针对Doss协议的不足,提出了一种改进的轻量级移动RFID认证协议。首先使用二次剩余混合随机数加密的方法提高后台服务器识别速度;在阅读器端添加时间戳生成器,抵御阅读器冒充及重放攻击。新协议标签端只采用成本较低的伪随机数生成、模平方以及异或运算,遵循了EPC C1G2标准,且实现了移动RFID环境下的安全认证。理论分析及实验显示了新协议提高了Doss协议后台识别速度,并满足标签和阅读器的匿名性、阅读器隐私、标签前向隐私等安全需求,更有效抵抗已有的各种攻击:重放、冒充、去同步化攻击等。与同类RFID认证协议相比,实用性更佳。%In view of the shortages of Doss’s protocol,an improved lightweight mobile RFID authentication protocol is proposed. Firstly,we adopt the method of using mixed quadratic residue and random number encryption to im⁃prove the recognition rate of the background server;secondly add timestamp generator in the reader side to resist reader impersonation and replay attacks. The proposed scheme realizes secure authentication under the mobile envi⁃ronment and follows the EPC C1G2 standard because we use only low cost computations such as pseudo-random number generator,modular square and XOR operation in the tag side. Theoretical analysis and experiments show that the new protocol not only improves the background recognition speed of Doss’s protocol,but also provides tag and reader’s anonymity,reader privacy,tag forward privacy;simultaneously,the proposed protocol resists the exist⁃ing various attacks:replay,impersonation,desynchronize attacks more effectively. Compared with the similar RFID authentication protocols,the utility of new protocol is better.
展开▼
