CN102684872B - Safety communication method for ultrahigh frequency radio-frequency identification air interface based on symmetrical encryption - Google Patents

Abstract

Translated fromChinese

本发明公开了一种基于对称加密的超高频射频识别空中接口安全通信方法，该方法包括：系统标签对读写器的对称加密单向认证和系统读写器对标签的对称加密单向认证、读写器对标签的对称加密双向认证以及系统读写器与标签的安全通信，读写器和标签在认证中先进行认证密钥协商，然后通过加密能力的验证来判断对方身份的合法性，在认证结束后还产生随机的会话密钥，为读写器和标签的秘密通信提供安全信道。

The invention discloses a UHF radio frequency identification air interface secure communication method based on symmetric encryption. The method comprises: symmetric encryption one-way authentication of a system tag to a reader-writer and symmetric encryption one-way authentication of a system tag to a reader-writer , Bidirectional authentication of symmetric encryption between the reader and the tag and the secure communication between the reader and the tag of the system. During the authentication, the reader and the tag first negotiate the authentication key, and then judge the legitimacy of the identity of the other party through the verification of the encryption capability , after the authentication is over, a random session key is also generated to provide a secure channel for the secret communication between the reader and the tag.

Description

Translated fromChinese

基于对称加密的超高频射频识别空中接口安全通信方法UHF Radio Frequency Identification Air Interface Security Communication Method Based on Symmetric Encryption

技术领域technical field

本发明属于射频识别技术领域，涉及一种射频识别系统空中接口的安全机制，尤其涉及一种基于对称加密的超高频射频识别系统空中接口的安全认证与通信方法。The invention belongs to the technical field of radio frequency identification, and relates to a security mechanism of an air interface of a radio frequency identification system, in particular to a security authentication and communication method of an air interface of an ultra-high frequency radio frequency identification system based on symmetric encryption.

背景技术Background technique

射频识别(Radio Frequency Identification，简称RFID)技术是一种非接触式自动识别技术，其基本原理是利用射频信号和空间耦合传输特性，实现对被识物体的自动识别。超高频(UHF)RFID系统是指工作频率为800～900MHz的RFID系统。最简单的RFID系统包括电子标签(简称标签)、读写器和天线。其中，标签存储相关物体的各种信息，读写器通过射频信号与标签进行通信，获取标签上存储的识别信息，并可将处理后的信息再写入标签中。Radio Frequency Identification (RFID) technology is a non-contact automatic identification technology. Its basic principle is to use radio frequency signals and space coupling transmission characteristics to realize automatic identification of recognized objects. Ultra-high frequency (UHF) RFID system refers to an RFID system with a working frequency of 800-900MHz. The simplest RFID system includes electronic tags (referred to as tags), readers and antennas. Among them, the tag stores various information of related objects, and the reader communicates with the tag through radio frequency signals, obtains the identification information stored on the tag, and can rewrite the processed information into the tag.

RFID技术目前已经被广泛应用于工业自动化、商业自动化、交通运输控制管理等众多领域。随着RFID技术的广泛发展，RFID系统的安全问题特别是空中接口的安全问题日益突显，成为制约RFID技术应用发展的关键因素之一。由于无线通信信道的开放性，RFID系统的空中接口存在着极大的安全隐患，面临着各种安全风险和威胁，例如窃听、假冒、重放、跟踪、流量分析和信息篡改等攻击，因而亟需提出适合RFID系统硬件条件和应用需求的安全措施。RFID technology has been widely used in many fields such as industrial automation, commercial automation, and transportation control management. With the extensive development of RFID technology, the security problem of RFID system, especially the security problem of the air interface has become increasingly prominent, which has become one of the key factors restricting the development of RFID technology application. Due to the openness of the wireless communication channel, the air interface of the RFID system has great potential security risks and faces various security risks and threats, such as eavesdropping, counterfeiting, replay, tracking, traffic analysis, and information tampering attacks. It is necessary to propose security measures suitable for the hardware conditions and application requirements of the RFID system.

RFID系统的通信模型由三层组成，从下到上依次为：物理层、通信层和应用层。物理层主要解决电气信号、频道分配、物理载波等问题。通信层定义了读写器和标签通信的数据交换和指令。应用层用于解决和最上层应用直接相关的内容，包括识别、认证、应用层数据的表示以及处理逻辑等。国际工业界和学术界对RFID系统空中接口的安全问题提出的解决方案大致可以分为两类：一类是通过物理手段保护标签的安全性，主要位于通信模型的物理层和通信层；另一类是采用基于密码技术的安全协议，位于通信模型的应用层。The communication model of the RFID system consists of three layers, from bottom to top: physical layer, communication layer and application layer. The physical layer mainly solves problems such as electrical signals, channel allocation, and physical carrier. The communication layer defines the data exchange and instructions for the communication between the reader and the tag. The application layer is used to solve the content directly related to the uppermost application, including identification, authentication, representation of application layer data, and processing logic. The solutions proposed by the international industry and academia to the security problems of the air interface of the RFID system can be roughly divided into two categories: one is to protect the security of the label through physical means, which is mainly located in the physical layer and communication layer of the communication model; The class is a security protocol based on cryptography, located in the application layer of the communication model.

物理方法能从一定程度上解决RFID系统空中接口的安全问题，但是物理方法使标签的利用率低下，并且安全性不是太好。与物理方法相比，基于密码技术的安全协议越来越受到人们更多的青睐。它主要是使用各种认证和加密手段来确保标签和读写器之间的数据安全。由于标签资源有限，诸多基于密码技术的安全协议都是以Hash函数为核心设计的。但基于Hash函数的安全协议普遍存在位置泄露、明文传输ID信息、Hash值冲突等安全漏洞，不适合对安全性有一定要求的金融、外交和国防领域。使用完善的密码算法，如对称密码算法，能从根本上抵制窃听、流量分析、信息篡改、跟踪等攻击，确保数据的机密性、完整性、真实性、可用性等安全属性，是目前该方向的研究主流。The physical method can solve the security problem of the air interface of the RFID system to a certain extent, but the physical method makes the utilization rate of the tag low, and the security is not very good. Compared with physical methods, security protocols based on cryptography are more and more popular. It mainly uses various authentication and encryption methods to ensure the data security between the tag and the reader. Due to limited tag resources, many security protocols based on cryptographic technology are designed with Hash function as the core. However, security protocols based on Hash functions generally have security vulnerabilities such as location leakage, plaintext transmission of ID information, and Hash value conflicts, and are not suitable for financial, diplomatic, and national defense fields that have certain requirements for security. The use of sound cryptographic algorithms, such as symmetric cryptographic algorithms, can fundamentally resist attacks such as eavesdropping, traffic analysis, information tampering, and tracking, and ensure data security attributes such as confidentiality, integrity, authenticity, and availability. mainstream research.

发明内容Contents of the invention

本发明的目的在于，针对基于Hash函数的安全协议的不足，提出一种基于对称加密的超高频射频识别系统空中接口安全机制，实现双向认证，为读写器和标签的秘密通信提供安全信道。The object of the present invention is to propose a UHF radio frequency identification system air interface security mechanism based on symmetric encryption to realize two-way authentication and provide a secure channel for the secret communication between the reader and the label in view of the deficiency of the security protocol based on the Hash function .

为解决上述技术问题，本发明所采用的技术方案是：提供了一种基于对称加密的超高频射频识别空中接口安全认证方法，该方法由下述1)、2)、3)和4)组成：In order to solve the problems of the technologies described above, the technical solution adopted in the present invention is: a kind of UHF radio frequency identification air interface security authentication method based on symmetric encryption is provided, the method consists of following 1), 2), 3) and 4) composition:

1)系统标签与读写器的对称加密单向认证；1) Symmetrically encrypted one-way authentication of system tags and readers;

2)系统读写器对标签的对称加密单向认证2) Symmetric encryption one-way authentication of tags by system reader

3)读写器对标签的对称加密双向认证；3) Symmetrically encrypted two-way authentication of the tag by the reader;

4)系统读写器与标签的安全通信。4) Secure communication between system reader and tag.

所述的超高频射频识别，下文用UHF RFID表示。The ultra-high frequency radio frequency identification described below is represented by UHF RFID.

UHF RFID系统标签对读写器的对称加密单向认证，读写器在访问标签前先进行单向认证，能帮助实现系统分级的访问控制。The UHF RFID system tag performs one-way authentication on the reader with symmetric encryption, and the reader performs one-way authentication before accessing the tag, which can help realize hierarchical access control of the system.

UHF RFID系统读写器对标签的对称加密单向认证方法，读写器在访问标签前先对其进行单向认证，保障数据传输的可靠流向，防止非法标签恶意接入系统。The UHF RFID system reader uses a symmetric encryption one-way authentication method for the tag. The reader performs one-way authentication on the tag before accessing it to ensure the reliable flow of data transmission and prevent illegal tags from maliciously accessing the system.

UHF RFID系统读写器与标签的对称加密双向认证，对标签和读写器都进行认证，保证了通信双方的真实性。The symmetric encrypted two-way authentication between the reader and the tag of the UHF RFID system authenticates both the tag and the reader to ensure the authenticity of both sides of the communication.

UHF RFID系统读写器与标签的安全通信，读写器和标签进行单向认证或双向认证后，用随机生成的会话密钥加密高层的通信内容，有效地保证数据传输的机密性、完整性、真实性和可用性。UHF RFID system secure communication between the reader and the tag, after the reader and the tag perform one-way or two-way authentication, use a randomly generated session key to encrypt the high-level communication content, effectively ensuring the confidentiality and integrity of data transmission , authenticity and usability.

本发明提供UHF RFID系统中标签对读写器的单向认证、读写器与标签的双向认证以及读写器与标签的安全通信保证，能够抵御RFID空中接口面临的大部分攻击，包括：窃听攻击、重放攻击、假冒攻击、恶意追踪、信息篡改、前向攻击和后向攻击等，而且能保护标签持有者的隐私。The present invention provides one-way authentication of the tag to the reader-writer in the UHF RFID system, two-way authentication of the reader-writer and the tag, and secure communication guarantee between the reader-writer and the tag, and can resist most attacks faced by the RFID air interface, including: eavesdropping attack, replay attack, counterfeit attack, malicious tracking, information tampering, forward attack and backward attack, etc., and can protect the privacy of the tag holder.

本发明适用于无源UHF RFID系统，可以满足中高等级UHF RFID系统中读写器和标签空中接口的数据安全和隐私保护。The invention is suitable for passive UHF RFID systems, and can satisfy the data security and privacy protection of reader-writers and tag air interfaces in mid-to-high-level UHF RFID systems.

本发明的安全目标是：The security target of the present invention is:

(1)标签与读写器之间采用标准对称加密算法实现双向认证；(1) A standard symmetric encryption algorithm is used between the tag and the reader to realize two-way authentication;

(2)标签发送给读写器的带有数据的信息每次均不相同；(2) The information with data sent by the tag to the reader is different every time;

(3)根据标签发送给读写器的一个信息无法推断出其它的信息内容；(3) The content of other information cannot be deduced from a piece of information sent by the tag to the reader;

(4)根据标签与读写器之间相互传输的信息无法获知标签上承载的内容；(4) The content carried on the label cannot be known according to the information transmitted between the label and the reader;

(5)获取某一个标签的信息，无法通过这个信息推断出其它标签上的信息。(5) Obtain the information of a certain label, and the information on other labels cannot be deduced from this information.

本发明要求读写器和标签应该具备一定的计算和存储能力。读写器内置一个随机数产生器和一个加解密电路。标签中存储安全参数和标签密钥，标签内置一个随机数产生器和一个加解密电路。The present invention requires that the reader-writer and the tag should have certain computing and storage capabilities. The reader has a built-in random number generator and an encryption and decryption circuit. The tag stores security parameters and tag keys, and the tag has a built-in random number generator and an encryption and decryption circuit.

一、标签对读写器的对称加密单向认证流程如下：1. The symmetric encryption one-way authentication process of the tag to the reader is as follows:

(1)读写器发送安全参数获取命令Get_SecPara；(1) The reader sends the security parameter acquisition command Get_SecPara;

(2)标签发送安全参数SecPara；(2) The tag sends the security parameter SecPara;

(3)读写器根据安全参数中的安全功能，产生随机数N_r，发送请求认证命令Req_Auth(N_r)；(3) The reader generates a random number N_r according to the security function in the security parameter, and sends a request authentication command Req_Auth(N_r );

(4)标签产生随机数N_t，先用密钥K_t、N_r和N_t生成认证密钥AK，然后产生挑战字C_t，发送N_t和C_t；(4) The tag generates a random number N_t , first uses the keys K_t , N_r and N_t to generate the authentication key AK, then generates a challenge word C_t , and sends N_t and C_t ;

(5)读写器用安全参数中的密钥索引匹配标签密钥K_t，先用K_t、N_r和N_t生成认证密钥AK，然后产生会话密钥SK，再用AK加密C_t||SK，发送单向认证命令Auth(E_AK(C_t||SK))；(5) The reader uses the key index in the security parameter to match the tag key K_t , first uses K_t , N_r and N_t to generate the authentication key AK, then generates the session key SK, and then uses AK to encrypt C_t | |SK, send a one-way authentication command Auth(E_AK (C_t ||SK));

(6)标签用AK解密E_AK(C_t||SK)得到C_t’||SK，如果C_t’与C_t相等，标签认为读写器通过认证，且会话密钥为SK，标签返回操作状态State；否则标签认为读写器未通过认证，标签返回操作状态State。(6) The tag uses AK to decrypt E_AK (C_t ||SK) to get C_t '||SK, if C_t ' is equal to C_t , the tag thinks that the reader is authenticated, and the session key is SK, and the tag returns Operation state State; otherwise, the tag considers that the reader has not passed the authentication, and the tag returns the operation state State.

二、读写器对标签的对称加密单向认证流程如下：2. The symmetric encryption one-way authentication process of the reader to the label is as follows:

(1)读写器发送安全参数获取命令Get_SecPara；(1) The reader sends the security parameter acquisition command Get_SecPara;

(2)标签发送安全参数SecPara；(2) The tag sends the security parameter SecPara;

(3)读写器根据安全参数中的安全功能，产生随机数N_r和挑战字C_r，发送取得认证命令Get_Auth(N_r，C_r)；(3) The reader generates a random number N_r and a challenge word C_r according to the security function in the security parameters, and sends the authentication command Get_Auth(N_r , C_r );

(4)标签产生随机数N_t，先用密钥K_t、N_r和N_t生成认证密钥AK，然后产生会话密钥SK，用AK加密C_r||SK得到E_AK(C_r||SK)发送给读写器；(4) The tag generates a random number N_t , first uses the keys K_t , N_r and N_t to generate the authentication key AK, then generates the session key SK, encrypts C_r ||SK with AK to obtain E_AK (C_r | |SK) sent to the reader;

(5)读写器用安全参数中的密钥索引匹配标签密钥K_t，先用K_t、N_r和N_t生成认证密钥AK，再用AK解密E_AK(C_r||SK)得到C_r’||SK，如果C_r’与C_r相等，读写器认为标签通过认证，且会话密钥为SK，否则读写器认为标签未通过认证。(5) The reader uses the key index in the security parameter to match the tag key K_t , first uses K_t , N_r and N_t to generate the authentication key AK, and then uses AK to decrypt E_AK (C_r ||SK) to obtain C_r '||SK, if C_r ' is equal to C_r , the reader thinks the tag is authenticated, and the session key is SK, otherwise the reader thinks the tag is not authenticated.

三、读写器与标签的对称加密双向认证流程如下：3. The two-way authentication process of symmetric encryption between the reader and the tag is as follows:

(1)读写器发送安全参数获取命令Get_SecPara；(1) The reader sends the security parameter acquisition command Get_SecPara;

(2)标签发送安全参数SecPara；(2) The tag sends the security parameter SecPara;

(3)读写器根据安全参数中的安全功能，产生随机数N_r，发送请求认证命令Req_Auth(N_r)；(3) The reader generates a random number N_r according to the security function in the security parameter, and sends a request authentication command Req_Auth(N_r );

(4)标签产生随机数N_t，先用K_t、N_r和N_t生成认证密钥AK，然后产生挑战字C_t，发送N_t和C_t；(4) The tag generates a random number N_t , first uses K_t , N_r and N_t to generate an authentication key AK, then generates a challenge word C_t , and sends N_t and C_t ;

(5)读写器用安全参数中的密钥索引匹配标签密钥K_t，先用K_t、N_r和N_t生成认证密钥AK，然后产生挑战字C_r和会话密钥SK，再用AK加密C_r||C_t||SK，发送双向认证命令Mul_Auth(E_AK(C_r||C_t||SK))；(5) The reader matches the tag key K_t with the key index in the security parameter, first uses K_t , N_r and N_t to generate the authentication key AK, then generates the challenge word C_r and the session key SK, and then uses AK encryption C_r ||C_t ||SK, send two-way authentication command Mul_Auth(E_AK (C_r ||C_t ||SK));

(6)标签用AK解密E_AK(C_r||C_t||SK)得到C_r’||C_t’||SK，如果C_t’与C_t相等，标签认为读写器通过认证，且会话密钥为SK，否则标签认为读写器未通过认证；如果认证通过，标签发送C_r’；(6) The tag uses AK to decrypt E_AK (C_r ||C_t ||SK) to get C_r '||C_t '||SK, if C_t ' is equal to C_t , the tag thinks that the reader has passed the authentication, And the session key is SK, otherwise the tag thinks that the reader has not passed the authentication; if the authentication is passed, the tag sends C_r ';

(7)读写器比较C_r’和C_r，如果相等，读写器认为标签通过认证，且会话密钥为SK，否则读写器认为标签未通过认证。(7) The reader compares C_r ' and C_r , if they are equal, the reader considers that the tag has passed the authentication, and the session key is SK, otherwise the reader considers that the tag has not passed the authentication.

四、读写器与标签的安全通信在认证完成后进行，安全通信流程如下：4. The secure communication between the reader and the tag is carried out after the authentication is completed. The secure communication process is as follows:

(1)读写器产生随机数SN_r，用SK加密cmd||SN_r，发送安全通信命令Sec_Com(E_SK(cmd||SN_r))；(1) The reader generates a random number SN_r , encrypts cmd||SN_r with SK, and sends a secure communication command Sec_Com(E_SK (cmd||SN_r ));

(2)标签用SK解密E_SK(cmd||SN_r)得到cmd||SN_r’，标签执行cmd中的命令，操作结果为result；然后产生随机数SN_t，用SK加密result||SN_t得到E_SK(result||SN_t)发送给读写器；(2) The tag uses SK to decrypt E_SK (cmd||SN_r ) to get cmd||SN_r ', the tag executes the command in cmd, and the operation result is result; then generates a random number SN_t and encrypts result||SN with SK_t gets E_SK (result||SN_t ) and sends it to the reader;

(3)读写器用SK解密得到result||SN_t’，标签操作结果为result。(3) The reader uses SK to decrypt to get result||SN_t ', and the tag operation result is result.

上述流程中的命令及符号说明如下：The commands and symbols in the above process are described as follows:

Get_SecPara：安全参数获取命令。Get_SecPara: security parameter acquisition command.

Req_Auth()：请求认证命令。Req_Auth(): Request authentication command.

Auth()：单向认证命令。Auth(): One-way authentication command.

Get_Auth()：取得认证命令。Get_Auth(): Get the authentication command.

Mul_Auth()：双向认证命令。Mul_Auth(): Two-way authentication command.

Sec_Com()：安全通信命令。Sec_Com(): Secure communication command.

N_r：读写器产生的随机数，用于生成认证密钥。N_r : the random number generated by the reader, used to generate the authentication key.

N_t：标签产生的随机数，用于生成认证密钥。N_t : the random number generated by the tag, used to generate the authentication key.

C_r：读写器产生的随机数，作为认证标签的挑战字。C_r : The random number generated by the reader is used as the challenge word of the authentication tag.

C_t：标签产生的随机数，作为认证读写器的挑战字。C_t : The random number generated by the tag is used as the challenge word for the authenticated reader.

SN_r：读写器产生的随机数，作为加密随机数。SN_r : Random number generated by the reader, as encrypted random number.

SN_t：标签产生的随机数，作为加密随机数。SN_t : The random number generated by the tag as an encrypted random number.

K_t：标签密钥。K_t : tag key.

AK：认证密钥。AK: Authentication key.

SK：会话密钥。SK: session key.

SecPara：标签存储的与认证和加密相关的安全参数。SecPara: Security parameters related to authentication and encryption stored in the tag.

State：标签响应命令的操作状态。State: The operational state of the tag in response to the command.

cmd：不含校验数据段的命令帧。cmd: A command frame without a checksum data segment.

result：不含校验数据段的响应数据包。result: The response data packet without the verification data segment.

||：比特串联。||: bit concatenation.

E_K(X)：用密钥K对X加密的密文。E_K (X): The ciphertext encrypted with the key K.

附图说明Description of drawings

图1为本发明UHF RFID系统标签对读写器的对称加密单向认证流程示意图；Fig. 1 is UHF RFID system tag of the present invention to the symmetric encrypted one-way authentication flow diagram of reader-writer;

图2为本发明UHF RFID系统读写器对标签的对称加密单向认证流程示意图；Fig. 2 is the UHF RFID system reader-writer of the present invention to the symmetric encrypted one-way authentication flow diagram of label;

图3为本发明UHF RFID系统读写器与标签的对称加密双向认证流程示意图；Fig. 3 is the schematic diagram of the symmetric encryption two-way authentication flow chart of UHF RFID system reader-writer and label of the present invention;

图4为本发明UHF RFID系统读写器与标签的安全通信流程示意图；Fig. 4 is the safe communication flow diagram of UHF RFID system reader-writer of the present invention and label;

图5为安全参数格式图。Figure 5 is a format diagram of security parameters.

具体实施方式Detailed ways

以下结合附图对本发明的具体实施例进行详细描述。Specific embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

图1为UHF RFID系统标签对读写器的对称加密单向认证流程，具体实施包括：Figure 1 shows the symmetric encrypted one-way authentication process of the UHF RFID system tag to the reader. The specific implementation includes:

(1)读写器发送安全参数获取命令Get_SecPara；(1) The reader sends the security parameter acquisition command Get_SecPara;

安全参数获取命令的帧格式如下：The frame format of the security parameter acquisition command is as follows:

其中：in:

命令编码：安全参数获取命令的编码。Command Encoding: The encoding of the security parameter acquisition command.

标签句柄：盘点过程中标签发送的11位随机数及CRC-5。CRC-5的生成多项式为x⁵+x³+1。Tag handle: 11-bit random number and CRC-5 sent by the tag during the inventory process. The generating polynomial of CRC-5 is x⁵ +x³ +1.

校验：CRC-16计算包含命令编码和标签句柄数据段。CRC-16的生成多项式为x¹⁶+x¹²+x⁵+1。如果标签接收到的命令中包含的校验有错，标签不响应该命令。Checksum: CRC-16 calculation includes command encoding and tag handle data segments. The generator polynomial of CRC-16 is x¹⁶ +x¹² +x⁵ +1. If the checksum contained in the command received by the tag is wrong, the tag will not respond to the command.

(2)标签发送安全参数SecPara；(2) The tag sends the security parameter SecPara;

安全参数获取命令的响应数据包格式如下：The format of the response packet of the security parameter acquisition command is as follows:

其中：in:

安全参数：指标签存储区中的安全参数，包括安全模式、安全功能、响应参考时间、随机数长度、加密算法、密钥长度和密钥索引等，格式如图5：Security parameters: Refers to the security parameters in the tag storage area, including security mode, security function, response reference time, random number length, encryption algorithm, key length and key index, etc. The format is shown in Figure 5:

定义如下：It is defined as follows:

a)安全模式：指示标签是否需要进行安全认证，是否需要进行安全通信。a) Security mode: Indicates whether the tag needs to perform security authentication and secure communication.

b)安全功能：指示标签所支持的安全功能，包括标签对读写器的对称加密单向认证、读写器对标签的对称加密单向认证、读写器与标签的对称加密双向认证和读写器与标签的安全通信。b) Security function: Indicates the security functions supported by the tag, including symmetric encryption one-way authentication of the tag to the reader, one-way symmetric encryption authentication of the reader to the tag, two-way authentication of the symmetric encryption between the reader and the tag, and reading secure communication between the writer and the tag.

c)响应参考时间：指示读写器发送请求认证命令、单向认证命令、取得认证命令、双向认证命令或者安全通信命令等命令后需要持续发送连续载波的最大时间。c) Response reference time: indicates the maximum time for the reader to continue sending continuous carrier waves after sending commands such as request authentication command, one-way authentication command, obtain authentication command, two-way authentication command or secure communication command.

d)随机数长度：指示认证流程中生成的随机数的长度，以字为单位。d) Random number length: Indicates the length of the random number generated in the authentication process, in word.

e)加密算法：指示采用的对称加密算法。e) Encryption algorithm: indicates the symmetric encryption algorithm used.

f)密钥长度：指示加密算法密钥长度。f) Key length: indicates the encryption algorithm key length.

g)密钥索引：为标签密钥K_t的单向散列值，以字为单位。密钥索引供读写器使用，用于匹配标签密钥K_t。g) Key index: It is the one-way hash value of the tag key K_t , in units of words. The key index is used by the reader to match the tag key K_t .

标签句柄：盘点过程中标签发送的11位随机数及CRC-5。Tag handle: 11-bit random number and CRC-5 sent by the tag during the inventory process.

校验：CRC-16计算包含安全参数和标签句柄数据段。Checksum: CRC-16 calculation includes security parameters and tag handle data segment.

(3)读写器根据安全参数中的安全功能，产生随机数N_r，发送请求认证命令Req_Auth(N_r)；(3) The reader generates a random number N_r according to the security function in the security parameter, and sends a request authentication command Req_Auth(N_r );

请求认证命令的帧格式如下：The frame format of request authentication command is as follows:

其中：in:

命令编码：请求认证命令的编码。Command Encoding: The encoding of the request authentication command.

标签句柄：盘点过程中标签发送的11位随机数及CRC-5。Tag handle: 11-bit random number and CRC-5 sent by the tag during the inventory process.

校验：CRC-16计算包含命令编码和标签句柄数据段。如果标签接收到的命令中包含的校验有错，标签不响应该命令。Checksum: CRC-16 calculation includes command encoding and tag handle data segments. If the checksum contained in the command received by the tag is wrong, the tag will not respond to the command.

(4)标签产生随机数N_t，先用密钥K_t、N_r和N_t生成认证密钥AK，然后产生挑战字C_t，发送N_t和C_t；(4) The tag generates a random number N_t , first uses the keys K_t , N_r and N_t to generate the authentication key AK, then generates a challenge word C_t , and sends N_t and C_t ;

请求认证命令的响应数据包格式如下：The format of the response packet for the request authentication command is as follows:

其中：in:

随机数：标签产生的用于生成认证密钥的随机数，即N_t。Random number: the random number generated by the tag and used to generate the authentication key, namely N_t .

挑战字：标签产生的用于认证的随机数，即C_t。Challenge word: the random number generated by the tag for authentication, namely C_t .

标签句柄：盘点过程中标签发送的11位随机数及CRC-5。Tag handle: 11-bit random number and CRC-5 sent by the tag during the inventory process.

校验：CRC-16计算包含随机数、挑战字和标签句柄数据段。Checksum: CRC-16 calculation includes random number, challenge word and tag handle data segment.

(5)读写器用安全参数中的密钥索引匹配标签密钥K_t，先用K_t、N_r和N_t生成认证密钥AK，然后产生会话密钥SK，再用AK加密C_t||SK，发送单向认证命令Auth(E_AK(C_t||SK))；(5) The reader uses the key index in the security parameter to match the tag key K_t , first uses K_t , N_r and N_t to generate the authentication key AK, then generates the session key SK, and then uses AK to encrypt C_t | |SK, send a one-way authentication command Auth(E_AK (C_t ||SK));

单向认证命令的帧格式如下：The frame format of the one-way authentication command is as follows:

其中：in:

命令编码：单向认证命令的编码。Command Encoding: Encoding of the one-way authentication command.

认证数据：读写器对挑战字和会话密钥的加密结果，即E_AK(C_t||SK)。Authentication data: the encryption result of the challenge word and session key by the reader, that is, E_AK (C_t ||SK).

标签句柄：盘点过程中标签发送的11位随机数及CRC-5。Tag handle: 11-bit random number and CRC-5 sent by the tag during the inventory process.

校验：CRC-16计算包含命令编码、认证数据和标签句柄数据段。如果标签接收到的命令中包含的校验有错，标签不响应该命令。Checksum: CRC-16 calculation includes command encoding, authentication data and tag handle data segments. If the checksum contained in the command received by the tag is wrong, the tag will not respond to the command.

(6)标签用AK解密E_AK(C_t||SK)得到C_t’||SK，如果C_t’与C_t相等，标签认为读写器通过认证，且会话密钥为SK，标签返回操作状态State；否则标签认为读写器未通过认证，标签返回操作状态State。(6) The tag uses AK to decrypt E_AK (C_t ||SK) to get C_t '||SK, if C_t ' is equal to C_t , the tag thinks that the reader is authenticated, and the session key is SK, and the tag returns Operation state State; otherwise, the tag considers that the reader has not passed the authentication, and the tag returns the operation state State.

单向认证命令的响应数据包格式如下：The response packet format of the one-way authentication command is as follows:

其中：in:

操作状态：标签响应命令后的操作状态，含义包括认证成功或操作失败。Operation status: The operation status after the tag responds to the command, meaning includes authentication success or operation failure.

标签句柄：盘点过程中标签发送的11位随机数及CRC-5。Tag handle: 11-bit random number and CRC-5 sent by the tag during the inventory process.

校验：CRC-16计算包含操作状态和标签句柄数据段。Checksum: CRC-16 calculation includes the operation status and tag handle data segments.

图2为UHF RFID系统读写器对标签的对称加密单向认证流程，具体实施包括：Figure 2 shows the symmetric encryption one-way authentication process of the UHF RFID system reader to the label. The specific implementation includes:

(1)读写器发送安全参数获取命令Get_SecPara；(1) The reader sends the security parameter acquisition command Get_SecPara;

(2)标签发送安全参数SecPara；(2) The tag sends the security parameter SecPara;

(3)读写器根据安全参数中的安全功能，产生随机数N_r和挑战字C_r，发送取得认证命令Get_Auth(N_r，C_r)；(3) The reader generates a random number N_r and a challenge word C_r according to the security function in the security parameters, and sends the authentication command Get_Auth(N_r , C_r );

取得认证命令的帧格式如下：The frame format of the authentication command is as follows:

其中：in:

命令编码：取得认证命令的编码。Command Encoding: Get the encoding of the authentication command.

随机数：读写器产生的用于生成认证密钥的随机数，即N_r。Random number: The random number generated by the reader for generating the authentication key, namely N_r .

挑战字：读写器产生的用于认证的随机数，即C_r。Challenge word: the random number generated by the reader for authentication, that is, C_r .

标签句柄：盘点过程中标签发送的11位随机数及CRC-5。Tag handle: 11-bit random number and CRC-5 sent by the tag during the inventory process.

校验：CRC-16计算包含命令编码、随机数、挑战字和标签句柄数据段。如果标签接收到的命令中包含的校验有错，标签不响应该命令。Checksum: CRC-16 calculation includes command code, random number, challenge word and tag handle data segment. If the checksum contained in the command received by the tag is wrong, the tag will not respond to the command.

(4)标签产生随机数N_t，先用密钥K_t、N_r和N_t生成认证密钥AK，然后产生会话密钥SK，用AK加密C_r||SK得到E_AK(C_r||SK)发送给读写器；(4) The tag generates a random number N_t , first uses the key K_t , N_r and N_t to generate the authentication key AK, then generates the session key SK, encrypts C_r ||SK with AK to obtain E_AK (C_r | |SK) sent to the reader;

取得认证命令的响应数据包格式如下：The format of the response packet for the authentication command is as follows:

其中：in:

认证数据：标签对挑战字和会话密钥的加密结果，即E_AK(C_r||SK)。Authentication data: the encryption result of the tag on the challenge word and the session key, that is, E_AK (C_r ||SK).

标签句柄：盘点过程中标签发送的11位随机数及CRC-5。Tag handle: 11-bit random number and CRC-5 sent by the tag during the inventory process.

校验：CRC-16计算包含认证数据和标签句柄数据段。Checksum: CRC-16 calculation includes authentication data and tag handle data segments.

(5)读写器用安全参数中的密钥索引匹配标签密钥K_t，先用K_t、N_r和N_t生成认证密钥AK，再用AK解密E_AK(C_r||SK)得到C_r’||SK，如果C_r’与C_r相等，读写器认为标签通过认证，且会话密钥为SK，否则读写器认为标签未通过认证。(5) The reader uses the key index in the security parameter to match the tag key K_t , first uses K_t , N_r and N_t to generate the authentication key AK, and then uses AK to decrypt E_AK (C_r ||SK) to obtain C_r '||SK, if C_r ' is equal to C_r , the reader thinks the tag is authenticated, and the session key is SK, otherwise the reader thinks the tag is not authenticated.

图3为UHF RFID系统读写器与标签的对称加密双向认证流程，具体实施包括：Figure 3 shows the symmetric encrypted two-way authentication process between the UHF RFID system reader and tag. The specific implementation includes:

(1)读写器发送安全参数获取命令Get_SecPara；(1) The reader sends the security parameter acquisition command Get_SecPara;

(2)标签发送安全参数SecPara；(2) The tag sends the security parameter SecPara;

(3)读写器根据安全参数中的安全功能，产生随机数N_r，发送请求认证命令Req_Auth(N_r)；(3) The reader generates a random number N_r according to the security function in the security parameter, and sends a request authentication command Req_Auth(N_r );

(4)标签产生随机数N_t，先用K_t、N_r和N_t生成认证密钥AK，然后产生挑战字C_t，发送N_t和C_t；(4) The tag generates a random number N_t , first uses K_t , N_r and N_t to generate an authentication key AK, then generates a challenge word C_t , and sends N_t and C_t ;

(5)读写器用安全参数中的密钥索引匹配标签密钥K_t，先用K_t、N_r和N_t生成认证密钥AK，然后产生挑战字C_r和会话密钥SK，再用AK加密C_r||C_t||SK，发送双向认证命令Mul_Auth(E_AK(C_r||C_t||SK))；(5) The reader matches the tag key K_t with the key index in the security parameter, first uses K_t , N_r and N_t to generate the authentication key AK, then generates the challenge word C_r and the session key SK, and then uses AK encryption C_r ||C_t ||SK, send two-way authentication command Mul_Auth(E_AK (C_r ||C_t ||SK));

双向认证命令的帧格式如下：The frame format of the two-way authentication command is as follows:

其中：in:

命令编码：双向认证命令的编码。Command Encoding: The encoding of the two-way authentication command.

认证数据：读写器对挑战字和会话密钥的加密结果，即E_AK(C_r||C_t||SK)。Authentication data: the encryption result of the challenge word and session key by the reader, that is, E_AK (C_r ||C_t ||SK).

标签句柄：盘点过程中标签发送的11位随机数及CRC-5。Tag handle: 11-bit random number and CRC-5 sent by the tag during the inventory process.

校验：CRC-16计算包含命令编码、认证数据和标签句柄数据段。如果标签接收到的命令中包含的校验有错，标签不响应该命令。Checksum: CRC-16 calculation includes command encoding, authentication data and tag handle data segments. If the checksum contained in the command received by the tag is wrong, the tag will not respond to the command.

(6)标签用AK解密E_AK(C_r||C_t||SK)得到C_r’||C_t’||SK，如果C_t’与C_t相等，标签认为读写器通过认证，且会话密钥为SK，否则标签认为读写器未通过认证；如果认证通过，标签发送C_r’；(6) The tag uses AK to decrypt E_AK (C_r ||C_t ||SK) to get C_r '||C_t '||SK, if C_t ' is equal to C_t , the tag thinks that the reader has passed the authentication, And the session key is SK, otherwise the tag thinks that the reader has not passed the authentication; if the authentication is passed, the tag sends C_r ';

双向认证命令的响应数据包格式如下：The response packet format of the two-way authentication command is as follows:

其中：in:

挑战字：标签解密返回的挑战字，即C_r’。Challenge word: The challenge word returned by tag decryption, namely C_r '.

标签句柄：盘点过程中标签发送的11位随机数及CRC-5。Tag handle: 11-bit random number and CRC-5 sent by the tag during the inventory process.

校验：CRC-16计算包含挑战字和标签句柄数据段。Checksum: CRC-16 calculation includes challenge word and tag handle data segment.

(7)读写器比较C_r’和C_r，如果相等，读写器认为标签通过认证，且会话密钥为SK，否则读写器认为标签未通过认证。(7) The reader compares C_r ' and C_r , if they are equal, the reader considers that the tag has passed the authentication, and the session key is SK, otherwise the reader considers that the tag has not passed the authentication.

图4为UHF RFID系统读写器与标签的安全通信流程，具体实施包括：Figure 4 shows the secure communication process between the UHF RFID system reader and tag. The specific implementation includes:

(1)读写器产生随机数SN_r，用SK加密cmd||SN_r，发送安全通信命令Sec_Com(E_SK(cmd||SN_r))；(1) The reader generates a random number SN_r , encrypts cmd||SN_r with SK, and sends a secure communication command Sec_Com(E_SK (cmd||SN_r ));

安全通信命令的帧格式如下：The frame format of the safety communication command is as follows:

其中：in:

命令编码：安全通信命令的编码。Command Encoding: The encoding of the secure communication command.

加密数据：读写器加密的命令数据。Encrypted data: the command data encrypted by the reader.

标签句柄：盘点过程中标签发送的11位随机数及CRC-5。Tag handle: 11-bit random number and CRC-5 sent by the tag during the inventory process.

校验：CRC-16计算包含命令编码、加密数据和标签句柄数据段。如果标签接收到的命令中包含的校验有错，标签不响应该命令。Checksum: CRC-16 calculation includes command encoding, encrypted data and tag handle data segments. If the checksum contained in the command received by the tag is wrong, the tag will not respond to the command.

(2)标签用SK解密E_SK(cmd||SN_r)得到cmd||SN_r’，标签执行cmd中的命令，操作结果为result；然后标签产生随机数SN_t，用SK加密result||SN_t得到E_SK(result||SN_t)发送给读写器；(2) The tag uses SK to decrypt E_SK (cmd||SN_r ) to get cmd||SN_r ', the tag executes the command in cmd, and the operation result is result; then the tag generates a random number SN_t and encrypts result|| with SK SN_t gets E_SK (result||SN_t ) and sends it to the reader;

安全通信命令的响应数据包格式如下：The response packet format of the secure communication command is as follows:

其中：in:

加密数据：标签加密的响应数据。Encrypted data: The response data encrypted by the tag.

标签句柄：盘点过程中标签发送的11位随机数及CRC-5。Tag handle: 11-bit random number and CRC-5 sent by the tag during the inventory process.

校验：CRC-16计算包含加密数据和标签句柄数据段。Checksum: CRC-16 calculation includes encrypted data and tag handle data segment.

(3)读写器用SK解密得到result||SN_t’，标签操作结果为result。(3) The reader uses SK to decrypt to get result||SN_t ', and the tag operation result is result.

以上流程中，标签(读写器)用密钥K_t、随机数N_r与N_t生成认证密钥AK的方法如下：In the above process, the tag (reader) uses the key K_t , the random number N_r and N_t to generate the authentication key AK as follows:

首先，根据标签支持的密码算法将N_r||N_t扩展成初始向量IV；First, expand N_r ||N_t into an initial vector IV according to the cryptographic algorithm supported by the tag;

然后，用密钥K_t对IV进行对称加密得到认证密钥AK，即Then, the IV is encrypted symmetrically with the key K_t to obtain the authentication key AK, namely

Claims (1)

Translated fromChinese

1.一种基于对称加密的超高频射频识别空中接口安全通信方法，该方法包括：1. A UHF radio frequency identification air interface secure communication method based on symmetric encryption, the method comprising:1)系统标签对读写器的对称加密单向认证；1) Symmetrical encrypted one-way authentication of the system tag to the reader;2)系统读写器对标签的对称加密单向认证；2) Symmetrically encrypted one-way authentication of tags by system readers;3)系统读写器对标签的对称加密双向认证；3) Symmetrical encrypted two-way authentication of tags by system readers;4)系统读写器与标签的安全通信；4) Secure communication between system reader and tag;其特征在于，系统标签对读写器的对称加密单向认证步骤如下：It is characterized in that the symmetric encryption one-way authentication steps of the system tag to the reader-writer are as follows:1)读写器发送安全参数获取命令Get_SecPara；1) The reader sends the security parameter acquisition command Get_SecPara;2)标签发送安全参数SecPara；2) The tag sends the security parameter SecPara;3)读写器根据安全参数中的安全功能，产生随机数N_r，发送请求认证命令Req_Auth(N_r)；3) The reader generates a random number N_r according to the security function in the security parameter, and sends a request authentication command Req_Auth(N_r );4)标签产生随机数N_t，先用密钥K_t、N_r和N_t生成认证密钥AK，然后产生挑战字C_t，发送N_t和C_t；4) The tag generates a random number N_t , first generates an authentication key AK with keys K_t , N_r and N_t , then generates a challenge word C_t , and sends N_t and C_t ;5)读写器用安全参数中的密钥索引匹配标签密钥K_t，先用K_t、N_r和N_t生成认证密钥AK，然后产生会话密钥SK，再用AK加密C_t||SK，发送单向认证命令Auth(E_AK(C_t||SK))，其中||表示比特串联，E_AK表示用密钥K对X加密的密文；5) The reader uses the key index in the security parameter to match the tag key K_t , first uses K_t , N_r and N_t to generate the authentication key AK, then generates the session key SK, and then uses AK to encrypt C_t || SK, send a one-way authentication command Auth(E_AK (C_t ||SK)), where || represents bit concatenation, and E_AK represents the ciphertext encrypted by key K to X;6)标签用AK解密E_AK(C_t||SK)得到C_t'||SK，如果C_t'与C_t相等，标签认为读写器通过认证，且会话密钥为SK，标签返回操作状态State；否则标签认为读写器未通过认证，标签返回操作状态State；6) The tag uses AK to decrypt E_AK (C_t ||SK) to get C_t '||SK, if C_t ' is equal to C_t , the tag thinks that the reader has passed the authentication, and the session key is SK, and the tag returns to the operation State; otherwise, the tag considers that the reader has not passed the authentication, and the tag returns the operation state State;系统读写器对标签的对称加密单向认证流程如下：The symmetric encrypted one-way authentication process of the system reader to the label is as follows:1)读写器发送安全参数获取命令Get_SecPara；1) The reader sends the security parameter acquisition command Get_SecPara;2)标签发送安全参数SecPara；2) The tag sends the security parameter SecPara;3)读写器根据安全参数中的安全功能，产生随机数N_r和挑战字C_r，发送取得认证命令Get_Auth(N_r,C_r)；3) The reader generates a random number N_r and a challenge word C_r according to the security function in the security parameters, and sends the authentication command Get_Auth(N_r , C_r );4)标签产生随机数N_t，先用密钥K_t、N_r和N_t生成认证密钥AK，然后产生会话密钥SK，用AK加密C_r||SK得到E_AK(C_r||SK)发送给读写器；4) The tag generates a random number N_t , first uses the key K_t , N_r and N_t to generate the authentication key AK, then generates the session key SK, encrypts C_r ||SK with AK to obtain E_AK (C_r || SK) sent to the reader;5)读写器用安全参数中的密钥索引匹配标签密钥K_t，先用K_t、N_r和N_t生成认证密钥AK，再用AK解密E_AK(C_r||SK)得到C_r'||SK，如果C_r'与C_r相等，读写器认为标签通过认证，且会话密钥为SK，否则读写器认为标签未通过认证；5) The reader uses the key index in the security parameter to match the tag key K_t , first uses K_t , N_r and N_t to generate the authentication key AK, and then uses AK to decrypt E_AK (C_r ||SK) to obtain C_r '||SK, if C_r ' is equal to C_r , the reader thinks the tag is authenticated, and the session key is SK, otherwise the reader thinks the tag has not passed the authentication;系统读写器对标签的对称加密双向认证流程如下：The two-way authentication process of the symmetric encryption of the tag by the system reader is as follows:1)读写器发送安全参数获取命令Get_SecPara；1) The reader sends the security parameter acquisition command Get_SecPara;2)标签发送安全参数SecPara；2) The tag sends the security parameter SecPara;3)读写器根据安全参数中的安全功能，产生随机数N_r，发送请求认证命令Req_Auth(N_r)；3) The reader generates a random number N_r according to the security function in the security parameter, and sends a request authentication command Req_Auth(N_r );4)标签产生随机数N_t，先用K_t、N_r和N_t生成认证密钥AK，然后产生挑战字C_t，发送N_t和C_t；4) The tag generates a random number N_t , first uses K_t , N_r and N_t to generate an authentication key AK, then generates a challenge word C_t , and sends N_t and C_t ;5)读写器用安全参数中的密钥索引匹配标签密钥K_t，先用K_t、N_r和N_t生成认证密钥AK，然后产生挑战字C_r和会话密钥SK，再用AK加密C_r||C_t||SK，发送双向认证命令Mul_Auth(E_AK(C_r||C_t||SK))；5) The reader uses the key index in the security parameter to match the tag key K_t , first uses K_t , N_r and N_t to generate the authentication key AK, then generates the challenge word C_r and the session key SK, and then uses AK Encrypt C_r ||C_t ||SK, send two-way authentication command Mul_Auth(E_AK (C_r ||C_t ||SK));6)标签用AK解密E_AK(C_r||C_t||SK)得到C_r'||C_t'||SK，如果C_t'与C_t相等，标签认为读写器通过认证，且会话密钥为SK，否则标签认为读写器未通过认证；如果认证通过，标签发送C_r'；6) The tag uses AK to decrypt E_AK (C_r ||C_t ||SK) to get C_r '||C_t '||SK, if C_t ' is equal to C_t , the tag thinks that the reader is authenticated, and The session key is SK, otherwise the tag thinks that the reader has not passed the authentication; if the authentication is passed, the tag sends C_r ';7)读写器比较C_r'和C_r，如果相等，读写器认为标签通过认证，且会话密钥为SK，否则读写器认为标签未通过认证；7) The reader compares C_r ' and C_r , if they are equal, the reader considers that the tag has passed the authentication, and the session key is SK, otherwise the reader considers that the tag has not passed the authentication;系统读写器与标签的安全通信步骤为：The safe communication steps between the system reader and the tag are as follows:1)读写器产生随机数SN_r，用SK加密cmd||SN_r，发送安全通信命令Sec_Com(E_SK(cmd||SN_r))；1) The reader generates a random number SN_r , encrypts cmd||SN_r with SK, and sends a secure communication command Sec_Com(E_SK (cmd||SN_r ));2)标签用SK解密E_SK(cmd||SN_r)得到cmd||SN_r'，标签执行cmd中的命令，操作结果为result；然后产生随机数SN_t，用SK加密result||SN_t得到E_SK(result||SN_t)发送给读写器；2) The tag uses SK to decrypt E_SK (cmd||SN_r ) to get cmd||SN_r ', the tag executes the command in cmd, and the operation result is result; then generates a random number SN_t and encrypts result||SN_t with SK Get E_SK (result||SN_t ) and send it to the reader;3)读写器用SK解密得到result||SN_t'，标签操作结果为result。3) The reader uses SK to decrypt to get result||SN_t ', and the tag operation result is result.