CN110011804B - Ultra-lightweight RFID communication authentication method - Google Patents
Ultra-lightweight RFID communication authentication method Download PDFInfo
- Publication number
- CN110011804B CN110011804B CN201910183889.4A CN201910183889A CN110011804B CN 110011804 B CN110011804 B CN 110011804B CN 201910183889 A CN201910183889 A CN 201910183889A CN 110011804 B CN110011804 B CN 110011804B
- Authority
- CN
- China
- Prior art keywords
- authentication
- reader
- tag
- ultra
- protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an ultra-lightweight RFID authentication protocol, which is newly designed aiming at the ultra-lightweight RFID authentication protocol, adopts simple operations such as bit XOR, bit multiplication, summation and the like, and respectively provides the ultra-lightweight RFID authentication protocol for resisting passive attack and active attack, and the new protocol has the characteristics of high efficiency, low cost and strong authentication.
Description
Technical Field
The invention belongs to the field of wireless communication, and particularly relates to an ultra-lightweight RFID communication authentication method.
Background
The RFID has a portable physical carrier, adopts a Reader (Reader), a Server (Server) and a Tag (Tag) three-party structure, and is a non-contact technology capable of automatically identifying people or objects. The technology can adapt to complex environment and realize multi-target identification, and has the advantages of low cost and high speed. However, due to the advantage of low cost, the storage and computation capabilities of the tag are limited, and it is difficult to defend against various passive or active attacks.
At present, passive attacks, active attacks and man-in-the-middle attacks are mainly used for attacking the RFID. The passive attack mainly collects and collates information in a series of ways which are not easily perceived by users, such as monitoring, stealing and the like, because the passive attack does not involve any change on data, the detection of the passive attack is very difficult, but the attack behavior can be resisted by means of encryption and the like. The active attack means that an attacker generates a fake data stream by disguising the fake data stream into a reader, and adopts attack methods such as resource use, deception, disguise and the like to acquire information, so that the active attack is easy to find through detection. The man-in-the-middle attack can not only eavesdrop on the communication of the host A, B, but also tamper the information and send the information to the other party, but because the reader and the tag are usually in short-distance communication, the man-in-the-middle attack is difficult to realize, and therefore the attack is out of the consideration range of the design.
RFID systems typically need to fulfill two security requirements: identity authentication and privacy protection. The simplest way to achieve identity authentication is by broadcasting an identifier, but the clear text broadcast identifier loses privacy and the adversary can easily trace the tag through the identifier. On a low cost RFID tag, the number of circuit gates that can be used is about 2000 gates, whereas the number of circuit gates required by conventional cryptographic algorithms is above 3000 gates, e.g. the number of circuit gates required by AES algorithms is above 10000 gates. Therefore, conventional cryptographic algorithms are not suitable for use in RFID systems. How to design an efficient and safe ultra-lightweight RFID cryptosystem becomes a problem of close attention in academic and product industries.
The most representative ultra-lightweight RFID authentication protocol at present is the HB-class protocol family. In the HB protocol, Reader and Tag share a key s ═ of length k(s)1,s2,...,sk)∈{0,1}kThe following basic authentication procedure loops for l rounds:
1) reader generates random vector ai=(ai1,ai2,...,aik)∈{0,1}kSending to Tag;
2) tag obtains a random vector aiThen, calculate(wherein<·,·>For vector product XOR calculation, i.e.e is a satisfy Pr(e-1) p, where p < 0.5, followed by ziSending the data to a Reader;
3) reader calculation<ai,s>And comparing the data with the received zi to verify whether the data are equal, if so, passing the authentication of the round, otherwise, failing the authentication of the round.
The HB protocol needs to perform the basic authentication process for one round, and if the number of times that the user passes is around l × 1-p, the HB protocol passes the protocol authentication and is considered as a legal user. Although the protocol can resist passive attack, the protocol has no effect on an active attacker pretending to be Reader, and when the active attacker sends the same modified a to the Tag for multiple timesiThe value of the key vector s can be deduced.
