摘要
文章针对当前典型的一类超轻量级RFID安全认证协议,首先给出了一种非同步攻击方案,随后分析了RAPP协议中存在的安全问题,最后提出一种改进的超轻量级RFID双向认证协议PAPP。新的协议改进了RAPP协议对消息的设计,并在标签存储中加入了只属于标签的伪随机数信息。伪随机数会在标签产生消息前进行更新,保证了标签端消息的新鲜性。该协议避免了已有RFID认证协议存在的安全缺陷。安全和性能分析表明该协议具有很强的安全和隐私保护属性,而且能抵抗各种恶意攻击,并且满足低成本RFID标签的要求。
Targeting to current typical ultra-lightweight RFID security authentication protocol, we proposed a desynchronization attack scheme. Then we analyzed the security vulnerabilities of RAPP protocol and proposed a novel ultra-lightweight RFID mutual authentication protocol named PAPP, which avoided the security hole in the previous RFID authentication protocols. The new protocol improved the design of the message of RAPP protocol, and added a random number that belongs only to the label, Random number would be updated in advance to ensure the freshness of the messge generated by the tag. Security analysis and performance evaluation showed that the protocol had not only possessed robust security and privacy protection properties, but also could resist various attacks and fit for the requirement of low-cost RFID system.
出处
《信息网络安全》
2016年第5期44-50,共7页
Netinfo Security
基金
国家自然科学基金[61170017]
中央高校基本科研业务费[CCNU2015GF0004]
关键词
RFID
超轻量级协议
非同步攻击
RFID
ultra-lightweight Protocol
desynchronization attack