[go: up one dir, main page]

CN116090489B - Bidirectional authentication method for RFID system and RFID system - Google Patents

Bidirectional authentication method for RFID system and RFID system Download PDF

Info

Publication number
CN116090489B
CN116090489B CN202211561599.7A CN202211561599A CN116090489B CN 116090489 B CN116090489 B CN 116090489B CN 202211561599 A CN202211561599 A CN 202211561599A CN 116090489 B CN116090489 B CN 116090489B
Authority
CN
China
Prior art keywords
electronic tag
reader
writer
request message
pseudo
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211561599.7A
Other languages
Chinese (zh)
Other versions
CN116090489A (en
Inventor
张磊
刘建伟
关振宇
吴铤
齐永兴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN202211561599.7A priority Critical patent/CN116090489B/en
Publication of CN116090489A publication Critical patent/CN116090489A/en
Application granted granted Critical
Publication of CN116090489B publication Critical patent/CN116090489B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • G06K17/0022Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisions for transferring data to distant stations, e.g. from a sensing device
    • G06K17/0029Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisions for transferring data to distant stations, e.g. from a sensing device the arrangement being specially adapted for wireless interrogation of grouped or bundled articles tagged with wireless record carriers
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
    • G06K7/10257Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves arrangements for protecting the interrogation against piracy attacks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Toxicology (AREA)
  • Electromagnetism (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

The application belongs to the technical field of the Internet of things, and particularly relates to a bidirectional authentication method of an RFID system and the RFID system, comprising the following steps that a reader sends a security authentication request to a tag; the tag sends a pseudo-random identification of the tag to the reader-writer, the reader-writer generates a reader-writer verification request message through a super-lightweight transformation function based on the Hamming weight of the identification and a preset shared key and sends the reader-writer verification request message to the tag, the tag generates an electronic tag verification request message through the super-lightweight transformation function based on the Hamming weight of the identification and the preset shared key and sends the electronic tag verification request message to the reader-writer, and the reader-writer and the tag update the shared key and the pseudo-random identification of the electronic tag through the super-lightweight transformation function based on the Hamming weight of the identification, the preset shared key, the reader-writer and the verification request message of the tag. The method improves the safety of the RFID system of the Internet of things and can resist desynchronization attack.

