KR100867778B1 - Method for secure data transmission - Google Patents

Abstract

M3를 계산하여, 해당 값을 메모리에 기 저장된 PIN과 비교한다. 비교 결과, 해당 PIN이 정당한 PIN이면 명령을 수행한다. A secure data transmission method is provided that can be used without changing the session procedure of EPCglobal Class-1 Gen-2. When the reader requests a query, the tag generates a pseudo-random RT32. After calculating M1 using pseudo random number RT32 in the tag, send M1 to the reader. Upon receiving M1 from the tag, the reader generates a new pseudo-random number RR32, and sends the ACK and RR32 for M1 to the tag.The tag calculates M2, M3, E using RR32, and PC, E, CRC16 to the reader. send. The reader sends E, M1 and RR32 to the back end server. The EPC (Electronic Product Code) is found on the back-end server, and when the EPC is found, the reader sends the tag information to the reader. If a reader wants to delete, write, read, or kill a tag, the reader requests the tag's PIN from the back-end server, which finds the corresponding PIN and calculates the P value. , Send it to the reader. The reader sends the received P value to the tag, and the tag is P

Calculate M3 and compare the value with the PIN already stored in memory. As a result of the comparison, if the corresponding PIN is a valid PIN, the command is executed.

EPC, PIN, Data, One Time Tag, Encryption

Description

Secure data transmission in RFID system

1 is a diagram illustrating a data transmission process in a conventional RFID system.

2 is a diagram illustrating a data transmission process in the RFID system of the present invention.

3 is a diagram illustrating a protocol environment in the RFID system of the present invention.

<Explanation of symbols on main parts of the drawings>

Back End Servers-303 Readers-306

Tags-309

The present invention relates to a method of secure data transmission in an RFID system.

RFID (Radio Frequency Identification) system is a system that attaches a tag embedded in a chip to an object to automatically recognize the information stored in the chip as a radio frequency (Radio Frequency). RFID system is attracting attention as a technology that can replace bar codes in logistics and distribution management with its advantages such as wireless automatic recognition, information, and storage capability.It has a characteristic that can process real-time network of information. It is expected to be used conveniently in.

In general, RFID uses radio when reader and tag communicate, so it is vulnerable to various attacks such as eavesdropping, traffic analysis, and spoofing. These attacks can lead to privacy breaches by exposing sensitive information of tag owners and correlating tag users with the information of the tag to track the user's location. In order to compensate for this problem, security methods for restricting access for reading, writing, and deleting a specific memory of a tag have been proposed, but this method does not sufficiently satisfy the security requirements of an RFID system.

1 is a diagram illustrating a data transmission process in a conventional RFID system.

EPCGlobal C1G2 (Class1Gen2) is incorporated into the international standard ISO / IEC 18000-6 (UHF-band RFID communication from 860 MHz to 960 MHz). The EPCGlobal C1G2 is a passive tag that can receive power from the reader, communicates in the UHF band, and has a communication range of 2 to 10m, a pseudo-random number generator and a cyclic redundancy code. ), And for security purposes, a 32-bit PIN, which is an Access PIN and a Kill PIN, is provided.In the case of an Access PIN, it is used to read, write, and delete the tag's memory, and Kill is used to kill the tag. Has characteristics.

In order to read the data stored in the tag, the reader sends a query request to the tag (step 100). Of the several tags received, each tag generates a 16-bit pseudo-random number RN_16 from the built-in pseudo random number generator (step 103). The tag enters a pseudo random number (RN_16) into a slot counter to activate the slot counter (step 106). Depending on whether the slot counter goes to zero (step 109) and if the slot counter goes to zero (YES in step 109), at that moment the tag sends a pseudo random number (RN_16) to the leader (step 112). The reader sends to the tag an ACK containing the received pseudorandom number RN_16 (step 115). The tag compares the pseudo random number RN_16 included in the ACK received from the reader with the RN_16 of the tag (step 118). If the comparison result is the same (YES in step 118), the tag sends <PC (Protocol Control), EPC (Electronic Product Code), CRC16> to the reader (step 121). Where PC is the physical information of the tag, CRC16 is the CRC value of the PC and EPC.

If the reader wants to read, write, delete, or kill the tag with memory, follow these additional steps.

The leader sends a Req_RN containing RN_16 to the tag (step 124). The tag compares the pseudo random number RN_16 included in Req_RN received from the reader with the RN_16 of the tag (step 127). If they are the same (YES in step 127), the tag passes the handle to the leader and sends a new pseudo random number RN_16 to the leader (step 130). The reader sends a PIN for the command and, when sending the PIN, sends an XOR with RN_16 '(step 133). At this time, since the PIN is 32 bits and PN_16 'is 16 bits, RN_16' is used twice. The tag compares the PIN according to the command and performs the command (step 136).