The HB + protocol for resisting active attack introduces a second shared secret key t ═ t (t) on the basis of the HB protocol1,t2,...,tk)∈{0,1}kThe following basic authentication procedure loops for l rounds:
1) the Reader sends a random vector ai epsilon {0, 1} to Tagk;
2) Tag generates a random vector bi∈{0,1}kAnd calculatee with HB protocol, and finally bi,ziSending to Reader;
3) reader calculationAnd received ziAnd comparing, verifying whether the authentication is equal, if so, passing the authentication, otherwise, failing the authentication.
The HB and HB + protocols adopt operations such as summation, exclusive OR, random number generator and the like, have the advantages of high efficiency and simple operation, can effectively resist passive attack and active attack, and meet the requirement of authentication security. However, there are three problems:
1) in the process of respectively resisting active attack and passive attack, the HB and HB + protocols cannot ensure that 100% of legal users pass authentication, namely, the legal users cannot pass the authentication, although the probability of the situation is very small, the situation still cannot be avoided;
2) in order to ensure that the maximum probability of the legal user passes the authentication and the minimum probability of the illegal user passes the authentication, the protocol needs to satisfy the above requirements by performing multiple rounds of basic authentication processes, for example, when p is 0.125, the round number l is recommended to be 441; when p is 0.25, the round number l is recommended to be as high as 1164, which will result in too much traffic in the authentication process;
3) in the authentication process, the Tag needs to call a random number generation algorithm to generate a random number, and when the number of authentication rounds is too large, a large amount of computing resources of the Tag are inevitably occupied by calling a pseudo-random function for many times.
Disclosure of Invention
The purpose of the invention is as follows: the invention carries out new design aiming at the ultra-lightweight RFID authentication protocol, the protocol adopts simple operations such as bit XOR, bit multiplication, summation and the like, and provides the ultra-lightweight RFID authentication method for resisting passive attack and active attack respectively, and the new protocol has the characteristics of high efficiency, low cost and strong authentication.
The technical scheme is as follows:
an ultra lightweight RFID communication authentication method, comprising:
the passive attack resistant ultra-lightweight RFID communication authentication method comprises the following steps:
1) reader and Tag share key s ═(s)1,s2,...,s2k)∈{0,1}2kK is an odd number, while the hamming weight hw(s) k of s; reader generates a random vector ai=(ai1,ai2,...,ai2k)∈{0,1}2kSent to Tag, while requesting hw (a)i)=k;
2) The Tag receives the vector aiThen, calculate Σ ais=ai1s1+ai2s2+…+ai2ks2kIf, ifThen e is 1, otherwise e is 0, and then the calculation is performedAnd sending to Reader; e satisfies the equi-probability distribution;
3) reader according to received ziComputingComparing the data with the e calculated by the user, if the data are equal to the e calculated by the user, the authentication passes, otherwise, the label is determined to terminate the authentication illegally;
the active attack resistant ultra-lightweight RFID communication authentication method comprises the following steps:
1) introduce shared key t ═ t (t)1,t2,...,t2k)∈{0,1}2kK is an odd numberAnd, at the same time, hw (t) ═ k; reader generates random vector ai∈{0,1}2kSent to Tag while ensuring hw (a)i)=k;
2) Tag receives aiCalculating Σ ais, ifE is then1If not, let e 10; at the same time, Tag also generates a random vector bi∈{0,1}2kAnd calculates ∑ bit, ifE is then2If not, let e2=0;e1And e2Equal probability distribution is met; final calculationB is toi,ziSending to Reader;
3) reader according to received biAnd ziCalculatingAnd calculated with itselfAnd comparing, if the two are equal, the round of authentication is passed, and if the two are not equal, the whole authentication is terminated.
Has the advantages that: the invention meets the requirements of simple operation, high authentication efficiency, illegal attack resistance and the like, and simultaneously makes up the defects of HB and HB + protocols. In the new passive attack resisting protocol, the tag does not need to call a random number generating function, the operation efficiency is higher, and both the two protocols can ensure that a legal user passes the authentication 100%. Because e, e1And e2Equi-probability distribution, illegal user guessing e, e1、e2Has a probability of 50%, a passive attacker correctly guesses ziThe probability of the value of (a) is 0.5. Active attackers can modify aiValue pair e of1Manipulation, but not modification of biValue of (a), cannotManipulation e2. Therefore, when a round of authentication process is circularly executed for l times, the probability that an illegal user can correctly pass the authentication is (0.5)lThen 60 may be selected as the authentication round number, which is much smaller than the round number requirement recommended by the HB-class authentication protocol. And in the protocol execution process, the protocol authentication can be terminated as long as one round of authentication fails, compared with HB and HB + protocols, the communication traffic is greatly reduced, and a series of attacks of maliciously consuming equipment resources, which are initiated by an active attacker, can also be avoided.
