计算机工程与应用 ›› 2023, Vol. 59 ›› Issue (18): 268-277.DOI: 10.3778/j.issn.1002-8331.2205-0362

• 网络、通信与安全 • 上一篇    下一篇

面向RFID的轻量级双向认证协议

贺嘉琦,彭长根,付章杰,许德权,汤寒林   

  1. 1.贵州大学 公共大数据国家重点实验室,贵阳 550025
    2.贵州大学 计算机科学与技术学院,贵阳 550025
    3.贵州大学 贵州省大数据产业发展应用研究院,贵阳 550025
    4.南京信息工程大学 计算机学院、网络空间安全学院,南京 210044
    5.贵州数据宝网络科技有限公司,贵阳 550025
  • 出版日期:2023-09-15 发布日期:2023-09-15

Lightweight Bidirectional Authentication Protocol for RFID

HE Jiaqi, PENG Changgen, FU Zhangjie, XU Dequan, TANG Hanlin   

  1. 1.State Key Laboratory of Public Big Data, Guizhou University, Guiyang 550025, China
    2.College of Computer Science and Technology, Guizhou University, Guiyang 550025, China
    3.Guizhou Big Data Academy, Guizhou University, Guiyang 550025, China
    4.School of Computer Science, School of Cyberspace Security, Nanjing University of Information Science & Technology, Nanjing 210044, China
    5.Guizhou Data Pay Network Technology Co., Ltd., Guiyang 550025, China
  • Online:2023-09-15 Published:2023-09-15

摘要: 为了提高无线射频识别(RFID)系统执行身份认证的效率和解决通信双方身份隐私保护问题,提出一种新的轻量级RFID双向认证协议,该协议主要采用ECC密码算法和Hash函数。基于Hash函数、ECC密码算法与或运算,使用随机数生成器生成不可预测的消息认证码以保障双向认证时传输消息的新鲜性;通过椭圆曲线加密算法隐藏通信双方的真实身份,基于ECDLP(椭圆曲线离散对数问题)困难问题,在保证身份隐私的前提下,采用两轮消息交互的模式让通信双方相互验证新鲜的消息认证码来实现协议的双向认证;通过指定密钥种子协商出标签和服务器的共享会话密钥,并设计密钥自动更新机制以实现双方的密钥同步。与部分典型的双向认证协议进行分析对比,所提出的双向认证协议相较同类的双向认证协议最多节省近40%的计算时间和25%的存储空间,并且能够支持多种安全需求和抵抗不同的恶意攻击。

关键词: Hash函数, 椭圆曲线加密算法(ECC), 无线射频识别(RFID), 双向认证协议, 安全性分析

Abstract: In order to improve the efficiency of identifying authentication in radio frequency identification(RFID) system and solve the problem of protecting privacy of communication participants, a novel lightweight RFID bidirectional authentication protocol is proposed. The protocol adopts ECC cryptographic algorithm and Hash function. Firstly, based on Hash function, ECC cryptographic algorithm and or operation, the random number generator is used to generate the unpredictable message authentication code to ensure the freshness of transmitted information during bidirectional authentication. Then, the real identity of the communication participants is hidden via using elliptic curve encryption algorithm. Based on ECDLP difficult problem and ensuring the identity privacy, the protocol adopted two rounds of message interaction mode for the communication participants to verify the fresh message authentication code, so as to achieve the bidirectional authentication. Finally, the shared session key of the tag and server is negotiated by specifying the key seed. The automatic rekeying mechanism is designed to realize the key synchronization between the two participants. In comparison with some typical bidirectional authentication protocols, the proposed bidirectional authentication protocol can save the computation time by up to 40% and the storage space by up to 25%. In addition, it can support the multiple security requirements and resist different malicious attacks.

Key words: Hash function, elliptic curve cryptography(ECC), radio frequency identification(RFID), bidirectional authentication protocol, safety analysis