CN108092774B - RFID system bidirectional security authentication method based on elliptic curve password - Google Patents
RFID system bidirectional security authentication method based on elliptic curve password Download PDFInfo
- Publication number
- CN108092774B CN108092774B CN201810001510.9A CN201810001510A CN108092774B CN 108092774 B CN108092774 B CN 108092774B CN 201810001510 A CN201810001510 A CN 201810001510A CN 108092774 B CN108092774 B CN 108092774B
- Authority
- CN
- China
- Prior art keywords
- reader
- writer
- tag
- authentication
- label
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 230000002457 bidirectional effect Effects 0.000 title claims abstract description 7
- 238000004364 calculation method Methods 0.000 claims abstract description 20
- 238000012795 verification Methods 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 2
- 238000004422 calculation algorithm Methods 0.000 abstract description 5
- 230000002452 interceptive effect Effects 0.000 abstract description 3
- 238000004891 communication Methods 0.000 description 21
- 230000008569 process Effects 0.000 description 10
- 230000006870 function Effects 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 7
- 230000001965 increasing effect Effects 0.000 description 7
- 238000004458 analytical method Methods 0.000 description 4
- 238000004088 simulation Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000000053 physical method Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- PCLIRWBVOVZTOK-UHFFFAOYSA-M 2-(1-methylpyrrolidin-1-ium-1-yl)ethyl 2-hydroxy-2,2-diphenylacetate;iodide Chemical compound [I-].C=1C=CC=CC=1C(O)(C=1C=CC=CC=1)C(=O)OCC[N+]1(C)CCCC1 PCLIRWBVOVZTOK-UHFFFAOYSA-M 0.000 description 1
- 102100040837 Galactoside alpha-(1,2)-fucosyltransferase 2 Human genes 0.000 description 1
- 101000893710 Homo sapiens Galactoside alpha-(1,2)-fucosyltransferase 2 Proteins 0.000 description 1
- 101000882403 Staphylococcus aureus Enterotoxin type C-2 Proteins 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000010835 comparative analysis Methods 0.000 description 1
- 238000007728 cost analysis Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000001939 inductive effect Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000004576 sand Substances 0.000 description 1
- 238000013068 supply chain management Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
- G06K17/0022—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisions for transferring data to distant stations, e.g. from a sensing device
- G06K17/0029—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisions for transferring data to distant stations, e.g. from a sensing device the arrangement being specially adapted for wireless interrogation of grouped or bundled articles tagged with wireless record carriers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Analysis (AREA)
- Storage Device Security (AREA)
Abstract
The method utilizes the characteristics of short elliptic curve password (ECC) key, high safety and small storage space, and explains the interactive feasibility of the method by examples and related elliptic curve security parameters. The method provided by the invention can resist various common attacks such as counterfeit attack, retransmission attack and the like, can provide forward security and bidirectional authentication, has obvious advantages in the aspects of saving storage and reducing calculation cost, the required elliptic curve point multiplication and point addition operation times are respectively 3 times, the calculation cost of the label can be respectively reduced by 0.59-60% by the algorithm, and meanwhile, the execution efficiency of the RFID system is improved by 40.2-70%. The invention can effectively solve the safety problem of the current RFID system and is applicable to key fields of military affair management, confidential file confidentiality and the like.
Description
Technical Field
The invention belongs to the technical field of radio frequency identification, and relates to a security protocol authentication scheme of a reader-writer and a label in an RFID system, in particular to an RFID communication method established by an RFID system security authentication protocol based on an elliptic curve password, which is applicable to key fields of military affair management, secret-related file confidentiality and the like.
Background
Radio Frequency Identification (RFID) technology is a non-contact automatic Identification technology implemented by spatial coupling using Radio Frequency signals. The RFID technology has the characteristics of quick reading and writing, non-visual identification, multi-target identification, unique identification of objects and the like, is used as a core support technology applied to the Internet of things, and is widely applied to various fields of supply chain management, logistics management, medical health, asset tracking, anti-counterfeiting identification, public safety management and the like. However, with the rapid development of RFID technology and the deep convergence in many fields, the security and privacy issues of RFID systems are increasingly prominent. The current methods for ensuring the security of the RFID system mainly include a security mechanism based on a physical method and a security authentication mechanism based on a cryptographic technology. Physical methods include mainly Kill tags, electrostatic shielding, active interference and blocking methods. Although the methods are direct in operation, the methods only provide simple information protection, and have security limitations, so that research on the RFID security protocol based on the cryptographic technology becomes a hotspot. At present, many scholars propose an encryption algorithm and a security authentication protocol based on a Hash function, a symmetric key or an asymmetric key, but most of the scholars consider a lightweight or medium-level protocol for reducing the cost of an RFID system, and security risks still exist in the RFID system. In special and critical fields such as military, business, financial and public security, the security requirement of the RFID system is higher than the cost, so a higher security cryptographic protocol needs to be designed to ensure the security and privacy of the RFID system.
Miller (Miller V S.Use of organic currencies in Cryptography [ J ]. lecture nodes in computer science,1985,218(1): 417-. As hardware cost decreases, the computation and storage capabilities of the tag are greatly improved, and ECC can achieve lightweight features. Compared with other public key algorithms based on discrete logarithm (such as RSA and ElGamal), the elliptic curve cryptography has higher security strength, shorter key, smaller required storage space and higher calculation speed, and can provide more reliable security. Many researchers at home and abroad apply an elliptic curve cryptosystem to an RFID authentication protocol so as to solve the safety problem existing in other protocols at present.
Disclosure of Invention
The invention provides a novel RFID system bidirectional authentication method based on elliptic curve cryptography, which aims to solve the safety privacy problem in the mutual authentication process of a reader-writer and a label in an RFID system, and utilizes the characteristics of short Elliptic Curve Cryptography (ECC) key, high safety and small storage space under the conditions of meeting the safety performance of the RFID system, saving storage space and reducing calculation cost.
The invention carries out formal analysis and proof on the safety of the new protocol through BAN logic, and compares the safety with other RFID system safety authentication protocols based on ECC, thereby showing that the invention has higher safety performance and execution efficiency.
The invention is realized by the following technical scheme.
An RFID system safety certification method based on elliptic curve cipher is used for safety certification when communication is carried out between a reader-writer and a label in an RFID system, the RFID system comprises the reader-writer, the label and a back-end database, and is characterized in that:
(1) description of the operating conditions: assuming that the communication channel between the Tag and the Reader is not secure, the communication channel between the Reader and the backend Database is secure and considered as a whole.
(2) Initializing the RFID system: the RFID system will generate a finite field FqThe above elliptic curve system parameter < q, a, b, G, n, h >. The reader selects a random number RS∈ZqAs its private key, and then generates its public key RP=RSG ("·" is an elliptic curve point multiplication operator). Distributing unique ID for each label in back end database of system, storing public and private key pair of reader-writer, and storing ID and public key R of reader-writer in labelP。
TABLE 1 storage parameters in RFID systems
| Backend database | RP,RS,ID |
| Read-write machine | RP,RS |
| Label (R) | RP,ID,G |
(3) The mutual authentication process of the protocol is mainly divided into an authentication process of the reader/writer for the tag and an authentication process of the tag for the reader/writer, as shown in fig. 1.
Table 2 description of the related symbols of the protocol
The specific authentication steps of the invention are as follows:
(S1): and initializing the RFID system. RFID System Generation Limited Domain FqThe above elliptic curve system parameter < q, a, b, G, n, h >. Wherein q is a large prime number, G is the base point of the elliptic curve, n is the order of the elliptic curve, h is a cofactor, a, b are both in the finite field gf (p), and p is also a large prime number.
The reader selects a random number RSAs its private key, and then generates its public key RP=RSG ("·" is an elliptic curve point multiplication operator). Assigning a unique ID to each tag in a back-end database of the system, and storing a public and private key pair (R) of the reader/writerS,RP) The ID of the label and the public key R of the reader-writer also need to be stored inside the labelP。
(S2) reader/writer → tag. First, the reader is in the ellipse group Fq(a, b) randomly selecting a point RRThen R is addedRAnd sending a Query command Query to the tag as an authentication request.
(S3) tag → reader/writer. When the tag receives the authentication request of the reader-writer, the tag generates a random number rTAnd calculate the point RT=rTG, according to the public key R of the reader/writerPTag calculation Key KT=rT·RP=(xt,yt),(xt,yt) As coordinates of the elliptic curve, and then calculates the encrypted message C of the RFID tag ID value as ID · xt+ytAnd will { RTAnd C, sending the information to the reader-writer as a response message.
