CN108768967A - A kind of RFID security Middleware Model - Google Patents

A kind of RFID security Middleware Model Download PDF

Info

Publication number
CN108768967A
CN108768967A CN201810457057.2A CN201810457057A CN108768967A CN 108768967 A CN108768967 A CN 108768967A CN 201810457057 A CN201810457057 A CN 201810457057A CN 108768967 A CN108768967 A CN 108768967A
Authority
CN
China
Prior art keywords
information
module
signature
layer
middleware
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810457057.2A
Other languages
Chinese (zh)
Other versions
CN108768967B (en
Inventor
张平
赵旭辉
刘牧华
刘江辉
阴晶
栗亚敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Henan University of Science and Technology
Original Assignee
Henan University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Henan University of Science and Technology filed Critical Henan University of Science and Technology
Priority to CN201810457057.2A priority Critical patent/CN108768967B/en
Publication of CN108768967A publication Critical patent/CN108768967A/en
Application granted granted Critical
Publication of CN108768967B publication Critical patent/CN108768967B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04B5/77
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Abstract

A kind of RFID security Middleware Model, including data Layer, realization layer, service layer and application layer, the realization layer comprise the following modules:Encrypting-decrypting module is encrypted information or decrypts, to improve the safety of middleware;Intrusion detection module can detect the access with virulent information or malice;Anti-virus module, when being tested with the access for taking viruliferous information or malice, the safety of middleware can be ensured by starting the module;The realization layer also has Digital Signature module, and elliptic curve digital signature is implanted into Digital Signature module.The present invention realizes that layer carries out the division of function module to middleware, carries out authentication to ensure the authenticity of information source to the information signed by Digital Signature module, improves the safety of RFID middleware.

Description

A kind of RFID security Middleware Model
Technical field
The invention belongs to information security fields, and in particular to a kind of RFID security Middleware Model.
Background technology
With the development of e-commerce, more and more people like shopping on the web, and the world can be bought in order to be in The commodity of various regions, a big chunk person have selected Hai Tao.But in Hai Tao, how to verify the true or falses of commodity just at one very Big problem.Wireless radio-frequency (RFID, RadioFrequencyIdentification) is a kind of contactless automatic Identification technology, when the forties radar improvement and application expedited the emergence of RFID technique, the RFID technique that has been born in 1948 Theoretical foundation, early fifties are mostly in the trial of experimental stage and primary application to the late sixties RFID technique, until Just there are earliest RFID applications in the seventies.Due to the generation of RFID applications, RFID technique has progressed into business application In the stage, more abundant with the arrival RFID product categories of 21 century, electronic tag cost constantly reduces, and sizable application industry expands Greatly, it being widely applied at present in our daily life, it can be used for items scanning and be put in storage, but due to RFID systems It unites natural security breaches so that there is some security risks in transmission process for information.
One complete RFID system be by label (Tag), reader (Reader), middleware (Middleware), after Server (Back-EndSever) is held to constitute.
It is wireless channel between label and reader, connect reader and back-end server is wire channel.Label is taken It is placed on the object for needing to identify with unique RFID codings, which can utilize reader to read in label and be taken The information of band, information are ultimately stored in by the transmission of wire channel in back-end server.
Since RFID system is open application completely in design, so when it is by can inevitably bring use when attacking The problem of family privacy leakage.Label in simultaneity factor can all give back any reader with standard agreement to access It answers, although this characteristic can be used for the set object of track in range farther out or user, this also causes invader equally can be with It is accessed to label using a standard agreement, thus causes the privacy of user leakage of RFID system.Exactly because RFID system generates this unsafe factor, this provides the space of operation to attacker, is produced to the safety of system It greatly threatens, affects the promotion rate of system application.Such as traditional IC card or bar code, they record user or object The information of product will result in the leakage of information or distort if the signal of RFID system wireless channel is intercepted and captured by attacker, It causes largely to lose.
In real life application, the problem of RFID system, frequently appears in new-old system when being integrated, part system The connection of original data-link and hardware is the main reason for problem occurs.So the safety of RFID middleware itself becomes outstanding It is important.The major security risk of middleware has following three points:
(1) data are open to attack in network transmission;
(2) attacker steals the personal information of validated user by the security breaches of middleware, or distorts the information of middleware and set It is fixed;
(3) attacker steals operating right by back door and carries out unauthorized access to manipulate middleware.
Invention content
The object of the present invention is to provide a kind of RFID security Middleware Models, and function module is carried out to the realization layer of middleware Division, authentication is carried out to ensure the authenticity of information source to the information signed by Digital Signature module, is improved The safety of RFID middleware.
To achieve the goals above, the concrete scheme that the present invention uses for:A kind of RFID security Middleware Model, including number It according to layer, realizes that layer, service layer and application layer, data Layer are the modules for acquiring original tag data by reader, realizes that layer is right Collected original tag data are handled, and service layer is with the service interface of standard to serve upper layers, application layer to Enterprise application system provides data service;The realization layer comprises the following modules:Information is encrypted in encrypting-decrypting module Or decryption, to improve the safety of middleware;Intrusion detection module can detect the visit with virulent information or malice It asks;Anti-virus module, when being tested with the access for taking viruliferous information or malice, centre can be ensured by starting the module The safety of part;The realization layer also has Digital Signature module, and digital signature of elliptic curve is implanted into Digital Signature module Scheme.
The elliptic curve digital signature includes the following steps:First, one is selected to establish on finite field Fq Elliptic curve E, the rank of elliptic curve E is #E (Fq)=hn, and wherein n is a great prime number, and h is n about #E (Fq) Assist the factor;Secondly, the parameter D=(q, a, b, G, n, h) of elliptic curve is selected, wherein q is the number of element in finite field Fq, a, B ∈ Fq are elliptic curve equation y2=x3The coefficient of+ax+b, G are the basic points of elliptic curve, and the rank of basic point is n, i.e. O (G)=n; Again, k is arbitrarily chosen by information sender1,k2∈ { 1,2 ..., n-1 }, and k1≠k2, by k1,k2As private key, P is calculated1= k1G,P2=k2G, by P1,P2As public key, the information for needing to sign is represented with integer m;Then, receiving party chooses private key k3∈ { 1,2 ..., n-1 }, public key P3=k3G;
Then signature process is:
It calculates
(k1'+k2')P3=(x1,y1), r1=mH-1(x1) modn,
(k1'+k2') G=R, h (m) R=(x2,y2),
r2=x2modn;
Calculate s1=(H (m) k1'+r1k1) modn, s2=(H (m) k2'+r2k2)modn;
The signature of output is (r1,r2,s1,s2);
Wherein H (x) is hash function, H-1(x) it is inverse elements of the H (x) in domain;
The verification process of signature is:
(1) recipient downloads the public key information P of sender1, P2
(2) r is checked1,r2,s1,s2∈ { 1,2 ..., n-1 }, refuses to sign if invalid;
(3) it calculates
X=(x', y')=(s1+s2)G-r1P1-r2P2,
R'=x'modn verifies r'=r2It is whether true;
(4) k is calculated3R=(x ", y "), message recovery m'=r1H(x″)modn;
(5) if r'=r2It sets up, and message recovery m' is significant, m'=m then receives signature, otherwise refusal signature.
After the algorithm of signature determines, we will ensure that effective sign of input can be by the verification of signature, and nothing The signature of effect can be screened in verification process.
By s1=(H (m) k1'+r1k1) modn, s2=(H (m) k2'+r2k2) modn, P1=k1G, P2=k2G substitutes into X= (x', y')=(s1+s2)G-r1P1-r2P2=H (m) (k1'+k2') G,
So x'=x2, r'=r2
Because of (x ", y ")=k3R=k3(k1'+k2') G=(k1'+k2')P3=(x1,y1),
"=the x so x1, m'=r1H (x ") modn=r1H(x1) modn=m, thus demonstrate the correctness of signature.
Advantageous effect:The present invention has carried out the division of function module, wherein Digital Signature module to the realization layer of middleware Implant the verification process of elliptic curve digital signature.When the label signed is close to reader, reader can pass through Signing messages entrained by wireless channel scanning to label.At this time if attacker is obtained by wireless channel entrained by label Signing messages (r1,r2,s1,s2), it must just learn the private key of label to forge a signature, and private key is secrecy, even if attacking The person of hitting obtains private key k1,k2It also can not be by calculating k3Origination message is obtained, so the signature has forward security.Simultaneously The signature also has anti-forgery attack, and the signature that attacker forges is in verification process m'=r1It can not be obtained in H (x ") modn To effective m', cannot smoothly be exported so this forges a signature.In the application, we provide different to different certified products businessmans Private key, original merchandise news is signed, manufacture when be added in the label of commodity, when consumer buys commodity The true or false that can judge commodity by the signed codevector of RFID reader items scanning afterwards, thus protect certified products businessman and The interests of consumer.
Description of the drawings
Fig. 1 is the structural schematic diagram of RFID system in the prior art.
Fig. 2 is the functional block diagram of the RFID security Middleware Model of the present invention.
Specific implementation mode
Below in conjunction with attached drawing, the technical solution in the present invention is clearly and completely described.
A kind of RFID security Middleware Model, including data Layer, realization layer, service layer and application layer, data Layer are to pass through Reader acquire original tag data module, realize layer collected original tag data are handled, service layer be with The service interface of standard provides data service to serve upper layers, application layer to enterprise application system;The realization layer includes With lower module:
Encrypting-decrypting module is encrypted information or decrypts, to improve the safety of middleware;
Intrusion detection module can detect the access with virulent information or malice;
Anti-virus module, when being tested with the access for taking viruliferous information or malice, starting the module can protect Hinder the safety of middleware;
Digital Signature module, carrying out authentication to the information signed ensures the authenticity of information source.
It is implanted into elliptic curve digital signature in Digital Signature module, includes the following steps:
First, one is selected to establish the elliptic curve E on finite field Fq, the rank of elliptic curve E is #E (Fq)=hn, wherein n For a great prime number, h is the association factors of the n about #E (Fq);
Secondly, it is the number of element in finite field Fq, a, b ∈ to select the parameter D=(q, a, b, G, n, h) of elliptic curve, wherein q Fq is the coefficient of elliptic curve equation, and G is the basic point of elliptic curve, and the rank of basic point is n, i.e. O (G)=n;
Again, send out selection k arbitrary by information transmission1,k2∈ { 1,2 ..., n-1 }, and k1≠k2, by k1,k2As private key, calculate P1=k1G,P2=k2G, by P1,P2As public key, the information for needing to sign is represented with integer m;
Then, receiving party chooses private key k3∈ { 1,2 ..., n-1 }, public key P3=k3G;
Then signature process is:
It calculates
(k1'+k2')P3=(x1,y1), r1=mH-1(x1) modn,
(k1'+k2') G=R, H (m) R=(x2, y2),
r2=x2modn;
Calculate s1=(H (m) k1'+r1k1) modn, s2=(H (m) k2′+r2k2)mod n;
The signature of output is (r1,r2,s1,s2);
The verification process of signature is:
Recipient downloads the public key information P of sender1, P2
Check r1,r2,s1,s2∈ { 1,2 ..., n-1 }, refuses to sign if invalid;
It calculates
X=(x', y')=(s1+s2)G-r1P1-r2P2,
R'=x'modn verifies r'=r2It is whether true;
Calculate k3R=(x ", y "), message recovery m'=r1H(x″)modn;
If r'=r2It sets up, and message recovery m' is significant, m'=m then receives signature, otherwise refusal signature.
After the algorithm of signature determines, we will ensure that effective sign of input can be by the verification of signature, and nothing The signature of effect can be screened in verification process.
By s1=(H (m) k1'+r1k1) mod n, s2=(H (m) k2'+r2k2)modn,P1=k1G, P2=k2G substitutes into X= (x', y')=(s1+s2)G-r1P1-r2P2=H (m) (k1'+k2') G,
So x'=x2, r'=r2
Because of (x ", y ")=k3R=k3(k1'+k2') G=(k1'+k2')P3=(x1,y1),
"=the x so x1, m'=r1H (x ") modn=r1H(x1) modn=m, thus demonstrate the correctness of signature.

