随着物联网及云计算的发展,大量物品依靠RFID技术接入互联网.基于云的RFID系统采用按需租用云数据库的方式,可以降低系统维护成本,较好的适应了中小企业的需要,因而得到广泛的关注.然而,在基于云的RFID系统中,安全和隐私问题更为严重,阅读器和云数据库之间的链路不再安全,标签身份以及RFID数据的隐私都不能暴露给云服务提供商.本文提出了一种基于云的RFID相互认证协议,该协议基于Hash函数设计,既实现了阅读器对标签的认证,也实现了标签对阅读器的认证,同时保障了阅读器和云数据库之间数据传输的安全性,还可以保护阅读器的匿名性,降低标签的计算复杂度.安全性分析表明,该协议满足不可追踪性、前向安全性、抗重放攻击、抗去同步化攻击、抗拒绝服务攻击等安全特性.BAN逻辑的形式化分析进一步表明该协议满足相互认证性,且可以抵抗重放攻击,同时,本文对其他几个安全特性进行了分析证明.与其他几个基于云的方案比较,该方案在标签计算量以及整个协议的通信量上有较好的性能优势.%With the development of the Internet of things and cloud computing, a large number of objects access to the internet through RFID technology. Cloud-based RFID system adopts the way of renting cloud database on demand, which can reduce the costs of system maintenance, the system is very suitable for the small and medium-sized enterprises, therefore, it gets wide attention. However, the security and privacy problems of cloud-based RFID systems are more serious, the link between the reader and the cloud database is no longer secure, the tag identity and data privacy of RFID cannot be exposed to cloud service providers. This paper proposes a cloud-based RFID mutual authentication protocol, the protocol is designed based on the hash function, it realizes the authentication between the reader and tag, at the same time, it ensures the security of the data transmission between the reader and cloud database, moreover, it can protect the anonymity of the reader, and reduce the computational complexity of the tag. Security analysis shows that the protocol satisfies security requirements, such as untraceability, forward security, withstand replay attack, de-synchronization attack and denial of service attack, etc. The formally analysis with BAN logic further indicates the protocol satisfies the mutual authentication, and can withstand replay attack, at the same time, the paper analyses and proves other security requirements. Compared with other several cloud-based schemes, the proposed protocol has advantages in tag's computation cost and communication cost of the whole protocol.
展开▼
