CN109190725B - RFID bidirectional authentication method - Google Patents
RFID bidirectional authentication method Download PDFInfo
- Publication number
- CN109190725B CN109190725B CN201810792139.2A CN201810792139A CN109190725B CN 109190725 B CN109190725 B CN 109190725B CN 201810792139 A CN201810792139 A CN 201810792139A CN 109190725 B CN109190725 B CN 109190725B
- Authority
- CN
- China
- Prior art keywords
- tag
- parameter
- reader
- writer
- balance
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 82
- 230000002457 bidirectional effect Effects 0.000 title abstract description 12
- 230000008569 process Effects 0.000 claims description 21
- 230000002159 abnormal effect Effects 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 abstract description 11
- 238000010586 diagram Methods 0.000 description 12
- 238000004891 communication Methods 0.000 description 10
- 238000004364 calculation method Methods 0.000 description 6
- 238000004590 computer program Methods 0.000 description 6
- 230000008859 change Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 239000003999 initiator Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
- G06K17/0022—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisions for transferring data to distant stations, e.g. from a sensing device
- G06K17/0029—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisions for transferring data to distant stations, e.g. from a sensing device the arrangement being specially adapted for wireless interrogation of grouped or bundled articles tagged with wireless record carriers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a RFID bidirectional authentication method. The method comprises the following steps: receiving a first parameter C1, a random number N, a tag account address TAddress and a reader-writer account address RAddress which are sent by a reader-writer; if the fact that the tag account address TAddress is stored in the self-maintained block chain is known, a second parameter C2 is generated according to the tag account address TAddress, the tag account balance balanceBC and the random number N; if the first parameter C1 is equal to the second parameter C2, it is judged that the reader-writer authenticates the tag successfully at this time, and according to the balance balancBC of the tag account and the random number N, a third parameter C3 is generated and sent to the tag through the reader-writer, so that the tag obtains the authentication result of the tag to the reader-writer based on the third parameter C3. The block chain technology is combined with the RFID technology, and the block chain is essentially a distributed account book maintained by each node in the network, so that the method provided by the invention can ensure the privacy of each tag under the condition of no database and no trusted third party while finishing the security authentication.
Description
Technical Field
The embodiment of the invention relates to the technical field of radio frequency identification, in particular to a Radio Frequency Identification (RFID) bidirectional authentication method.
Background
Radio Frequency Identification (RFID) technology has developed rapidly in recent years and is widely used in various applications such as inventory management, supply chain, product tracking, transportation, logistics, and self-service supermarket. An RFID system typically consists of one or more RFID readers, a large number of RFID tags and a back-end server. Each tag is attached to a physical object and the reader/writer can identify or track the object by communicating with the corresponding tag. Since the communication between the tag and the reader-writer is transmitted wirelessly through radio frequency signals, an attacker can implement types of attacks such as eavesdropping, replay, tampering, Dos and the like, so as to acquire sensitive tag information or influence the normal operation of the whole RFID system. To address these problems, many authentication security protocols have been proposed.
The earliest RFID authentication protocol was the Hash-Lock protocol proposed by Sarma et al. The authentication process of the protocol is shown in fig. 1, and fig. 1 is a diagram of the authentication process of the Hash-Lock protocol. Each tag stores its own { meta ID, ID } field, where meta ID is obtained by mapping the tag key with a hash function. The background server stores n pieces of { meta ID, ID, key } records, which correspond to n tags respectively. After the authentication process is started, the reader firstly sends a Request inquiry to start communication. After receiving the message, the tag sends the stored meta id to the reader/writer. And after receiving the meta ID, the reader-writer continuously transmits the meta ID to the back-end server. And after receiving the data, the server checks whether a record exists in the database, wherein the meta ID is consistent with the received record, if so, the corresponding ID and key are sent to the reader-writer, and if not, the authentication is stopped if the authentication fails. After receiving { ID, key } sent by the server, the reader sends the key to the tag, after receiving the key, the tag calculates whether the hash (key) is consistent with the meta ID stored by the reader, if so, the tag authenticates the reader to pass, and then sends the ID to the reader, otherwise, the authentication is failed, and the reader stops. And after receiving the ID sent by the label, the reader-writer compares the ID with the ID sent by the server, if the ID is the same as the ID sent by the label, the reader-writer successfully authenticates the label, and if the ID fails, the reader-writer stops.
In order to improve the security of the original RFID protocol, a large number of RFID protocols are continuously emerging. Such as a randomized Hash-Lock protocol, a Hash chain protocol, a Hash-based ID change protocol, David's digital library RFID protocol, and a distributed RFID challenge-response authentication protocol, etc. The protocols improve the security of one or more aspects on the original basis, so that the application of the RFID is more and more mature. For example, the randomized Hash-Lock protocol introduces the concept of random numbers, and each time the tag interacts with the reader, a changed random number is added into the Hash calculation, so that the privacy of the ID of the tag is further ensured. The David digital library RFID protocol not only introduces random numbers, but also applies encryption and decryption technology to the protocol, is an RFID protocol realized based on pseudo random numbers of pre-shared secrets, and has no obvious security holes in the design.
The original RFID protocol has certain attack loopholes more or less, for example, in a Hash-Lock protocol, a randomized Hash-Lock protocol and a Hash chain protocol, the tag ID is transmitted in plaintext and can not resist replay attack, impersonation attack, tracking attack and the like. In the ID change protocol based on Hash, since the time for updating the tag information by the back-end server is asynchronous to the time for updating the tag, if an attacker performs data blocking or interference, and the electronic tag cannot receive part of the authentication message, the tag data stored by the server will be asynchronous to the tag data, resulting in failure of the next authentication. Even if the protocol is a high-security protocol, such as the digital library RFID protocol of David, the tag must complete the encryption and decryption operations of the random number generator, so that the complexity of tag design is increased, the design cost is increased, and the tag is not suitable for a low-cost RFID system.
A common fault of the existing RFID protocol is that the authentication process needs to be supported by a centralized database stored in the server, so the authentication process is vulnerable to SQL attacks. Once this centralized database is attacked, the entire RFID system may crash. Moreover, the centralized architecture is not suitable for being applied to a distributed system, and the privacy requirements of each sub-part in the system cannot be guaranteed. Even if there is an RFID protocol designed for distributed systems, this is done by introducing a trusted third party, which further increases the communication costs of the system.
Disclosure of Invention
The embodiment of the invention provides an RFID bidirectional authentication method, which is used for overcoming the defects that an RFID bidirectional authentication protocol in the prior art is insufficient in safety and is not suitable for a distributed system, improving the safety of authentication and being suitable for the distributed system.
The embodiment of the invention provides an RFID bidirectional authentication method, which comprises the following steps:
receiving a first parameter C1, a random number N, a tag account address TAddress and a reader-writer account address RAddress which are sent by a reader-writer;
if the fact that the tag account address TAddress is stored in the self-maintained block chain is known, a second parameter C2 is generated according to the tag account address TAddress, the tag account balance balanceBC and the random number N;
if the first parameter C1 is equal to the second parameter C2, the tag authentication success of the reader-writer at the present time is judged, and a third parameter C3 is generated and sent to the tag through the reader-writer according to the balance balanced BC and the random number N of the tag account, so that the tag obtains the authentication result of the tag to the reader-writer based on the third parameter C3;
the first parameter C1 is generated by the tag according to the tag account address taddrss, the tag balance and the random number N sent by the reader, the tag account address taddrss is generated by the blockchain according to the tag ID, and the reader account address randdrss is generated by the blockchain according to the reader ID.
The embodiment of the invention provides an RFID bidirectional authentication method, which comprises the following steps:
if the first parameter C1 is equal to the second parameter C2, receiving a third parameter C3 sent by the server;
acquiring an authentication result of the tag to the reader-writer based on the third parameter C3;
the third parameter C3 is generated according to the tag account balance balanceBC and the random number N, the first parameter C1 is sent to the server by the reader, and the second parameter C2 is generated according to the tag account address taddrress, the tag account balance balanceBC and the random number N.
According to the RFID mutual authentication method provided by the embodiment of the invention, the blockchain technology is combined with the RFID technology, and the blockchain is essentially a distributed account book maintained by each node in the network, so that the method provided by the embodiment of the invention can ensure the privacy of each label under the condition that no database or trusted third party exists while the safety authentication is completed.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a diagram of a Hash-Lock protocol authentication process;
FIG. 2 is a flowchart of a RFID mutual authentication method according to an embodiment of the present invention;
FIG. 3 is a flow chart of a method for RFID mutual authentication according to another embodiment of the present invention;
FIG. 4 is a block chain-based multi-department cooperative distributed RFID system architecture diagram according to an embodiment of the present invention;
FIG. 5 is a diagram of a mutually-authenticated RFID protocol provided in accordance with an embodiment of the present invention;
fig. 6 is a block diagram of a server according to an embodiment of the present invention;
fig. 7 is a block diagram of a tag according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A reader in RFID technology can identify or track an object by communicating with a tag provided on the target object. The reader-writer can carry out read-write operation on the tag, and as the communication between the tag and the reader-writer is transmitted wirelessly through radio frequency signals, an attacker can implement types of attacks such as eavesdropping, replaying, tampering, Dos and the like so as to acquire sensitive tag information or influence the normal work of the whole RFID system, so that a plurality of RFID mutual authentication security protocols are proposed. The purpose of RFID mutual authentication is to prevent unauthorized readers from browsing some or all of the information stored in the tags and to grant legitimate readers the ability to distinguish legitimate tags from illegitimate tags. In the following embodiments, the RFID mutual authentication method may also be referred to as an RFID mutual authentication protocol, that is, the method and the protocol have the same meaning.
Fig. 2 is a flowchart of a method for bidirectional RFID authentication according to an embodiment of the present invention, where an execution subject of the method is a server, and as shown in fig. 2, the method includes:
step 201: and receiving a first parameter C1, a random number N, a tag account address TAddress and a reader account address RAddress which are sent by the reader.
