Computer Engineering and Applications ›› 2019, Vol. 55 ›› Issue (7): 120-126.DOI: 10.3778/j.issn.1002-8331.1801-0227

Previous Articles     Next Articles

Mobile RFID Bidirectional Authentication Protocol Based on  Cross-Bitwise Operation

ZHAN Shanhua   

  1. Department of Information Management, Guangdong Justice Police Vocational College, Guangzhou 510006, China
  • Online:2019-04-01 Published:2019-04-15

基于交叉位运算的移动RFID双向认证协议

占善华   

  1. 广东司法警官职业学院 信息管理系,广州 510006

Abstract: In the traditional RFID system, the communication through the wired way is generally considered to be secure between the reader and the database. When designing the bidirectional authentication protocol, the both are regarded as a whole. However, with the rise of emerging industries such as mobile payment, the mobile RFID system is necessary to be applied, which means the reader and the database no longer communicate through the wired way, but through wireless way, so the communication channel is not secure and reliable. When designing the authentication protocol, the both can’t be regarded as a whole, so that the traditional RFID system can not be well applied to the mobile payment process. In order to solve the above problem, an ultra-lightweight authentication protocol suitable for mobile RFID systems is proposed. The proposed protocol uses cross-bitwise operation to encrypt the transmitted information so that the protocol can achieve ultra-lightweight level and reduce the amount of computation at the tag to a certain extent. The tripartite communication entities the tag, the reader and the database need to be authenticated before they perform other operations. During the encryption process, the introduction of random numbers, can keep the transmission of information fresh, and can improve the difficulty of the attacker’s crack. The security analysis shows that the protocol has high security and can ensure the security of communication information. The performance analysis shows that the proposed protocol has less computational complexity and lower cost.

Key words: RFID, cross-bitwise operation, ultra-lightweight, mobile system, random numbers

摘要: 在传统的RFID系统中,读写器与后台数据库之间通过有线方式进行通信,一般认为安全,在设计双向认证协议过程中,将两者看成一个整体;而移动支付等新兴产业的兴起,需要运用到移动的RFID系统,即读写器与后台数据库之间不再通过有线方式进行通信,而是通过无线方式通信,从而使得该通信信道不在安全可靠,故在设计认证协议中,不能再将两者看成一个整体,因此传统的RFID系统无法很好的适用于移动支付过程。为解决上述问题,提出一种超轻量的适用于移动RFID系统的认证协议。所提协议采用交叉位运算对所要传输信息进行加密,使得协议能够达到超轻量级别,同时能够一定程度上减少标签端的计算量;标签、读写器、后端数据库通信实体三方需通过认证,才可进行其他操作;加密过程中,随机数的引入,能够保障传输信息的新鲜性,同时增加攻击者的破解难度。安全性分析表明,协议具备较高的安全性,能够确保通信信息的安全;性能分析表明,所提协议具有较少的计算量,具备低成本的特性。

关键词: 无线射频识别(RFID), 交叉位运算, 超轻量级, 移动系统, 随机数