With regard to the security vulnerabilities of the existing Radio Frequency Identification (RFID) authentication protocols, a new lightweight security protocol for RFID was proposed. The formal proof of the correctness of the proposed authentication protocol was given based on CNY logic. The proposed scheme adopted the method of reader dual-authentication and key refreshing during reader pre-authentication phase, which achieved the anti-desynchronization requirement by adding flag Tm of malicious attacks into the tag. The protocol solved the security and privacy problems of poor scalability, location tracking due to failure of renewing the key of tag, and Denial of Service (DoS) resulting from illegal updating inner keys of tag/server in the existed schemes. It efficiently resisted several possible attacks including replay, tag/reader impersonation, traffic analysis, location tracking and desynchronization. The analytical results show that die proposed protocol is of low-cost, good security and limited computational complexity, which fits for RFID system when the tags number is large.%针对现有无线射频识别(RFID)认证协议存在的安全缺陷,提出了一种新的轻量级RFID安全认证协议,并基于GNY逻辑给出了形式化证明.协议采用阅读器双重认证及预认证阶段刷新密钥的方法,通过在标签中添加保护密钥同步的恶意攻击标记Tm,解决了当前协议中存在的可扩展性欠佳、标签密钥更新失败导致位置跟踪和非法更新标签/服务器内部密钥造成拒绝服务(DoS)等问题,可抵抗重传、标签/阅读嚣假冒和通信量分析等多种恶意攻击,尤其防范来自位置隐私泄露和拒绝服务的安全威胁.分析结果表明,所提协议具有低成本、安全性高、计算复杂度低等特点,适合于标签数目较多的RFID系统.
展开▼