Step 202: if the fact that the tag account address TAddress is stored in the self-maintained block chain is known, a second parameter C2 is generated according to the tag account address TAddress, the tag account balance balanceBC and the random number N.
Step 203: if the first parameter C1 is equal to the second parameter C2, it is judged that the reader-writer authenticates the tag successfully at this time, and according to the balance balancBC of the tag account and the random number N, a third parameter C3 is generated and sent to the tag through the reader-writer, so that the tag obtains the authentication result of the tag to the reader-writer based on the third parameter C3.
The first parameter C1 is generated by the tag according to the tag account address taddrss, the tag balance and the random number N sent by the reader, the tag account address taddrss is generated by the blockchain according to the tag ID, and the reader account address randdrss is generated by the blockchain according to the reader ID.
It should be noted that the hardware devices involved in the embodiment of the present invention are: server, reader and tag. The server is used for obtaining the authentication result of the reader-writer on the tag, and assisting the tag to obtain the authentication result of the tag on the reader-writer when the authentication result is successful so as to complete the bidirectional authentication of the reader-writer and the tag.
The specific process of step 201 is as follows: the server receives the first parameter C1 sent by the reader, the random number N, the tag account address taddrss and the reader account address randdrss.
The specific process of step 202 is: traversing a self-maintained block chain, if a tag account address TAddress is stored in the block chain, taking out a tag account balance balanceBC from the block chain, and calculating and generating a second parameter C2 according to the received tag account address TAddress, account balance balanceBC and a random number N based on an exclusive-or operation and a one-way hash operation, wherein a specific calculation formula is as follows:
C2=H(TAddress⊕balanceBC⊕N);
wherein ⊕ is an exclusive-or operation, and H () is a one-way hash operation.
The specific process of step 203 is: the server compares the first parameter C1 with the second parameter C2, and if the comparison result is that the first parameter C1 and the second parameter C2 are equal, the server judges that the reader-writer successfully authenticates the tag at this time. And based on the exclusive-or operation and the one-way hash operation, calculating to generate a third parameter C3 according to the balance balancbc and the random number N of the tag account, and sending the third parameter C3 to the reader-writer, so that the reader-writer forwards the third parameter C3 to the tag, and further, the tag obtains the authentication result of the tag to the reader-writer based on the received third parameter C3. The specific calculation formula of the third parameter C3 is as follows:
C3=H(balanceBC⊕N);
wherein ⊕ is an exclusive-or operation, and H () is a one-way hash operation.
It should be noted that, in the embodiment of the present invention, a blockchain technology is combined with an RFID technology, a server in the RFID is operated as a node in a blockchain, and all nodes (i.e., servers) in the blockchain maintain the blockchain together. For a server, it contains a collection of tags and reader-related accounts that all nodes can access.
The tag account address TAddress is generated as follows: and generating a public key address by using the block chain by taking the tag ID as a password, and taking the public key address as a tag account address. The generation process of the reader-writer account address randress is as follows: and generating a public key address by using the block chain by taking the ID of the reader-writer as a password, and taking the public key address as an account address of the reader-writer. Each tag stores its own { TAddress, balance }, and each reader stores its own RAddress. The account balance of each tag in the blockchain is initialized to a random number between (0,10), and the balance value stored in the tag, i.e., the tag balance, is initialized to balance bc + M. And M is the sum of each transaction of the tag account and the reader-writer account.
The method provided by the embodiment of the invention combines the block chain technology with the RFID technology, and the block chain is essentially a distributed account book maintained by each node in the network, so that the method provided by the embodiment of the invention can ensure the privacy of each label under the condition of no database and a trusted third party while finishing the security authentication. Complete resistance to common attacks (e.g., replay attacks, proactive attacks, Dos attacks, desynchronization attacks) and rooted all potential database attacks without using any additional protection techniques; each RFID label and the communication record of the reader-writer are traceable and not modifiable; and, each subsystem in the distributed system has its own secret tag information, which is not contained in the server. Insensitive tag information is shared among the subsystems for subsequent operations without a central server or a trusted third party.
Based on the foregoing embodiment, the method provided in this embodiment further includes:
if the first parameter C1 is equal to the second parameter C2, the last authentication process is judged to be abnormal and recorded in a self-maintained block chain; the authentication process exception is that the authentication message is lost or intercepted.
Specifically, if the server knows that the first parameter C1 is equal to the second parameter C2, it is determined that the tag authentication by the reader/writer at this time is successful, and it is determined that the previous authentication process is abnormal, and the abnormal authentication process is recorded in the block chain maintained by the server.
Based on the foregoing embodiment, the method provided in this embodiment further includes:
if the first parameter C1 is not equal to the second parameter C2, a fourth parameter C4 is generated according to the tag account address tadddress, the tag account balance balanceBC, the transaction amount M, and the random number N.
