一种基于云的RFID所有权转移协议的改进

doi:10.3969/j.issn.1671-1122.2017.08.009

信息网络安全 ›› 2017, Vol. 17 ›› Issue (8): 60-68.doi: 10.3969/j.issn.1671-1122.2017.08.009

一种基于云的RFID所有权转移协议的改进

王萍(), 周治平

江南大学物联网技术应用教育部工程研究中心,江苏无锡 214122

收稿日期:2017-05-24 出版日期:2017-08-20 发布日期:2020-05-12
作者简介:
作者简介：王萍（1991—）,女,安徽,硕士研究生,主要研究方向为RFID安全认证;周治平（1962—）,男,江苏,教授,博士,主要研究方向为检测技术与自动化装置、信息安全等。
基金资助:
国家自然科学基金[61373126];中央高校基本科研业务费用专项资金[JUSRP51510]

An Improved RFID Ownership Transfer Protocol Based on Cloud

Ping WANG(), Zhiping ZHOU

Engineering Research Center of Internet of Things Technology Applications Ministry of Education, Jiangnan University, Wuxi Jiangsu 214122, China

Received:2017-05-24 Online:2017-08-20 Published:2020-05-12

摘要/Abstract

摘要：

文章针对CROP协议的不足,提出了改进的RFID所有权转移协议。为了抵抗内部阅读器假冒攻击,改进方案在云端增加新的存储信息,该信息引入当前阅读器的共享密钥进行哈希加密以保证密钥的机密性;在标签认证信息中增加当前阅读器和新阅读器产生的随机数进行伪随机函数和二次剩余定理加密以抵抗标签假冒攻击和阅读器跟踪攻击;为抵抗去同步化攻击,阅读器同时存储更新前后两轮密钥以保证阅读器和标签的同步性;采用二次剩余定理加密索引的方式保证当前阅读器能够使用索引快速检索到合法标签,提高认证效率。文章基于Vaudenay隐私模型形式化证明改进方案满足强前向不可跟踪性和后向不可跟踪性的隐私性能,且能够抵抗内部阅读器假冒、去同步化和标签假冒攻击等安全威胁。实验结果表明,改进方案有效降低了阅读器的认证耗时。与现有协议相比,文章算法在满足所有权安全转移的同时,提高了协议的可扩展性。

关键词: RFID, 所有权转移协议, 二次剩余定理, Vaudenay隐私模型

Abstract:

Aiming at the deficiency of CROP protocol, an improved ownership transfer protocol is proposed in this paper. In order to resist the inner reader impersonation attack, the improved scheme adds new storage information to the cloud, which introduces the current reader’s shared key for Hash encryption to ensure the key confidentiality. In the tag authentication information, the random numbers generated by the current and new reader are added to perform the pseudo random function and the quadratic residue encryption to resist tag impersonation and reader tracing attacks. To solve the de-synchronization attack, the reader simultaneously stores the updated and un-updated key to ensure synchronization between the reader and the tag. Using the quadratic residue theorem to encrypt the index to ensure the current reader can use the index quickly retrieve the legal tag and improve the authentication efficiency. Based on the Vaudenay privacy model, this paper proves the improved scheme satisfies the privacy performance of strong forward as well as backward un-traceability and can resist inner reader impersonation, de-synchronization, tag impersonation attacks and other security risks. The experimental results show that the improved scheme effectively reduces the reader’s authentication time. Compared with the existing protocols, this paper improves the scalability of the protocol while satisfying the secure ownership transfer.

Key words: RFID, ownership transfer protocol, quadratic residue theorem, Vaudenay privacy model

中图分类号:

TP393

王萍, 周治平. 一种基于云的RFID所有权转移协议的改进[J]. 信息网络安全, 2017, 17(8): 60-68.

Ping WANG, Zhiping ZHOU. An Improved RFID Ownership Transfer Protocol Based on Cloud[J]. Netinfo Security, 2017, 17(8): 60-68.

图/表 5

参考文献 21

[1]	XIN Wei, GUAN Zhi, YANG Tao, et al.An Efficient Privacy-preserving RFID Ownership Transfer Protocol[C]//Springer. The 15th International Asia-Pacific Web Conference, April 4-6, 2013, Sydney, Australia. Heidelberg: Springer, 2013: 538-549.
[2]	LI Qingshan, XU Xiaolin, CHEN Zhong.PUF-Based RFID Ownership Transfer Protocol in an Open Environment[C]//IEEE. 15th International Conference on Parallel and Distributed Computing, Applications and Technologies, December 9-11, 2014, Hong Kong, China. New Jersey: IEEE, 2014: 131-137.
[3]	VAUDENAY S.On Privacy Models for RFID[C]//Springer. 13th International Conference on the Theory and Application of Cryptology and Information Security, December 2-6, 2007, Kuching, Malaysia. Heidelberg: Springer, 2007: 68-87.
[4]	OSAKA K, TAKAGI T, YAMAZAKI K, et al.An Efficient and Secure RFID Security Method with Ownership Transfer[C]//IEEE. 2006 International Conference on Computational Intelligence and Security, November 3-6, 2006, Guangzhou, China. New Jersey: IEEE, 2006, 1090-1095.
[5]	YOON E J, YOO K Y.Two Security Problems of RFID Security Method with Ownership Transfer[C]//IEEE. IFIP International Conference on Network and Parallel Computing, October 18-21, 2008, Shanghai, China. New Jersey: IEEE, 2008: 68-73.
[6]	KAPOOR G, PIRAMUTHU S.Single RFID Tag Ownership Transfer Protocols[J]. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 2012, 42(2): 164-173.
[7]	CHEN C L, HUANG Y C, JIANG J R.A Secure Ownership Transfer Protocol Using EPCglobal Gen-2 RFID[J]. Telecommunication Systems, 2013, 53(4): 387-399.
[8]	YANG M H, HU H Y.Protocol for Ownership Transfer Across Authorities: with the Ability to Assign Transfer Target[J]. Security and Communication Networks, 2012, 5(2): 164-177.
[9]	SUNDARESAN S, DOSS R, ZHOU Wanlei, et al.Secure Ownership Transfer for Multi-tag Multi-owner Passive RFID Environment with Individual-owner-privacy[J]. Computer Communications, 2015(55): 112-124.
[10]	MUNILLA J, BURMESTER M, PEINADO A.Attacks on Ownership Transfer Scheme for Multi-tag Multi-owner Passive RFID Environments[J]. Computer Communications, 2016(88): 84-88.
[11]	CHEN C L, CHIEN C F.An Ownership Transfer Scheme using Mobile RFIDs[J]. Wireless Personal Communications, 2013, 68(3): 1093-1119.
[12]	XIE W, XIE L, ZHANG C, et al.Cloud-based RFID Authentication[C]//IEEE. 2013 IEEE International Conference on RFID, April 30-May 2, 2013. New Jersey: IEEE, 2013: 168-175.
[13]	CHEN Shuaimin, WU Muen, SUN H M, et al.CRFID: An RFID System with a Cloud Database as a Back-end Server[J]. Future Generation Computer Systems, 2014, 30(1): 155-161.
[14]	DOSS R, ZHOU Wanlei, YU Shui.Secure RFID Tag Ownership Transfer Based on Quadratic Residues[J]. IEEE Transactions on Information Forensics and Security, 2013, 8(2): 390-401.
[15]	YEH T C, WU C H, TSENG Y M.Improvement of the RFID Authentication Scheme Based on Quadratic Residues[J]. Computer Communications, 2011, 34(3): 337-341.
[16]	CAO Tianjie, CHEN Xiuqing, DOSS R, et al.RFID Ownership Transfer Protocol Based on Cloud[J]. Computer Networks, 2016, 105(C): 47-59.
[17]	马庆,郭亚军,曾庆江,等. 一种新的超轻量级RFID双向认证协议[J]. 信息网络安全,2016(5):44-50.
[18]	陈秀清,曹天杰,翟靖轩. 可证明安全的轻量级RFID所有权转移协议[J]. 电子与信息学报,2016,38(8):2091-2098.
[19]	张玉婷,严承华. 一种基于双向认证协议的RFID标签认证技术研究[J]. 信息网络安全,2016(1):64-69.
[20]	沈金伟,凌捷. 一种改进的超轻量级RFID所有权转移协议[J]. 计算机科学,2014,41(12):125-128.
[21]	吴潇,常成,覃文杰,等. 基于RFID和数字水印技术的标签防伪验证方法[J]. 信息网络安全,2015(8):26-34.

一种基于云的RFID所有权转移协议的改进

An Improved RFID Ownership Transfer Protocol Based on Cloud

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 5

参考文献 21

相关文章 15

编辑推荐

Metrics

本文评价

[1]	韦永霜, 陈建华, 韦永美. 基于椭圆曲线密码的RFID/NFC安全认证协议[J]. 信息网络安全, 2019, 19(12): 64-71.
[2]	张小红, 郭焰辉. 基于椭圆曲线密码的RFID系统安全认证协议研究[J]. 信息网络安全, 2018, 18(10): 51-61.
[3]	李智聪, 周治平. 物联网中增强安全的RFID认证协议[J]. 信息网络安全, 2018, 18(1): 80-87.
[4]	杨玉龙, 彭长根, 郑少波, 朱义杰. 基于移动智能终端的超轻量级移动RFID安全认证协议[J]. 信息网络安全, 2017, 17(5): 22-27.
[5]	马庆, 郭亚军, 曾庆江, 徐铎. 一种新的超轻量级RFID双向认证协议[J]. 信息网络安全, 2016, 16(5): 44-50.
[6]	张玉婷, 严承华. 一种基于双向认证协议的RFID标签认证技术研究[J]. 信息网络安全, 2016, 16(1): 64-69.
[7]	杨元原, 陆臻, 顾健. RFID安全协议追踪攻击的形式化分析[J]. 信息网络安全, 2015, 15(9): 25-28.
[8]	吴潇, 常成, 覃文杰, 程久军. 基于RFID和数字水印技术的标签防伪验证方法[J]. 信息网络安全, 2015, 15(8): 26-34.
[9]	吴海兵;孙玉绘;刘迅;张旭东. 基于RFID的校车人员安全管理系统[J]. , 2013, 13(2): 0-0.
[10]	胡国胜;方龙雄. RFID系统安全分析[J]. , 2013, 13(2): 0-0.
[11]	王秋晨;王雷;夏鲁宁. 基于RFID的移动存储设备安全管控方案[J]. , 2013, 13(10): 0-0.
[12]	李秋华;何为;朱桂斌. 基于RFID的磁盘加密系统[J]. , 2012, 12(9): 0-0.
[13]	钱堃;孙成宏;孙瑞;张伟. 基于Hash锁的RFID SQL注入攻击防御方法[J]. , 2012, 12(7): 0-0.
[14]	王雷. RFID芯片在物联网应用中的设计与研究[J]. , 2012, 12(5): 0-0.
[15]	蔡月樵;陈福臻;王昕;王学宽. 基于RFID技术的分布式密钥安全保护机制[J]. , 2012, 12(11): 0-0.