Abstract: In view of the poor mobility of the existing RFID security authentication protocol, as well as the tracking, and data synchronization problems caused by the failure of the agreements key update, this paper proposes a mobile RFID security authentication protocol based on dynamic key. Random number is used to select the authentication key dynamically, which can not only keep the freshness of the key, but also avoid tracking and data synchronization problems. A preprocess of reader is taken on the server, which can effectively prevents impersonation and denial of service attacks on the server from the external illegal reader. This paper analyses the performance and security of the protocol. The analysis results show that the protocol meets the security requirements and has good mobility and low computational complexity, which is suitable for large-scale mobile RFID system.

Key words: mobile RFID, dynamic key, safety, privacy, authentication protocol, protocol analysis

摘要： 针对现有RFID安全认证协议可移动性差，以及现有协议密钥更新失败导致的跟踪、数据不同步问题，提出了一种基于动态密钥的移动RFID安全认证协议。采用随机数来动态选取认证密钥，既保证了密钥新鲜性，又避免跟踪与数据不同步问题，并且在服务器上对阅读器进行一个预处理操作，有效地阻止了外部非法阅读器对服务器发起的假冒攻击和拒绝服务攻击。分析了协议的性能和安全性，分析结果表明该协议达到了安全性要求且移动性强，计算复杂度低，适用于大规模移动RFID系统。

关键词: 移动RFID, 动态密钥, 安全, 隐私, 认证协议, 协议分析