Claims (2)

1. a kind of RFID security Middleware Model, including data Layer, realize that layer, service layer and application layer, the realization layer include With lower module:Encrypting-decrypting module is encrypted information or decrypts, to improve the safety of middleware;Intrusion detection mould Block can detect the access with virulent information or malice;Anti-virus module, when be tested with take viruliferous information or When the access of person's malice, the safety of middleware can be ensured by starting the module;It is characterized in that:The realization layer also has number Word signature blocks, carrying out authentication to the information signed ensures the authenticity of information source, is planted in Digital Signature module Enter elliptic curve digital signature.
2. a kind of RFID security Middleware Model according to claim 1, which is characterized in that the elliptic curve number Signature scheme includes the following steps:First, one is selected to establish the elliptic curve E on finite field Fq, the rank of elliptic curve E For #E (Fq)=hn, wherein n is a great prime number, and h is the association factors of the n about #E (Fq);Secondly, elliptic curve is selected Parameter D=(q, a, b, G, n, h), wherein q are the number of element in finite field Fq, and a, b ∈ Fq are elliptic curve equation y2=x3+ The coefficient of ax+b, G are the basic points of elliptic curve, and the rank of basic point is n, i.e. O (G)=n;Then, it is arbitrarily chosen by information sender k1,k2∈ { 1,2 ..., n-1 }, and k1≠k2, by k1,k2As private key, P is calculated1=k1G,P2=k2G, by P1,P2As public key, The information for needing to sign is represented with integer m;Receiving party chooses private key k3∈ { 1,2 ..., n-1 }, public key P3=k3G; Then signature process is:
(1)
(2) it calculates
(k1'+k2')P3=(x1,y1), r1=mH-1(x1) modn,
(k1'+k2') G=R, H (m) R=(x2,y2),
r2=x2modn;
(3) s is calculated1=(H (m) k1'+r1k1)modn,s2=(H (m) k2'+r2k2)modn;
(4) signature exported is (r1,r2,s1,s2);
Wherein H (x) is hash function, H-1(x) it is inverse elements of the H (x) in domain;
The verification process of signature is:
(1) recipient downloads the public key information P of sender1,P2
(2) r is checked1,r2,s1,s2∈ { 1,2 ..., n-1 }, refuses to sign if invalid;
(3) it calculates
X=(x', y')=(s1+s2)G-r1P1-r2P2,
R'=x'modn verifies r'=r2It is whether true;
(4) k is calculated3R=(x ", y "), message recovery m'=r1H(x")modn;
(5) if r'=r2It sets up, and message recovery m' is significant, m'=m then receives signature, otherwise refusal signature.
CN201810457057.2A 2018-05-14 2018-05-14 RFID safety middleware Active CN108768967B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810457057.2A CN108768967B (en) 2018-05-14 2018-05-14 RFID safety middleware

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810457057.2A CN108768967B (en) 2018-05-14 2018-05-14 RFID safety middleware

Publications (2)

Publication Number Publication Date
CN108768967A true CN108768967A (en) 2018-11-06
CN108768967B CN108768967B (en) 2020-09-22

Family

ID=64006885

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810457057.2A Active CN108768967B (en) 2018-05-14 2018-05-14 RFID safety middleware

Country Status (1)

Country Link
CN (1) CN108768967B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111291366A (en) * 2020-05-11 2020-06-16 北京东方通科技股份有限公司 Secure middleware system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2442484A1 (en) * 2010-10-15 2012-04-18 Certicom Corp. Authenticated encryption for digital signatures with message recovery
CN103259660A (en) * 2013-04-15 2013-08-21 山东大学 Image authentication method based on phase retrieval and elliptic curve digital signature algorithm
CN105025474A (en) * 2015-06-26 2015-11-04 安徽大学 Lightweight digital signature method facing wireless sensing network
CN106533661A (en) * 2016-10-25 2017-03-22 北京大学 Online generation method for cryptographic currency address based on combined public key

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2442484A1 (en) * 2010-10-15 2012-04-18 Certicom Corp. Authenticated encryption for digital signatures with message recovery
CN103259660A (en) * 2013-04-15 2013-08-21 山东大学 Image authentication method based on phase retrieval and elliptic curve digital signature algorithm
CN105025474A (en) * 2015-06-26 2015-11-04 安徽大学 Lightweight digital signature method facing wireless sensing network
CN106533661A (en) * 2016-10-25 2017-03-22 北京大学 Online generation method for cryptographic currency address based on combined public key

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
耿东久: "RFID安全系统中间件的研究与设计", 《中国优秀硕士论文全文数据库》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111291366A (en) * 2020-05-11 2020-06-16 北京东方通科技股份有限公司 Secure middleware system

Also Published As

Publication number Publication date
CN108768967B (en) 2020-09-22

Similar Documents

Publication Publication Date Title
US9876646B2 (en) User identification management system and method
CN107342867B (en) Signature verification method and device
CN107851111A (en) Use the identity management services of block chain
CN107301521A (en) Strengthen the method for warehouse receipt transaction security in a kind of warehouse receipt system based on block chain
CN101263503A (en) Improved device, system and method for determining authenticity of an item
CN101009014A (en) Secure anti-counterfeiting method and system thereof
JP2003507964A (en) Ways to protect your data
CN110598433B (en) Block chain-based anti-fake information processing method and device
CN102622624A (en) Commodity anti-counterfeiting identification system and commodity anti-counterfeiting identification method
US7739500B2 (en) Method and system for consistent recognition of ongoing digital relationships
Al-Zahrani et al. Secure real-time artificial intelligence system against malicious QR code links
CN105427102A (en) Financial IC card based authentication method and corresponding device and system
CN103971246B (en) One-way function bidirectional encryption based electronic commodity security system
CN108768967A (en) A kind of RFID security Middleware Model
Eldefrawy et al. Banknote validation through an embedded RFID chip and an NFC-enabled smartphone
Chabbi et al. Security of nfc banking transactions: Overview on attacks and solutions
CN100391144C (en) Generation and verification for digital certificate
Kardaş et al. Providing resistance against server information leakage in RFID systems
CN104091191A (en) Fast and effective anti-fake identifying method
Asadpour et al. Presenting a new method of authentication for the internet of things based on RFID
CN110650004B (en) Anti-quantum computation RFID authentication method and system based on symmetric key pool and online and offline signature
Pillai et al. A decentralized data privacy for mobile payment using blockchain technology
Rizvi et al. Protecting financial transactions through networks and point of sales
Wu et al. RFID System Security
CN108961110A (en) A kind of method and system for negotiating encryption handling intellectual property based on block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant