A Communication Protocol of RFID Systems in Internet of Things

04.07.2014 Views
International Journal of Security and Its Applications Vol. 6, No. 2, April, 2012 Definition1. If for any polynomial PK ( ) and sufficiently large K ,the function can satisfy ( ) , then we say that the function can be negligible. Mutual authentication: The tag should be able to achieve the certification of legitimate reader, that is, if the attacker R achieves tag T j ( j[1, M]) to certificate for R i by fabricating reader R ( a a [1, N ]) ,we denote it as Adv( R ) . Then the probability of success of R is Pr(Adv( R)) ( K) . The reader should be able to achieve the certification of legitimate tag, that is, if the attacker T achieves reader R i ( i[1, N]) to certificate for T j by fabricating legitimate tag T ( b b [1, M ]) , we denote it as Adv( T ) . Then the success probability of T is Pr(Adv( T) ( K) . Forward security: Even if an attacker obtains the tag status of its current time t 1 , the attacker cannot connect the status with the tag status obtained in previous one time t1 ( t1 t2) .That is, to j [1, M] , t 1 t 2 , the attacker Q has already known the information of tag T j in time t 2 , then calculate the information of the tag T j in time t 1 by the random oracle query, we denote it as Adv( Q ) . Then the success probability of R is Pr(Adv( Q)) ( K) . Indistinguishable: j1, j2 [1, M] , the attacker can’t distinguish and identify the secret information of T j and T 1 j , so as to recognize the target. That is, if the attacker D can 2 distinguish and identify the secret information of T j and T 1 j through random oracle queries, 2 we denote it as Iden( D ) .The success probability of D is Pr(Iden( D)) ( K) . Internal security: The legitimate reader and the legitimate tag within the system cannot communicate with each other by forgery and tampering. That is, i, j [1, N] , m, n [1, M] . R i(R j ) successfully identify tag T m(T n ) by fabricating R j(R i ) , we denote it as Adv( NR), Then Pr(Adv( NR) ( K) . If T m(T n ) through fabricating T n(T m ) is identified successfully by R i(R j ) , we denote it as Adv( NT ) , then Pr(Adv( NT)) ( K) . Security transfer of ownership: j [1, M] , when the tag T j transfer its ownership, then the tag T j become T j in the new system. The reader in original ownership system of tag T j cannot inquiry the information of tag T j . That is, i [1, N] , j [1, M] . The event that R i successfully get the tag T j after transferring the ownership of T j can be denoted as Adv( Z ) , Pr(Adv( Z)) ( K) . 4. SPAP 4.1 Protocol Design By analyzing the model and safe problems which need to be solved in RFID systems of internet of things, concluding advantages and disadvantages of today's typical RFID security protocols, the article proposes the protocol SPAP which uses symmetric encryption, one-way hash function and XOR. We assume every legitimate readers and tags that contain a unique EPC (Electronic Product Code),Symbols used in the protocol as Table 1 94

International Journal of Security and Its Applications Vol. 6, No. 2, April, 2012 EPC R i The EPC of reader i EPC T j The EPC of tag j Info( ) K ij ' K ij '' K ij Table 1. Symbols used in the Protocol EPC T Information contained in EPC j T j Key between reader i and tag j Key update once Key update twice of tag j EK ij ( x ) Encryption function with key K ij DK ij ( x ) Corresponding decryption function with EK ij ( x ) E ' ( x ) Symmetric encryption function with key K ij E ' ' ( x ) Symmetric encryption function with key K ij H( x ) Rand( x ) r e ' e ' K ij '' K ij One-way hash function XOR Random number generator Random numbers Certification function used in the key update phase Certification function used in the key update phase Is equal to Update to Generally, we assume that the reader i communicates with the tag j in the RFID system, The flow chart of the protocol shown in Fig1. It mainly consists of certification stage, key update phase and transfer stage of ownership. Tag j Saved Data E ( EPC ) Kij Ri Tj H ( EPC ) 1. rt , Read i 3. ar , 2.2.a ' ' Saved Data 5.Info( EPCT ), K , , j ij e e ' 6. ee , H( EPC ), r Ri Database Saved Data E ( EPC ), K Kij Tj ij 1. t H ( EPC ) r ' Kij Ri 2.1.computed t receivedt a H ( E ( EPC ) r) Kij Tj 7. E ( EPC ) e E ( EPC ) Tj Kij Tj ' ' computed e receivede E ( EPC ) E ( EPC ) K K T ' ij j K T ij j ij K ' ij Figure 1. SPAP Flow Chart 4.1.computed a receiveda 4.2. D ( E ( EPC )) EPC Kij Kij Tj Tj ' 5. Kij H ( Kij r) e E ( EPC ) E ( EPC ) K T ' ij j K T ij j ' e H E ' EPC K T ij j ( ( )) E ( EPC ) E ( EPC ) K K T ' ij j K T ij j ij K ' ij 95

Page 1 and 2: International Journal of Security a

Page 3: International Journal of Security a




rfid

attacker

reader

protocol

authentication

ownership

oracle

spap

successfully

applications

communication

www.sersc.org

A Communication Protocol of RFID Systems in Internet of Things

A Communication Protocol of RFID Systems in Internet of Things ... View more A Communication Protocol of RFID Systems in Internet of Things

Delete template?

Save as template ?

A Communication Protocol of RFID Systems in Internet of Things A Communication Protocol of RFID Systems in Internet of Things