| As a perception technology of the IoT (Internet of Tings), Radio Frequency Identification(RFID) technology is one of the most promising technologies in the field of ubiquitous computing. RFID technology is invited as the replacement of barcode technology. Although it offers many advantages over other identification systems, the associated security and privacy problem are not easy to be addressed and even become the impediment of the pervasive of the technology.With the progress of IoT, RFID has been infiltrated into every aspect of people’s lives, some applications even involving sensitive information of user’s, such as human implantation, electronic passport, etc.. Therefore, the security problem of RFID technology is no longer a simple problem of data security; it also involves the problem of user privacy. Security and privacy problems of RFID technology will become an important obstacle to the technology popularization.Tags can be divided into passive, active and semi-active according to the energy acquisition, and can also be divided into the low cost and high cost according to the price. Standard encryption solutions have good property in terms of safety, but the requirements of circuit size, energy consumption, and memory capacity are also high. Passive low cost tags can only use lightweight encryption technology due to price and energy constraints, and its security and privacy issues are extremely difficult to solve.An extensive and deeply research on the security and privacy problems of passive low cost tags are conducted in this thesis, and mainly focus on the solving of security and privacy issues of supply chain system based on EPC Class1Generation2(EPC C1G2) RFID tags.According to the research on the solving methods of RFID security and privacy issues conducted based on the consulting of plenty of domestic and foreign related literatures, we decide to take the lightweight solutions based on hash function and pseudo random number generator as the research objective and give a comprehensive review of the state of arts of low complexity hash function, pseudo random number generator and lightweight RFID authentication protocols. Then a survey on security and privacy problems of RFID and the EPC Class1Generation2standard and the security problems are given. Starting from the Chapter3, the thesis conducts a deeply research on the security and privacy technology based on low complexity hash function and pseudo random number generator from aspects of the design of circuit and protocol and the construction of security model, and also puts forward some improved solutions.Firstly, a lightweight universal hash function HMISR based on parallel LFSR (Linear Feedback Shift Register) is proposed. Then taking HMISR as the main component, a lightweight pseudo random number generator M-PRNG is constructed using randomized iterates technology. Later, the thesis proposes a ownership transfer mutual authentication protoco πOTP based on universal hash function and pseudo random number generator and proves the security of πOTP under the standard model. Finally, a ownership transfer UC model is constructed and the UC security of πOTP is proved under the model.The innovations of this thesis are summarized as follows:(1) A universal hash function with low complexity that suitable for low cost passive RFID tags is proposed. Hash function is an important component of authentication protocol, and is usually used in many lightweight RFID authentication protocol for the protection of the tag identification. But there are rarely researches of hardware implementation of hash function suitable for low cost passive RFID tags. To the best of my knowledge, only two hash functions based on LFSR, Toeplitz hash and CRC hash, were proposed. Taking parallel LFSR as the basic component HM-hash provides the security of hash function using one-wayness brought by the information loss in the process of compression. As shown through strict theoretical proof, HM-hash is a regular hash function with balance equals to1. It is also an almost universal hash function family and can ensure its high security. Hardware implementation shows that the structure of HMhash is simple and is better than Toeplitz hash in aspects of security and hardware complexity (see Section3.3and3.4).(2) A pseudo random number generator M-PRMG with low complexity that suitable for low cost passive RFID tags is proposed. Pseudo random number generators are usually used in RFID authentication protocols for providing randomness in the process of tag authentication. Moreover, pseudo random numbers are also used in EPC C1G2standard for anti-collision of the tags. The present research of PRNG suitable for RFID tags are mainly combination of LFSR and true random number. But the disadvantage of this kind of PRNG is high power consumption and low efficiency. A hardware implementation LAMED specifically tailored for EPC C1G2applications has been proposed. But the security of LAMED is poor with only simple logic XOR as the main operation. In this thesis, taking the universal hash function HM-hash as the basic component, a pseudo random number generator, namely PRNG, based on one-way function iteration is proposed. The main representatives of such kind of generators are BMY and GKL generator. The BMY is a generator with simple structure and high efficiency, the seed length is linear to the input of one-way function. But there is a disadvantage of BMY generator that the one-way function must be a one-way permutation. GKL generator is constructed from regular one-way functions through the technology of Randomized Iterate that introducing randomness in the process of iteration. But the one-way function used in GKL generator should be length preserving function which is one-way permutation in essence. In this thesis, a PRNG suitable for RFID tags, namely M-RPNG, is proposed.Using optimized Randomized Iterate technology, the M-RPNG has the advantages of both BMY and GKL generators. The security of the M-RPNG requires that the underlying function is regular one-way function and the randomization is introduced by universal hash functions in the process of iteration. When compared with BMY generators, the M-RPNG has the same linear seed length but looser requirement of one-way function requirement. In the aspect of hardware complexity, taking LFSR as the main structure of one-way function and universal hash functions, the M-RPNG has even lower hardware complexity when compared with other PRNG such as Grain, LAMED. The security of M-RPNG is theoretically proved through the proof of the indistinguishability of the sequence generated by M-RPNG and the true random sequence. The sequence generated by M-RPNG has passed all items of NIST test and completely compatible with EPC C1G2standard (see section4.3).(3) A standard model and a Universally Composable (UC) framework of ownership transfer privacy are constructed. The design of security and privacy protocols should based on a specific model that including the capacity adversary, security and privacy objects and system settings. The security and privacy properties of the protocol should also be verified by the model. At present, the standard models of privacy and security mainly take forward privacy as the highest privacy requirement and seldom concerning about the ownership transfer privacy problem. In this thesis, by expand the most commonly used Vaudenay model to include forward untraceability, a ownership transfer privacy model is constructed. According to the security and privacy requirements in supply chain system, the model defines the properties of security; privacy and correctness (see section5.2). The security of the protocol πOTP,is verified under the model (see section5.5). The UC framework specifies a particular approach t security proofs, and guarantees the security of the complex system that be composed of protocols of UC security. Considering that RFID is usually as part of a complex network, the thesis verifies the UC security of the protocol πOTP in order to ensure the security of the system that taking RFID as constituent part. For the first time, the ownership transfer ideal functionality FOTP is designed and the ownership transfer UC framework is constructed in this thesis, on the basis of forward privacy UC framework (see section5.6.2). After the design of the emulator that transfers the real world protocol to the ideal process, the UC security of protocol πOTP is proofed by successive approximation method. The UC security of protocol πOTP ensures the system security of the IoT that is composed of RFID systems.(4) An ownership transfer privacy mutual authentication protocol πOTP is proposed. Ownership transfer privacy, including forward untraceability and backward untraceability, is a specific privacy problem in supply chain. The main shortcoming of current research on ownership transfer privacy is that the protocols mostly need the help of a trusted third party or individual ownership transfer environment and can’t realize the true ownership transfer privacy. In this thesis, a ownership transfer privacy protocol with mutual authentication, namely πOTP, is proposed by improving the OSK forward privacy protocol so that it can be against the DoS attack and has forward untraceability and mutual authentication. In order to achieve anonymity and ensure the location privacy and untraceability, there are one private key in the πOTP protocol that is updated in each response by the pseudo random number generator. In order to realize mutual authentication, usability and privacy, there are one public key in the πOTP protocol that maintained both in the tag and the back end database that is updated by universal hash function after each successful authentication. Taking universal hash function and PRNG as the cryptography elements, πOTP is a kind of lightweight authentication protocol suitable for low cost passive RFID tags. The security of πOTP is provided by the anti-collision of universal hash function and the indistinguishability of pseudo random numbers and the true random numbers (see section5.4). |
PDF Full Text Request