(S4) reader/writer → back end database. When the reader-writer receives the message, { R }T,C,RRIt is sent to the back-end database. The back-end database carries out validity authentication on the label according to the received message:
according to the private key R of the reader-writerSCalculating a secret key KR=RS·RT=RS·rT·G=rT·RP=KT=(xt,yt) Then by xtAnd ytThe encrypted message C can be decrypted to obtain the unique identification code ID of the label xt -1(C-yt) Then, searching the ID index table in the back-end database, checking whether the ID 'satisfies ID' in the back-end database is ID, if not, the label is illegal, and terminating the authentication. Otherwise, the tag passes authentication.
(S5) back-end database → reader/writer. When the label authentication is successful, the point of use RRAnd RTX coordinate x ofRAnd xTThe label ID code ID' stored in the back-end database calculates two hash values M1=H(xTI ID') and M2=H(xRID), then group the unary
And sending the data to a reader-writer.
(S6) reader/writer → tag. After the reader-writer receives the message, it will
Forwarding to the tag; the label is based on the unique identification code ID and the point RRX coordinate x ofRComputing
Can obtain M1Then binding the point RTX coordinate x ofTCan obtain M1′=H(xTID) and verifies M1=M1Whether or not' is true. If not, the authentication of the reader-writer fails, and the reader-writer is judged to be illegal. Otherwise, the reader passes the verification of the label, and the reader is successfully authenticated.
The invention relates to an RFID system security authentication protocol based on elliptic curve passwords, which is characterized in that:
(1) and (4) bidirectional authentication. In the protocol, the reader-writer calculates KR=RS·RT=(xt,yt) Thereby calculating ID ═ xt -1(C-yt) The tag is authenticated by searching the ID index table in the backend database for the ID 'satisfy ID'. If there is no tag identification ID and random value rTThe attacker is unable to produce legitimate messages { RTC }, wherein R }, in whichT=rT·G,C=ID·xt+yt. Also if there is no random value rDOr the tag identification ID, an attacker can not forge legal unary group information
To verify the legitimacy of the reader/writer. Therefore, the protocol can provide mutual authentication between the tag and the reader-writer, and the safety of communication information transmission between the terminals of the RFID system is ensured.
(2) And (4) confidentiality. In the authentication process, the mutual information of reader-writer and label { RTC } and
transmitting the ID over a wireless channel, wherein the ID is transmitted by C ═ ID · xt+ytAnd
encryption is performed. If the attacker wants to obtain the label bodyIdentity ID, i.e. mutual information is known
And the public key R of the reader-writerPIf there is no random number rTThe attacker also cannot obtain the tag identity ID. To obtain a random number rTIt is necessary to solve the discrete logarithm problem on elliptic curves and the randomness of the Hash function output, which are not computationally possible today, to ensure that the protocol provides confidentiality of the tag identification.
(3) Anonymity. As can be seen from the confidentiality of the protocol, an attacker cannot intercept the identification ID of the tag from the interaction information. In addition, information is exchanged in each new session
The method is fresh, and the reader-writer and the label generate new random numbers, so that an attacker cannot carry out tracking attack on the label. Suppose that an attacker masquerades a reader-writer to send authentication request information R 'to a tag'RAnd Query command Query, if there is no private key R of reader-writerSThe attacker also cannot reply message { R'TAnd C' obtains the ID of the label. Thus, the protocol may provide anonymity of the tag.
(4) Forward security. In the protocol, an attacker is assumed to obtain the ID of the tag and can intercept the interaction information { R between the reader and the tagR,Query}、{RTC } and
but it is not possible for an attacker to obtain the random number r generated by the tag and the reader in a previous authentication messageTThus, it is not possible to determine whether these transmitted messages belong to a particular tag, and the previously authenticated messages are not deduced, so that the protocol can provide forward security.
(5) And the tracking attack is resisted. According to the confidentiality of the protocol, an attacker cannot obtain the tag identity ID, and all random numbers are fresh in each session, so that interactive messages between the reader-writer and the tag are fresh, unpredictable changes are provided in each session, and the attacker cannot confirm whether the messages are transmitted between the reader-writer and the tag or not, so that the attacker is difficult to track and maliciously attack the tag.
