基于矩阵理论的RFID认证协议设计及BAN逻辑分析
开篇:润墨网以专业的文秘视角,为您筛选了一篇基于矩阵理论的RFID认证协议设计及BAN逻辑分析范文,如需获取更多写作素材,在线客服老师一对一协助。欢迎您的阅读与分享!
文章编号:10019081(2013)07185404
doi:10.11772/j.issn.10019081.2013.07.1854
摘 要:
针对目前提出的射频识别(RFID)认证协议大多不能抵抗重放攻击和数据篡改攻击的问题,提出了一种能抵抗这些攻击的低成本安全协议――基于矩阵的安全协议(MSP)。该协议基于矩阵理论的矩阵乘法向量积和伪随机数生成器(PRNG),实现所需门电路不超过1000此处能否写成1000,请明确。,满足低成本的要求。与基于同等算法的已有协议分析得出MSP大大降低了标签存储量和计算复杂度。最后,经BAN逻辑分析证明MSP实现了安全认证。因此,MSP非常适用于rfid环境。
中图分类号: TP391.45文献标志码:A
英文标题
Matrixbased authentication protocol for RFID and BAN logic analysis
Matrixbased security protocol for radio frequency identification
英文标题与中文标题不一致,需要补充英文标题名称。
英文作者名
LI Hongjing*, LIU Dan
英文地址(
Research Institute of Electronic Science and Technology, University of Electronic Science and Technology of China,
Chengdu Sichuan 611731, China英文摘要)
Abstract:
Currently, most of proposed Radio Frequency Identification (RFID) authentication protocols cannot resist replay attack and altering attack. This article proposed a lowcost secure protocol, called Matrixbased Secure Protocol (MSP), which could resist these attacks. MSP utilized matrixtheory and Pseudo Random Number Generator (PRNG), and required only 1000 gate equivalents. Compared to previous proposed protocols using the same algorithm, MSP had less demand on the storage and the computing capability. Then, this article analyzed the security of MSP with BurrowsAbadiNeedham (BAN) logic. The conclusion is that MSP applies to RFID well.
Currently, most of proposed Radio Frequency Identification (RFID) authentication protocols can not resist replay attack and altering attack, this article proposed a lowcost secure protocol, called Matrixbased Secure Protocol (MSP), which could resist these attacks. MSP utilized matrixtheory and PRNG, and required only 1K gate equivalents. Compared to previous proposed protocols using the same algorithm, MSP had less demand on the storage and the compute capability. Then, this article analysed the security of MSP with BAN logic. The conclusion is MSP apply to RFID well
英文关键词Key words: matrix theory; Radio Frequency Identification (RFID); authentication protocol; BurrowsAbadiNeedham (BAN) logic
0 引言
射频识别(Radio Frequency Identification, RFID)系统一般由数据库、读写器和标签组成。RFID认证协议运行在读写器和标签间,且假设读写器和标签所处的射频环境是不安全的,数据库和读写器间的通信是安全的,如图1所示。为保证传输中数据的安全性,一般要对信息进行加密。目前提出的RFID认证协议基于的加密算法大致可分为三类:基于比特运算和循环冗余校验(Cyclic Redundancy Check, CRC)等简单算法、基于哈希函数的算法和基于对称或非对称加密算法。
图1 RFID系统
基于简单算法的代表有遵循电子产品码一类二代(Electronic Product Code Class 1 Generation 2, EPC C1G2)标准的RFID认证协议。其特点是标签支持16位的伪随机数和16位的CRC校验,两个32位的kill口令和访问口令。Duc等[1]协议的后端数据库和标签间每轮共享相同的伪随机数作为共享秘密来认证。Chien等[2]指出它不能抵抗重放攻击,并提出一个相似的改进协议。之后,PerisLopez等[3]利用性质CRC(ab)CRC(ad)=CRC(bd)篡改Chien协议的消息可以假冒成合法的标签或数据库,并指出明文传输的EPC码和CRC校验算法的使用使得EPC C1G2协议的安全性不高。
一些人认为简单算法的易破解使得基于其算法设计的协议安全性不能保证,所以基于哈希函数设计RFID认证协议:Sarma等[4-5]提出HashLock方案,传输过程中用metaID表示一个标签ID,避免了真实ID被敌手侦听,但metaID是固定的,因此攻击者可重放消息假冒成合法的标签。Weis等[6]提出的随机化HashLock方案攻击者只要重放标签发送过的消息就可被认证。Ohkubo等[7]提出的HashChain方案利用两个杂凑函数进行认证。但协议仍然不能抵抗重放攻击。Choi等[8]提出的协议每轮认证的信息中标签中变量c是递增的,因此攻击者可递增r,用篡改后的r发起下一轮认证,就能以1/2的概率假冒成合法的读写器。