If the first parameter C1 is equal to the fourth parameter C4, it is determined that the tag authentication of the reader-writer at this time is successful, the authentication process at the last time is normal, the tag account balance BC is updated according to the transaction amount M, a fifth parameter C5 is generated according to the updated tag account balance BC and the random number N and is sent to the tag through the reader-writer, and therefore the tag obtains the authentication result of the tag to the reader-writer based on the fifth parameter C5.
Specifically, if the server knows that the first parameter C1 and the second parameter C2 are not equal to each other by comparing the two parameters, a fourth parameter C4 is generated, and the authentication result of the reader-writer for the tag result is obtained based on the fourth parameter C4. The calculation formula of the fourth parameter C4 is:
C4=H(TAddress⊕(balanceBC⊕M)⊕N)
wherein ⊕ is an exclusive-or operation, and H () is a one-way hash operation.
After the server generates a fourth parameter C4, the first parameter C1 is compared with the fourth parameter C4, and if the first parameter C1 and the fourth parameter C4 are equal, it is determined that the tag authentication by the reader is successful, and a fifth parameter C5 is generated and then sent to the reader, so that the reader forwards the fifth parameter C5 to the tag, and further the tag obtains the authentication result of the tag to the reader based on the fifth parameter C5. The calculation formula of the fifth parameter C5 is:
C5=H(balanceBC'⊕N)
wherein ⊕ is an exclusive-or operation, H () is a one-way hash operation, and balanceBC' is an updated balance of the label account obtained by updating the balance balanceBC according to the transaction amount M.
Based on the foregoing embodiment, the method provided in this embodiment further includes:
if the first parameter C1 is known to be equal to the second parameter C2, the tag account balance balanceBC remains unchanged.
If the first parameter C1 is equal to the fourth parameter C4, the account balance BC is updated according to the transaction amount M.
Specifically, if the server knows that the first parameter C1 is equal to the second parameter C2 or the first parameter C1 is equal to the fourth parameter C4, it is determined that the tag authentication by the reader/writer is successful. Wherein if C1 ═ C2, the balanceBC is kept unchanged, and if C1 ═ C4, the balanceBC is updated to balanceBC' ═ balanceBC + M.
Based on the foregoing embodiment, the method provided in this embodiment further includes:
and if the first parameter C1 is not equal to the fourth parameter C4, determining that the reader-writer fails to authenticate the tag.
Based on the foregoing embodiment, the method provided in this embodiment further includes:
and if the tag account address TAddress is not stored in the block chain, judging that the reader-writer fails to authenticate the tag.
Fig. 3 is a flowchart of a method for bidirectional RFID authentication according to another embodiment of the present invention, where the execution subject is a tag, as shown in fig. 3, the method includes:
301: if the first parameter C1 is equal to the second parameter C2, the third parameter C3 sent by the server is received.
302: based on the third parameter C3, the authentication result of the tag to the reader/writer is obtained.
The third parameter C3 is generated according to the tag account balance balanceBC and the random number N, the first parameter C1 is sent to the server by the reader, and the second parameter C2 is generated according to the tag account address taddrress, the tag account balance balanceBC and the random number N.
Specifically, if the server sends the third parameter C3 to the reader/writer, the reader/writer forwards the third parameter C3 to the tag. If the tag receives the third parameter C3, the authentication result of the tag to the reader/writer is obtained based on the third parameter C3, and the authentication result is that the authentication of the tag to the reader/writer is successful or failed. It should be noted that all the parameters are already described in this embodiment or the above embodiments, and are not described herein again.
Based on the foregoing embodiment, the method provided in this embodiment further includes:
if the first parameter C1 is equal to the fourth parameter C4, receiving a fifth parameter C5 sent by the server;
acquiring an authentication result of the tag to the reader-writer based on a fifth parameter C5;
the fifth parameter C5 is generated according to the updated tag account balance balanceBC and the random number N, and the fourth parameter C4 is generated according to the tag account address taddrress, the tag account balance balanceBC, the transaction amount M, and the random number N.
Based on the above embodiment, obtaining the authentication result of the tag to the reader/writer further includes:
acquiring a sixth parameter C6 according to the tag balance and the random number N;
if the third parameter C3 is equal to the sixth parameter C6, or the fifth parameter C5 is equal to the sixth parameter C6, it is determined that the tag is successfully authenticated with the reader/writer. Otherwise, the tag is judged to fail to authenticate the reader-writer, and the tag refuses further communication. The specific calculation formula of the sixth parameter C6 is as follows:
C6=H(balance⊕N);
wherein ⊕ is an exclusive-or operation, and H () is a one-way hash operation.
Based on the above embodiment, the method provided by the embodiment of the present invention further includes:
and if the tag successfully authenticates the reader-writer, updating the balance of the tag according to the transaction amount M. The specific update formula is:
balance'=balance+M
based on the above embodiment, the receiving the third parameter C3 sent by the server or the fifth parameter C5 sent by the server previously further includes:
receiving a random number N sent by a reader-writer; generating a first parameter C1 according to the tag account address TAddress, the tag balance and the random number N; the first parameter C1 and the tag account address taddrss are transmitted to the reader/writer, so that the reader/writer transmits the first parameter C1, the random number N, the tag account address taddrss, and the reader/writer account address randdrss to the server.
To better illustrate the aspects of the embodiments of the present invention, the following is described by way of specific examples:
fig. 4 is an architecture diagram of a block chain-based multi-department cooperative distributed RFID system according to an embodiment of the present invention, and as shown in fig. 4, the method provided by the embodiment of the present invention is applied in the following fields:
a company has multiple departments or branches, and particularly some of them are distributed in different regions and even in different countries, and the internal networks are difficult to communicate with each other. Taking an RFID-based personnel access control system as an example, it requires high security, but has low requirements for real-time performance and throughput. Each department has a sensitive < real object-tag ID > table, which cannot be known by other departments. However, the operation and management of a company requires departments to share some information of the tag to complete the RFID authentication process. How to guarantee the privacy of the departments while meeting the actual needs of the company is a requirement that new RFID systems and protocols should be implemented. Furthermore, the synchronization problem in distributed RFID systems is also at issue when adding new tags or every round of updating authentication messages.
In the embodiment of the invention, one private blockchain is enough to meet the requirement of the RFID system in the company. In this case, multiple departments maintain private blockchains together and perform the same authentication protocol process. The system model can ensure that non-sensitive label information is shared for authentication, and meanwhile, confidential label information inside a protection department can be set through the following steps:
(1) each department has several servers operating as nodes on the blockchain, each node containing a collection of tags and reader-related accounts that all nodes have access to.
(2) With the tag or reader ID as the password, the blockchain generates a 20-byte public key address as the account identifier (in the etherhouse). The respective < real object-ID-account address > mapping table for each department is stored in a secret location remote from the entire system, and it is impossible to deduce the association of the real ID with the account address.
Based on the system architecture diagram shown in fig. 4, the following describes a mutual authentication RFID protocol based on a block chain according to an embodiment of the present invention, where the used symbolic description is shown in table 1, the protocol diagram is shown in fig. 5, table 1 is a symbolic description table used in the protocol, and fig. 5 is a mutual authentication RFID protocol diagram provided according to an embodiment of the present invention. The specific process is as follows:
(1) an initialization stage: in the initialization phase, the blockchain generates a public key address as an account identifier using the tag or reader ID as a password. Each tag stores a tuple { TAddress, balance }, and each reader stores RAddress. Since the reader is the initiator of the entire protocol, its account must have an initial balance, which can be achieved by default settings before the protocol starts. The real balance (balance bc) of each tag account in the blockchain is initialized to a random number between (0,10) in the blockchain, and the account balance (balance) stored in the tag is initialized to balance bc + M.
(2) And (3) an authentication stage:
(a) a reader-writer: the reader generates a random number N and sends it to the tag.
(b) Tag calculates C1 ═ H (taddrses ⊕ balance ⊕ N), and sends (C1, taddrses) back to the reader/writer.
(c) A reader-writer: the reader sends (C1, N, taddrses, randdrses) to the server for tag authentication.
(d) A server: after receiving the information sent from the reader/writer (C1, N, TAddress, randdress), the server first checks whether TAddress exists. If TAddress does not exist, the tag authentication fails and the server stops the session. Otherwise, inquiring the balance balanceBC of the tag account corresponding to the TAddress, and then executing the following steps.
The server calculates C2 ═ H (taddrses ⊕ balanceBC ⊕ N), if C1 ≠ C2, it indicates that the last message of the last authentication was lost or intercepted by an attacker, if C1 ≠ C2, the server calculates C4 ═ H (taddrses (balanceBC ⊕ M) ⊕ N), if C1 ≠ C4, it indicates that the last authentication was complete, if neither of these two cases is met, the tag authentication fails, the server stops the session, and the following steps of updating, transmitting, e), and f are not performed any more.
And updating, namely if the comparison result in the last step is that C1 is equal to C2, recording an interception record related to the tag account in a block chain, keeping balance BC unchanged (namely balance BC ', balance BC), calculating C3 is equal to H (balance BC ⊕ N) by a server, and sending C3 to a reader-writer, if the comparison result is that C1 is equal to C4, unlocking the account of the reader-writer by the server, sending M from the account of the reader-writer to the tag, updating balance BC (namely balance BC ' ═ balance BC + M), calculating C5 is equal to H (balance BC ' ⊕ N) by the server, and sending C5 to the reader-writer.
(e) A reader-writer: the reader receives C3 (or C5) and forwards it to the tag.
(f) Tag calculates C6-H (balance ⊕ N) and checks if equation C6-C3 (or C5) holds, if it holds, the tag successfully authenticates the reader and updates balance + m, if it does not, the authentication fails, and the tag rejects further communication.
TABLE 1 notation used in the protocol
The key point of the embodiment of the invention is that the embodiment of the invention provides a novel distributed RFID bidirectional authentication security protocol based on a block chain. Because the blockchain is essentially a distributed ledger maintained by each node in the network, the protocol provided by the embodiments of the present invention can ensure the privacy of each department without a database and a trusted third party while completing security authentication.
The embodiment of the invention has the following beneficial effects:
the protocol ensures the privacy of each department: because the protocol only relates to the address and balance of the label account, and the mapping table of < real object-ID-account address > of each department can only be stored by oneself, the relevant information of the sensitive ID can not be leaked through the information used in the protocol, which ensures the privacy of the department.
The protocol guarantees the following security: tag anonymity, tag availability, forward security, resistance to replay attacks, resistance to proactive attacks, partial protection of tag untraceability. The specific analysis is as follows.
(1) The anonymity of the label: in the protocol provided by the embodiment of the present invention, the real ID of the tag is anonymized as the account address (taddrses) on the block chain in the initialization phase. During authentication, each message is protected by a one-way hash function assisted by a random number N, so that the protocol can protect the anonymity of the tag.
(2) Tag availability: tag availability typically includes resistance to DoS attacks and resistance to desynchronization attacks. In the protocol provided by the embodiment of the invention, the tag does not need to have the function of generating the random number, so that the service cannot be refused because the random number is exhausted. In addition, even if the last reader-writer verification message is lost or intercepted by an attacker, the tag information and the blockchain cannot be out of synchronization. This is because the server will determine whether C1 agrees with C2 or C4, in both cases the tag can be verified whether it received the message before.
(3) Forward security: the protocol achieves forward security because the tag xors TAddress, N, balance before the hash. Since N and balance change in each round, even if the attacker knows the current balance and N, he will not know the previous hash result, which guarantees forward security.
(4) Resisting replay attack: similar to forward security, the reader will generate a new random number N in each round, and balance bc and balance will change. Even if the attacker steals all the messages of the previous round, he cannot pass the authentication by replaying the messages.
(5) The method is used for resisting active attack, namely, an attacker can actively challenge a tag by using a random number N ', and then obtains a response { C1' ═ H (TAddress ⊕ balance ⊕ N '), TAddress }, but since the hash is a one-way function, the attacker cannot reversely deduce balance from C1', so that when a legal reader challenges by using the random number N, the legal reader cannot construct a correct message to return to the reader, namely the legal reader cannot masquerade as a legal tag for further communication, namely the protocol provided by the embodiment of the invention completely resists active attack.
(6) Label untraceability: strictly speaking, the protocol provided by the embodiment of the invention may be subject to tracking attack. Since it uses the same TAddress in each authentication. But even if the attacker finds the same TAddress twice, he cannot deduce the tag's true ID number, which means that the protocol guarantees to some extent that the tag is not traceable.
Fig. 6 is a block diagram of a server according to an embodiment of the present invention, and as shown in fig. 6, the apparatus includes: a processor (processor)601, a memory (memory)602, and a bus 603; wherein, the processor 601 and the memory 602 complete the communication with each other through the bus 603; the processor 601 is configured to call program instructions in the memory 602 to perform the methods provided by the above-mentioned method embodiments, for example, including: receiving a first parameter C1, a random number N, a tag account address TAddress and a reader-writer account address RAddress which are sent by a reader-writer; if the fact that the tag account address TAddress is stored in the self-maintained block chain is known, a second parameter C2 is generated according to the tag account address TAddress, the tag account balance balanceBC and the random number N; if the first parameter C1 is equal to the second parameter C2, it is judged that the reader-writer authenticates the tag successfully at this time, and according to the balance balancBC of the tag account and the random number N, a third parameter C3 is generated and sent to the tag through the reader-writer, so that the tag obtains the authentication result of the tag to the reader-writer based on the third parameter C3.
Fig. 7 is a block diagram of a structure of a tag according to an embodiment of the present invention, and as shown in fig. 7, the apparatus includes: a processor (processor)701, a memory (memory)702, and a bus 703; the processor 701 and the memory 702 complete communication with each other through the bus 703; the processor 701 is configured to call the program instructions in the memory 702 to execute the methods provided by the above-mentioned method embodiments, for example, including: if the first parameter C1 is equal to the second parameter C2, receiving a third parameter C3 sent by the server; based on the third parameter C3, the authentication result of the tag to the reader/writer is obtained.
An embodiment of the present invention discloses a computer program product, which includes a computer program stored on a non-transitory computer readable storage medium, the computer program including program instructions, when the program instructions are executed by a computer, the computer can execute the methods provided by the above method embodiments, for example, the method includes: receiving a first parameter C1, a random number N, a tag account address TAddress and a reader-writer account address RAddress which are sent by a reader-writer; if the fact that the tag account address TAddress is stored in the self-maintained block chain is known, a second parameter C2 is generated according to the tag account address TAddress, the tag account balance balanceBC and the random number N; if the first parameter C1 is equal to the second parameter C2, it is judged that the reader-writer authenticates the tag successfully at this time, and according to the balance balancBC of the tag account and the random number N, a third parameter C3 is generated and sent to the tag through the reader-writer, so that the tag obtains the authentication result of the tag to the reader-writer based on the third parameter C3.
An embodiment of the present invention discloses a computer program product, which includes a computer program stored on a non-transitory computer readable storage medium, the computer program including program instructions, when the program instructions are executed by a computer, the computer can execute the methods provided by the above method embodiments, for example, the method includes: if the first parameter C1 is equal to the second parameter C2, receiving a third parameter C3 sent by the server; based on the third parameter C3, the authentication result of the tag to the reader/writer is obtained.
Embodiments of the present invention provide a non-transitory computer-readable storage medium, which stores computer instructions, where the computer instructions cause the computer to perform the methods provided by the above method embodiments, for example, the methods include: receiving a first parameter C1, a random number N, a tag account address TAddress and a reader-writer account address RAddress which are sent by a reader-writer; if the fact that the tag account address TAddress is stored in the self-maintained block chain is known, a second parameter C2 is generated according to the tag account address TAddress, the tag account balance balanceBC and the random number N; if the first parameter C1 is equal to the second parameter C2, it is judged that the reader-writer authenticates the tag successfully at this time, and according to the balance balancBC of the tag account and the random number N, a third parameter C3 is generated and sent to the tag through the reader-writer, so that the tag obtains the authentication result of the tag to the reader-writer based on the third parameter C3.
Embodiments of the present invention provide a non-transitory computer-readable storage medium, which stores computer instructions, where the computer instructions cause the computer to perform the methods provided by the above method embodiments, for example, the methods include: if the first parameter C1 is equal to the second parameter C2, receiving a third parameter C3 sent by the server; based on the third parameter C3, the authentication result of the tag to the reader/writer is obtained.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. An RFID mutual authentication method is characterized by comprising the following steps:
receiving a first parameter C1, a random number N, a tag account address TAddress and a reader-writer account address RAddress which are sent by a reader-writer;
if the fact that the tag account address TAddress is stored in the self-maintained block chain is known, a second parameter C2 is generated according to the tag account address TAddress, the tag account balance balanceBC and the random number N;
if the first parameter C1 is equal to the second parameter C2, the tag authentication success of the reader-writer at the present time is judged, and a third parameter C3 is generated and sent to the tag through the reader-writer according to the balance balanced BC and the random number N of the tag account, so that the tag obtains the authentication result of the tag to the reader-writer based on the third parameter C3;
the first parameter C1 is generated by the tag according to the tag account address taddrss, the tag balance and the random number N sent by the reader, the tag account address taddrss is generated by the blockchain according to the tag ID, and the reader account address randdrss is generated by the blockchain according to the reader ID.
2. The method of claim 1, further comprising:
if the first parameter C1 is equal to the second parameter C2, the last authentication process is judged to be abnormal and recorded in a self-maintained block chain; the authentication process exception is that the authentication message is lost or intercepted.
3. The method of claim 1, further comprising:
if the first parameter C1 is not equal to the second parameter C2, generating a fourth parameter C4 according to the tag account address TAddress, the tag account balance balanceBC, the transaction amount M and the random number N;
if the first parameter C1 is equal to the fourth parameter C4, it is determined that the tag authentication of the reader-writer at this time is successful, the authentication process at the last time is normal, the tag account balance BC is updated according to the transaction amount M, a fifth parameter C5 is generated according to the updated tag account balance BC and the random number N and is sent to the tag through the reader-writer, and therefore the tag obtains the authentication result of the tag to the reader-writer based on the fifth parameter C5.
4. The method of claim 3, further comprising:
if the first parameter C1 is equal to the second parameter C2, the tag account balance balancBC remains unchanged;
if the first parameter C1 is equal to the fourth parameter C4, the account balance BC is updated according to the transaction amount M.
5. The method of claim 3, further comprising:
and if the first parameter C1 is not equal to the fourth parameter C4, determining that the reader-writer fails to authenticate the tag.
6. The method of claim 1, further comprising:
and if the tag account address TAddress is not stored in the block chain, judging that the reader-writer fails to authenticate the tag.
7. An RFID mutual authentication method is characterized by comprising the following steps:
if the first parameter C1 is equal to the second parameter C2, receiving a third parameter C3 sent by the server through the reader;
acquiring an authentication result of the tag to the reader-writer based on the third parameter C3;
the third parameter C3 is generated by the server according to the tag account balance balanceBC and the random number N, the first parameter C1 is sent to the server by the reader, and the second parameter C2 is generated by the server according to the tag account address taddrress, the tag account balance balanceBC and the random number N; the first parameter C1 is generated by the tag account address taddrss, the tag balance, and the random number N sent by the reader/writer, and the tag account address taddrss is generated by the blockchain according to the tag ID.