(6) A denial of service attack. In the protocol designed by the invention, the identity identification of the tag is effectively protected, and the reader-writer and the tag do not need to update the private key, so the protocol does not have the problem of synchronously updating the private information shared between the tag and the reader-writer for providing privacy protection, namely, the protocol does not have the synchronization problem. Therefore, the protocol can resist denial of service attacks.
(7) And the method is resistant to retransmission attacks. The attacker intercepts the previous interaction information by illegal means and sends out the authentication information continuously and repeatedly so as to pass the authentication of the reader-writer or the label. Suppose an attacker intercepts the mutual information RRQuery } and
to carry out retransmission attack on the label, because the label generates a new random number r in each sessionTThe tag can pass verification M1=M1' to discover if it is under attack. Similarly, if the attacker is through interception of mutual information RTC to attack the reader for retransmission, because the reader will be in the ellipse group F in each sessionq(a, b) randomly selecting a point RRAnd find out whether to be attacked by searching the backend database whether there is ID' satisfies ID ═ ID. Therefore, the protocol can resist retransmission attack.
(8) And the method is resistant to counterfeit attacks. In the authentication process of the protocol, an attacker disguises the tag or the reader-writer as a legal tag or reader-writer by an illegal means so as to cheat the trust of the reader-writer or the tag, thereby achieving the illegal aim. An attacker intercepts an authentication request (R) sent by a reader-writerRQuery, if the attacker wants to impersonate a legitimate tag to pass the authentication of the reader/writer, a legitimate authentication message { R } needs to be forgedT,C},Wherein R isT=rT·G,C=ID·xt+yt. But without a legal tag identity ID, the attacker cannot generate a valid authentication message C. Similarly, if the attacker wants to impersonate a legitimate reader-writer to pass the authentication of the tag, and if there is no legitimate tag identification ID, the attacker cannot generate a valid authentication message
Therefore, the protocol designed by the invention can resist counterfeit attacks.
Table 3 summarizes the comparison of the security of the protocols described above.
TABLE 3 protocol Security comparison
The invention provides an RFID system security authentication protocol based on elliptic curve cryptography, which has the beneficial effects that:
(1) and (3) calculating cost analysis: the computational cost indicates the required runtime of the tag end and back end databases during protocol authentication. In the analysis process, the calculation cost of simple operation protocols such as exclusive or operation, and operation, link operation or random number generation operation and the like related to the protocol is not considered. The Subsequent Hash function operation (using T)HRepresentation), addition of elliptic curve points (by T)EARepresentation) and scalar multiplication (by T)EMRepresentation) etc. are listed in the group [ group J S. an effective structural automation RFID scheme based on an inductive cryptography [ J].Journal of Supercomputing,2014,70(1):75-94]、Liao[Liao Y P,Hsiao C M.A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol[J].Ad Hoc Networks,2014,18(7):133-146.]、He[He D,Kumar N,Chilamkurti N,et al.Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol.[J].Journal of Medical Systems,2014,38(10):116]、Jin[Jin C,Xu C,Zhang X,et al.A secure RFID mutual authentication protocol for healthcare environments using elliptic curve cryptography[J].Journal of Medical Systems,2015,39(3):24]、Alamr[Alamr AA,Kausar F,Kim J,et al.A secure ECC-based RFID mutual authentication protocol for internet of things[J].Journal of Supercomputing,2016:1-14.]The comparison result of the operation times of the ECC-based RFID security authentication protocol and the protocol designed by the present invention is shown in table 4.
TABLE 4 Hash, elliptic multiplication and dot-and-add operation times comparison in similar protocols
To make the results of the comparison more apparent, the Lee [ Lee C I, Chien H Y. an electrophoretic capacitive based RFID authentication E-health system [ J ]].International Journal of Distributed Sensor Networks,2015,2015(5):1-7]And G Lo Pi dor [ G Lo Dor G, Giczi N, Impe S.Elliptic current based technical authentication protocol for low computational capacity RFID systems-performance analysis by mechanisms [ C]//2010IEEE International Conference on Wireless Communications,Networking and Information security.2010:650-657]In the report, it is reported that 1 point scalar multiplication is equivalent to 241 point addition or 507 Hash function operations, i.e., TEM≈241TEA≈507TH. The 1-time dot addition operation is equivalent to the 2-time Hash function operation, i.e. TEA≈2TH. Then:
the computation cost of the label in the Chou protocol is 2TH+2TEM+3TEA≈1022TH;
The calculation cost of the label in Liao and He protocols is the same and is 5TEM+2TEA≈2539TH;
The computation cost of the label in the Jin protocol is 2TH+4TEM+TEA≈2032TH;
The computation cost of the tag in the Alamr protocol is 4TEM+TEA≈2030TH;
The calculation cost of the protocol label designed by the invention is 2TH+2TM≈1016TH。
Similarly, the calculation cost of the back-end database and the whole RFID system can be obtained, and the comparison result is shown in table 5.
