采用PUF保护位置隐私的轻量级RFID移动认证协议
|
摘要
将RFID(radio frequency identification)技术应用于供应链管理,可极大提高供应链系统的识别效率和商品信息的追溯能力。EPC C1G2(electronic product code class 1 generation 2)标准凭借远距离识别和低成本标签的价格优势成为供应链中应用最广的协议标准。针对低成本标签的安全和隐私问题,采用PUF(physical unclonable function)作为密钥生成机制以抵御攻击者假冒攻击,实现商品的防伪保护;引入对读写器身份的安全认证,以适应供应链中移动认证的应用环境;采用二次剩余定理和不断更新的共享密钥机制实现标签的前向和后向不可追踪性,保护标签携带者的位置隐私。仿真结果表明,服务器的识别效率为O(1),满足供应链对RFID系统可拓展的应用要求。
The application of RFID(radio frequency identification) technology in the supply chain management can greatly improve the traceability of commodity information and the identification efficiency of the supply chain system. With the advantages of long-distance identification and low-cost tag price, the EPC C1G2(electronic product code class 1 generation 2) has become the most widely used protocol standard in the supply chain. Aiming at the security and privacy problem of low-cost tag, PUF(physical unclonable function) is adopted to generate the session key to resist impersonation attack and achieve anti-counterfeit protection of commodity. The security authentication of reader identity is introduced to adapt to the application environment of mobile authentication in the supply chain. The location privacy of the tags owner can be well protected by using the quadratic residue theorem and the constantly updated share key which achieves the tag s forward untraceable and backward untraceable properties. Simulation results show that the identification efficiency of server is O(1) which means the proposed methods can meet the scalable requirement of supply chain system.
The application of RFID(radio frequency identification) technology in the supply chain management can greatly improve the traceability of commodity information and the identification efficiency of the supply chain system. With the advantages of long-distance identification and low-cost tag price, the EPC C1G2(electronic product code class 1 generation 2) has become the most widely used protocol standard in the supply chain. Aiming at the security and privacy problem of low-cost tag, PUF(physical unclonable function) is adopted to generate the session key to resist impersonation attack and achieve anti-counterfeit protection of commodity. The security authentication of reader identity is introduced to adapt to the application environment of mobile authentication in the supply chain. The location privacy of the tags owner can be well protected by using the quadratic residue theorem and the constantly updated share key which achieves the tag s forward untraceable and backward untraceable properties. Simulation results show that the identification efficiency of server is O(1) which means the proposed methods can meet the scalable requirement of supply chain system.
引文
[1] Dimitriou T. Key evolving RFID systems:forward/backward privacy and ownership transfer of RFID tags[J]. Ad Hoc Networks, 2016, 37:195-208.
[2] Xie R, Xu C X, Chen W J, et al. An RFID authentication protocol anonymous against readers[J]. Journal of Electronics&Information Technology, 2015, 37(5):1241-1247.
[3] Jisha S, Philip M. RFID based security platform for internet of things in health care environment[C]//Proceedings of the Online International Conference on Green Engineering and Technologies, Coimbatore, Nov 19, 2016. Piscataway:IEEE,2017:1-3.
[4] Fan K, Jiang W, Li H, et al. Lightweight RFID protocol for medical privacy protection in IoT[J]. IEEE Transactions on Industrial Informatics, 2018, 14(4):1656-1665.
[5] Kaul S D, Awasthi A K. Privacy model for threshold RFID system based on PUF[J]. Wireless Personal Communications,2017, 95(3):2803-2828.
[6] Becker G T. On the pitfalls of using arbiter-PUFs as building blocks[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2015, 34(8):1295-1307.
[7] Rahman M T, Rahman F, Forte D, et al. An aging-resistant RO-PUF for reliable key generation[J]. IEEE Transactions on Emerging Topics in Computing, 2016, 4(3):335-348.
[8] Sundaresan S, Doss R, Piramuthu S, et al. A secure search protocol for low cost passive RFID tags[J]. Computer Networks, 2017, 122:70-82.
[9] Ray B, Chowdhury M, Abawaiy J. PUF-based secure checker protocol for networked RFID systems[C]//Proceedings of the IEEE Conference on Open Systems, Subang, Oct 26-28,2014. Piscataway:IEEE, 2014:78-83.
[10] Alagheband M R, Aref M R. Simulation-based traceability analysis of RFID authentication protocols[J]. Wireless Personal Communications, 2014, 77(2):1019-1038.
[11] Vaudenay S. On privacy models for RFID[C]//LNCS 4833:Proceedings of the 13th International Conference on the Theory and Application of Cryptology and Information Security,Kuching, Dec 2-6, 2007. Berlin, Heidelberg:Springer, 2007:68-87.
[12] Zhang W. Research on key techniques in identification and security for low-cost RFID systems[D]. Wuhan:Huazhong University of Science and Technology, 2014.
[13] Doss R, Zhou W L, Yu S. Secure RFID tag ownership transfer based on quadratic residues[J]. IEEE Transactions on Information Forensics&Security, 2013, 8(2):390-401.
[14] Chen X Q, Cao T J, Zhai J X. Provable secure for the lightweight RFID ownership transfer protocol[J]. Journal of Electronics&Information Technology, 2016, 38(8):2091-2098.
[15] Liang W, Liao B, Long J, et al. Study on PUF based secure protection for IC design[J]. Microprocessors&Microsystems,2016, 45:56-66.
[16] Armknecht F, Maes R, Sadeghi A, et al. A formalization of the security features of physical functions[C]//Proceedings of the 32nd IEEE Symposium on Security and Privacy,Berkeley, May 22-25, 2011. Washington:IEEE Computer Society, 2011:397-412.
[2]谢润,许春香,陈文杰,等.一种具有阅读器匿名功能的射频识别认证协议[J].电子与信息学报, 2015, 37(5):1241-1247.
[12]张维.低成本RFID系统的识别与安全关键技术研究[D].武汉:华中科技大学, 2014.
[14]陈秀清,曹天杰,翟靖轩.可证明安全的轻量级RFID所有权转移协议[J].电子与信息学报, 2016, 38(8):2091-2098.
[2] Xie R, Xu C X, Chen W J, et al. An RFID authentication protocol anonymous against readers[J]. Journal of Electronics&Information Technology, 2015, 37(5):1241-1247.
[3] Jisha S, Philip M. RFID based security platform for internet of things in health care environment[C]//Proceedings of the Online International Conference on Green Engineering and Technologies, Coimbatore, Nov 19, 2016. Piscataway:IEEE,2017:1-3.
[4] Fan K, Jiang W, Li H, et al. Lightweight RFID protocol for medical privacy protection in IoT[J]. IEEE Transactions on Industrial Informatics, 2018, 14(4):1656-1665.
[5] Kaul S D, Awasthi A K. Privacy model for threshold RFID system based on PUF[J]. Wireless Personal Communications,2017, 95(3):2803-2828.
[6] Becker G T. On the pitfalls of using arbiter-PUFs as building blocks[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2015, 34(8):1295-1307.
[7] Rahman M T, Rahman F, Forte D, et al. An aging-resistant RO-PUF for reliable key generation[J]. IEEE Transactions on Emerging Topics in Computing, 2016, 4(3):335-348.
[8] Sundaresan S, Doss R, Piramuthu S, et al. A secure search protocol for low cost passive RFID tags[J]. Computer Networks, 2017, 122:70-82.
[9] Ray B, Chowdhury M, Abawaiy J. PUF-based secure checker protocol for networked RFID systems[C]//Proceedings of the IEEE Conference on Open Systems, Subang, Oct 26-28,2014. Piscataway:IEEE, 2014:78-83.
[10] Alagheband M R, Aref M R. Simulation-based traceability analysis of RFID authentication protocols[J]. Wireless Personal Communications, 2014, 77(2):1019-1038.
[11] Vaudenay S. On privacy models for RFID[C]//LNCS 4833:Proceedings of the 13th International Conference on the Theory and Application of Cryptology and Information Security,Kuching, Dec 2-6, 2007. Berlin, Heidelberg:Springer, 2007:68-87.
[12] Zhang W. Research on key techniques in identification and security for low-cost RFID systems[D]. Wuhan:Huazhong University of Science and Technology, 2014.
[13] Doss R, Zhou W L, Yu S. Secure RFID tag ownership transfer based on quadratic residues[J]. IEEE Transactions on Information Forensics&Security, 2013, 8(2):390-401.
[14] Chen X Q, Cao T J, Zhai J X. Provable secure for the lightweight RFID ownership transfer protocol[J]. Journal of Electronics&Information Technology, 2016, 38(8):2091-2098.
[15] Liang W, Liao B, Long J, et al. Study on PUF based secure protection for IC design[J]. Microprocessors&Microsystems,2016, 45:56-66.
[16] Armknecht F, Maes R, Sadeghi A, et al. A formalization of the security features of physical functions[C]//Proceedings of the 32nd IEEE Symposium on Security and Privacy,Berkeley, May 22-25, 2011. Washington:IEEE Computer Society, 2011:397-412.
[2]谢润,许春香,陈文杰,等.一种具有阅读器匿名功能的射频识别认证协议[J].电子与信息学报, 2015, 37(5):1241-1247.
[12]张维.低成本RFID系统的识别与安全关键技术研究[D].武汉:华中科技大学, 2014.
[14]陈秀清,曹天杰,翟靖轩.可证明安全的轻量级RFID所有权转移协议[J].电子与信息学报, 2016, 38(8):2091-2098.