Sending an EPC this way makes it easy for an attacker to figure out the EPC stored in the EPCGlobal C1G2 tag. Therefore, the attacker finds the EPC of the tag to be forged through eavesdropping and saves the memory of other EPCGlobal C1G2 tags and sends out the stored EPCs when the reader requests the EPC. The problem with this is that you can easily create a fake tag.

In addition, since EPC can use a service that informs the information as a product, anyone with EPC, you can easily know the information of the product, there is a problem that the attacker can leak the information. In addition, there is a problem that the attacker can trace the EPC by tapping the EPC to make a link, thereby detecting the user's movement.

SUMMARY OF THE INVENTION The present invention has been made in view of this point, and an object of the present invention is to provide a secure data transmission method in a FID system that is safe from forgery, information leakage, and traceability, and enables a secure use of a PIN.

It is still another object of the present invention to provide a method for secure data transmission in an RFID system suitable for EPCglobal Class-1 Gen-2 applications by allowing an EPCglobal Class-1 Gen-2 session tank to be used without modification.

In the present invention, when the reader requests a query, the tag generates a pseudo random number RT32. After calculating M1 using pseudo random number RT32 in the tag, send M1 to the reader. Upon receipt of M1 from the tag, the reader generates a new pseudo-random number RR32 and sends the ACK and RR32 for M1 to the tag. send. The reader sends E, M1 and RR32 to the back end server. The EPC (Electronic Product Code) is found on the back-end server, and when the EPC is found, the reader sends the tag information to the reader.

M3를 계산하여, 해당 값을 메모리에 기 저장된 PIN과 비교한다. 비교 결과, 해당 PIN이 정당한 PIN이면 명령을 수행한다.If a reader wants to delete, write, read, or kill a tag, the reader requests the tag's PIN from the back-end server, which finds the corresponding PIN and calculates the P value. , Send it to the reader. The reader sends the received P value to the tag, and the tag is P

Calculate M3 and compare the value with the PIN already stored in memory. As a result of the comparison, if the PIN is a valid PIN, the command is executed.

PIN1i이며, M2=f(RR32)

PIN2i

RT32, M3 = f(M2)이고, E=(Ti+Si)

EPCi 에 의하여 계산되며, T는 0 || RT32 || M2 || M3 에서 마지막 비트를 제거하여 추출해낸다.At this time, M1 is RT32

PIN1i, M2 = f (RR32)

PIN2i

RT32, M3 = f (M2), E = (Ti + Si)

Calculated by EPCi, where T is 0 || RT32 || M2 || Extract the last bit from M3.

PIN1i, M2'=f(RR32)

PIN2j

RT32', M3' = f(M2')를 계산하고, 0 || RT32' || M2' || M3' 에서 마지막 비트를 제거하여 T'를 추출하여 E =(T'+Sj)

EPCj가 되는 EPC를 찾아 추출해낸다. 여기서

은 XOR 함수이고 ||는 연접함수이다. 또한, P는 M3

PIN에 의하여 계산된다.EPC is RT32 '= M1 for each EPCj, Sj, PIN1i, PIN2j

PIN1i, M2 '= f (RR32)

PIN2j

RT32 ', M3' = f (M2 '), 0 || RT32 '|| M2 '|| Extract T 'by removing the last bit from M3', where E = (T '+ Sj)

Find and extract the EPC that is the EPCj. here

Is the XOR function and || is the concatenation function. Also, P is M3

Calculated by the PIN.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

2 is a view showing a data transmission process in the RFID system of the present invention, Figure 3 is a diagram showing a protocol environment in the RFID system of the present invention.

(1,...,n))을 저장하고 있다. Si는 96비트 비밀정보이며 맨 처음 비트가 0이다. 백 엔드 서버(303)에는 각각의 태그(309)에 대해서 EPCj, PIN1j, PIN2j, Sj(j

(1,...,n))을 저장하고 있다.In the protocol of the present invention, the channel between the reader 306 and the back end server 303 is secure, and the channel between the reader 306 and the tag 309 is not secure. Assume that The protocol of the present invention assumes that EPC uses 96 bits and follows the session procedure of EPCglobal C1G2. Each tag 309 Ti of the protocol is represented by EPCi, PIN1i, PIN2i, Si (i

(1, ..., n)). Si is a 96-bit secret and the first bit is zero. The back-end server 303 has EPCj, PIN1j, PIN2j, Sj (j for each tag 309).

(1, ..., n)).

Symbols to be used in the protocol of the present invention are as follows.

PINi을 계산한 후에(단계 203) M1을 리더(306)에게 보낸다(단계 206). 여기에서

는 exclusive OR를 나타낸다.The reader 306 sends a query request to the tag 309 to read the data stored in the tag 309 (step 200). Tag 309 Ti generates a 32-bit pseudorandom RT32 using a pseudorandom function f. And the tag 309 is M1 = RT32

After calculating the PINi (step 203), M1 is sent to the reader 306 (step 206). From here

Denotes exclusive OR.

PIN2i

RT32, M3= f(M2)에 의해서 계산이 된다. 또한 E=(T+Si)

EPCi 에 의해서 계산이 되는데, 여기서 T는 0|| RT32 || M2 || M3에서 마지막 비트를 제거하여 만들어낸다. 여기에서 ||는 연접 함수이다 여기서 T를 만드는 이유는 원 타임 패드(one time pad; 일회용 암호)와 같은 효과를 내가 위해서이다. 원 타임 패드는 평문의 길이가 L인 임의의 문자열로 이루어져 있을 때, 키의 길이 역시 L인 임의의 문자열이고 각 문자는 출현 빈도가 모두 같도록 선택하여 평문을 암호화하고 평문의 문자열과 키의 문자열을 서로 더하여 암호문을 생성함으로써 암호를 만드는 방법이다. 어떤 의미에서는 평문에 키 단어를 사용하는 비제네르 암호라고 할 수도 있는데, 원 타임 패드는 키를 완전한 무작위성을 가지도록 선택하므로 어떠한 수학적 통계적 특성이 존재하지 않기 때문에 공격자의 입장에서 암호문을 아무리 분석하려고 해도 키를 추론할만한 단서를 발견할 수 없다는 장점이 있다. T는 결국에 난수와 비슷한 성질을 가진 스트링이 되는데 원 타임 패드의 키 와 같은 역할을 하게 되며, 여기서 마지막 비트를 제거하고 앞에 0비트를 붙인 이유는 덧셈 연산 중에 생길수 있는 캐리(carry)를 고려해서이다. 여기서, PC는 태그의 물리적인 정보이며 작동중인 EPC 태그의 하위에 16 비트의 PC가 저장된다. 즉 PC의 첫번째 비트부터 다섯번째 비트까지 <EPC+PC>의 전체 길이를 가지는 태그의 하위 비트에 저장이 된다. Reader 306 generates a new 32-bit pseudorandom number RR32. Reader 306 then sends ACK and RR32 for M1 to tag 309 (step 209). The tag 309 calculates M2, E, PC, etc. (step 212) and sends the PC, E, CRC16 to the reader 306 (step 215). Where M2 = f (RR32)

PIN2i

It is calculated by RT32, M3 = f (M2). Also E = (T + Si)

Calculated by EPCi, where T is 0 || RT32 || M2 || It is created by removing the last bit from M3. Here || is a concatenation function. The reason for creating T here is for me to have the same effect as a one time pad. The one time pad consists of an arbitrary string of length L in plaintext, an arbitrary string of key length L, and each character is chosen so that the frequency of occurrence is the same, encrypting the plaintext and the string of plaintext and key Add a password to each other to create a ciphertext. In a sense, it could be called a Bigener cipher that uses key words in plain text. One-time pads choose keys to be completely random, so no mathematical statistical features exist, so no matter how hard an attacker tries to analyze the ciphertext, The advantage is that no clue can be found to deduce the key. T eventually becomes a string with a random number-like nature, which acts like a key on the one-time pad, where the last bit is removed and the leading zero is taken into account in the carry during the add operation. to be. Here, the PC is the physical information of the tag, and the 16-bit PC is stored under the EPC tag in operation. That is, the first bit to the fifth bit of the PC are stored in the lower bit of the tag having the total length of <EPC + PC>.

That is, in the prior art, the attacker eavesdropped by obtaining information of E, M1, and RR32 for each session. However, in the present invention, in order to calculate (T + Si) by giving (T + Si) of each session, the attacker obtains EPC from (T + Si). By making it possible to predict the value, the eavesdropping was not easy. Here, Si is secret information of the tag and T is made of each random number generated by the reader 306 and the tag 309, which makes it very difficult to predict.

PIN1j에 의해서 계산되고 M2'=f(RR32)

PIN2j

RT32'에 의해서 계산되고, M3' = f(M2')에 의해서 계산된다. 이때

는 XOR 함수이고, f는 32비트 의사난수 발생기이다. 0 || RT32' || M2' || M3'에서 마지막 비트를 제거하여 T'를 만들고, 이를 이용하여 E=(T'+Sj)

EPCj가 되는 EPC를 찾게 된다(단계 221). 해당되는 EPC를 찾으면 리더(306)에게 해당되는 태그(309)의 정보를 전달한다(단계 224).Reader 306 sends E, M1, RR32 to back-end server 303 (step 218). The back end server 303 finds an electronic product code (EPC) (step 221), and the EPC finds the following process. First, RT32 'and M2' are calculated for each of EPCj, Sj, PIN1j, and PIN2j. RT32 'is M1

Calculated by PIN1j and M2 '= f (RR32)

PIN2j

Calculated by RT32 ', by M3' = f (M2 '). At this time

Is the XOR function, and f is a 32-bit pseudorandom number generator. 0 || RT32 '|| M2 '|| Remove the last bit from M3 'to make T', and use it as E = (T '+ Sj)

EPC to be EPCj is found (step 221). If a corresponding EPC is found, information of the corresponding tag 309 is transmitted to the reader 306 (step 224).

When the reader 306 wants to delete, write, read, or kill a tag 309, the following is performed.

PIN을 계산하여(단계 230) 리더(306)에게 전달한다(단계 233). 즉, PIN은 태그(309)가 생성한 난수를 가지고 가공된 M3와 XOR되기 때문에 안전하게 전달될 수 있으며, M3는 공격자가 예측하기 힘든 값이며 32비트이기 때문에 32비트인 PIN과 한번에 연산이 가능하다. The reader 306 requests the PIN of the tag 309 from the back end server 303 (step 227). The back end server 303 finds the corresponding PIN, and P = M3

The PIN is calculated (step 230) and forwarded to the reader 306 (step 233). That is, the PIN can be delivered safely because it is XORed with M3 processed with the random number generated by the tag 309. Since M3 is a 32-bit value that is hard to predict by an attacker, the PIN can be operated at once with a 32-bit PIN. .

The following table shows the safety (O) instability (X) in the proposed protocol.

M3를 계산하여(단계 239), 메모리에 저장된 PIN과 비교하여(단계 241), 해당 PIN이 정당한 PIN이면(단계 244의 '예') 명령을 수행하고(단계 247), 그렇지 않으면(단계 244의 '아니오') 명령을 수행하지 않는다(단계 250).Reader 306 delivers P to tag 309 (step 236) and tag 309 passes P

Compute M3 (step 239) and compare it to the PIN stored in memory (step 241), if the PIN is a legitimate PIN (YES in step 244) and execute the command (step 247), otherwise (step 244). 'No') does not perform the command (step 250).

As mentioned above, although this invention was demonstrated to the several example, this invention is not limited to a specific Example. Those skilled in the art will appreciate that various modifications and changes can be made without departing from the spirit of the invention.

The present invention has the effect of providing a secure data transmission method in an RFID system that is safe from forgery, information leakage, traceability, and can safely use a PIN.

Another effect of the present invention is to provide a secure data transmission method in an RFID system suitable for EPCglobal Class-1 Gen-2 applications by allowing the EPCglobal Class-1 Gen-2 session tank to be used without modification.

Claims (7)

A first step of generating an RT32 tag having a 32-bit pseudorandom number when the reader requests a query; When the access PIN of the tag is called PIN1i, M1 = RT32 using the RT32 in the tag.

Calculating a PIN1i and transmitting the M1 to a reader; A third step of receiving a M1 from a tag, generating a new 32-bit pseudo-random number RR32, and transmitting an ACK for the M1 and the RR32 to a tag; The function is called pseudo random number generator, the kill PIN of the tag is called PIN2i, the product code recorded on the tag is called EPCi (Electronic Product Code), and the 96-bit secret information of the tag is called Si.

When X is a function called XOR, the tag uses the RR32 as M2 = f (RR32).

PIN2i

RT32, M3 = f (M2), E = (T + Si)

A fourth step of calculating EPCi and transmitting E, PC (Protocol Control), and CRC16, which is a CRC value between the PC and the EPC, to a reader; A fifth step of a reader transmitting the E, M1, and RR32 to a back-end server; The sixth step is to find the EPC (Electronic Product Code) on the back-end server and send the reader the information of the corresponding tag when the EPC is found. Including, In the fourth step, T is 0 || RT32 || M2 || Calculated by removing the last bit in M3, where || is a concatenated function. The method of claim 1, If the reader wants to delete, write, read or kill the tag after the sixth step, When the reader requests the tag's PIN from the back-end server, the back-end server finds the corresponding PIN and P = M3

Calculating a PIN and transmitting the P to a reader; The reader passes the received P as a tag, and the tag is P

An eighth step of calculating M3 and comparing the value with a PIN previously stored in a memory; The ninth step of executing the command if the corresponding PIN is a valid PIN Safe data transmission method in the RFID system, characterized in that it further comprises. delete delete delete delete The method of claim 1, When the EPC is a product code for each tag stored in the back-end server, EPCj, 96-bit secret code Sj, access PIN PIN1j, kill PIN PIN2j, RT32 '= M1

PIN1j, M2 '= f (RR32)

PIN2j

Calculating RT32 ', M3' = f (M2 '); 0 || RT32 '|| M2 '|| Calculating T 'by removing the last bit in M3'; E = (T '+ Sj)

Steps to find an EPC that becomes an EPCj Secure data transmission method in the RFID system, characterized in that extracted by.

Images