TABLE 5 protocol computation cost comparison
| Tag | Database | Total | |
| Chou | 1022TH | 1527TH | 2549TH |
| Liao | 2539TH | 2539TH | 5078TH |
| He | 2539TH | 2539TH | 5078TH |
| Jin | 2032TH | 2032TH | 4046TH |
| Alamr | 2030TH | 2537TH | 4567TH |
| The protocol | 1016TH | 509TH | 1525TH |
From the results of comparison in table 5, it can be seen that the tag computation cost required by the protocol is less, and is reduced by 0.59% to 60% compared with the protocols designed by other documents, and the execution efficiency is better. In addition, the calculation of the protocol not only reduces the calculation cost of the label, but also reduces the calculation cost of the back-end database by 66.7-80% compared with other documents, reduces the overall calculation cost of the RFID system, and improves the overall execution efficiency of the RFID system by 40.2-70%.
G Lo dor uses OMNeT + + software simulation to obtain a run time of 0.064s for 160-bit elliptic curve scalar multiplication and 0.00012623s for 256-bit Hash function in 5MHz label. As shown in fig. 2 and fig. 3, the calculation cost of the protocol tag compared with the calculation cost of other protocol tags is obviously superior according to the conclusion of G chi dor, and when the number of tags is increased from 0 to 1000, the calculation cost of the RFID system also shows a linear increasing state along with the increase of the number of tags, but the calculation cost of the protocol of the present invention is obviously lower compared with other literature protocols.
(2) And (3) storage demand analysis: the storage requirement indicates the space required by the tag end and the back end database in the protocol authentication process. Assuming we use an elliptic curve that is 160bits long, the elliptic curve point length is 320 bits. The protocol label has elliptic curve system parameters < q, a, b, G, n, h > and reader public key RPAnd the unique identification code ID of the label, so the storage capacity required by the label is 1280 bits. The back end database stores elliptic curve system parameters < q, a, b, G, n, h > and reader-writer public and private key pair RPAnd RSAnd the unique identification code ID of each label, so that the storage capacity required by the back-end database is (1440+160w) bits, and w represents the number of the labels in the system. Table 6 shows the comparison of the present protocol with the storage requirements of each protocol.
TABLE 6 protocol storage requirement comparison
| Chou | Liao | He | Jin | Alamr | The protocol | |
| Back end (bits) | 800+320w | 1440+480w | 1440+320w | 1440+160w | 1760 | 1440+160w |
| Label (bits) | 1600 | 1760 | 1600 | 1920 | 1760 | 1280 |
| Total (bits) | 3040+480w | 3200+480w | 3040+320w | 3360+160w | 3520 | 2720+160w |
In order to make the comparison result more intuitive, MATLAB software is adopted for simulation, and the simulation result is shown in fig. 4 and 5. The storage capacity requirements of the tags of the protocol are obviously less than those of other protocols, and when the number of the tags is increased from 0 to 1000, the storage capacity requirements of the system in the protocol are continuously increased along with the increase of the number of the tags, but the storage capacity requirements of the system are obviously less than those of Chou, Liao and He protocols, and are reduced by 640bits compared with those of Jin protocol. The Alamr protocol stores sensitive data information in a corresponding tag memory, does not need to rely on a back-end database when performing bidirectional authentication of the tag and the identity of a reader-writer, and has the same system memory requirement with the increase of the number of tags, but has larger tag memory requirement, thereby increasing the cost of the tags.
(3) Analyzing communication overhead: the communication overhead indicates the length of a message transmitted between the tag end and the reader/writer when the authentication protocol is executed. The length of the output of the Hash function is assumed to be 160bits, and the length of the operation output of the elliptic curve point is assumed to be 320 bits. In the protocol, the message sent by the reader-writer to the tag is { RRAnd
wherein R isRIs a randomly selected point on the elliptic curve,
the communication overhead required by the reader is 320+ 160-480 bits. The message sent by the tag to the reader is { RTC }, wherein R }, in whichT=rT·G,C=ID·xt+yt. The communication overhead required by the tag is 320+ 160-480 bits. Table 7 shows the comparison result between the present protocol and the communication overhead of each protocol.
