Desynchronization resistant lightweight RFID bidirectional authentication protocol

Abstract

The invention relates to a lightweight bidirectional authentication protocol which can be used in an RFID system of the Internet of Things. The bidirectional challenging response of a backstage and an RFID label is achieved based on a dual authentication mechanism of 'bidirectional random number-new and old key pair, the pseudo random number and the clock parameter are bound through the time attachment encryption, and the trust worthiness of the freshness amount of the protocol can be improved. The protocol participates in authentication through the new and old key pair preset by a backstage database to resist the desynchronizatio excluding the RFID system, and the unbalance between the backstage and a label key is avoided. A reader and the backstage resist the desynchronization from the interior of a system through the time attachment encryption / decryption, and the occurrence that the backstage refuses an authentication label perpetually due to the fact that a malicious reader releases information again is avoided. In addition, the key is updated through the Hash operation, the parameter is corrected by alternately adopting the ultra-lightweight Mixbits function, and the tracking prevention and forward direction safety of the protocol are guaranteed on the basis of reducing the protocol calculating expenditure. The protocol has the advantages of being safe, efficient, flexible and suitable for the fields of identifying the low-cost RFID system, updating the key and the like.

Description

technical field [0001] The invention relates to a lightweight anti-desynchronization RFID two-way authentication protocol, which uses a "two-way random number-new and old key pair" double authentication mechanism to realize the two-way challenge-response of the background database-label system, and uses clock parameters to bind The method of pseudo-random number guarantees the trustworthiness and real-time performance of the fresh quantity of the protocol. The operation of key update and authentication parameters uses lightweight hash function and ultra-lightweight cyclic shift function, and finally combines the theory based on colored petri net Formal simulation and informal methods are used to analyze the privacy and security of the protocol, and it is proved that the protocol can reach the expected state space, and can effectively resist location tracking attacks and desynchronization attacks. This protocol only needs three communications to complete the authentication of t...

AI Technical Summary

Problems solved by technology

For example, Lim J’s Privacy Protection Authentication Protocol (LIM J, OH H, KIM S.A new Hash-based RFID mutual authentication protocol providing enhanced user privacy protection[C] / / Roceedings of the 4th Information Security Practice and Experience Conference. LNCS4991, Berlin: Springer -Verlag, 2008: 278-289), the two sides of the session can still perform key dynamic update without completing the authentication, which can avoid the privacy leakage of the label position, but because the protocol lacks trusted freshness, the attacker can still use Traffic analysis to get tag key status

In 2007, Chien HY worked on the ultra-lightweight SASI authentication protocol (H Y Chien. SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity [J]. IEEE Transactions on Deand Secure Computing, 2007, 4(9): 337- 340) only uses a limited number of ultra-lightweight algorithms such as XOR (exclusive OR) and ROT cyclic shift to implement challenge-response, and establishes two key storage units in the background database to improve the key recovery capability, but due to Due to the algebraic properties of the ROT function, SASI is proven to be susceptible to bit tampering (Dimitriou, T.(2005). A Lightweight RFID Protocol to protect against Traceability and Cloning attacks[C] / / Proceedings of First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm2005), Athens, Greece, ISBN: 0769523692) Desynchronization attack

The protocol designed by Peris Lopez relies entirely on the reader PRNG (pseudo-random number generator) to provide freshness, which saves the computational overhead of tags, but the protocol is also vulnerable to desynchronization attacks (Li T Wang. Security analysis of two ultra-lightweight RFID authentication protocols[C] / / Proceedings of the IFIP TC-1122nd International Information Security Conference IFIP SEC2007.South Africa:2007:109-120) and algebraic attacks (Gidas Avoine, Xavier Carpent.Strong Authentication and Strong Integrity(SASI)Is Not That Strong[C] / / The6th International Workshop.RFIDSec2010.Turkey: Istanbul, 2010, 50-64)

Images