| Radio Frequency Identification is a uncontact automatic identificaction technology, which is also called RFID. It rises in the 1960s-70s. At present, it has entered practical stage, and it is widely used in industrial production and daliy life. The application of this technology has improved the efficiency of production and management. However, there are many problems in application, the cost is too high, safety mechanism is undercapacity, and the standard is not unified. In response to the series of issues, EPCglobal put forward the second generation standard of RFID technology. The standard is mainly for the low-level labels of logistics'application. In view of its superiority, the RFID systems which are based on the second generation standard are replacing the first generation systems step by step. But the research on safety in this respect is also very scarce. In order to make good use of this technology, and achieve"Internet of things"earlier, It is very important and meaningful to develop a safe and efficient and low-cost protocol which is in accordande with the EPC G1G2 standard.In this essay, I first introduced RFID system's structure, EPC and"Internet of things", the RFID standards. By studying and analyzing the RFID system, I pointed out all possible security attacks and security principles which the RFID system should follow. And then, I analyzed some typical safety mechanisms, pointed out the shortcomings ans disparities.With the basis of the existing protocols, especially the Duc's protocol I proposed an improved protocol, which is a protocol based on dynamic secret-key for RFID's security in accordance with the EPC C1G2 standard. In this protocol, a method to make key update synchromously is proposed, which is also an old problem many protocols want to do but didn't succeed. So series of the security problems have been solved whith are caused by key's update unsynchronously, unauthorized access, replay attack, Dos attack and so on. In addition, the mechanism proposed to use double random numbers to ensure the message's fresh. And two different encryption methods have been taken in the backstage computer and the tags. The two ways improved the system's security further.Finally, I analyzed the communication process after the system being attacked, and verified the keys can update simultaneously. I also analyzed the protocol's anti-attack capability and feasibility. Moreover, I used the tool of analyzing protocol, as BAN Logic, to analyze and verify the protocol's security. By tracking the communication process, we can deduce the security objectives from the Initial conditions by make use of the logical rules, and it shows that the security can be guaranteed. |
PDF Full Text Request