In order to make the comparison result more intuitive, MATLAB software is adopted for simulation, and the simulation result is shown in fig. 6 and 7. The communication overhead of the protocol is less than 320bits of the tag communication overhead of the Chou protocol, and less than 160bits of the tag communication overhead of the Liao, He, Jin and Alamr protocols, and the communication overhead of the protocol system is obviously less than that of the system in other documents. When the number of the tags is increased from 0 to 1000, the communication overhead of the system in the protocol is continuously increased along with the increase of the number of the tags, but the communication overhead of the system in the protocol is obviously lower than that of other literature systems.
TABLE 7 protocol communication overhead comparison
| Chou | Liao | He | Jin | Alamr | The protocol | |
| Read-write machine (bits) | 480 | 640 | 640 | 480 | 960 | 480 |
| Label (bits) | 800 | 640 | 640 | 640 | 640 | 480 |
| Total (bits) | 1280 | 1280 | 1280 | 1120 | 1600 | 960 |
By combining the comparative analysis, compared with other RFID authentication protocols based on ECC, the protocol provided by the invention has obvious advantages in the aspects of calculation cost, storage requirement, communication overhead and the like, so that the characteristics of strong safety, low cost and high execution efficiency of an RFID system are met.
Drawings
Fig. 1 is a flowchart of a security authentication protocol of an RFID system according to the present invention.
FIG. 2 is a graph comparing tag computation overhead for the protocol of the present invention with other protocols.
FIG. 3 is a graph comparing the computational overhead of an RFID system using the protocol of the present invention with other protocols.
FIG. 4 is a graph comparing tag storage capacity of the protocol of the present invention with other protocols.
FIG. 5 is a graph comparing the storage capacity of RFID systems according to the protocol of the present invention with other protocols.
Fig. 6 is a graph comparing tag communication overhead of the protocol of the present invention with other protocols.
FIG. 7 is a graph comparing tag communication overhead for the protocol of the present invention with other protocols.
Detailed Description
The protocol of the invention is mainly divided into two parts of system initialization and mutual authentication, and the specific interactive process is as follows:
we adopt the cryptographic hash function given by SM3 cryptographic hash algorithm, whose input is length less than 264The message bit string of (2) outputs a hash value of length 256 bits. And the SECP112R2 recommended by SEC2 is adopted as the safety curve parameter of the elliptic curve public key algorithm, and an elliptic curve y with 112 bits of prime number domain is used2=x3+ ax + b. It is composed ofThe safety parameters of the elliptic curve password are less than q, a, b, G, n and h, and are shown in the following table:
TABLE 8 elliptic curve cipher security parameters
q=4451685225093714772084598273548427
a=1970543761890640310119143205433388
b=1660538572255285715897238774208265
G=(Gx,Gy)=(1534098225527667214992304222
930499,3525120595527770847583704454622871)
n=1112921306273428674967732714786891
h=4
The authentication process of the protocol is illustrated by the relevant elliptic curve parameters given in table 9, wherein the message of the tag unique identification ID is "identification", and the coded hexadecimal notation by ASCII is 6964656E74696669636174696F6E, i.e. decimal notation is ID (identification) 2137607216152422741414319187652462. For ease of calculation, all parameters in the table are in decimal notation.
Table 9 protocol authentication example
Claims (1)
1. An RFID system bidirectional security authentication method based on elliptic curve passwords is characterized by comprising the following steps:
(S1) RFID system initialization: RFID System Generation Limited Domain FqThe above elliptic curve system parameter < q, a, b, G, n, h >; wherein q is a large prime number, G is a base point of the elliptic curve, n is an order of the elliptic curve, h is a cofactor, a, b are both in a finite field gf (p), and p is a large prime number;
the reader selects a random number RSAs its private key, and then generates its public key RP=RSG; assigning a unique ID to each tag in a back-end database of the system, and storing a public and private key pair (R) of the reader/writerS,RP) The label also stores its ID and public key R of reader-writerP;
(S2) reader/writer → tag: first, the reader is in the ellipse group Fq(a, b) randomly selecting a point RRThen R is addedRAnd sending a Query command to the tag as an authentication request;
(S3) tag → reader/writer: when the tag receives the authentication request of the reader-writer, the tag generates a random number rTAnd calculate the point RT=rTG, according to the public key R of the reader/writerPTag calculation Key KT=rT·RP=(xt,yt),(xt,yt) As coordinates of the elliptic curve, and then calculates the encrypted message C of the RFID tag ID value as ID · xt+ytAnd will { RTC, sending the information to the reader-writer as a response message;
(S4) reader/writer → Back end database: when the reader-writer receives the message, { R }T,C,RRSending the data to a back-end database; the back-end database carries out validity authentication on the label according to the received message:
according to the private key R of the reader-writerSCalculating a secret key KR=RS·RT=RS·rT·G=rT·RP=KT=(xt,yt) Then by xtAnd ytThe encrypted message C can be decrypted to obtain the unique identification code ID of the label xt -1(C-yt) Then, searching an ID index table in the back-end database, checking whether an ID 'meets the ID' in the back-end database is equal to the ID, if not, the label is illegal, and terminating the authentication; otherwise, the label passes the authentication;
(S5) back-end database → reader: when the label authentication is successful, the point of use RRAnd RTX coordinate x ofRAnd xTObject stored in back-end databaseCalculating two hash values M1=H(xTI ID') and M2=H(xRID), then group the unary
Sending the data to a reader-writer;
(S6) reader/writer → tag: after the reader-writer receives the message, it will
Forwarding to the tag; the label is based on the unique identification code ID and the point RRX coordinate x ofRComputing
Can obtain M1Then binding the point RTX coordinate x ofTCan obtain M'1=H(xTID) and verifies M1=M′1Whether the result is true or not; if the authentication is not successful, the authentication of the reader-writer fails, and the reader-writer is judged to be illegal; otherwise, the reader passes the verification of the label, and the reader is successfully authenticated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810001510.9A CN108092774B (en) | 2018-01-02 | 2018-01-02 | RFID system bidirectional security authentication method based on elliptic curve password |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810001510.9A CN108092774B (en) | 2018-01-02 | 2018-01-02 | RFID system bidirectional security authentication method based on elliptic curve password |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108092774A CN108092774A (en) | 2018-05-29 |
| CN108092774B true CN108092774B (en) | 2021-04-02 |
Family
ID=62181548
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810001510.9A Active CN108092774B (en) | 2018-01-02 | 2018-01-02 | RFID system bidirectional security authentication method based on elliptic curve password |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108092774B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109451467B (en) * | 2018-10-22 | 2021-09-24 | 江西理工大学 | Vehicle-mounted self-organizing network data secure sharing and storage system based on block chain technology |
| CN109714763B (en) * | 2018-12-18 | 2021-08-10 | 江南大学 | Radio frequency identification security authentication method and system |
| CN110245534B (en) * | 2019-06-15 | 2024-03-19 | 吴新胜 | High-security radio frequency identification method, device and system based on mutual authentication |
| CN111104991A (en) * | 2019-08-19 | 2020-05-05 | 广州南洋理工职业学院 | RFID system based on elliptic curve password and authentication method thereof |
| CN110601845B (en) * | 2019-08-28 | 2022-11-15 | 如般量子科技有限公司 | Anti-quantum computation RFID authentication method and system based on symmetric key pool and ECC |
| CN111132153B (en) * | 2019-12-19 | 2021-07-09 | 中山大学 | Endogenous safety communication method based on wireless channel characteristics |
| CN112101930B (en) * | 2020-08-27 | 2022-10-25 | 东南大学 | NFC payment system based on elliptic curve password |
| CN114978548B (en) * | 2022-05-24 | 2023-10-20 | 贵州大学 | RFID mutual authentication method and system based on SM2 and SM3 cryptographic algorithm |
| CN116523472A (en) * | 2023-06-27 | 2023-08-01 | 南方电网调峰调频发电有限公司 | Engineering progress management system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102857344A (en) * | 2012-09-13 | 2013-01-02 | 南京三宝科技股份有限公司 | RFID (radio frequency identification) safety authentication method based on elliptic curve and symmetric cryptographic technique |
| CN103020671A (en) * | 2012-11-20 | 2013-04-03 | 南京邮电大学 | Radio frequency identification bidirectional authentication method based on hash function |
| CN103413109A (en) * | 2013-08-13 | 2013-11-27 | 江西理工大学 | Bidirectional authentication method of radio frequency identification system |
| CN104363097A (en) * | 2014-11-14 | 2015-02-18 | 电子科技大学 | Mutual authentication method for lightweight-class RFID on elliptic curve |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20160058290A (en) * | 2014-11-14 | 2016-05-25 | 고려대학교 산학협력단 | Elliptic Curve Cryptography(ECC) based unclonable RFID secure chip |
-
2018
- 2018-01-02 CN CN201810001510.9A patent/CN108092774B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102857344A (en) * | 2012-09-13 | 2013-01-02 | 南京三宝科技股份有限公司 | RFID (radio frequency identification) safety authentication method based on elliptic curve and symmetric cryptographic technique |
| CN103020671A (en) * | 2012-11-20 | 2013-04-03 | 南京邮电大学 | Radio frequency identification bidirectional authentication method based on hash function |
| CN103413109A (en) * | 2013-08-13 | 2013-11-27 | 江西理工大学 | Bidirectional authentication method of radio frequency identification system |
| CN104363097A (en) * | 2014-11-14 | 2015-02-18 | 电子科技大学 | Mutual authentication method for lightweight-class RFID on elliptic curve |
Non-Patent Citations (2)
| Title |
|---|
| Li Feng;Xuanxia Yao.RFID System Mutual Authentication Protocols Based on ECC.《2015 IEEE 12th Intl Conf on Ubiquitous Intelligence and Computing and 2015 IEEE 12th Intl Conf on Autonomic and Trusted Computing and 2015 IEEE 15th Intl Conf on Scalable Computing and Communications and Its Associated Workshops (UIC-ATC-ScalCom)》.2016, * |
| 基于ECC的RFID双向认证协议;胡威;《中国优秀硕士学位论文全文数据库信息科技辑》;20170430;摘要、第3.2、4.4节、图4.7 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108092774A (en) | 2018-05-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108092774B (en) | RFID system bidirectional security authentication method based on elliptic curve password | |
| Dinarvand et al. | An efficient and secure RFID authentication protocol using elliptic curve cryptography | |
| Cho et al. | Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (RFID) tag mutual authentication protocol | |
| Gope et al. | A realistic lightweight authentication protocol preserving strong anonymity for securing RFID system | |
| Niu et al. | Privacy and authentication protocol for mobile RFID systems | |
| CN106209768B (en) | A kind of expansible RFID mutual authentication method | |
| Zhou et al. | A lightweight anti-desynchronization RFID authentication protocol | |
| CN104333539B (en) | A kind of RFID safety authentication based on Chebyshev map | |
| Chen et al. | An ownership transfer scheme using mobile RFIDs | |
| CN106792686B (en) | RFID bidirectional authentication method | |
| WO2014201585A1 (en) | Rfid bidirectional authentication method based on asymmetric key and hash function | |
| Liu et al. | A Lightweight RFID Authentication Protocol based on Elliptic Curve Cryptography. | |
| Ali et al. | RFID authentication scheme based on hyperelliptic curve signcryption | |
| Xie et al. | A Wireless Key Generation Algorithm for RFID System Based on Bit Operation. | |
| Kaur et al. | Lightweight authentication protocol for RFID-enabled systems based on ECC | |
| Shariq et al. | ESRAS: An efficient and secure ultra-lightweight RFID authentication scheme for low-cost tags | |
| Nikooghadam et al. | HAKECC: Highly efficient authentication and key agreement scheme based on ECDH for RFID in IOT environment | |
| CN111104991A (en) | RFID system based on elliptic curve password and authentication method thereof | |
| Taqieddin et al. | Tag ownership transfer in radio frequency identification systems: A survey of existing protocols and open challenges | |
| Gope et al. | QR-PUF: Design and implementation of a RFID-based secure inpatient management system using XOR-arbiter-PUF and QR-code | |
| Wei et al. | Tripartite Authentication Protocol RFID/NFC Based on ECC. | |
| Yeh et al. | Improvement of two lightweight RFID authentication protocols | |
| Lei et al. | A one-way Hash based low-cost authentication protocol with forward security in RFID system | |
| Shen et al. | An Anti-counterfeit Complete RFID Tag Grouping Proof Generation Protocol. | |
| Chen et al. | A novel mutual authentication scheme for RFID conforming EPCglobal class 1 generation 2 standards |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |