the method that background data base divides table storage history shared key to go forward side by side Mobile state addition and deletion, ensures make the holding of the shared key between reader, label and background data base synchronous after being attacked.The present invention can take precautions against the multinomial security attack for mobile RFID system, and have very high efficiency in terms of crucial tag performance.

Description

A kind of mobile RFID mutual authentication method based on Dynamic-shared key
Technical field
It is related based on motor-driven more particularly to mobile wireless radio frequency identification the present invention relates to radio RF recognition technology The safety certifying method of state shared key.
Background technology
Radio frequency identification (Radio Frequency Identification, RFID) is the Key Implementation skill of Internet of Things One of art.RFID is while promoting Internet of Things fast-developing with serious security threat, the aspect of most important one two It is authentication and secret protection.In mobile RFID system, move reader and background data base, removable reader with Communicate between label in a manner of wireless signal in unsafe open channel.Therefore the safety that mobile RFID system faces Risk also more serious and variation.
In the authentication method that at home and abroad scholar proposes, most of be designed for traditional RFID system, these Method is not applied for reader by fixed reader wired connection background data base and premised on securely communicating The mobile RFID system of insecure communication is carried out in a manner of wireless signal with background data base.In mobile RFID authentication method, Cipher key management difficult can effectively be solved the problems, such as using the mechanism of dynamic renewal shared key, but it is extremely important there are one Data synchronization problems:The label key preserved in background data base must carry out more with the key synchronization of storage in the label Newly.But in RFID system, inexpensive label is by external electromagnetic sensing supply energy, once there is power down or communication resistance Plug, the shared key that will result between background data base and label are inconsistent so that the legal mark in verification process next time Label can not pass through certification and identification.In addition, if the parameter of renewal shared key does not have confidentiality so that uneasy by intercepting and capturing The data transmitted in full tunnel and then the key after renewal is calculated, then the risk that key can be brought to leak.Therefore, the peace of key Full synchronized update and the synchronization mechanism after being attacked become the problem of such mobile RFID authentication protocol.
Current authentication method can only take precautions against desynchronization attack to a certain extent, and cannot take precautions against to recur and exceed The desynchronization attack of more than 2 times;Authentication method also, which is worked as, forges label and corresponding legitimate tag in reader wireless communication When in number coverage, opponent, which can be forged label by the third party of forgery and cheat legal reader, unlock and show legitimate tag Information, therefore label cannot be taken precautions against and forged and there are man-in-the-middle attack and Replay Attack loophole, label forgery can not be taken precautions against And Replay Attack.
The content of the invention
To solve thoroughly take precautions against desynchronization attack in the mobile RFID authentication method using Dynamic-shared key, moving State shared key can not security update problem, and be subject to various security attack problems, the present invention proposes a kind of based on dynamic The mobile RFID mutual authentication method of shared key, while the security attack for mobile RFID is taken precautions against, has higher Tag performance.
To achieve the above objectives, the technical solution adopted by the present invention is as follows:
First, initial phase:Back-end data lab setting four opens tables of data and is used to store label and reader and back-end data Tag ID, current shared are stored in the current information table Tag_c_au of the shared key and identification information in storehouse, wherein label The Hash codes of key, tag ID using current key as parameter;Tag ID, label are stored in the history information table Tag_h_au of label The Hash codes of history shared key, tag ID using history shared key as parameter;In reader current information table Reader_c_au Store reader identity and current key;Reader identity is stored in reader history information table Reader_h_au With history key;Storage and the shared key of background data base in each label, and comprising an One-way Hash function and it is pseudo- with Machine number maker;Reader stores and the shared key of background data base, and is given birth to comprising same Hash functions and pseudo random number Grow up to be a useful person;
2nd, authentication phase:
The first step:Reader sends certification request Query to label;
Second step:Label produces random number StAnd calculate one-way Hash functionAnd pseudo random numberThen willWithIt is sent to reader, wherein IDtIdentified for the ID of label,For the current shared key of label and background data base,Shared key after being updated for label and background data base, For the current shared key of reader and background data base;
3rd step:Reader generation random number Sr, calculateThen will And SrAndIt is sent to background data base, wherein IDrIdentified for the ID of reader,;
4th step:Background data base is respectively authenticated reader and label;
1) reader authentication:The S that background data base traversal Reader_c_au tables of data and basis receiverCalculate eachThen and receiveIt is compared, if existing unanimously, reader passes through certification;If no There are consistent, then travel through Reader_h_au tables of data calculate it is eachAnd and receiveCarry out Compare, if existing unanimously, reader passes through certification;Unanimous circumstances are not present if traveling through twice, reader is illegal, recognizes Card failure;
2) smart-tag authentication:In reader authentication in the case of, background data base according toInquire about Tag_c_au Tables of data:(1) if Tag_c_au tables inquire as a result, if take outThen and receiveCarry out XOR operation, It can obtainThen carry outComputing, and and receiveIt is compared, if unanimously, Then label is by certification, if inconsistent, label is illegal, and certification terminates;(2) if being inquired about in Tag_c_au tables of data less than knot Fruit, then travel through Tag_h_au tables of data and inquired about, if inquired as a result, taking outThen carry out WithComputing, and and receiveIt is compared, if unanimously, label is by certification, if inconsistent, Then label is illegal, and certification terminates;If 3) inquired about less than as a result, care label is illegal in Tag_c_au tables and Tag_c_au tables, Authentification failure;
3) in the case where reader and label are by certification:
(1) background data base calculatesAnd by ID in Reader_c_aurCorresponding current shared key It is updated toBackground data base is carried out according to the derived data table that comparison of coherence is carried out during the 4th step reader authentication Judge and operate:If Reader_c_au tables of data, then background data base deletes the reading in Reader_h_au tables of data The corresponding data of device, then willAnd IDrIt is added in Reader_h_au tables of data;If Reader_h_au tables of data, Then any operation is not carried out to Reader_h_au tables of data;
(2) background data base calculatesAnd by ID in Tag_c_autCorresponding current shared key is more It is newlyThe Hash codes of tag ID are updated toThen according to inquiring ID during the 4th step smart-tag authenticationt Source data table is judged and is calculated:If Tag_c_au tables of data, background data base is deleted should in Tag_h_au tables of data The corresponding data of label, then willIDtWithIt is added in Tag_h_au tables of data;If Tag_h_au data Table, then do not carry out any operation to Tag_h_au tables of data;
4) background data base uses the shared key with readerComputations symmetric encipherment algorithmSo Afterwards willWithIt is transmitted to reader;
5th step:Reader uses what is received with the decryption of the shared key of background data baseCalculateThen according to the S of acquisitionrWith original random number SrIt is compared, if unanimously, background data base leads to Certification is crossed, reader uses the S obtainedtUpdate shared keyThen sendTo mark Label;If less consistent, authentification failure.
6th step:After label receives data, calculateAnd and receiveCompared Compared with, if less consistent, authentification failure;If consistent, reader is legal, tag update shared key Beneficial effect of the present invention:
After applying the present invention, in certification, location tracking, Replay Attack, desynchronization for RFID system can be taken precautions against The multinomial security threat such as attack, man-in-the-middle attack, makes up safety defect existing for similar RFID authentication method.
In addition, the present invention can also realize shared key stochastic and dynamic security update, and cannot be by verification process Data are derived, and label efficiency performance is more preferable.
Brief description of the drawings
Fig. 1 is the certification basic flow chart of the present invention.
Embodiment
Symbol description
1 symbol description of table
The present invention is described in further detail below in conjunction with attached drawing.
Initial phase:During system initialization, back-end data lab setting four opens tables of data and is used to store label and reader With the shared key and identification information of background data base.Label is stored in the wherein current information table Tag_c_au of label The Hash codes of ID, current shared key, tag ID using current key as parameter;Stored in the history information table Tag_h_au of label The Hash codes of tag ID, label history shared key, tag ID using history shared key as parameter;Reader current information table Reader identity and current key are stored in Reader_c_au;Store and read in reader history information table Reader_h_au Read device identity and history key.Storage and the shared key of background data base in each label, and it is unidirectional comprising one Hash functions and pseudo-random number generator;Reader stores and the shared key of background data base, and includes same Hash letters Number and pseudo-random number generator.
Authentication phase:
The first step:Reader sends certification request Query to label.
Second step:Label produces random number StAnd calculateWithThen will WithIt is sent to reader.
3rd step:Reader generation random number Sr, calculateThen will And SrAndIt is sent to background data base.
4th step:Background data base is respectively authenticated reader and label.
1) reader authentication:The S that background data base traversal Reader_c_au tables of data and basis receiverCalculate eachThen and receiveIt is compared, if existing unanimously, reader passes through certification;If do not deposit Consistent, then travel through Reader_h_au tables of data calculate it is eachAnd and receiveCompared Compared with if existing unanimously, reader passes through certification;Unanimous circumstances are not present if traveling through twice, reader is illegal, certification Failure.
2) smart-tag authentication:In reader authentication in the case of, background data base according toTravel through Tag_c_au Tables of data is inquired about:(1) if being inquired in Tag_c_au tables as a result, taking outThen and receiveCarry out different Or computing, it can obtainThen carry outComputing, and and receiveIt is compared, if one Cause, then label is by certification, if inconsistent, label is illegal, and certification terminates.(2) if Tag_c_au tables of data inquiry less than As a result, then traversal Tag_h_au tables of data is inquired about, if inquired as a result, taking outThen carry out WithComputing, and and receiveIt is compared, if unanimously, label is by certification, if inconsistent, Then label is illegal, and certification terminates.If 3) inquired about less than as a result, care label is illegal in Tag_c_au tables and Tag_c_au tables, Authentification failure.
3) in the case where reader and label are by certification:
(1) background data base calculatesAnd by ID in Reader_c_aurCorresponding current shared key It is updated toThen, background data base is according to the derived data table that comparison of coherence is carried out during the 4th step reader authentication Judged and operated:If Reader_c_au tables of data, then background data base is deleted in Reader_h_au tables of data and is somebody's turn to do The corresponding data of reader, then willAnd IDrIt is added in Reader_h_au tables of data;If Reader_h_au data Table, then do not carry out any operation to Reader_h_au tables of data.
(2) background data base calculatesAnd by ID in Tag_c_autCorresponding current shared key is more It is newlyThe Hash codes of tag ID are updated toThen according to inquiring ID during the 4th step smart-tag authenticationt Source data table is judged and is calculated:If Tag_c_au tables of data, background data base is deleted should in Tag_h_au tables of data The corresponding data of label, then willIDtWithIt is added in Tag_h_au tables of data;If Tag_h_au data Table, then do not carry out any operation to Tag_h_au tables of data.
4) background data base uses the shared key with readerComputationsThen will WithIt is transmitted to reader.
5th step:Reader uses what is received with the decryption of the shared key of background data baseCalculateThen according to the S of acquisitionrWith original random number SrIt is compared, if unanimously, background data base leads to Certification is crossed, reader uses the S obtainedtUpdate shared keyThen sendTo mark Label;If less consistent, authentification failure.
After label receives data, calculateAnd and receiveIt is compared, if It is less consistent, authentification failure;If consistent, reader is legal, tag update shared keySo far recognize Card terminates.

Claims (1)

1. a kind of mobile RFID authentication method based on stochastic and dynamic shared key, wherein mobile RFID system is by back-end data Storehouse, mobile reader and label composition, it is characterised in that comprise the following steps:
First, initial phase:Back-end data lab setting four opens tables of data and is used to store label and reader and background data base In the current information table Tag_c_au of shared key and identification information, wherein label store tag ID, current shared key, Hash code of the tag ID using current key as parameter;Tag ID, label history are stored in the history information table Tag_h_au of label The Hash codes of shared key, tag ID using history shared key as parameter;Stored in reader current information table Reader_c_au Reader identity and current key;Reader identity is stored in reader history information table Reader_h_au and is gone through History key;Storage and the shared key of background data base in each label, and include an One-way Hash function and pseudo random number Maker;Reader stores and the shared key of background data base, and includes same Hash functions and pseudo-random number generator;
2nd, authentication phase:
The first step:Reader sends certification request Query to label;
Second step:Label produces random number StAnd calculate one-way Hash functionAnd pseudo random number Then willWithIt is sent to reader, wherein IDtIdentified for the ID of label,Be label with after The current shared key of platform database,Shared key after being updated for label and background data base,For reader and backstage The current shared key of database;
3rd step:Reader generation random number Sr, calculateThen willAnd Sr AndIt is sent to background data base, wherein IDrIdentified for the ID of reader;
4th step:Background data base is respectively authenticated reader and label;
1) reader authentication:The S that background data base traversal Reader_c_au tables of data and basis receiverCalculate eachThen and receiveIt is compared, if existing unanimously, reader passes through certification;If do not deposit Consistent, then travel through Reader_h_au tables of data calculate it is eachAnd and receiveCompared Compared with if existing unanimously, reader passes through certification;Unanimous circumstances are not present if traveling through twice, reader is illegal, certification Failure;
2) smart-tag authentication:In reader authentication in the case of, background data base according toInquire about Tag_c_au data Table:(1) if Tag_c_au tables inquire as a result, if take outThen and receiveXOR operation is carried out, can be obtainedThen carry outComputing, and and receiveIt is compared, if unanimously, label By certification, if inconsistent, label is illegal, and certification terminates;(2) if Tag_c_au tables of data inquiry less than as a result, if time Go through Tag_h_au tables of data to be inquired about, if inquired as a result, taking outThen carry outWithComputing, and and receiveIt is compared, if unanimously, label is by certification, if inconsistent, Label is illegal, and certification terminates;If 3) inquired about less than as a result, care label is illegal in Tag_c_au tables and Tag_c_au tables, recognize Card failure;
3) in the case where reader and label are by certification:
(1) background data base calculatesAnd by ID in Reader_c_aurCorresponding current shared key renewal ForBackground data base is judged according to the derived data table that comparison of coherence is carried out during the 4th step reader authentication And operation:If Reader_c_au tables of data, then background data base deletes the reader pair in Reader_h_au tables of data The data answered, then willAnd IDrIt is added in Reader_h_au tables of data;If Reader_h_au tables of data, then not Any operation is carried out to Reader_h_au tables of data;
(2) background data base calculatesAnd by ID in Tag_c_autCorresponding current shared key is updated toThe Hash codes of tag ID are updated toThen according to inquiring ID during the 4th step smart-tag authenticationtSource number Judged according to table and calculated:If Tag_c_au tables of data, background data base deletes the label in Tag_h_au tables of data Corresponding data, then willIDtWithIt is added in Tag_h_au tables of data;If Tag_h_au tables of data, then Any operation is not carried out to Tag_h_au tables of data;
4) background data base uses the shared key with readerComputations symmetric encipherment algorithmThen willWithIt is transmitted to reader;
5th step:Reader uses what is received with the decryption of the shared key of background data baseCalculateThen according to the S of acquisitionrWith original random number SrIt is compared, if unanimously, background data base leads to Certification is crossed, reader uses the S obtainedtUpdate shared keyThen sendTo mark Label;If less consistent, authentification failure;
6th step:After label receives data, calculateAnd and receiveIt is compared, If less consistent, authentification failure;If consistent, reader is legal, tag update shared key
CN201510222060.2A 2015-05-04 2015-05-04 A kind of mobile RFID mutual authentication method based on Dynamic-shared key Expired - Fee Related CN104883681B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510222060.2A CN104883681B (en) 2015-05-04 2015-05-04 A kind of mobile RFID mutual authentication method based on Dynamic-shared key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510222060.2A CN104883681B (en) 2015-05-04 2015-05-04 A kind of mobile RFID mutual authentication method based on Dynamic-shared key

Publications (2)

Publication Number Publication Date
CN104883681A CN104883681A (en) 2015-09-02
CN104883681B true CN104883681B (en) 2018-05-01

Family

ID=53950981

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510222060.2A Expired - Fee Related CN104883681B (en) 2015-05-04 2015-05-04 A kind of mobile RFID mutual authentication method based on Dynamic-shared key

Country Status (1)

Country Link
CN (1) CN104883681B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105138937B (en) * 2015-09-24 2018-02-13 北京芯联创展电子技术有限公司 A kind of method and device of RF identifying safety demonstration
LU93024B1 (en) * 2016-04-11 2017-11-08 Phoenix Contact Gmbh & Co Kg Intellectual Property Licenses & Standards Method and arrangement for establishing secure communication between a first network device (initiator) and a second network device (responder)
CN106446663B (en) * 2016-08-30 2019-07-16 德阳市闪通思动科技有限责任公司 A kind of label reader and database three-dimensional Verification System and method
CN106712962B (en) * 2016-12-23 2019-12-24 西安电子科技大学 Bidirectional authentication method and system for mobile RFID system
CN107147498B (en) * 2017-05-15 2020-06-02 吉林大学 Authentication method and encryption method for transmitting information in RFID authentication process
CN107480564B (en) * 2017-07-11 2020-07-17 天津大学 Improved RFID group authentication method
CN107403211B (en) * 2017-08-03 2020-12-15 广东工业大学 Method and system for mobile RFID authentication
CN108259485A (en) * 2018-01-09 2018-07-06 殷周平 Security protocol verification method based on mobile RFID system
CN110190965B (en) * 2019-05-17 2021-10-26 西安电子科技大学 RFID group label authentication protocol based on hash function

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100045442A1 (en) * 2008-08-22 2010-02-25 Hong Kong R&D Centre for Logistics and Supply Chain Management Enabling Technologies Limited RFID Privacy-Preserving Authentication System and Method
CN103177273A (en) * 2013-02-08 2013-06-26 西北工业大学 Low-cost tag based mobile radio frequency identification authentication method
CN103795543A (en) * 2014-02-12 2014-05-14 中国石油大学(华东) Bidirectional security authentication method for RFIP system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100045442A1 (en) * 2008-08-22 2010-02-25 Hong Kong R&D Centre for Logistics and Supply Chain Management Enabling Technologies Limited RFID Privacy-Preserving Authentication System and Method
CN103177273A (en) * 2013-02-08 2013-06-26 西北工业大学 Low-cost tag based mobile radio frequency identification authentication method
CN103795543A (en) * 2014-02-12 2014-05-14 中国石油大学(华东) Bidirectional security authentication method for RFIP system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
大规模RFID系统中一种能量有效的丢失标签快速检测算法;张士庚等;《计算机学报》;20140228;第37卷(第2期);全文 *

Also Published As

Publication number Publication date
CN104883681A (en) 2015-09-02

Similar Documents

Publication Publication Date Title
CN104883681B (en) A kind of mobile RFID mutual authentication method based on Dynamic-shared key
CN104184733B (en) A kind of RFID lightweight mutual authentication methods encoded based on CRC
CN105450673B (en) Security protocol verification method based on mobile RFID system
Lee et al. A lightweight authentication protocol for internet of things
CN100559393C (en) RFID label and reader thereof, reading system and safety certifying method
CN107959686B (en) A kind of Internet of Things security certification system and authentication method
CN106209768B (en) A kind of expansible RFID mutual authentication method
CN103413109B (en) A kind of mutual authentication method of radio frequency identification system
CN103391199B (en) RFID (radio frequency identification device) authentication method and system based on PUFs (physical unclonable functions)
CN106712962A (en) Mobile RFID system bidirectional authentication method and system
CN103020671A (en) Radio frequency identification bidirectional authentication method based on hash function
CN104115442B (en) RFID bidirectional authentication method based on asymmetric secret key and Hash function
CN101986641A (en) Trusted computing platform chip applicable to mobile communication equipment and authentication method thereof
CN103888938A (en) PKI private key protection method of dynamically generated key based on parameters
CN110190965A (en) A kind of RFID cluster label authentication protocol based on hash function
Chen et al. The design of RFID access control protocol using the strategy of indefinite-index and challenge-response
CN101895881A (en) Method for realizing GBA secret key and pluggable equipment of terminal
Lee et al. Mutual authentication protocol for enhanced RFID security and anti-counterfeiting
CN104333539A (en) RFID security authentication method based on Chebyshev mapping
CN103218633A (en) Radio frequency identification (RFID) safety authentication method
CN103152181B (en) A kind of RFID data encryption method
CN107423647A (en) A kind of RFID Entrusted authentication methods towards smart home
CN104700125A (en) AES encryption and verification of ultra high frequency radio identification system
Xiao et al. Security Protocol for RFID System Conforming to EPC-C1G2 Standard.
CN110392030A (en) A kind of authentication based on biological characteristic, method for processing business and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20180501

Termination date: 20210504