基于区块链技术的RFID安全认证协议  被引量：5

作　　者：李鹏[1,2] 郑田甜 徐鹤 朱枫[1,2] LI Peng;ZHENG Tiantian;XU He;ZHU Feng(School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks,Nanjing 210023,China)

机构地区：[1]南京邮电大学计算机学院,南京210023 [2]江苏省无线传感网络高技术研究重点实验室,南京210023

出　　处：《信息网络安全》2021年第5期1-11,共11页Netinfo Security

基　　金：国家自然科学基金[61872196,61872194,61902196];江苏省科技支撑计划[BE2017166,BE2019740];江苏省高等学校自然科学研究[18KJA520008,20KJB520001];江苏省六大人才高峰高层次人才计划[RJFW-111]。

摘　　要：传统RFID应用领域中的安全认证协议主要基于中心化数据库,而基于中心化数据库的RFID安全认证协议存在数据丢失、篡改等问题。区块链作为一种分布式技术具备去中心化特性以及更高的可靠性、透明度等特性,可有效解决传统RFID安全认证协议中心服务器可能导致的数据安全问题。将区块链与RFID相结合,文章提出一个基于区块链技术的RFID安全认证协议,使用异或、位旋转等操作对数据进行加密,将验证计算转移至阅读器和区块链节点中,有效降低标签的计算成本;在协议中加入对恶意阅读器的判别,减少无效计算成本。此外,文章通过智能合约、truffle模拟协议数据交换过程验证该协议的可行性,并通过理论分析和GNY证明协议的安全性。在低成本的前提下,文章协议能够有效防止窃听、重放、去中心化等多种攻击。The security authentication protocol in the traditional RFID application field is mainly based on a centralized database,while the protocol based on the centralized database has problems such as data loss and tampering.As a distributed technology,blockchain has the characteristics of decentralization,higher reliability and transparency,and can effectively solve the data security problems that may be caused by the traditional RFID security authentication protocol central server.In this regard,the blockchain and RFID are combined to propose a RFID security authentication protocol based on blockchain technology,which uses exclusive OR,bit rotation and other operations to encrypt data,and transfers verification calculations to readers and block chain nodes.The identification of malicious readers is added to the protocol to reduce the cost of invalid calculation.In addition,the feasibility of the protocol is verified through smart contracts and truffle simulation of the protocol data exchange process,and the security of the protocol is verified through theoretical analysis and GNY proof,to ensure that the protocol effectively prevents various attacks such as eavesdropping,replay and decentralization.

关 键 词：区块链 RFID 认证 低成本 智能合约 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]