Drawings
FIG. 1 is a diagram of an RFID physical structure.
Fig. 2 is a diagram of a 1-round authentication process of the passive attack resistant ultra-lightweight RFID communication authentication method.
Fig. 3 is a diagram of 1 round authentication process of the active attack resistant ultra lightweight RFID communication authentication method.
Detailed Description
The invention is further elucidated with reference to the drawings and the embodiments.
Fig. 1 is a physical structure diagram of the RFID of the present invention, and as shown in fig. 1, the RFID is composed of three parts: server, reader, label.
The label is equivalent to a bar code symbol in bar code technology and is used for storing information to be identified and transmitted, and in addition, different from a bar code, the label must be capable of automatically or under the action of external force and transmitting the stored information. The tag is typically a low-power integrated circuit with a coil, antenna, memory and control system.
The basic function of the reader is to provide a way for data transmission with the tag. In addition, the reader provides relatively complex signal state control, parity error checking and correction functions, and the like. Besides storing the information to be transmitted, the tag must also contain certain additional information, such as error checking information. The identification data information and the additional information are organized according to a certain structure and are sent out according to a specific sequence. The reader controls the transmission of the data stream by the received additional information. Once the information arriving at the reader is correctly received and deciphered, the reader decides through a specific algorithm whether the transmitter needs to retransmit the transmitted signal once, or knows that the transmitter stops signaling. With this protocol, it is possible to effectively prevent the occurrence of "spoofing problems" even if a plurality of tags are read in a short time and in a small space.
And after the reader obtains the data of the tag, the data is sent to a server, and the server is used for processing the data information sent by the reader. The communication channel between the reader and the server is ensured by a traditional encryption algorithm, while the communication channel between the reader and the tag cannot be complicated due to the weak computing power of the tag, which requires the basic operation of the protocol, and meanwhile, the communication is ensured to be safe.
The invention considers the limit of label storage and calculation capacity, adopts simple calculation methods such as bit exclusive or, bit multiplication, summation and the like to achieve the aim of resisting passive attack and active attack, and simultaneously can ensure that legal users pass protocol authentication 100% and reduce the communication traffic in the authentication process.
1. The passive attack resistant ultra-lightweight RFID communication authentication method comprises the following steps:
in the invention, Reader and Tag share secret key s ═(s)1,s2,...,s2k)∈{0,1}2kK is an odd number, and the hamming weight hw(s) k of s. The protocol performs l rounds of the basic authentication process as shown in figure 2.
1) Reader generates a random vector ai=(ai1,ai2,...,ai2k)∈{0,1}2kSent to Tag, while requesting hw (a)i)=k;
2) The Tag receives the vector aiThen, calculate Σ ais=ai1s1+ai2s2+…+ai2ks2kIf, ifThen e is 1, otherwise e is 0, and then the calculation is performedAnd sending to Reader;
3) reader according to received ziComputingAnd comparing the data with the e calculated by the tag, if the data are equal to the e calculated by the tag, the authentication of the round passes, and otherwise, the tag is determined to terminate the authentication illegally.