8. The method of claim 7, further comprising:
if the first parameter C1 is equal to the fourth parameter C4, receiving a fifth parameter C5 sent by the server;
acquiring an authentication result of the tag to the reader-writer based on a fifth parameter C5;
the fifth parameter C5 is generated according to the updated tag account balance balanceBC and the random number N, and the fourth parameter C4 is generated according to the tag account address taddrress, the tag account balance balanceBC, the transaction amount M, and the random number N.
9. The method of claim 8, wherein obtaining the authentication result of the tag to the reader/writer further comprises:
acquiring a sixth parameter C6 according to the tag balance and the random number N;
if the third parameter C3 is equal to the sixth parameter C6, or the fifth parameter C5 is equal to the sixth parameter C6, it is determined that the tag is successfully authenticated with the reader/writer.
10. The method of claim 7, further comprising:
and if the tag successfully authenticates the reader-writer, updating the balance of the tag according to the transaction amount M.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810792139.2A CN109190725B (en) | 2018-07-18 | 2018-07-18 | RFID bidirectional authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810792139.2A CN109190725B (en) | 2018-07-18 | 2018-07-18 | RFID bidirectional authentication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109190725A CN109190725A (en) | 2019-01-11 |
| CN109190725B true CN109190725B (en) | 2020-07-07 |
Family
ID=64936248
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810792139.2A Active CN109190725B (en) | 2018-07-18 | 2018-07-18 | RFID bidirectional authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109190725B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109788465B (en) * | 2019-01-22 | 2020-04-14 | 西安电子科技大学 | Bidirectional identity authentication method based on radio frequency identification for block chain |
| CN111953494A (en) * | 2019-05-15 | 2020-11-17 | 株式会社日立制作所 | Authentication method and device |
| CN112019336B (en) * | 2019-05-30 | 2021-12-10 | 中国科学技术大学 | RFID authentication method and device |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7791451B2 (en) * | 2006-10-17 | 2010-09-07 | International Business Machines Corporation | Methods, systems, and computer program products for providing mutual authentication for radio frequency identification (RFID) security |
| CN102510335A (en) * | 2011-11-10 | 2012-06-20 | 西北工业大学 | RFID (Radio Frequency Identification Device) mutual authentication method based on Hash |
| US20180096175A1 (en) * | 2016-10-01 | 2018-04-05 | James L. Schmeling | Blockchain Enabled Packaging |
| CN106792686B (en) * | 2016-12-13 | 2020-01-07 | 广东工业大学 | RFID bidirectional authentication method |
| CN107545501A (en) * | 2017-07-17 | 2018-01-05 | 招商银行股份有限公司 | Assets management method, system and computer-readable recording medium |
| CN108053001B (en) * | 2017-12-14 | 2021-09-28 | 上海密尔克卫化工储存有限公司 | Information security authentication method and system for electronic warehouse receipt |
-
2018
- 2018-07-18 CN CN201810792139.2A patent/CN109190725B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109190725A (en) | 2019-01-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Fakroon et al. | Secure remote anonymous user authentication scheme for smart home environment | |
| Kapoor et al. | Single RFID tag ownership transfer protocols | |
| JP5959410B2 (en) | Payment method, payment server for executing the method, program for executing the method, and system for executing the same | |
| US8209744B2 (en) | Mobile device assisted secure computer network communication | |
| US11063941B2 (en) | Authentication system, authentication method, and program | |
| CN110945549A (en) | Method and system for universal storage and access to user-owned credentials for cross-institution digital authentication | |
| CN108737442A (en) | A kind of cryptographic check processing method | |
| Wang et al. | A server independent authentication scheme for RFID systems | |
| Abughazalah et al. | Secure improved cloud-based RFID authentication protocol | |
| Li et al. | A hash based remote user authentication and authenticated key agreement scheme for the integrated EPR information system | |
| CN109190725B (en) | RFID bidirectional authentication method | |
| JP5355685B2 (en) | Wireless tag authentication method using radio wave reader | |
| Brelurut et al. | Survey of distance bounding protocols and threats | |
| CN107147498B (en) | Authentication method and encryption method for transmitting information in RFID authentication process | |
| Akgün et al. | Attacks and improvements to chaotic map‐based RFID authentication protocol | |
| Kumar et al. | Ultra-lightweight blockchain-enabled RFID authentication protocol for supply chain in the domain of 5G mobile edge computing | |
| CN114466353A (en) | App user ID information protection device and method, electronic equipment and storage medium | |
| CN117376026A (en) | Internet of things equipment identity authentication method and system | |
| Kumari | Real time authentication system for RFID applications | |
| Chabbi et al. | RFID and NFC authentication protocol for securing a payment transaction | |
| Erguler et al. | Practical attacks and improvements to an efficient radio frequency identification authentication protocol | |
| Azad et al. | A lightweight protocol for RFID authentication | |
| KR100955880B1 (en) | Security method in RFID environment, Recording medium and System using by the same | |
| EP3035589A1 (en) | Security management system for authenticating a token by a service provider server | |
| KR100882900B1 (en) | Method for security in RFID tag, Apparatus for security of RFID tag and Method for security in RFID environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |