摘要
针对低成本RFID协议中攻击者仅需要对截获信息进行特定的异或运算,并采用穷举运算即可分析出标签密码信息的漏洞,提出了一种应对密钥攻击的改进型安全协议.在发送端将协议中标签的随机数与标签识别码的随机函数值进行异或运算来加密传输,以免被攻击者窃取,在服务器端通过相关反运算,与服务器保存的标签EPC随机函数值进行异或运算,获取本次通信的随机数,并与服务器密钥进行数值运算,判断认证是否成功.结果表明:该协议切实可行,同时能抵御窃听、重放、跟踪、阻断、模拟等多种攻击,并且该协议对存储空间和计算能力等方面的要求更低,适合低成本标签使用.
Aiming at the loophole that in the low-cost RFID protocol,the attacker only needs to make the specific exclusive operation for the intercepted information and then uses the traversal operation to obtain easily the password information of tags,an improved security protocol for the key attack was proposed.At the sending side,the exclusive operation was performed for the random number generated in the protocol and the random function value of tag identification code in order to encrypt the transmission and to avoid being stolen by the attacker.At the server side,through the relative reverse operation and the exclusive operation of EPC random function of tag saved in the server,the random number of communication was obtained.At the same time,the calculation of concerning with the server key was performed to determine whether the authentication was successful.The results show that the protocol is feasible,and can resist such attacks as eavesdropping,replaying,tracking,blocking and simulation.The improved RFID protocol has less demand in the storage space and computing capacity,and is suitable for the low-cost tags.
作者
杨灵
蔡旭灿
吴霆
YANG Ling;CAI Xu-can;WU Ting(School of Information Science and Technology,Zhongkai University of Agriculture and Engineering,Guangzhou 510225,China)
出处
《沈阳工业大学学报》
EI
CAS
北大核心
2018年第5期528-534,共7页
Journal of Shenyang University of Technology
基金
国家自然科学基金资助项目(F010701)
广东省自然科学基金资助项目(9151022501000008)
广东省工业攻关资助项目(2015A020209173)
广州市产学研协同创新重大专项资助项目(201704020030)
关键词
RFID协议
射频识别
密钥攻击
安全协议
漏洞分析
随机数加密
无线通信
低成本标签
RFID protocol
radio frequency identification
key attack
security protocol
loophole analysis
random number encryption
radio communication
low-cost loophole