We demonstrate below that the probability distribution of the variable e satisfies: pr(e=1)=Pr(e-0) 0.5. When a isi∈{0,1}2k,hw(ai) When k, then the following probability distribution exists:
……
……
2. The active attack resistant ultra-lightweight RFID communication authentication method comprises the following steps:
like the HB protocol, the authentication protocol described above cannot withstand active attacks. Based on the design framework of HB + protocol, through introducing a shared secret key t ═ t (t)1,t2,...,t2k)∈{0,1}2kK is odd, while hw (t) k, we propose an ultra lightweight RFID authentication protocol that is resistant to active attacks. The protocol performs l rounds of the basic authentication process as shown in figure 3:
1) reader generates random vector ai∈{0,1}2kSent to Tag while ensuring hw (a)i)=k;
2) Tag receives aiCalculating Σ ais, ifE is then1If not, let e 10. At the same time, Tag also generates a random vector bi∈{0,1}2kAnd calculates ∑ bit, ifE is then2If not, let e 20. As with e, e1And e2And equal probability distribution is satisfied. Final calculation B is toi,ziSending to Reader;
3) reader according to received biAnd ziCalculatingAnd calculated with itselfAnd comparing, if the two are equal, the round of authentication is passed, and if the two are not equal, the whole authentication is terminated.
The invention is an ultra-lightweight authentication protocol which is designed based on the characteristics of a communication channel between a label and a reader and can ensure the communication safety, and can meet the following characteristics:
1) safety: the communication safety between the tag and the reader is guaranteed, the invasion and the attack of illegal users are resisted, and the key information is prevented from being leaked;
2) effectiveness: a reasonable authentication mode is adopted, so that the method is suitable for the characteristics of small label storage space and weak computing power;
3) privacy protection: and protecting the key information and avoiding leakage.
The invention meets the requirements of simple operation, high authentication efficiency, illegal attack resistance and the like, and simultaneously makes up the defects of HB and HB + protocols. In the new passive attack resisting protocol, the tag does not need to call a random number generating function, the operation efficiency is higher, and both the two protocols can ensure that a legal user passes the authentication 100%. Because e, e1And e2Equi-probability distribution, illegal user guessing e, e1、e2Has a probability of 50%, a passive attacker correctly guesses ziThe probability of the value of (a) is 0.5. Active attackers can modify aiValue pair e of1Manipulation, but not modification of biValue of (e), cannot be manipulated2. Therefore, when a round of authentication process is circularly executed for l times, the probability that an illegal user can correctly pass the authentication is (0.5)lThen 60 may be selected as the authentication round number, which is much smaller than the round number requirement recommended by the HB-class authentication protocol. And in the protocol execution process, the protocol authentication can be terminated as long as one round of authentication fails, compared with HB and HB + protocols, the communication traffic is greatly reduced, and a series of attacks of maliciously consuming equipment resources, which are initiated by an active attacker, can also be avoided.
Although the preferred embodiments of the present invention have been described in detail, the present invention is not limited to the details of the foregoing embodiments, and various equivalent changes (such as number, shape, position, etc.) may be made to the technical solution of the present invention within the technical spirit of the present invention, and the equivalents are protected by the present invention.
Claims (1)
1. An ultra-lightweight RFID communication authentication method is characterized in that: the method comprises the following steps:
the passive attack resistant ultra-lightweight RFID communication authentication method comprises the following steps:
1) reader and Tag share key s ═(s)1,s2,...,s2k)∈{0,1}2kK is an odd number, while the hamming weight hw(s) k of s; reader generates a random vector ai=(ai1,ai2,...,ai2k)∈{0,1}2kSent to Tag, while requesting hw (a)i)=k;
2) The Tag receives the vector aiThen, calculate Σ ais=ai1s1+ai2s2+…+ai2ks2kIf, ifThen e is 1, otherwise e is 0, and then the calculation is performedAnd sending to Reader; e satisfies the equi-probability distribution;
3) reader according to received ziComputingComparing the data with the e calculated by the user, if the data are equal to the e calculated by the user, the authentication passes, otherwise, the label is determined to terminate the authentication illegally;
the active attack resistant ultra-lightweight RFID communication authentication method comprises the following steps:
1) introduce shared key t ═ t (t)1,t2,...,t2k)∈{0,1}2kK is an odd number, while hw (t) k; reader generates random vector ai∈{0,1}2kIs sent toTag while ensuring hw (a)i)=k;
2) Tag receives aiCalculating Σ ais, ifE is then1If not, let e10; at the same time, Tag also generates a random vector bi∈{0,1}2kAnd calculates ∑ bit, ifE is then2If not, let e2=0;e1And e2Equal probability distribution is met; final calculationB is toi,ziSending to Reader;
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910183889.4A CN110011804B (en) | 2019-03-12 | 2019-03-12 | Ultra-lightweight RFID communication authentication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910183889.4A CN110011804B (en) | 2019-03-12 | 2019-03-12 | Ultra-lightweight RFID communication authentication method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110011804A CN110011804A (en) | 2019-07-12 |
CN110011804B true CN110011804B (en) | 2022-03-04 |
Family
ID=67166806
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910183889.4A Active CN110011804B (en) | 2019-03-12 | 2019-03-12 | Ultra-lightweight RFID communication authentication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110011804B (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102739402A (en) * | 2012-06-06 | 2012-10-17 | 天津大学 | Strong safety certification method based on HB+ in RFID (Radio Frequency Identification Devices) system |
CN107994992A (en) * | 2017-11-10 | 2018-05-04 | 广东电网有限责任公司电力科学研究院 | A kind of RFID bidirectional identification protocols method and device |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008033843A2 (en) * | 2006-09-11 | 2008-03-20 | Ben Gurion University Of The Negev | Method, apparatus and product for rfid authentication |
JP2012227901A (en) * | 2011-04-22 | 2012-11-15 | Toshiba Corp | Authentication component, authenticated component and authentication method therefor |
-
2019
- 2019-03-12 CN CN201910183889.4A patent/CN110011804B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102739402A (en) * | 2012-06-06 | 2012-10-17 | 天津大学 | Strong safety certification method based on HB+ in RFID (Radio Frequency Identification Devices) system |
CN107994992A (en) * | 2017-11-10 | 2018-05-04 | 广东电网有限责任公司电力科学研究院 | A kind of RFID bidirectional identification protocols method and device |
Non-Patent Citations (1)
Title |
---|
"Secure Human Identification Protocols";Nicholas J.Hopper, Manuel Blum;《SpringerLink》;20011120;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN110011804A (en) | 2019-07-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Cho et al. | Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (RFID) tag mutual authentication protocol | |
Piramuthu | HB and Related Lightweight Authentication Protocols for Se-cure RFID Tag/Reader Authentication Title | |
Zhou et al. | A lightweight anti-desynchronization RFID authentication protocol | |
CN108304902B (en) | Ultra-lightweight mobile RFID system bidirectional authentication method | |
CN110190965B (en) | RFID group label authentication protocol based on hash function | |
CN114982197B (en) | Authentication method, system and storage medium | |
CN110147666B (en) | Lightweight NFC identity authentication method in scene of Internet of things and Internet of things communication platform | |
Gao et al. | An ultralightweight RFID authentication protocol with CRC and permutation | |
CN103795543A (en) | Bidirectional security authentication method for RFIP system | |
Chen et al. | An ownership transfer scheme using mobile RFIDs | |
Ning et al. | Scalable and distributed key array authentication protocol in radio frequency identification-based sensor systems | |
CN104363097A (en) | Mutual authentication method for lightweight-class RFID on elliptic curve | |
Alagheband et al. | Unified privacy analysis of new‐found RFID authentication protocols | |
Peng et al. | Privacy protection based on key-changed mutual authentication protocol in internet of things | |
US10491570B2 (en) | Method for transmitting data, method for receiving data, corresponding devices and programs | |
Chien | The study of RFID authentication protocols and security of some popular RFID tags | |
Yang | Lightweight authentication protocol for mobile RFID networks | |
Chen et al. | Pitfalls in an ECC-based Lightweight Authentication Protocol for Low-Cost RFID. | |
Chang et al. | A secure RFID mutual authentication protocol conforming to EPC class 1 generation 2 standard | |
Huang et al. | An ultralightweight mutual authentication protocol for EPC C1G2 RFID tags | |
CN110011804B (en) | Ultra-lightweight RFID communication authentication method | |
Chen et al. | A secure RFID authentication protocol adopting error correction code | |
Azad et al. | A lightweight protocol for RFID authentication | |
Shi et al. | The Lightweight RFID Grouping‐Proof Protocols with Identity Authentication and Forward Security | |
Safkhani et al. | Cryptanalysis of Chen\textit {et al.}'s RFID Access Control Protocol |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |