Design And Analysis Of RFID Authentication And Ownership Transfer Protocols

Radio frequency identification(RFID)technology,which uses wireless RF signal to realize non-contact mutual communication,is a kind of automatic identification technology and is widely used in transportation,logistical supply chain management,library management,retail and other fields with the advantages of fast,efficient,reliable and non-visual distance reading.However,the open authentication environment of RFID technology provides convenience for malicious attackers,meanwhile,because the low-cost tag is limited by the capacity of storage and computational processing,mature cryptography algorithms cannot be applied to it to ensure the security of privacy information,therefore,it is essential to design a secure,efficient and low-cost RFID authentication scheme.With the rapid development of the Internet of Things,RFID technology will play a more and more important role in the commodity supply chain management,in order to store large amounts of information of commodities,reduce the maintenance cost of the system and improve the mobility of the reader,researchers use the cloud database instead of the traditional back-end database,in addition,in the process of commodity circulation,with the tagged commodities continue to change ownership,the ownership of the tag will also be transferred,therefore,it is very important to design a reasonable ownership transfer scheme to eliminate the security and privacy threats in the transfer of ownership.Based on an in-depth analysis of security and privacy threats to the RFID system,this thesis focuses on the RFID security authentication protocol and the cloud-based tag ownership transfer protocol,the main achievements are as follows:At first,a PUF-based two-party identification protocol which applies to single tag is designed for low-cost RFID system.This protocol,which regards the reader and the back-end database as a whole to communicate with the tag,uses PUF and fuzzy extractor to generate shared key and realize key exchange,and relies on pseudo-random function to realize mutual authentication between the server and the tag.The tag remains anonymous to the third party throughout the communication process,and the authentication protocol with backward and forward security can resist common attacks such as tracking,replay,counterfeiting,eavesdropping,tampering and desynchronization.Then,the security of proposed protocol is proved based on the formal analysis of BAN logic.Secondly,this thesis designs a cloud-based tag ownership transfer protocol to deal with the security issues caused by the transfer of commodity in the supply chain.The protocol takes advantage of the quadratic residual algorithms and hash function to achieve mutual authentication between the tag and the current reader firstly.After that,it relies on pseudo-random function and hash function to achieve mutual authentication between the current reader and the new reader so that the current reader can transmit information of tag to the new reader legally.Next,achieving mutual authentication between the new reader and the tag by using lightweight hash function and simple bit operations,and updating the key information to complete the transfer of ownership.The proposed ownership transfer protocol can guarantee the anonymity of the tag to the third party in the communication process and conduct tamper-proof verification for each session information.Furthermore,the protocol with backward and forward security can resist common attacks such as eavesdropping,counterfeiting,tampering,tracking,replay and desynchronization.Then,the security of proposed protocol is proved based on the formal analysis of BAN logic.Finally,HashOne-160/160/1,a lightweight hash function,is selected as the hash function used in the ownership transfer protocol,and its hardware logical structure analysis and behavior-level simulation are performed.The comprehensive results show that the HashOne-160/160/1 algorithm occupies low hardware resources and meets the low-cost requirements of RFID tags.