对改进LMAP+协议的启发式攻击策略  被引量：3

作　　者：王超[1] 秦小麟[1] 刘亚丽[1] 

机构地区：[1]南京航空航天大学计算机科学与技术学院,南京210016

出　　处：《计算机科学》2014年第5期143-149,共7页Computer Science

基　　金：国家自然科学基金资助项目(61373015);2010年度国家教育部高等学校博士学科点专项科研基金项目(20103218110017);江苏高校优势学科建设工程资助项目(PAPD);南京航空航天大学中央高校基本科研业务费专项基金项目(NP2013307);中央高校基本科研业务费专项:江苏省普通高校研究生科研创新计划资助项目(CX10B_112Z);南京航空航天大学博士学位论文创新与创优基金资助项目(BCXJ10-07)资助

摘　　要：随着无线射频识别(RFID)系统的广泛应用,RFID安全问题亟待解决。为了降低标签的计算代价,一系列只运用位与、位或、位异或、循环移位等操作的超轻量级RFID认证协议受到越来越多的关注,但是目前提出的超轻量级RFID认证协议不能保证很好的安全性。针对2012年Gurubani等人提出的改进的LMAP+协议,设计了一种基于模拟退火算法的启发式攻击策略,其能够成功推测秘密数据;并结合Jules等人提出的不可追踪性模型对改进的LMAP+协议进行追踪性攻击,通过重复攻击策略实验,完成全泄漏攻击。实验结果表明在攻击过程中仅利用窃听阅读器和标签间通信数据的被动攻击方法,推测的秘密数据就已逼近真实数据,且在完全泄漏攻击实验中约有70%的概率完全破解秘密数据,攻击过程收敛速度快,达到了较好的攻击效果。With the extensive usage of radio frequency identification （RFID） systems,the challenge of security is emerging.In order to reduce the computational cost of the tag,a series of ultralightweight RFID authentication protocols that only involve simple bit-wise operations like AND,OR,XOR,rotation,have incurred many concerns.But the existing ultralightweight RFID authentication protocols are unable to guarantee the strong security property.A heuristic attack strategy based on simulated annealing algorithm was proposed to reckon the secret data against the improved LMAP＋ protocol present by Gurubani in 2012.With the untraceability model proposed by Juels and Weis,a traceability attack was undertaken based on our heuristic attack strategy.And the secret values of improved LMAP-＋COuld be disclosed successfully after repeated experiments of the attack strategy.The experiment evidences that,through the passive attack by eavesdropping the exchanged messages between the reader and the tag,the reckoned secret values are approximately equal to the genuine values of the secret data.And in a full-disclosure attack experiment,the secret data will be cracked completely with a 70 percent probability.At the same time,the attack process has a fast convergence speed with desired effectiveness.

关 键 词：RFID认证 模拟退火算法 启发式攻击 超轻量级 不可追踪性 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]