【作者】 肖锋；

【导师】 钮心忻；

【作者基本信息】 北京邮电大学 ， 密码学， 2013， 博士

【摘要】 随着物联网(the Internet of things)技术的高速发展,电子标签及RFID (Radio Frequency Identification)系统在信息时代扮演着越来越重要的角色。RFID系统在给我们的生活带来便利以及提高效率的同时,电子标签信息安全及隐私保护方面的问题也随之而来。由于RFID系统一般工作在异构且复杂的物联网环境下,因此低成本且资源受限电子标签易遭受敌手的恶意攻击,目前安全因素已成为制约RFID系统大规模应用的最大问题。针对物联网日益恶化安全环境,本文利用密码学技术设计适用于物联网环境和RFID系统实际需求的安全协议,并利用适宜的形式化方法对设计的协议进行理论分析,证明协议能够满足RFID系统特定的安全需求,并能保护电子标签的信息安全与隐私。本文主要研究工作如下：(1)标准模型下可证明安全RFID系统双向认证协议的研究与设计。针对RFID系统存在的信息安全及隐私保护问题,分析了RFID系统双向认证协议的设计需求,在标准模型下设计了一个RFID系统安全双向认证协议。并利用规约算法证明协议的安全性是构建在伪随机函数与真正随机函数的不可区分性上。另外协议仅使用轻量级的伪随机发生器以及向量点乘运算,具有较高的安全性和效率,因此协议是适用于低成本及资源受限的RFID标签。(2)通用可组合EPC(Electronic Product Code)系统安全协议的研究与设计。首先对一个最新提出的EPC系统安全协议进行了安全及性能的分析,指出该协议存在数据欺骗以及标签位置信息泄露的问题,并且该协议无法抵抗重放攻击。然后提出了一个改进后的EPC系统协议,以抵抗主要的攻击方式；另外为了保证EPC系统的并发安全,在通用可组合(UC,Universal Composable)匡架下,形式化定义了EPC系统的理想函数,同时在通用可组合模型下设计了一个适用于EPC系统的安全协议,从安全性以及性能两方面对提出的协议进行分析,通过与其它同类型安全协议进行比较,结果表明我们提出的EPC安全协议是通用可组合安全的。(3)基于串空间模型的RFID系统安全搜索协议的研究与设计。首先对一个最新提出的RFID系统搜索协议进行了安全分析,证明该协议易遭受重放攻击,并且标签及读写器的地理位置信息可能被攻击者锁定；针对RFID系统在海量电子标签中进行精准及安全搜索的问题,对原始串空间模型进行了扩展,引入了“不可重放性”的概念对RFID系统搜索协议中的会话信息脚本进行分析。在扩展的串空间模型的基础上,提出了一个RFID系统安全搜索协议,并在串空间模型下对提出的协议进行安全性分析。通过与其它同类型RFID系统搜索协议进行比较,证明提出的协议消除了原有的安全隐患,并且适用于低成本RFID系统电子标签。(4)供应链环境下电子标签转让协议隐私性研究。首先分析了电子标签所有权转让协议中普遍存在的安全与隐私性问题；接着结合供应链的实际应用场景,对原始串空间模型进行扩展,提出了电子标签转让协议隐私性的串空间模型,定义了电子标签转让的前向隐私性、后向隐私性以及密钥安全判定定理及规则；并运用这些判定定理及规则对两个典型的供应链环境下的电子标签转让协议进行了安全与隐私性理论分析,结果表明两个协议均存在着后向隐私性问题以及私密密钥遭泄露的风险。更多还原

【Abstract】 With the rapid development of technology of the IoT (Internet of things), electronic tags and RFID (Radio Frequency IDentification) system have already played an important part in the age of information. RFID system brings much more convenience to our life and improves production efficiency, meanwhile, the problems of electronic tags’ security and privacy preserving also burst out. The RFID system operates in the IoT’eniverment which is heterogeneous and complex, so the low cost and resource-constrainted electronic tags are vulnerable to malicious attacks launched by the adversary. Now the security issue has already become the chief obstacle to the large scale application of RFID system.To deal with the the more and more serious security eniverment of the IoT, this paper design security protocols which are applied to IoT’s eniverment and suitable for RFID system’s demands in reality by using proper cryptography technology, and give the theory analyses of the designed security protocols with formal methods. As a result, it is proved that the proposed protocols can meet the special safety requirements of RFID system and protect electronic tags’information security and privacy.The main research work can be summarized as follows:(1) Research and deign for provable secure mutual authentication protocol of RFID system under standard model. To deal with the problems of RFID system’s security and privacy preserving, the security requirement for mutual authentication protocol of RFID system is analyzed firstly, then a mutual authentication protocol is proposed in the standard model. The reduction method is using to prove that the security of new protocol is based on the indistinguishability between pseudo-random function and real random function. The implementation of proposed protocol only requires lightweight pseudo-random generator and vector dot product operation and provides higher security and efficiency. So the proposed protocol is feasible for RFID tags which are low cost and resource-constrained.(2) Research and deign for secure protocol of EPC (Electronic Product Code) system based on UC (Universal Composable) model. A security and performance anslysis of a lasted security protocol for EPC system is given and the result shows the lasted protocol had no resistance to replay attack and did not resolve the problem of data forge and tag’s location privacy. So an improved protocol is then proposed to protect RFID system from all major attacks. In order to guarantee the concurrent security of EPC system, the the ideal functionality of EPC system is formally defined with the UC framework. Then a secure protocol for EPC system under UC model is proposed and the analysis of security and performance of the proposed protocol is given, in comparison with other protocols, the results show that the proposed protocol is UC secure.(3) Research and deign for secure search protocol of RFID system based on strand space model. A lasted secure search protocol of RFID system is analyzed, and it is proved that the lasted protocol was not resistant to the replay attack, and the locations of tags and reader could be locked by the adversary. In order to solve the RFID system’s safe and precise search problem among the mass amounts tags, the basic strand space model is extended and a conception of "unreplayable" also introduced to analyze the session information script in secure search protocol of RFID system. Then a secure search protocol of RFID system is proposed and a security analysis is also given based on the extended strand space model. By comparing to other protocols, the results show that the proposed protocol eliminates the security risks and is quite suitable for low cost tags. (4) Research on privacy of electronic tag’s ownership transfer protocol in the eniverment of supply chain. An anslysis of security and privacy problems exit in the electronic tag’s ownership transfer protocol is given fistly; then based on the application environment of supply chain, the basic space model is extended and the space model of privacy of electronic tag’s ownership transfer protocol is proposed, and the determinant theorems and rules of forward privacy, backward privacy and key’s security are also defined. Then the theorems and rules are introduced to analyze the security and privacy of two representative electronic tag’s ownership transfer protocols. The results show that both of the protocols have the backward pricacy problem and risk of key’s lekage.更多还原