[go: up one dir, main page]

CN110233731A - A kind of RFID safety authentication based on PUF - Google Patents

A kind of RFID safety authentication based on PUF Download PDF

Info

Publication number
CN110233731A
CN110233731A CN201910427190.8A CN201910427190A CN110233731A CN 110233731 A CN110233731 A CN 110233731A CN 201910427190 A CN201910427190 A CN 201910427190A CN 110233731 A CN110233731 A CN 110233731A
Authority
CN
China
Prior art keywords
challenge
vector
puf
response
reader
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910427190.8A
Other languages
Chinese (zh)
Inventor
徐鹤
陈欣
李鹏
朱枫
王汝传
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Post and Telecommunication University
Original Assignee
Nanjing Post and Telecommunication University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Post and Telecommunication University filed Critical Nanjing Post and Telecommunication University
Priority to CN201910427190.8A priority Critical patent/CN110233731A/en
Publication of CN110233731A publication Critical patent/CN110233731A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
    • G06K7/10257Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves arrangements for protecting the interrogation against piracy attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3278Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Toxicology (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Electromagnetism (AREA)
  • General Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种基于PUF的RFID安全认证方法,首先,基于PUF电路产生独特的挑战‑响应对并结合TRNG及二进制操作构成指定的响应设备与阅读器之间数据交互的协议;并同时在对响应设备和阅读器部署之前基于验证次数N、可信ID等参数获取PUF软模型,基于PUF软模型对PUF电路的输出进行预测输出;最后,响应设备利用TRNG构成预定数量的挑战,并且根据后台服务器中设定的计数N表、可信ID表、汉明距离、容差水平值等对响应设备与阅读器之间进行设定的轮询操作,实现RFID的安全认证操作;本发明可以有效抵抗交互过程中的恶意中继攻击,并且能在不增加成本的情况下,进行安全可靠的RFID认证。The invention discloses a PUF-based RFID security authentication method. Firstly, a unique challenge-response pair is generated based on a PUF circuit and combined with TRNG and binary operations to form a data interaction protocol between a specified response device and a reader; and simultaneously Obtain the PUF soft model based on the verification times N, trusted ID and other parameters before the responding device and reader are deployed, and predict the output of the PUF circuit based on the PUF soft model; finally, the responding device uses TRNG to form a predetermined number of challenges, and according to The counting N table, trusted ID table, Hamming distance, tolerance level value, etc. set in the background server perform polling operations set between the response device and the reader to realize the security authentication operation of RFID; the present invention can Effectively resist malicious relay attacks during the interaction process, and can perform safe and reliable RFID authentication without increasing costs.

Description

一种基于PUF的RFID安全认证方法A PUF-based RFID security authentication method

技术领域technical field

本发明属于物联网安全技术领域,具体为一种基于PUF(Physical UnclonableFunction,物理不可克隆技术)的RFID(Radio Frequency Identification,射频识别技术)安全认证方法,通过利用物理不可克 隆技术产生秘钥安全随机的特点,解决了RFID应用中的中继攻击。The invention belongs to the technical field of Internet of Things security, and specifically relates to an RFID (Radio Frequency Identification, radio frequency identification technology) security authentication method based on PUF (Physical Unclonable Function, physical unclonable technology). The characteristics of it solve the relay attack in RFID application.

背景技术Background technique

物联网(IoT,Internet ofThings)一直被认为是继计算机、互联 网之后世界信息产业发展的第三次浪潮,因为它将完全改变人们的生 活、工作、娱乐和旅行方式,甚至改变全球政府及企业之间的交互。 目前,物联网前在全球呈现出快速增长的势头,在很多物联网权威人 士看来,我们将进入一个全新的万物互联的新世界,预计到2020年 将有340亿台设备接入互联网,相比移动物联网,物联网市场规模是 其数十倍的容量,能为全球带来数十万亿的经济价值,也被视作为全 球经济增长的新引擎,开启新时代的步伐。The Internet of Things (IoT, Internet of Things) has always been considered as the third wave of the development of the world's information industry after computers and the Internet, because it will completely change the way people live, work, entertain and travel, and even change the relationship between global governments and enterprises. interaction between. At present, the Internet of Things is showing a rapid growth momentum in the world. According to many Internet of Things authorities, we will enter a new world of Internet of Everything. It is estimated that by 2020, there will be 34 billion devices connected to the Internet. Compared with the mobile Internet of Things, the market size of the Internet of Things is dozens of times its capacity, and it can bring tens of trillions of economic value to the world. It is also regarded as a new engine for global economic growth and opens the pace of a new era.

最初的物联网概念由MITAuto-第一ID中心Ashton教授在1999 年研究RFID时最早提出:通过射频识别、红外感应器、全球定位系 统、激光扫描器等信息传感设备,按约定的协议,把任何物品与话联 网相连接,进行信息交换和通信,以实现智能化识别、定位、监控和 管理的一种网络概念。在2005年国际电信联盟(ITU)发布的同名报 告中,物联网的定义和范围已经发生了变化,覆盖范围也有了较大的 拓展,不再只是指基于RFID技术的物联网,而转变成任何时刻、任 何地点、任何物体之间的互联,无时不在的网络和无所不知计算的发 展愿景。The initial concept of the Internet of Things was first proposed by Professor Ashton of MITAuto-First ID Center when he was researching RFID in 1999: through radio frequency identification, infrared sensors, global positioning systems, laser scanners and other information sensing equipment, according to the agreed protocol, the Any item is connected to the Internet for information exchange and communication to realize a network concept of intelligent identification, positioning, monitoring and management. In the report of the same name released by the International Telecommunication Union (ITU) in 2005, the definition and scope of the Internet of Things have changed, and the coverage has also been greatly expanded. It no longer refers to the Internet of Things based on RFID technology, but has transformed into any The interconnection between any time, any place, any object, the ubiquitous network and the development vision of omniscient computing.

物联网工程建设蓬勃发展,感知设备应用越来越成熟,二维条形 码、RFID产品、传感器、摄像头等感知设备随处可见,但市场应用 需求正逐步发现变化,已从单一的设备功能扩展与性能增强到兼顾安 全保障。政府、企业、科研机构越来越重视物联网安全问题,针对感 知设备安全防护现有一些技术手段,包括高强度加密的CPU卡、对 RFID标签进行认证、密钥管理机制以及从制作工艺采用抗功耗/电磁 辐射分析、故障注入攻击技术等等。可以看到一方面这些安全防护措 施有了一定的防护效果,但是是否符合相关标准,还需进一步明确。 另一方面上述的一些安全措施往往处于被动防御,面对物联网应用新 形式和物联网设备攻击新行为,须在感知设备设计、实施、运行阶段 将化被动为主动,积极开展感知层的设备安全检测,增强物联网主动 安全保障能力。The construction of the Internet of Things is booming, and the application of sensing devices is becoming more and more mature. Sensing devices such as two-dimensional barcodes, RFID products, sensors, and cameras can be seen everywhere. to balance security. Governments, enterprises, and scientific research institutions are paying more and more attention to the security of the Internet of Things. There are some technical means for the security protection of sensing equipment, including high-intensity encrypted CPU cards, authentication of RFID tags, key management mechanisms, and anti- Power consumption/electromagnetic radiation analysis, fault injection attack techniques, etc. It can be seen that on the one hand, these safety protection measures have a certain protective effect, but whether they meet the relevant standards needs to be further clarified. On the other hand, some of the above-mentioned security measures are often passive defenses. In the face of new forms of IoT applications and new attacks on IoT devices, it is necessary to turn passive into active in the design, implementation, and operation stages of sensing devices, and actively develop the sensing layer. Security detection enhances the active security assurance capability of the Internet of Things.

由于对功耗,实施面积和设备成本的高度限制,在RFID系统中 建立可靠的安全通信一直是一个持续存在的问题。提供可证明的安全 性的标准加密解决方案对RFID和其他高度受限的设备具有过高的面 积和功率需求。例如,低成本RFID标签只能使用3-5k逻辑门来实 现安全功能,而对认证的可靠安全的公共密码算法实现可以使用12k 到22k逻辑门。Establishing reliable secure communication in RFID systems has been an ongoing problem due to high constraints on power consumption, implementation area, and equipment cost. Standard encryption solutions that provide provable security have prohibitive area and power requirements for RFID and other highly constrained devices. For example, low-cost RFID tags can only use 3-5k logic gates to implement security functions, while reliable and secure public cryptographic algorithm implementations for authentication can use 12k to 22k logic gates.

发明内容Contents of the invention

针对上述现有技术中存在对功耗、实施面积以及设备成本的限制 问题,本发明提供一种基于PUF的RFID安全认证方法;该方法不使 用加密函数或者散列函数,基于PUF电路、真随机数发生器和二进 制操作来完成协议的认证过程,在不需要投入过高的成本的情况下, 使其成为一种能够抵御中继攻击的、具有高度安全可靠性的轻量 级RFID安全认证协议。具体采用如下技术方案:Aiming at the limitations of power consumption, implementation area and equipment cost in the above-mentioned prior art, the present invention provides a PUF-based RFID security authentication method; the method does not use an encryption function or a hash function, and is based on a PUF circuit, a true random The authentication process of the protocol is completed by using a digital generator and binary operations, making it a lightweight RFID security authentication protocol that can resist relay attacks and has high security and reliability without investing too much cost . Specifically, the following technical solutions are adopted:

一种基于PUF的RFID安全认证方法,所述方法包括:A PUF-based RFID security authentication method, said method comprising:

注册阶段:轮询所述PUF并建模攻击生成PUF软模型;Registration phase: poll the PUF and model the attack to generate a PUF soft model;

协议构建:利用PUF电路产生随机且独特的挑战-响应对,将所 述挑战-响应对作为所述协议实现过程中的秘钥,所述秘钥结合 TRNG及指定的二进制操作形成在可靠安全性方面真正匹配加密算 法的协议;Protocol construction: use the PUF circuit to generate random and unique challenge-response pairs, and use the challenge-response pairs as the secret key in the process of implementing the protocol. The secret key is combined with TRNG and specified binary operations to form a reliable and secure The protocol that really matches the encryption algorithm in terms of aspects;

身份认证:a、利用TRNG(True Random Number Generation,真 随机数发生器)在响应设备中生成由m个挑战ci构成的向量集C,所 述响应设备将存储的第一验证次数N、第一ID和所述向量集C发送 给阅读器;Identity authentication: a. Use TRNG (True Random Number Generation, true random number generator) to generate a vector set C consisting of m challenges ci in the response device, and the response device will store the first number of verification times N, the second An ID and the vector set C are sent to the reader;

b、将所述第一验证次数N后台数据库中的计数N表比较,将所 述第一ID与所述后台数据库中可信ID表比较,并记录所述阅读器接 收所述向量集C的第一时长t,将所述第一时长t与所述后台数据库 中设定允许时长t′比较,若所述第一验证次数N与所述计数N表中数 据相同,且所述第一ID与所述可信ID表中数据相同,以及所述第一 时长t小于所述允许时长t′,则接收所述PUF软模型生成针对每一所 述挑战ci的响应向量ri,并构建响应向量集R;b. Compare the count N table in the background database of the first number of verification times N, compare the first ID with the trusted ID table in the background database, and record the number of times the reader receives the vector set C The first duration t, compare the first duration t with the allowable duration t' set in the background database, if the first verification times N is the same as the data in the count N table, and the first ID It is the same as the data in the trusted ID table, and the first duration t is less than the allowed duration t′, then receive the PUF soft model to generate a response vector ri for each challenge ci , and construct Response vector set R;

c、利用TRNG将每一所述响应向量ri生成挑战向量ci1和挑战向 量ci2,并构成对应的挑战向量集C′;其中,所述挑战向量ci1和所述挑 战向量ci2的异或结果对应所述响应向量ric. Using TRNG to generate a challenge vector ci1 and a challenge vector ci2 for each of the response vectors ri, and form a corresponding challenge vector set C′; wherein, the challenge vector ci1 and the challenge vector ci2 The XOR result corresponds to the response vector r i ;

d、设定阈值τ,检查所述挑战向量ci1和所述挑战向量ci2之间的 汉明距离是否在所述阈值τ之内,如果是,则将所述挑战向量集C′发 送给所述响应设备,否则,舍弃所述挑战向量ci1和所述挑战向量ci2d. Set the threshold τ, check whether the Hamming distance between the challenge vector c i1 and the challenge vector c i2 is within the threshold τ, and if so, send the challenge vector set C' to The responding device, otherwise, discards the challenge vector c i1 and the challenge vector c i2 ;

e、设定容差水平值α,验证所述响应设备接收到的所述挑战向 量集C′各所述挑战向量ci1和所述挑战向量ci2的异或结果,若所述异或 结果在所述容差水平值内,则检查所述挑战ci、所述挑战向量ci1和所 述挑战向量ci2两两之间的汉明距离是否在所述阈值τ内,如果不在, 则舍弃所述挑战向量ci1和所述挑战向量ci2e. Set the tolerance level value α, and verify the XOR result of each of the challenge vector c i1 and the challenge vector c i2 received by the responding device in the challenge vector set C′, if the XOR result Within the tolerance level value, check whether the Hamming distance between the challenge ci , the challenge vector ci1 and the challenge vector ci2 is within the threshold τ, if not, then discarding the challenge vector c i1 and the challenge vector c i2 ;

f、所述响应设备再次发送由挑战bi构成的挑战向量集B至所述 阅读器,所述阅读器接受所述挑战向量集B并验证对应于所述挑战 向量集B传输的质询令牌的响应,并重复步骤a~e,即判断所述挑战 bi发送至所述阅读器后利用TRNG对应生成的挑战向量bi1和挑战向 量bi2之间的汉明距离,以及所述响应设备发送至所述阅读器的第二验 证次数N和第二ID以及所述第二时长t是否与所述计数N表、所述 可信ID表和所述允许时长t′比较是否一致或在设定的容差水平值内, 则完成有效的RFID安全认证。f. The responding device sends again the challenge vector set B composed of challenge b i to the reader, and the reader accepts the challenge vector set B and verifies the challenge token transmitted corresponding to the challenge vector set B response, and repeat steps a to e, that is, to judge the Hamming distance between the challenge vector b i1 and the challenge vector b i2 generated by TRNG correspondingly after the challenge bi is sent to the reader, and the response device Whether the second number of verification times N and the second ID sent to the reader and the second duration t are consistent with the count N table, the trusted ID table and the allowed duration t', or are set If it is within the specified tolerance level, effective RFID security certification is completed.

所述方法还包括,PUF利用COMS器件制作所述协议实现过程中的固有 随机性。The method also includes that the PUF utilizes the CMOS device to make inherent randomness in the protocol implementation process.

优选地,在所述协议中,所述阅读器与所述后台服务器组合形成 服务器端。Preferably, in the protocol, the reader is combined with the background server to form a server end.

优选地,在所述协议中,每一所述挑战ci均可响应“0”或“1”。Preferably, in said protocol, each of said challenges ci can respond to "0" or "1".

优选地,执行m次所述协议后,随机猜测全部的概率为2-mPreferably, after executing the protocol m times, the probability of randomly guessing all is 2 −m .

优选地,每一所述挑战的比特宽度与所述协议中所述挑战-响应 对中挑战的比特宽度相同。Advantageously, each said challenge has the same bit width as a challenge in said challenge-response pair in said protocol.

本发明的基于PUF的RFID安全认证方法,首先,通过二进制操 作、PUF电路和TRNG来建立加密强度安全性的协议;然后,基于 PUF电路的特点产生挑战-响应对,并将挑战-响应对作为秘钥;最后, 基于建立的协议对响应设备和阅读器之间的交互进行轮询,若轮询不 符合协议,则不进行交互操作,大大提高了整个RFID通信系统的安 全可靠性。与现有技术相比,本发明具有以下有益效果:本发明的协 议提供服务器与响应设备之间的相互身份认证以及对建模攻击的抵 抗,并且避免了加密算法的使用以及未经允许的对设备和服务器的轮 询,能够有效抵抗恶意中继攻击,具有良好的安全性;本发明在部署 前对响应设备和服务器进行部署,获得合法身份和PUF软模型,在 服务器和设备进行通信前对双方身份进行认证,以确保双方身份的合 法,具有很好的完整性;本发明利用PUF电路产生的独特挑战—响 应对以及简单的二进制算法,在不增加成本的情况下,可以形成安全 可靠的RFID认证协议。The RFID security authentication method based on PUF of the present invention, at first, establishes the agreement of encryption intensity security through binary operation, PUF circuit and TRNG; Then, based on the characteristic of PUF circuit, generate challenge-response pair, and use challenge-response pair as secret key; finally, based on the established protocol, the interaction between the responding device and the reader is polled. If the polling does not conform to the protocol, no interactive operation is performed, which greatly improves the security and reliability of the entire RFID communication system. Compared with the prior art, the present invention has the following beneficial effects: the protocol of the present invention provides mutual identity authentication between the server and the response device and resistance to modeling attacks, and avoids the use of encryption algorithms and unauthorized access to The polling of devices and servers can effectively resist malicious relay attacks and has good security; the present invention deploys response devices and servers before deployment, obtains legal identities and PUF soft models, and The identities of both parties are authenticated to ensure that the identities of both parties are legal and have good integrity; the present invention utilizes the unique challenge-response pairs generated by the PUF circuit and a simple binary algorithm to form a safe and reliable RFID authentication protocol.

附图说明Description of drawings

图1为本发明实施例中基于PUF的挑战-响应对的认证协议示 意。Fig. 1 is a schematic diagram of the authentication protocol of the challenge-response pair based on PUF in the embodiment of the present invention.

图2为本发明实施例中所述基于PUF的RFID安全认证协议执行 流程示意。Fig. 2 is a schematic diagram of the execution flow of the PUF-based RFID security authentication protocol described in the embodiment of the present invention.

图3为本发明实施例中认证协议过程中所有可能暴露的挑战-响 应对示意。Figure 3 is a schematic diagram of all possible exposed challenge-response pairs during the authentication protocol process in the embodiment of the present invention.

图4为中继攻击的实现基本流程图示意。Figure 4 is a schematic diagram of the basic flow chart of the implementation of the relay attack.

具体实施方式Detailed ways

为了使本技术领域的人员更好地理解本发明方案,下面将结合本 发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整 地描述。In order to enable those skilled in the art to better understand the solutions of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention.

在本发明实施例中,提供了一种基于PUF的RFID安全认证方法, 其中,PUF是一种新兴的硬件安全原语,可为RFID等受限设备提供 安全解决方案;PUF利用CMOS器件制造过程中的固有随机性,在 提供“挑战”输入时产生独特的“响应”,使其成为建立安全质询—响应协议的理想选择。基于此,本发明的方法具体包括如下步骤:In the embodiment of the present invention, a PUF-based RFID security authentication method is provided, wherein, PUF is an emerging hardware security primitive, which can provide a security solution for limited equipment such as RFID; PUF utilizes a CMOS device manufacturing process The inherent randomness in , producing a unique "response" when provided with a "challenge" input, makes it ideal for building secure challenge-response protocols. Based on this, the method of the present invention specifically comprises the steps:

结合图1,图示为基于PUF构建的挑战-响应对的认证协议,从 中可知,利用PUF认证时,首先,通过轮询PUF并建模攻击生成PUF 软模型,完成初始的注册操作;具体的,可以访问PUF的软模型的 服务器端将生成挑战并将挑战发送到设备。该设备将使用其PUF电 路为其收到的挑战生成响应并将其发送回服务器端。然后,服务器端 将设备传回的响应与其存储或生成的响应进行比较,如果响应在设定 的某个汉明距离内,则认为它是真实的;并使用设定的容差水平值作 为PUF不可忽略的错误率。Combined with Figure 1, the diagram shows a challenge-response pair authentication protocol based on PUF. It can be seen that when using PUF authentication, firstly, the PUF soft model is generated by polling PUF and modeling attacks to complete the initial registration operation; , the server side that has access to the soft model of the PUF will generate the challenge and send it to the device. The device will use its PUF circuit to generate responses to the challenges it receives and send them back to the server side. Then, the server side compares the response returned by the device with the response stored or generated, and if the response is within a certain Hamming distance set, it is considered authentic; and uses the set tolerance level value as the PUF Non-negligible error rate.

但是在实际操作中,因为攻击者将能够通过收集所传输的挑战— 响应对来执行中继攻击;而如果使用加密或者散列函数来隐藏挑战— 响应对,则需要投入过高的成本,基于此,本发明构建如图2所示的 协议,在此协议中,假设后台数据库与阅读器之间的有线传输是安全 的,而阅读器与响应设备之间的无线传输是不安全的,因此在本协议 中,后台数据库与阅读器统称为服务器端。本协议中所涉及到的一些 参数有:可信ID、响应设备方存储的验证次数计数N、指定汉明距 离、容差水平值、后台数据库端存储的可信ID′、验证次数计数、通 信双方接受到对方发送的验证信息的时长t、可信范围允许时长、响 应设备端产生的挑战、阅读器端产生的响应、产生的挑战、。所涉及 的函数表达式有:TRNG():真随机数发生器所产生的随机数,字 符长度与PUF所产生的响应命令字符长度一样;PUF(x):PUF设 备针对输入的挑战x所产生的响应;HD(x,y):x与y之间的汉明 距离;x与y的异或操作。But in practice, because the attacker will be able to perform a relay attack by collecting the transmitted challenge-response pairs; and if encryption or hash functions are used to hide the challenge-response pairs, it needs to invest too much cost, based on Therefore, the present invention builds the protocol shown in Figure 2, in this protocol, it is assumed that the wired transmission between the background database and the reader is safe, and the wireless transmission between the reader and the response device is unsafe, so In this agreement, the background database and reader are collectively referred to as the server. Some parameters involved in this protocol are: trusted ID, count N of verification times stored by the responding device, specified Hamming distance, tolerance level value, trusted ID' stored on the background database side, count of verification times, communication The time period t for both parties to receive the verification information sent by the other party, the allowable time period of the trusted range, the response to the challenge generated by the device side, the response generated by the reader side, and the generated challenge. The function expressions involved are: TRNG(): the random number generated by the true random number generator, the character length is the same as the response command character length generated by the PUF; PUF(x): generated by the PUF device for the input challenge x response; HD(x, y): Hamming distance between x and y; XOR operation of x and y.

在实际操作中,本发明利用PUF电路产生随机且独特的挑战-响 应对,将挑战-响应对作为协议实现过程中的秘钥,秘钥结合TRNG 及指定的二进制操作形成在可靠安全性方面真正匹配加密算法的协 议。其中,在协议部署之前,后台数据库存储有可信ID表、每个ID 的验证次数计数N表、每个ID的相关信息表以及每个PUF实体的大 量挑战—响应对。本发明具体的通过身份认证实现对中继攻击的防御 过程如下:In actual operation, the present invention uses the PUF circuit to generate random and unique challenge-response pairs, and uses the challenge-response pair as the secret key in the protocol implementation process. The secret key is combined with TRNG and specified binary operations to form a reliable and secure Protocol that matches the encryption algorithm. Among them, before the protocol is deployed, the background database stores a trusted ID table, a verification times count N table for each ID, a related information table for each ID, and a large number of challenge-response pairs for each PUF entity. The specific implementation of the present invention through identity authentication to the defense process of the relay attack is as follows:

首先,响应设备在接近阅读器的电磁场信号附近时,利用TRNG 在响应设备中生成由m个挑战ci构成的向量集C,其中,每一挑战ci的比特宽度与协议中挑战-响应对中挑战的比特宽度相同;响应设备 将存储的第一验证次数N、第一ID和向量集C发送给阅读器;阅读器在接收到响应设备发送过来的第一验证次数N、第一ID和向量集 C后,将第一验证次数N后台数据库中的计数N表比较,将第一ID 与后台数据库中可信ID表比较,并记录阅读器接收向量集C的第一 时长t,将第一时长t与后台数据库中设定允许时长t′比较,若第一验 证次数N与所述计数N表中数据相同,且第一ID与可信ID表中数 据相同,以及第一时长t小于允许时长t′,则接收PUF软模型生成针 对每一挑战ci的响应向量ri,并构建响应向量集R。First, when the responding device is close to the electromagnetic field signal of the reader, it uses TRNG to generate a vector set C consisting of m challenges ci in the responding device, where the bit width of each challenge ci is the same as the challenge-response pair in the protocol The bit width of the challenge is the same; the responding device sends the stored first number of verifications N, the first ID and vector set C to the reader; the reader receives the first number of verifications N, the first ID and After the vector set C, compare the count N table in the background database with the first number of verification times N, compare the first ID with the trusted ID table in the background database, and record the first duration t for the reader to receive the vector set C, and set the first ID to the trusted ID table in the background database. A time length t is compared with the allowable time length t' set in the background database, if the first verification times N is the same as the data in the count N table, and the first ID is the same as the data in the trusted ID table, and the first time length t is less than Allow time t′, then receive PUF soft model to generate response vector ri for each challenge ci , and construct response vector set R.

然后,阅读器利用TRNG将每一响应向量ri生成挑战向量ci1和挑 战向量ci2,并构成对应的挑战向量集C′;并保证挑战向量ci1和挑战向 量ci2的异或结果对应响应向量ri;同时,设定阈值τ,检查挑战向量ci1和挑战向量ci2之间的汉明距离是否在阈值τ之内,如果是,则将挑战 向量集C′发送给响应设备,否则,舍弃挑战向量ci1和所述挑战向量ci2; 以及设定容差水平值α,验证响应设备接收到的挑战向量集C′各挑战 向量ci1和挑战向量ci2的异或结果,若异或结果在容差水平值α内,则 检查挑战ci、挑战向量ci1和挑战向量ci2两两之间的汉明距离是否在阈 值τ内,如果不在,则舍弃挑战向量ci1和挑战向量ci2Then, the reader uses TRNG to generate a challenge vector ci1 and a challenge vector ci2 for each response vector ri, and constitutes a corresponding challenge vector set C′; and ensures that the XOR results of the challenge vector ci1 and the challenge vector ci2 correspond to Response vector r i ; at the same time, set the threshold τ, check whether the Hamming distance between the challenge vector ci1 and the challenge vector ci2 is within the threshold τ, if so, send the challenge vector set C′ to the responding device, Otherwise, discarding the challenge vector c i1 and the challenge vector c i2 ; and setting a tolerance level value α, verifying the XOR result of each challenge vector c i1 and challenge vector c i2 of the challenge vector set C′ received by the responding device, If the XOR result is within the tolerance level value α, then check whether the Hamming distance between the challenge ci , the challenge vector ci1 and the challenge vector ci2 is within the threshold τ, if not, discard the challenge vector ci1 and challenge vector c i2 .

最后,再次由响应设备发送由挑战bi构成的挑战向量集B至阅读 器,阅读器接受挑战向量集B并验证对应于挑战向量集B传输的质 询令牌的响应,并重复上述阅读器与响应设备之间的身份认证步骤, 即判断挑战bi发送至阅读器后利用TRNG对应生成的挑战向量bi1和 挑战向量bi2之间的汉明距离,以及响应设备发送至阅读器的第二验证 次数N和第二ID以及第二时长t是否与计数N表、可信ID表和允 许时长t′比较是否一致或在设定的容差水平值内,则完成有效的RFID 安全认证;以此确保响应设备只能由真实的一方进行轮询,该过程与 服务器用于生成其验证挑战的过程相同。Finally, the response device sends the challenge vector set B composed of challenge b i to the reader again, and the reader accepts the challenge vector set B and verifies the response corresponding to the challenge token transmitted by the challenge vector set B, and repeats the above reader and The identity authentication step between the responding devices is to judge the Hamming distance between the challenge vector b i1 and the challenge vector b i2 generated by using TRNG after the challenge b i is sent to the reader, and the second challenge vector b i2 sent by the responding device to the reader Verify whether the number of times N and the second ID and the second time length t are consistent with the count N table, the trusted ID table and the allowable time length t' or whether they are within the set tolerance level value, then complete effective RFID security certification; This ensures that the responding device can only be polled by an authentic party, the same process that the server uses to generate its authentication challenge.

特别需要注意的是,本发明中PUF利用COMS器件制作协议实 现过程中的固有随机性;且在协议中,由阅读器与后台服务器组合形 成服务器端。It should be noted that PUF in the present invention utilizes the inherent randomness in the implementation process of the COMS device manufacturing protocol; and in the protocol, the server end is formed by the combination of the reader and the background server.

在实际执行协议的过程中,每一挑战ci均可响应“0”或“1”。 且在执行m次协议后,随机猜测全部的概率为2-mDuring the actual execution of the protocol, each challenge c i can respond with "0" or "1". And after executing the protocol m times, the probability of guessing all of them randomly is 2 -m .

结合图4,需要注意的是,在实际操作中,Reader和Tag分别为 合法阅读器和可信标签。攻击者A从合法阅读器处监听转播请求验 证信息,发送给攻击者B,攻击者B将真实的验证信息发送给可信标 签,可信标签针对请求验证信息产生验证信息并发送给攻击者B,攻 击者B再将验证信息转发给攻击者A,攻击者A通过真实的验证信 息诱骗合法阅读器通过验证。整个攻击建立在合法通信双方都认为彼 此正处于安全距离通信的假设上,而事实上,由于攻击者的介入,合 法用户将认为与其通信的攻击者A、B即为合法设备,从而最终延长 了其通信距离,并获得通信中的所有数据。Combined with Figure 4, it should be noted that in actual operation, Reader and Tag are legal readers and trusted tags respectively. Attacker A listens to the rebroadcast request verification information from the legitimate reader and sends it to attacker B. Attacker B sends the real verification information to the trusted tag. The trusted tag generates verification information for the requested verification information and sends it to attacker B. , the attacker B forwards the verification information to the attacker A, and the attacker A uses the real verification information to trick the legitimate reader into passing the verification. The entire attack is based on the assumption that both parties in the legal communication believe that they are communicating with each other at a safe distance. In fact, due to the intervention of the attacker, the legitimate user will think that the attackers A and B communicating with him are legitimate devices, which ultimately prolongs the Its communication distance, and obtain all the data in the communication.

具体的,在协议的执行过程中,如果有攻击者试图对设备进行中 继攻击,阅读器和可信设备都采用TRNG以及PUF电路生成验证信 息,大大增加了伪造或转播验证信息的难度。同时,由于阅读器和可 信标签每进行一次有效的验证,验证次数计数都将动态更新,并且在 协议的通信双方都会验证通信时间是否在可信距离允许范围内,如果 攻击者利用中继攻击设备转播验证信息,必然会引起时间的延长,一 旦通信时长超过允许范围,通信双方将直接拒绝通信。由此可以看出, 本发明方法能够有效的抵御中继攻击。Specifically, during the execution of the protocol, if an attacker attempts to relay attacks on the device, both the reader and the trusted device use TRNG and PUF circuits to generate verification information, which greatly increases the difficulty of forging or rebroadcasting verification information. At the same time, since the reader and the trusted tag perform effective verification every time, the number of verification times will be dynamically updated, and both parties in the communication of the protocol will verify whether the communication time is within the allowable range of the trusted distance. If the attacker uses the relay attack Rebroadcasting the verification information by the device will inevitably lead to an extension of the time. Once the communication time exceeds the allowable range, the communication parties will directly refuse the communication. It can be seen that the method of the present invention can effectively defend against relay attacks.

本发明的基于PUF的RFID安全认证方法,首先,通过二进制操 作、PUF电路和TRNG来建立加密强度安全性的协议;然后,基于 PUF电路的特点产生挑战-响应对,并将挑战-响应对作为秘钥;最后, 基于建立的协议对响应设备和阅读器之间的交互进行轮询,若轮询不 符合协议,则不进行交互操作,大大提高了整个RFID通信系统的安 全可靠性。与现有技术相比,本发明具有以下有益效果:本发明的协 议提供服务器与响应设备之间的相互身份认证以及对建模攻击的抵 抗,并且避免了加密算法的使用以及未经允许的对设备和服务器的轮 询,能够有效抵抗恶意中继攻击,具有良好的安全性;本发明在部署 前对响应设备和服务器进行部署,获得合法身份和PUF软模型,在 服务器和设备进行通信前对双方身份进行认证,以确保双方身份的合 法,具有很好的完整性;本发明利用PUF电路产生的独特挑战—响 应对以及简单的二进制算法,在不增加成本的情况下,可以形成安全 可靠的RFID认证协议。The RFID security authentication method based on PUF of the present invention, at first, establishes the agreement of encryption intensity security through binary operation, PUF circuit and TRNG; Then, based on the characteristic of PUF circuit, generate challenge-response pair, and use challenge-response pair as secret key; finally, based on the established protocol, the interaction between the responding device and the reader is polled. If the polling does not conform to the protocol, no interactive operation is performed, which greatly improves the security and reliability of the entire RFID communication system. Compared with the prior art, the present invention has the following beneficial effects: the protocol of the present invention provides mutual identity authentication between the server and the response device and resistance to modeling attacks, and avoids the use of encryption algorithms and unauthorized access to The polling of devices and servers can effectively resist malicious relay attacks and has good security; the present invention deploys response devices and servers before deployment, obtains legal identities and PUF soft models, and The identities of both parties are authenticated to ensure that the identities of both parties are legal and have good integrity; the present invention utilizes the unique challenge-response pairs generated by the PUF circuit and a simple binary algorithm to form a safe and reliable RFID authentication protocol.

以上仅为本发明的较佳实施例,但并不限制本发明的专利范围, 尽管参照前述实施例对本发明进行了详细的说明,对于本领域的技术 人员而言,其依然可以对前述各具体实施方式所记载的技术方案进行 修改,或者对其中部分技术特征进行等效替换。凡是利用本发明说明 书及附图内容所做的等效结构,直接或间接运用在其他相关的技术领 域,均同理在本发明专利保护范围之内。The above are only preferred embodiments of the present invention, but do not limit the patent scope of the present invention. Although the present invention has been described in detail with reference to the foregoing embodiments, for those skilled in the art, it is still possible for those skilled in the art to understand the specific aspects of the foregoing. The technical solutions described in the implementation modes shall be modified, or some of the technical features shall be replaced equivalently. All equivalent structures made using the contents of the description and drawings of the present invention, directly or indirectly used in other related technical fields, are all within the protection scope of the patent of the present invention.

Claims (6)

1.一种基于PUF的RFID安全认证方法,其特征在于,所述方法包括:1. a PUF-based RFID security authentication method, is characterized in that, described method comprises: 注册阶段:轮询所述PUF并建模攻击生成PUF软模型;Registration phase: poll the PUF and model the attack to generate a PUF soft model; 协议构建:利用PUF电路产生随机且独特的挑战-响应对,将所述挑战-响应对作为所述协议实现过程中的秘钥,所述秘钥结合TRNG及指定的二进制操作形成在可靠安全性方面真正匹配加密算法的协议;Protocol construction: use the PUF circuit to generate random and unique challenge-response pairs, and use the challenge-response pairs as the secret key in the process of implementing the protocol. The secret key is combined with TRNG and specified binary operations to form a reliable and secure The protocol that really matches the encryption algorithm in terms of aspects; 身份认证:a、利用TRNG在响应设备中生成由m个挑战ci构成的向量集C,所述响应设备将存储的第一验证次数N、第一ID和所述向量集C发送给阅读器;Identity authentication: a. Use TRNG to generate a vector set C consisting of m challenges ci in the responding device, and the responding device sends the stored first number of verification times N, the first ID, and the vector set C to the reader ; b、将所述第一验证次数N后台数据库中的计数N表比较,将所述第一ID与所述后台数据库中可信ID表比较,并记录所述阅读器接收所述向量集C的第一时长t,将所述第一时长t与所述后台数据库中设定允许时长t′比较,若所述第一验证次数N与所述计数N表中数据相同,且所述第一ID与所述可信ID表中数据相同,以及所述第一时长t小于所述允许时长t′,则接收所述PUF软模型生成针对每一所述挑战ci的响应向量ri,并构建响应向量集R;b. Compare the count N table in the background database of the first number of verification times N, compare the first ID with the trusted ID table in the background database, and record the number of times the reader receives the vector set C The first duration t, compare the first duration t with the allowable duration t' set in the background database, if the first verification times N is the same as the data in the count N table, and the first ID It is the same as the data in the trusted ID table, and the first duration t is less than the allowed duration t′, then receive the PUF soft model to generate a response vector ri for each challenge ci , and construct Response vector set R; c、利用TRNG将每一所述响应向量ri生成挑战向量ci1和挑战向量ci2,并构成对应的挑战向量集C′;其中,所述挑战向量ci1和所述挑战向量ci2的异或结果对应所述响应向量ric. Using TRNG to generate a challenge vector ci1 and a challenge vector ci2 for each of the response vectors ri, and form a corresponding challenge vector set C′; wherein, the challenge vector ci1 and the challenge vector ci2 The XOR result corresponds to the response vector r i ; d、设定阈值τ,检查所述挑战向量ci1和所述挑战向量ci2之间的汉明距离是否在所述阈值τ之内,如果是,则将所述挑战向量集C′发送给所述响应设备,否则,舍弃所述挑战向量ci1和所述挑战向量ci2d. Set the threshold τ, check whether the Hamming distance between the challenge vector c i1 and the challenge vector c i2 is within the threshold τ, and if so, send the challenge vector set C' to The responding device, otherwise, discards the challenge vector c i1 and the challenge vector c i2 ; e、设定容差水平值α,验证所述响应设备接收到的所述挑战向量集C′各所述挑战向量ci1和所述挑战向量ci2的异或结果,若所述异或结果在所述容差水平值内,则检查所述挑战ci、所述挑战向量ci1和所述挑战向量ci2两两之间的汉明距离是否在所述阈值τ内,如果不在,则舍弃所述挑战向量ci1和所述挑战向量ci2e. Set the tolerance level value α, and verify the XOR result of each of the challenge vector c i1 and the challenge vector c i2 received by the responding device in the challenge vector set C′, if the XOR result Within the tolerance level value, check whether the Hamming distance between the challenge ci , the challenge vector ci1 and the challenge vector ci2 is within the threshold τ, if not, then discarding the challenge vector c i1 and the challenge vector c i2 ; f、所述响应设备再次发送由挑战bi构成的挑战向量集B至所述阅读器,所述阅读器接受所述挑战向量集B并验证对应于所述挑战向量集B传输的质询令牌的响应,并重复步骤a~e,即判断所述挑战bi发送至所述阅读器后利用TRNG对应生成的挑战向量bi1和挑战向量bi2之间的汉明距离,以及所述响应设备发送至所述阅读器的第二验证次数N和第二ID以及所述第二时长t是否与所述计数N表、所述可信ID表和所述允许时长t′比较是否一致或在设定的容差水平值内,完成有效的RFID安全认证。f. The responding device sends again the challenge vector set B composed of challenge b i to the reader, and the reader accepts the challenge vector set B and verifies the challenge token transmitted corresponding to the challenge vector set B response, and repeat steps a to e, that is, to judge the Hamming distance between the challenge vector b i1 and the challenge vector b i2 generated by TRNG correspondingly after the challenge bi is sent to the reader, and the response device Whether the second number of verification times N and the second ID sent to the reader and the second duration t are consistent with the count N table, the trusted ID table and the allowed duration t', or are set Within the specified tolerance level, effective RFID security certification is completed. 2.如权利要求1所述的基于PUF的RFID安全认证方法,其特征在于,所述方法还包括,PUF利用COMS器件制作所述协议实现过程中秘钥的随机性。2. The RFID security authentication method based on PUF as claimed in claim 1, is characterized in that, described method also comprises, PUF utilizes CMOS device to make the randomness of secret key in the implementation process of described agreement. 3.如权利要求1所述的基于PUF的RFID安全认证方法,其特征在于,在所述协议中,所述阅读器与所述后台服务器组合形成服务器端。3. The PUF-based RFID security authentication method according to claim 1, characterized in that, in the protocol, the reader is combined with the background server to form a server end. 4.如权利要求3所述的基于PUF的RFID安全认证方法,其特征在于,在所述协议中,每一所述挑战ci均可响应“0”或“1”。4. The PUF-based RFID security authentication method according to claim 3, characterized in that, in the protocol, each challenge c i can respond to "0" or "1". 5.如权利要求1所述的基于PUF的RFID安全认证方法,其特征在于,执行m次所述协议后,随机猜测全部正确即攻击成功的概率为2-m5. The PUF-based RFID security authentication method according to claim 1, characterized in that, after performing m times of the protocol, the random guessing is all correct, that is, the probability of successful attack is 2- m . 6.如权利要求1所述的基于PUF的RFID安全认证方法,其特征在于,每一个挑战的比特宽度与所述协议中所述挑战-响应对中挑战的比特宽度相同。6. The PUF-based RFID security authentication method according to claim 1, wherein the bit width of each challenge is identical to the bit width of the challenge in the challenge-response pair in the protocol.
CN201910427190.8A 2019-05-22 2019-05-22 A kind of RFID safety authentication based on PUF Pending CN110233731A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910427190.8A CN110233731A (en) 2019-05-22 2019-05-22 A kind of RFID safety authentication based on PUF

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910427190.8A CN110233731A (en) 2019-05-22 2019-05-22 A kind of RFID safety authentication based on PUF

Publications (1)

Publication Number Publication Date
CN110233731A true CN110233731A (en) 2019-09-13

Family

ID=67860892

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910427190.8A Pending CN110233731A (en) 2019-05-22 2019-05-22 A kind of RFID safety authentication based on PUF

Country Status (1)

Country Link
CN (1) CN110233731A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100177898A1 (en) * 2007-06-14 2010-07-15 Intrinsic Id Bv Device and method for providing authentication
CN102224705A (en) * 2008-11-21 2011-10-19 美国威诚股份有限公司 Non-networked rfid-puf authentication
CN105723651A (en) * 2013-11-10 2016-06-29 赛普利斯电子有限责任公司 Authenticatable device
CN108173662A (en) * 2018-02-12 2018-06-15 海信集团有限公司 A device authentication method and device
CN108768660A (en) * 2018-05-28 2018-11-06 北京航空航天大学 Internet of things equipment identity identifying method based on physics unclonable function
CN109040067A (en) * 2018-08-02 2018-12-18 广东工业大学 A kind of user authentication device and authentication method based on the unclonable technology PUF of physics

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100177898A1 (en) * 2007-06-14 2010-07-15 Intrinsic Id Bv Device and method for providing authentication
CN102224705A (en) * 2008-11-21 2011-10-19 美国威诚股份有限公司 Non-networked rfid-puf authentication
CN105723651A (en) * 2013-11-10 2016-06-29 赛普利斯电子有限责任公司 Authenticatable device
CN108173662A (en) * 2018-02-12 2018-06-15 海信集团有限公司 A device authentication method and device
CN108768660A (en) * 2018-05-28 2018-11-06 北京航空航天大学 Internet of things equipment identity identifying method based on physics unclonable function
CN109040067A (en) * 2018-08-02 2018-12-18 广东工业大学 A kind of user authentication device and authentication method based on the unclonable technology PUF of physics

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
HE XU ET AL.: "《A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function》", 《SENSORS》 *
PROSANTA GOPE ET AL.: "《Lightweight and Practical Anonymous Authentication Protocol for RFID Systems Using Physically Unclonable Functions》", 《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY》 *
TAREK IDRISS,MAGDY BAYOUMI: "《Lightweight highly secure PUF protocol for mutual authentication and secret message exchange》", 《2017 IEEE INTERNATIONAL CONFERENCE ON RFID TECHNOLOGY & APPLICATION (RFID-TA)》 *
YING QIU,JIQIANG LU: "《Critical Analysis of New Protocols on Lightweight Authentication》", 《2018 24TH ASIA-PACIFIC CONFERENCE ON COMMUNICATIONS (APCC)》 *

Similar Documents

Publication Publication Date Title
Srinivas et al. Anonymous lightweight chaotic map-based authenticated key agreement protocol for industrial Internet of Things
Gope et al. Lightweight and practical anonymous authentication protocol for RFID systems using physically unclonable functions
Dhillon et al. Secure multi‐factor remote user authentication scheme for Internet of Things environments
Liu et al. A physically secure, lightweight three-factor and anonymous user authentication protocol for IoT
CN113301022B (en) Internet of things equipment identity security authentication method based on block chain and fog calculation
Cui et al. Chaotic map-based authentication scheme using physical unclonable function for internet of autonomous vehicle
CN107483195A (en) A secure two-party authentication and key agreement protocol in the Internet of Things environment
Idriss et al. Lightweight highly secure PUF protocol for mutual authentication and secret message exchange
CN107148019B (en) It is a kind of for connecting the method and apparatus of wireless access point
Zhao et al. ePUF: A lightweight double identity verification in IoT
Taher et al. Low-overhead remote user authentication protocol for IoT based on a fuzzy extractor and feature extraction
CN114143343B (en) Remote access control system, control method, terminal and medium in fog computing environment
Kumar et al. Blockchain-enabled secure communication for unmanned aerial vehicle (UAV) networks
Nimmy et al. A novel multi-factor authentication protocol for smart home environments
CN114095229B (en) Method, device and system for constructing data transmission protocol of energy internet
Zheng et al. Design and analysis of a security-enhanced three-party authenticated key agreement protocol based on chaotic maps
Sarbishaei et al. Smart home security: An efficient multi-factor authentication protocol
Modarres et al. A lightweight authentication protocol for IoT-based applications using reconfigurable noisy PUFs
Manivannan et al. Practical and efficient PUF-based protocol for authentication and key agreement in IoT
Li et al. Physical unclonable function based identity management for IoT with blockchain
CN114244531B (en) Lightweight self-updating message authentication method based on strong PUF
Gupta et al. A lightweight and secure PUF-based authentication and key-exchange protocol for IoT devices
CN118487769A (en) Lightweight multi-gateway identity authentication and key agreement method based on PUF
CN113014534A (en) User login and authentication method and device
Mansour et al. Hardware root of trust for IoT security in smart home systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190913