Description

Bidirectional authentication method of RFID system and RFID system
Technical Field
The application belongs to the technical field of the Internet of things, and particularly relates to a bidirectional authentication method of an RFID system and the RFID system.
Background
The radio frequency identification (Radio Frequency Identification, RFID) system adopts a radio wave reflection communication mode, and automatically identifies and tracks the electronic tag attached to the target object in a non-contact way through a reader, so that the detailed information of the target object is obtained. The RFID technology is widely applied to various fields of production, logistics, national defense, traffic and the like because of the advantages of small volume, portability, low cost, long service life and the like. However, RFID system communications are susceptible to various security threats such as eavesdropping attacks, spoofing attacks, and the like due to the limited resources of RFID tags and operation in an open wireless environment.
Conventional high-strength encryption or signature algorithms are difficult to integrate into the tag due to the limited resources of the RFID tag. There are a number of ultra-lightweight security protocols currently available for low cost passive RFID tags that are resource constrained. These protocols are all transform functions designed based on linear operations to ensure the diffuseness of secret information, resulting in corresponding security holes in authentication protocols, including T functions and their linear combinations to achieve the diffuseness of secret information, with lower security, operations with biased outputs, such as and or operations in boolean functions, and cyclic shift operations, introducing additional security holes.
In summary, how to implement secure authentication and privacy protection of the resource-constrained RFID tag becomes a technical problem to be solved.
Disclosure of Invention
First, the technical problem to be solved
In view of the foregoing drawbacks and deficiencies of the prior art, the present invention provides a two-way authentication method for an RFID system and an RFID system.
(II) technical scheme
In order to achieve the above purpose, the main technical scheme adopted by the invention comprises the following steps:
In a first aspect, an embodiment of the present invention provides a bidirectional authentication method of an RFID system, where both a reader-writer of the RFID system and preset parameters of an electronic tag include a pseudo-random identity of the electronic tag to be authenticated and a shared key, where the method includes:
the reader-writer sends a security authentication request to the electronic tag;
the electronic tag responds to the security authentication request and sends the electronic tag pseudo-random identity to the reader-writer;
The reader-writer verifies the received pseudo-random identification of the electronic tag, and after the verification is passed, a reader-writer verification request message is generated through an ultra-lightweight transformation function and sent to the tag based on the hamming weight of the pseudo-random identification of the electronic tag and a preset shared key;
The electronic tag performs validity verification on the reader-writer verification request message based on the hamming weight and the shared key of the preset electronic tag pseudo-random identity, and generates an electronic tag verification request message through an ultra-lightweight transformation function after verification is passed, and sends the electronic tag verification request message to the reader-writer;
The reader-writer performs validity verification on the electronic tag verification request message;
after verification, the reader-writer and the electronic tag update the shared key and the electronic tag pseudo-random identity through the ultra-lightweight transformation function based on the hamming weight of the preset electronic tag pseudo-random identity, the preset shared key, the verification request message of the reader-writer and the electronic tag respectively.
Optionally, the definition of the ultra-lightweight transformation function is:
Aiming at two character strings P and Q with the same length of n bits, grouping the character strings P and Q based on the hamming weight of the character strings P and Q and a preset grouping size threshold;
exchanging the grouping mode of the two character strings P and Q, and respectively performing cyclic left shift on the sub-groups of the two character strings based on the hamming weight after exchanging the grouping mode to obtain rearranged character strings P 'and Q';
the rearranged two character strings P ' and Q ' are operated by sequentially writing the bit number of even digits in the character string P ' from low order to high order, writing the bit number of odd digits in the character string Q ' from high order to low order, writing the bit number of even digits in the character string Q ' from high order to low order, obtaining a first combined character string, sequentially combining the remaining bit numbers of the character strings P ' and Q ' into a second combined character string Z, wherein the following formula is shown as follows:
Z=znzn-1…z2z1=P'1Q'2P'3Q'4…P'2r-1Q2'r,zi∈{0,1},i=1,2,…,n
And performing exclusive OR operation on the first combined character string and the second combined character string Z, and taking the obtained character string as the output of the ultra-lightweight transformation function.
Optionally, before S10, the method further includes:
The reader reads the unique identification of the electronic tag and sends the unique identification to the background server;
the background server generates an electronic tag pseudo-random identity based on the electronic tag unique identity, and randomly generates a shared key between the electronic tag and the reader-writer;
the background server stores and transmits the shared secret key and the electronic tag pseudo-random identity to the reader-writer;
the reader-writer receives and stores the shared secret key and the electronic tag pseudo-random identity, and simultaneously sends the shared secret key and the electronic tag pseudo-random identity to the electronic tag;
And the electronic tag receives and stores the shared secret key and the electronic tag pseudo-random identity.
Optionally, based on the hamming weight of the electronic tag pseudo-random identity and a preset shared key, generating the reader-writer verification request message through a ultra-lightweight transformation function includes:
s231, the reader-writer generates a second random number, and generates a first character string and a second character string based on the hamming weight of the electronic tag pseudo-random identity and the shared key, and the method comprises the following steps:
When the hamming weight is odd, taking the first half section K L of the shared key as a first character string K LorR and the second half section K R of the shared key as a second character string K' LorR;
When the hamming weight is even, the second half K R of the shared key is used as a first character string K LorR, and the first half K L of the shared key is used as a second character string K' LorR;
S232, generating the reader-writer verification request message through the ultra-lightweight transformation function based on the first character string and the second character string.
Optionally, step S232 includes:
Generating a first authentication request message A and a second authentication request message B of the reader-writer according to the first character string, the second character string and the second random number through the following formulas:
Wherein LTH is an ultra-lightweight transform function, Rot represents a cyclic left shift based on hamming weight, R 2 is a second random number, K LorR is a first string, and K' LorR is a second string;
generating the reader/writer authentication request message a||b LorR based on the hamming weights of the first authentication request message, the second authentication request message, and the second authentication request message, wherein:
when the hamming weight of B is odd, a|b LorR=A||BL,BL is the first half of B;
When the hamming weight of B is even, a||b LorR=A||BR,BR is the second half of B.
Optionally, the reader updates the shared key and the pseudo-random identification of the electronic tag through the ultra-lightweight transformation function based on hamming weight of the pseudo-random identification of the preset electronic tag, a preset shared key, a verification request message of the reader and the electronic tag, and the method comprises the following steps:
updating a shared key by the ultra-lightweight transfer function based on the first string, the second string, and the second random number, as follows:
wherein, K new is the updated shared key;
Updating the pseudo-random identity of the electronic tag through the ultra-lightweight transformation function based on the verification request message of the reader-writer and the electronic tag and the second random number;
Wherein PID new represents the updated pseudo-random id of the electronic tag, B 'LorR represents the other half of the reader-writer verification request message that the reader-writer has not sent, and C' LorR represents the other half of the electronic tag verification request message that the electronic tag has not sent.
Optionally, the electronic tag generates an electronic tag verification request message by using a ultra-lightweight transformation function based on a hamming weight and a shared key of a preset electronic tag pseudo-random identity, and sends the electronic tag verification request message to the reader-writer, and the electronic tag verification request message comprises:
C is calculated by the following formula:
When the hamming weight of C is odd, C LorR=CL,CL is the first half of C;
when the hamming weight of C is even, C LorR=CR,CR is the latter half of C.
Optionally, the electronic tag updates the electronic tag pseudo-random identity through the ultra-lightweight transformation function based on hamming weight of a preset electronic tag pseudo-random identity, a preset shared key, a reader-writer and a verification request message of the electronic tag, and the method comprises the following steps:
The electronic tag calculates a key update verification message D * through a super lightweight transformation function based on the updated shared key:
Comparing D with the received key update message D to determine whether the received key update message D is equal, and if d=d, based on the pseudo random identity of the tag update request message and the electronic tag authentication request message:
Wherein, the pseudo-random identity after the update of the PID new electronic tag, B 'LorR represents the other half of the reader-writer verification request message which is not sent out by the reader-writer, and C' LorR represents the other half of the electronic tag verification request message which is not sent out by the electronic tag.
In a second aspect, an embodiment of the present application provides an RFID system, including a server, a reader, and an electronic tag;
the reader-writer and the electronic tag are configured to perform the mutual authentication method according to any one of the first aspect above.
(III) beneficial effects
The bidirectional authentication method of the RFID system and the RFID system have the advantages that the bidirectional authentication method of the RFID system and the RFID system are provided, the method comprises the steps that a reader sends a security authentication request to a tag, the tag sends a tag pseudo-random identity to the reader, the reader generates a reader authentication request message through an ultra-lightweight transformation function based on the hamming weight of the identity and a preset shared secret key, the tag generates an electronic tag authentication request message through the ultra-lightweight transformation function based on the hamming weight of the identity and the preset shared secret key, and sends the electronic tag authentication request message to the reader, and the reader and the tag update the shared secret key and the electronic tag pseudo-random identity through the ultra-lightweight transformation function based on the hamming weight of the identity, the preset shared secret key, the reader and the tag authentication request message. The method improves the safety of the RFID system of the Internet of things and can resist desynchronization attack.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 shows a schematic diagram of a bidirectional authentication method application scenario of an RFID system;
fig. 2 is a schematic flow chart of a bidirectional authentication method of an RFID system according to an embodiment of the present application;
FIG. 3 is a schematic diagram showing a bidirectional authentication process performed by a tag and a reader according to another embodiment of the present application;
Fig. 4 is a block diagram showing the structure of an RFID system according to still another embodiment of the present application.
Detailed Description
The invention will be better explained by the following detailed description of the embodiments with reference to the drawings.
In order that the above-described aspects may be better understood, exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
Fig. 1 shows a schematic diagram of an application scenario of a two-way authentication method of an RFID system, and the two-way authentication method of an RFID system provided by the present application can be applied to a passive RFID system shown in fig. 1, where the passive RFID system includes an electronic Tag (Tag), a Reader, and a background Server (Server), as shown in fig. 1. The electronic tag exchanges data with the reader-writer through radio waves, the reader-writer can transmit a read-write command of the background server to the electronic tag, and then data returned by the electronic tag are transmitted to the server, and a data exchange and management system in the server is responsible for completing storage, management and control of data information of the electronic tag. The electronic tag is a passive electronic tag, and receives microwave signals transmitted by the reader-writer and acquires energy through the electromagnetic induction coil to supply power to the electronic tag for a short time, so that the information exchange is completed. Because the power supply system is omitted, the volume of the passive RFID product can reach centimeter magnitude or even smaller, and the passive RFID product has the advantages of simple structure, low cost, low failure rate and long service life. In the application, the channel between the default reader-writer and the background server is a safe channel, and the channel between the tag and the reader-writer is an unsafe channel, so the application provides a bidirectional authentication method of the RFID system aiming at the safe authentication information exchange between the reader-writer and the electronic tag.
Example 1
The embodiment provides a bidirectional authentication method of an RFID system, which is applied to the RFID system, wherein the reader-writer of the RFID system and preset parameters of an electronic tag comprise a pseudo-random identity and a shared key of the electronic tag to be authenticated. Referring to fig. 2, fig. 2 shows a schematic flow chart of a bidirectional authentication method of an RFID system according to an embodiment of the present application. As shown in fig. 2, the mutual authentication method includes:
S10, the reader sends a security authentication request to the electronic tag;
s20, the electronic tag responds to a security authentication request and sends the pseudo-random identification of the electronic tag to the reader-writer;
S30, checking the received pseudo-random identification of the electronic tag by the reader-writer, generating a reader-writer verification request message through an ultra-lightweight transformation function based on the hamming weight of the pseudo-random identification of the electronic tag and a preset shared key after the verification is passed, and sending the reader-writer verification request message to the tag;
S40, the electronic tag performs validity verification on the reader-writer verification request message based on the hamming weight and the shared key of the preset electronic tag pseudo-random identity, and generates the electronic tag verification request message through an ultra-lightweight transformation function after verification is passed, and sends the electronic tag verification request message to the reader-writer;
s50, the reader-writer performs validity verification on the electronic tag verification request message;
S60, after verification is passed, the reader-writer and the electronic tag update the shared key and the electronic tag pseudo-random identity through the ultra-lightweight transformation function based on the hamming weight of the preset electronic tag pseudo-random identity, the preset shared key, the verification request message of the reader-writer and the electronic tag respectively.
The bidirectional authentication method of the embodiment ensures the information security and confidentiality by adopting the ultra-lightweight transformation function, and resists desynchronization attack by adopting the new and old pseudo-random identity and the shared key, is suitable for the RFID system of the Internet of things with limited resources, and ensures the secure acquisition, transmission and access of data in the system of the Internet of things.
For a better understanding of the present invention, the ultra-lightweight transformation function in this embodiment is explained below.
The definition of the ultra-lightweight transform function in this embodiment is as follows:
for two strings P and Q of length n bits together:
P=pnpn-1…p2p1∈{0,1},i=1,2,...,n (1)
Q=qnqn-1…q2q1∈{0,1},i=1,2,...,n (2)
First, grouping. Based on the randomness of the hamming weight and a preset grouping size threshold, the character strings P and Q are grouped. Taking the string P as an example, if the hamming weight of P is wt (P) =m, assuming that the packet size threshold is T, two sub-packets P 2=pnpn-1…pm+2pm+1 and P 1=pmpm-1…p2p1 are generated after the first packet. And comparing the length of the sub-packet with T, and if the length of the sub-packet is greater than T, continuing to group according to the Hamming weight of the sub-packet until the threshold condition is met, and finishing the grouping.
And step two, rearrangement. And exchanging the grouping mode of the two character strings P and Q, and respectively performing cyclic left shift based on the hamming weight on the sub-groups of the two character strings after exchanging the grouping mode. Let the strings P and Q have been decomposed into l and k sub-packets, i.e., P l, l=1, 2,3, l < n and Q k, k=1, 2,3, k < n. The packet is exchanged to be P k and Q l respectively, and then each sub-packet of the two strings is circularly shifted to the left based on hamming weight to obtain rearranged strings P 'and Q'.
And thirdly, combining. And then, the bit number of the odd digits in the character string Q' is taken from the high order to the low order, and the even digits of the output character string are sequentially written from the low order to the high order. Then, the remaining bits of the strings P 'and Q' are sequentially combined into a new string Z, as shown in the following formula:
Z=znzn-1…z2z1=P'1Q'2P'3Q'4…P'2r-1Q'2r,zi∈{0,1},i=1,2,…,n (3)
Finally, exclusive OR operation is carried out on the character strings arranged in advance, the output character strings are used as the output of final transformation, and the output is expressed by the following formula:
the ultra-lightweight transform function LTH has the following characteristics:
Irreversibility the two inputs P and Q of the LTH transform are confused with each other, the confusion factor of which depends not only on the hamming weight of the two input strings with respect to each other, but also on the position and boolean value in the string where each input bit of the other is located. Therefore, the effect that only one input and the corresponding output are known and the other input cannot be recovered can be truly achieved.
Sensitivity-whenever the value of any one bit in both inputs changes, the output of the corresponding transform will change completely. In other words, the output of the transform operation has a very high sensitivity to the input, and each bit of both inputs has a critical impact on the output.
Complete confusion-each string of input is completely confused by another input, where there are no stationary or predictable points. Thus, an attacker cannot obtain the actual value of any bit of any input from the output of LTH.
Low complexity-the conversion uses only cyclic shift and exclusive-or operations based on hamming weight and can therefore be easily used in low cost passive RFID tags.
Example two
An embodiment provides a mutual authentication method of an RFID system, the method including
S1, initializing an electronic tag
The specific process of the electronic tag initialization stage is as follows:
s11, the reader reads the unique identification UID (Unique Identity) of the electronic tag and then transmits the unique identification UID (Unique Identity) to a background server, and the background server generates a pseudo-random identification PID of the electronic tag according to the UID:
PID=h(UID||R1)
Where h () represents a one-way hash function, R 1 represents a first random number, and || represents a join operation.
S12, the background server randomly generates a shared secret key K between the electronic tag and the reader-writer for the electronic tag;
S13, the background server stores the PID and K of the electronic tag and sends the copy to the reader-writer;
s14, after receiving the PID and the K sent by the background server, the reader stores the PID and the K in a memory, and sends a copy to the electronic tag;
S15, the electronic tag stores the received PID and K in a memory.
S2, performing bidirectional authentication on the tag and the reader-writer
Fig. 3 is a schematic diagram showing a bidirectional authentication process performed by a tag and a reader according to another embodiment of the present application, where, as shown in fig. 3, the bidirectional authentication process includes:
S21, the reader sends a Hello message to the tag to initiate a security authentication request;
S22, after receiving an authentication request sent by a reader-writer, the electronic tag sends a pseudo-random identity PID of the electronic tag;
S23, the reader receives the PID returned by the electronic tag, verifies the PID, and generates a verification request message of the reader through an ultra-lightweight conversion function and sends the verification request message to the electronic tag based on the hamming weight of the PID and the shared key after the verification is passed.
Specifically, after receiving the PID returned from the electronic tag, the reader-writer uses the PID to search whether a corresponding record exists in the background database.
If pid=pid old, the reader reads the corresponding K old to perform the subsequent authentication operation, if pid=pid new, the reader uses K new to complete the subsequent authentication operation, and if there is no record matching the PID in the background database, the authentication operation is terminated.
Once the reader retrieves the corresponding stored record via PID, the corresponding K is extracted and a second random number R 2 is generated.
After verification, generating a verification message by an ultra-lightweight transformation function based on the hamming weight of the PID and the shared key, comprising:
s231, generating a first character string and a second character string based on the hamming weight of the PID and the shared key.
Specifically, if the hamming weight of the PID is odd, the first half K L of the shared key is selected as the first string K LorR, the second half K R of the shared key is selected as the second string K 'LorR, and if even, the second half K R of the shared key is selected as the first string K LorR, and the first half K L of the shared key is selected as the second string K' LorR.
S232, based on the first character string and the second character string, generating a verification request message through an ultra-lightweight transformation function.
Specifically, the first authentication request message a of the reader/writer is generated from the first character string, the second character string, and the second random number by the following formula:
Wherein LTH is an ultra-lightweight transform function, Is an exclusive or operation.
Generating a second authentication request message B of the reader/writer by the following formula:
Where Rot represents the cyclic left shift based on hamming weight.
Note that Rot (x) may be a cyclic right shift based on hamming weight, which is not particularly limited in this embodiment.
Generating an authentication request message a||b LorR of the reader/writer based on the first authentication request message, the second authentication request message, and the hamming weight of the second authentication request message, wherein:
when the hamming weight of B is odd, a|b LorR=A||BL,BL is the first half of B;
When the hamming weight of B is even, a||b LorR=A||BR,BR is the second half of B.
And S24, the electronic tag performs validity verification on the verification request message of the reader-writer based on the hamming weight and the shared key of the preset electronic tag pseudo-random identity, and after verification is passed, the verification request message of the electronic tag is generated through an ultra-lightweight transformation function based on the hamming weight and the shared key of the PID and is sent to the reader-writer.
Specifically, after the electronic tag receives the message a|b LorR from the reader, the second random number R 2 * to be verified is calculated according to the hamming weight of the PID:
Note that, K LorR,K'LorR is calculated by the electronic tag based on the hamming weight of PID and the shared key, and the specific method is the same as the method in S231, and will not be described here.
A second verification message B * is calculated using the extracted second random number to be verified,
Then compare whether B * LorR is equal to the received B LorR. If B * LorR=BLorR, the tag verifies that the identity of the reader is legal.
After the verification is passed, a verification request message C LorR of the electronic tag is generated:
C is calculated by the following formula:
When the hamming weight of C is odd, C LorR=CL,CL is the first half of C;
when the hamming weight of C is even, C LorR=CR,CR is the latter half of C.
Finally, the electronic tag sends a verification request message C LorR of the electronic tag to the reader-writer.
S25, the reader-writer performs validity verification on the verification request message of the electronic tag based on the first character string and the second character string, after verification is passed, the shared key is updated through the ultra-lightweight transformation function based on the first character string, the second character string and the second random number, and the pseudo-random identity of the electronic tag is updated through the ultra-lightweight transformation function based on the verification request message of the reader-writer and the electronic tag and the second random number.
The reader-writer receives an electronic tag verification request message C LorR sent by the electronic tag, and firstly calculates an electronic tag verification message C * LorR according to the Hamming weight of the PID and the second random number:
Compare C * LorR to received C LorR for equality:
If C * LorR=CLorR, verifying the identity of the tag by the reader-writer;
Otherwise, the reader-writer verifies that the identity of the tag is illegal.
Thereafter, the shared key is updated according to the following formula:
wherein K new is the updated shared key.
Updating the pseudo-random identity of the electronic tag according to the following formula:
Wherein PID new represents the pseudo-random identity of the updated electronic tag, B 'LorR represents the authentication request message of the other half of the reader-writer which is not sent out by the reader-writer in step S23, and C' LorR represents the authentication request message of the other half of the electronic tag which is not sent out by the electronic tag in step S24.
Generating a key update message through a super-lightweight transformation function based on the updated shared key, the pseudo-random identity of the electronic tag and the second random number, and sending the key update message to the electronic tag:
Finally, the shared key and the pseudo-random identity before updating are assigned to K old and PID old respectively, and the shared key and the pseudo-random identity after updating are assigned to K new and PID new.
S26, the electronic tag receives the key update message D, updates the shared key in the same mode as the reader-writer, and calculates a key update verification message D * through a super lightweight transformation function based on the updated shared key:
and then compares D with the received D for equality. If d=d, updating the pseudo-random identity of the tag based on the authentication request message of the reader and the authentication request message of the electronic tag:
the pseudo-random identity mark updated by the PID new electronic tag.
And finally, assigning the updated shared key and the pseudo-random identity to K and PID respectively.
The mutual authentication method of the RFID system in the embodiment can be used as a mutual authentication method between the electronic tag and the reader-writer in the ultra-lightweight authentication protocol for the RFID of the industrial Internet of things, and the required functionality and safety of the RFID are met, and the specific effects are as follows:
(a) Two-way authentication security
In this embodiment, the tag verifies the validity of the reader by comparing the locally calculated B' LorR with the verification message B LorR sent by the reader. After the tag verifies that the identity of the reader-writer is legal, a verification message C LorR is calculated and sent to the reader-writer, and the reader-writer judges the legitimacy of the identity of the tag by verifying whether the C LorR is correct or not. Whether the message B LorR for proving the legal identity of the reader or the message C LorR for proving the legal identity of the tag is calculated by the shared secret K and the second random number R 2 (extracted by using the shared secret information and the exchange information) between the reader and the tag, so that an attacker cannot pass the authentication protocol without the shared secret key. In other words, only legal readers and tags can pass the mutual identity authentication, so that the security of the identity authentication is improved.
(B) Confidentiality of
First, in the process of identity authentication between the reader and the tag, the verification information A, B LorR and the verification information C LorR transmitted in the unsafe channel are both calculated from shared secret information. Second, both the random number R 2 and the tag's true ID are protected or hidden by the shared key, which cannot be easily recovered or obtained by an attacker (or an illegal third party). Again, the shared secret K used to calculate or protect the above information is protected during use by the above designed security transform LTH, and the LTH transform has many of the security features mentioned above, so that the authentication messages transmitted in the unsecure wireless channel during the two-way authentication process are only recognized by the legitimate tag or reader, and an attacker cannot forge and recognize the above messages without the secret key, and the secret information contained in these messages cannot be easily recovered and obtained.
(C) Integrity of
In this embodiment, the verification request messages B LorR and C LorR not only provide credentials for bidirectional authentication between the reader and the tag, but also ensure the integrity of the exchanged information. For example, when an attacker attempts to change the value of the random number R 2 by modifying certain bits of message a, the changed random number R 2 tends to cause the local B' LorR calculated by the end of the tag to be different from the received B LorR, ultimately resulting in authentication failure.
(D) Forward security
The forward security means that, when a master key used for a long period of time is leaked at a certain time, leakage of secret information before the certain time (at any time in the past) is not caused. In this embodiment, after each round of successful identification, both communication parties update the pseudo-random id PID and the shared key K with random numbers, and the random numbers used in each round of protocol are transmitted securely, even if the tag is captured or its own key is exposed at a certain moment, the attacker still cannot obtain any secret information before the tag and the reader-writer. Therefore, the protocol can well ensure the forward security of the tag and the reader-writer.
(E) Anti-replay attack
In this embodiment, during the initial phase of each round of authentication protocol, the reader generates a new random number, which is shared securely, and cannot be obtained by an attacker only by eavesdropping. When an attacker disguises as legal tag spoofing reader-writer, the old replay message will become illegal message because the fresh random number R 2 used in this authentication can not be obtained, when the attacker disguises as legal reader-writer spoofing tag, the replayed old reader-writer message will not affect the tag, because the secret key in the replayed old message is not matched with the secret key updated by the tag, the tag cannot be authenticated, thereby effectively avoiding the attacker from using the past message disguised as legal tag or reader-writer to pass the authentication of the other party.
(F) Anti-desynchronization attacks
The method of the embodiment can well ensure the data integrity of the verification message and the secret information synchronization of the two communication parties, and resist desynchronization attack.
(G) Anti-traceable attack
In addition to security authentication, another important security indicator for RFID systems is privacy. Privacy concerns include tag tracking and information leakage, where the lack of illegal tracking of RFID tags is an important consideration in ensuring RFID security. In the method, in each security authentication process, the pseudo-random identity identification PID and the shared secret key K of the tag are dynamically updated after each authentication, and no bias output exists in the security operation used in the whole protocol, so that the position tracking and tracing attack can be well resisted.
(H) Anti-information leakage attack
The transform operation LTH adopted in the method of the present embodiment has the characteristics of sensitivity, complete confusion and the like, so that the cryptographic characteristics of the operation information are greatly improved, and the irreversible characteristics make it difficult for an attacker to guess another input even if the attacker obtains the output of the LTH transform and one input. Furthermore, the transmitted messages are all hidden in at least two or more secret messages, simultaneously in combination with other security operations. Thus, it is difficult for an attacker to obtain any secret information in the protocol by the existing attack method.
Example III
Referring to fig. 4, fig. 4 is a block diagram illustrating an RFID system according to another embodiment of the present application. As shown in fig. 4, the RFID system may include a server 100, a reader 200, and an electronic tag 300, wherein the reader 200 and the electronic tag 100 are used to perform the mutual authentication by the mutual authentication method as in any of the above embodiments.
It will be appreciated that the configuration shown in FIG. 4 is merely illustrative, and that the RFID system may also include more or fewer components than shown in FIG. 4, or have a different configuration than shown in FIG. 4. The components shown in fig. 4 may be implemented in hardware, software, or a combination thereof.
It will be clear to those skilled in the art that, for convenience and brevity of description, reference may be made to the corresponding procedure in the foregoing method for the specific working procedure of the system described above, and this will not be repeated here.
It should be noted that, in the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described as different from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other. For the apparatus class embodiments, the description is relatively simple as it is substantially similar to the method embodiments, and reference is made to the description of the method embodiments for relevant points.
It should be understood that, in various embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present application.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The apparatus embodiments described above are merely illustrative, for example, of the flowcharts and block diagrams in the figures that illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.
The above description is only of the preferred embodiments of the present application and is not intended to limit the present application, but various modifications and variations can be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application. It should be noted that like reference numerals and letters refer to like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (8)

1. The bidirectional authentication method of the RFID system is characterized in that the reader-writer of the RFID system and preset parameters of the electronic tag comprise a pseudo-random identity of the electronic tag to be authenticated and a shared key, and the method comprises the following steps:
the reader-writer sends a security authentication request to the electronic tag;
the electronic tag responds to the security authentication request and sends the electronic tag pseudo-random identity to the reader-writer;
The reader-writer verifies the received pseudo-random identification of the electronic tag, and after the verification is passed, a reader-writer verification request message is generated through an ultra-lightweight transformation function and sent to the tag based on the hamming weight of the pseudo-random identification of the electronic tag and a preset shared key;
The electronic tag performs validity verification on the reader-writer verification request message based on the hamming weight and the shared key of the preset electronic tag pseudo-random identity, and generates an electronic tag verification request message through an ultra-lightweight transformation function after verification is passed, and sends the electronic tag verification request message to the reader-writer;
The reader-writer performs validity verification on the electronic tag verification request message;
After verification is passed, the reader-writer and the electronic tag update the shared key and the electronic tag pseudo-random identity through the ultra-lightweight transformation function based on the hamming weight of the preset electronic tag pseudo-random identity, a preset shared key, a verification request message of the reader-writer and the electronic tag respectively;
the definition of the ultra-lightweight transformation function is as follows:
Aiming at two character strings P and Q with the same length of n bits, grouping the character strings P and Q based on the hamming weight of the character strings P and Q and a preset grouping size threshold;
exchanging the grouping mode of the two character strings P and Q, and respectively performing cyclic left shift on the sub-groups of the two character strings based on the hamming weight after exchanging the grouping mode to obtain rearranged character strings P 'and Q';
the rearranged two character strings P ' and Q ' are operated by sequentially writing the bit number of even digits in the character string P ' from low order to high order, writing the bit number of odd digits in the character string Q ' from high order to low order, writing the bit number of even digits in the character string Q ' from high order to low order, obtaining a first combined character string, sequentially combining the remaining bit numbers of the character strings P ' and Q ' into a second combined character string Z, wherein the following formula is shown as follows:
Z=znzn-1…z2z1=P1'Q'2P'3Q'4…P'2r-1Q'2r,zi∈{0,1},i=1,2,…,n
And performing exclusive OR operation on the first combined character string and the second combined character string Z, and taking the obtained character string as the output of the ultra-lightweight transformation function.
2. The method of mutual authentication of an RFID system according to claim 1, further comprising, before the reader/writer sends a security authentication request to the electronic tag:
The reader reads the unique identification of the electronic tag and sends the unique identification to a background server;
the background server generates an electronic tag pseudo-random identity based on the electronic tag unique identity, and randomly generates a shared key between the electronic tag and the reader-writer;
the background server stores and transmits the shared secret key and the electronic tag pseudo-random identity to the reader-writer;
the reader-writer receives and stores the shared secret key and the electronic tag pseudo-random identity, and simultaneously sends the shared secret key and the electronic tag pseudo-random identity to the electronic tag;
And the electronic tag receives and stores the shared secret key and the electronic tag pseudo-random identity.
3. The method for mutual authentication of an RFID system according to claim 1, wherein generating the reader-writer authentication request message by an ultra-lightweight transformation function based on hamming weight of the electronic tag pseudo-random identity and a preset shared key, comprises:
s231, the reader-writer generates a second random number, and generates a first character string and a second character string based on the hamming weight of the electronic tag pseudo-random identity and the shared key, and the method comprises the following steps:
When the hamming weight is odd, taking the first half section K L of the shared key as a first character string K LorR and the second half section K R of the shared key as a second character string K' LorR;
When the hamming weight is even, the second half K R of the shared key is used as a first character string K LorR, and the first half K L of the shared key is used as a second character string K' LorR;
S232, generating the reader-writer verification request message through the ultra-lightweight transformation function based on the first character string and the second character string.
4. The method for mutual authentication of an RFID system as recited in claim 3, wherein the step S232 includes:
Generating a first authentication request message A and a second authentication request message B of the reader-writer according to the first character string, the second character string and the second random number through the following formulas:
Wherein LTH is an ultra-lightweight transform function, Rot represents a cyclic left shift based on hamming weight, R 2 is a second random number, K LorR is a first string, and K' LorR is a second string;
generating the reader/writer authentication request message a||b LorR based on the hamming weights of the first authentication request message, the second authentication request message, and the second authentication request message, wherein:
when the hamming weight of B is odd, a|b LorR=A||BL,BL is the first half of B;
When the hamming weight of B is even, a||b LorR=A||BR,BR is the second half of B.
5. The method for mutual authentication of an RFID system according to claim 4, wherein the reader updates the shared key and the electronic tag pseudo-random identification through the ultra-lightweight transformation function based on a hamming weight of a preset electronic tag pseudo-random identification, a preset shared key, a verification request message of the reader and the electronic tag, comprising:
updating a shared key by the ultra-lightweight transfer function based on the first string, the second string, and the second random number, as follows:
wherein, K new is the updated shared key;
Updating the pseudo-random identity of the electronic tag through the ultra-lightweight transformation function based on the verification request message of the reader-writer and the electronic tag and the second random number;
Wherein PID new represents the updated pseudo-random id of the electronic tag, B 'LorR represents the other half of the reader-writer verification request message that the reader-writer has not sent, and C' LorR represents the other half of the electronic tag verification request message that the electronic tag has not sent.
6. The method for mutual authentication of an RFID system according to claim 1, wherein the electronic tag generates an electronic tag verification request message by an ultra-lightweight transformation function based on a hamming weight and a shared key of a preset electronic tag pseudo-random identity, and transmits the electronic tag verification request message to the reader/writer, comprising:
C is calculated by the following formula:
When the hamming weight of C is odd, C LorR=CL,CL is the first half of C;
when the hamming weight of C is even, C LorR=CR,CR is the latter half of C.
7. The method for mutual authentication of an RFID system according to claim 1, wherein the electronic tag updates the electronic tag pseudo-random identification through the ultra-lightweight transformation function based on a hamming weight of a preset electronic tag pseudo-random identification, a preset shared key, a reader-writer, and a verification request message of the electronic tag, comprising:
The electronic tag calculates a key update verification message D * through a super lightweight transformation function based on the updated shared key:
Comparing D with the received key update message D to determine whether the received key update message D is equal, and if d=d, based on the pseudo random identity of the tag update request message and the electronic tag authentication request message:
Wherein, the pseudo-random identity after the update of the PID new electronic tag, B 'LorR represents the other half of the reader-writer verification request message which is not sent out by the reader-writer, and C' LorR represents the other half of the electronic tag verification request message which is not sent out by the electronic tag.
8. An RFID system is characterized by comprising a server, a reader-writer and an electronic tag;
The reader and the electronic tag are used for executing the mutual authentication method of any one of claims 1 to 7.
CN202211561599.7A 2022-12-07 2022-12-07 Bidirectional authentication method for RFID system and RFID system Active CN116090489B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211561599.7A CN116090489B (en) 2022-12-07 2022-12-07 Bidirectional authentication method for RFID system and RFID system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211561599.7A CN116090489B (en) 2022-12-07 2022-12-07 Bidirectional authentication method for RFID system and RFID system

Publications (2)

Publication Number Publication Date
CN116090489A CN116090489A (en) 2023-05-09
CN116090489B true CN116090489B (en) 2025-04-01

Family

ID=86201562

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211561599.7A Active CN116090489B (en) 2022-12-07 2022-12-07 Bidirectional authentication method for RFID system and RFID system

Country Status (1)

Country Link
CN (1) CN116090489B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117528514B (en) * 2023-10-19 2025-02-14 广东技术师范大学 A two-way authentication method and device based on R_LWE cryptographic system
CN118396011A (en) * 2024-01-30 2024-07-26 深圳市希莱恒医用电子有限公司 Method and device for processing test reagent information
CN118071501B (en) * 2024-03-20 2025-09-23 中国工商银行股份有限公司 System switching method, device, computer equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011109960A1 (en) * 2010-03-12 2011-09-15 西安西电捷通无线网络通信股份有限公司 Mutual authentication method and system based on identities
CN110677254A (en) * 2019-09-20 2020-01-10 广州城市职业学院 Ultra-lightweight RFID authentication method

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5757913A (en) * 1993-04-23 1998-05-26 International Business Machines Corporation Method and apparatus for data authentication in a data communication environment
JP3511901B2 (en) * 1998-07-01 2004-03-29 株式会社日立製作所 Information processing apparatus and information processing system
CN101329719B (en) * 2008-08-01 2010-11-10 西安西电捷通无线网络通信股份有限公司 Anonymous authentication method suitable for homogeneous electronic label
CN101662367B (en) * 2009-05-27 2011-08-17 西安西电捷通无线网络通信股份有限公司 Mutual authentication method based on shared key
KR101215155B1 (en) * 2011-02-28 2012-12-24 한양대학교 산학협력단 System for and method of protecting communication between reader and tag in rfid system
KR101404673B1 (en) * 2013-07-02 2014-06-09 숭실대학교산학협력단 System for authenticating radio frequency identification tag
CN105530263B (en) * 2016-01-08 2018-06-12 广东工业大学 A kind of extra lightweight RFID mutual authentication methods based on tag ID
CN105450673B (en) * 2016-01-12 2018-11-20 吉林大学 Security protocol verification method based on mobile RFID system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011109960A1 (en) * 2010-03-12 2011-09-15 西安西电捷通无线网络通信股份有限公司 Mutual authentication method and system based on identities
CN110677254A (en) * 2019-09-20 2020-01-10 广州城市职业学院 Ultra-lightweight RFID authentication method

Also Published As

Publication number Publication date
CN116090489A (en) 2023-05-09

Similar Documents

Publication Publication Date Title
Luo et al. SLAP: Succinct and lightweight authentication protocol for low-cost RFID system
CN116090489B (en) Bidirectional authentication method for RFID system and RFID system
CN103795543B (en) Safety bidirectional authentication method for RFID system
CN103020671B (en) A kind of radio frequency identification mutual authentication method based on hash function
Choi et al. Anti-cloning protocol suitable to EPCglobal Class-1 Generation-2 RFID systems
Zhuang et al. A new ultralightweight RFID protocol for low-cost tags: R 2 AP
Safkhani et al. Cryptanalysis of the Cho et al. protocol: a hash-based RFID tag mutual authentication protocol
CN101976363A (en) Hash function based RFID (Radio Frequency Identification Devices) authentication method
Zhou et al. A lightweight anti-desynchronization RFID authentication protocol
Risalat et al. Advanced real time RFID mutual authentication protocol using dynamically updated secret value through encryption and decryption process
Zhuang et al. Security analysis of a new ultra-lightweight RFID protocol and its improvement.
Xu et al. Efficient mobile RFID authentication protocol for smart logistics targets tracking
CN106936571B (en) A method for wireless generation of single-tag key by using word synthesis operation
CN103699863B (en) A kind of asynchronous attack resistant ultra-lightweight radio frequency identification authentication method
CN107040363B (en) Method and system for lightweight RFID ownership transfer based on chaotic encryption
Gao et al. A security protocol resistant to intermittent position trace attacks and desynchronization attacks in RFID systems
CN107395354B (en) Lightweight mobile RFID system authentication method
Li et al. Privacy protection for low-cost RFID tags in IoT systems
Moradi et al. Security analysis and strengthening of an RFID lightweight authentication protocol suitable for VANETs
CN109766966B (en) A Synchronous Update Method of RFID Tag Random Number
Huang et al. An ultralightweight mutual authentication protocol for EPC C1G2 RFID tags
Sadighian et al. Afmap: Anonymous forward-secure mutual authentication protocols for rfid systems
Shen et al. An Anti-counterfeit Complete RFID Tag Grouping Proof Generation Protocol.
Eghdamian et al. A secure protocol for ultralightweight radio frequency identification (RFID) tags
Abyaneh On the privacy of two tag ownership transfer protocols for RFIDs

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant