RFID认证协议安全性模型检测验证方法

信息安全研究 ›› 2024, Vol. 10 ›› Issue (11): 1043-.

RFID认证协议安全性模型检测验证方法

贾昊洲1,2徐鹏1,2王丹琛1,3徐扬1,2

1(系统可信性自动验证国家地方联合工程实验室成都611756)
2(西南交通大学数学学院成都611756)
3(四川省数字经济研究中心成都611756)

出版日期:2024-11-10 发布日期:2024-11-22
通讯作者: 贾昊洲硕士.主要研究方向为网络协议和形式化验证. jiahaozhou9@163.com
作者简介:贾昊洲硕士.主要研究方向为网络协议和形式化验证. jiahaozhou9@163.com 徐鹏博士,讲师.主要研究方向为网络空间安全、形式化验证、频谱与电磁环境管理. pengxup@swjtu.edu.cn 王丹琛博士,高级工程师.主要研究方向为信息安全、软件系统可信性验证和大数据安全技术与应用. 61793698@qq.com 徐扬博士,教授.主要研究方向为演绎逻辑、自动推理、定理机器证明. xuyang@home.swjtu.edu.cn

Research on Security Verification of RFID Authentication Protocol #br# Based on Model Checking#br#

Jia Haozhou1,2, Xu Peng1,2, Wang Danchen1,3, and Xu Yang1,2

1(NationalLocal Joint Engineering Laboratory of System Credibility Automatic Verification, Chengdu 611756)
2(School of Mathematics, Southwest Jiaotong University, Chengdu 611756)
3(Sichuan Digital Economy Research Center, Chengdu 611756)

Online:2024-11-10 Published:2024-11-22

摘要/Abstract

摘要： RFID技术作为物联网的核心技术,在各个领域中已被广泛应用.目前RFID系统频繁遭受安全威胁,主要原因在于RFID系统中的读取器和标签使用的是无线通信方式.RFID安全认证协议作为RFID系统通信安全保障的一种重要手段,其内在安全至关重要,同时形式化方法已成为当前提高协议内在安全的一种主要方法.针对典型的超轻量级双向认证RCIA协议,提出了一种通用的建模方法,并采用此方法为RCIA协议建立了SMV模型,通过NuSMV对该模型进行了安全性验证.实验结果确认了RCIA协议在一致性方面存在安全缺陷,进一步分析验证结果,并提供了缺陷相应的攻击路径.针对该缺陷,提出了一个通用的解决方案,并评估了其可行性.

关键词: RFID, 认证协议, 模型检测, NuSMV, 形式化验证

Abstract: RFID technology, as the core technology of the Internet of Things, has been widely used in various fields. Currently, RFID systems frequently face security threats, mainly due to the wireless communication used by the readers and tags in RFID systems. RFID security authentication protocols, as an important means to ensure communication security in RFID systems, are crucial for their inherent security. Formal methods have become a major technical approach for enhancing the inherent security of protocols.A general modeling method is proposed for the typical ultralightweight mutual authentication RCIA protocol. Using this method, an SMV (symbolic model verification) model is established for the RCIA protocol, and security property verification is conducted on this model using NuSMV. Experimental results confirm the existence of security flaws in the consistency aspect of the RCIA protocol. Further analysis of the verification results is provided, along with corresponding attack paths for the flaws. A general solution is proposed for this flaw, and its feasibility is evaluated.

Key words: RFID, authentication protocol, model checking, NuSMV, formal verification

中图分类号:

贾昊洲, 徐鹏, 王丹琛, 徐扬, . RFID认证协议安全性模型检测验证方法[J]. 信息安全研究, 2024, 10(11): 1043-.

参考文献

［1］Mohd S, Karan S, Pramod K M, et al. URASP: An ultralightweight RFID authentication scheme using permutation operation［J］. PeertoPeer Networking Application, 2021, 14(6): 737757［2］Huang K K, Liu Y L, Yin X C. Ultralightweight RFID mutual authentication protocol based on regeneration transformation［J］. Journal of Computer Applications, 2019, 39(1): 118125［3］Mujahid U,NajamulIslam M,Sarwar S. A new ultralightweight RFID authentication protocol for passive low cost tags: KMAP［J］. Wireless Personal Communication, 2017, 94(3): 725744［4］Paolo D, Roberto D P. Design weaknesses in recent ultralightweight RFID authentication protocols［C］ ICT Systems Security and Privacy Protection. Berlin: Springer, 2018: 317［5］Liu Y,Ezerman M, Wang H. Double verification protocol via secret sharing for lowcost RFID tags［J］. Future Generation Computer Systems, 2019, 90(1): 118128［6］Safkhani M, Rostampour S, Bendavid Y, et al. Improving RFIDIoTbased generalized ultralightweight mutual authentication protocols［J］. Information Security Technical Report, 2022, 6(7): 103109［7］Miller S P, Whalen M W, Cofer D D. Software model checking takes off［J］. Communications of the ACM, 2010, 53(2): 5864［8］Jiang H, He Q. A formal verification method for securityprotocol［J］. The Electronic World, 2019 (2): 5657［9］Navarrette J, Shankar S, Zhang X, et al. Formal modeling and analysis of multirogue backoff manipulation attacks in unlicensed networks［C］ Proc of the 16 Int Conf on the Design of Reliable Communication Networks. Piscataway, NJ: IEEE, 2020: 17［10］Zhou Y, Yu L. An BAN logic analysis method based onyahalom protocol［J］. Revista De La Facultad De Ingenieria, 2016, 32(12): 134142［11］Li J, Zhou Z, Wang P. Cryptanalysis of the LMAP protocol: A lowcost RFID authentication protocol［C］ Proc of Control and Decision Conference (CCDC). Piscataway, NJ: IEEE, 2017: 72927297［12］Dolev D, Tao A. On the security of public key protocols［J］. IEEE Trans on Information Theory, 1983, 29(2): 198208

[1]	王炯涵, 黄文超, 汪万森, 熊焰, . 一种比特币支付协议的形式化建模验证方法[J]. 信息安全研究, 2024, 10(4): 311-.
[2]	王慧文, 颜雪薇, 夏鲁宁, 王新华, . 面向车内异构网络的身份认证和密钥协商协议[J]. 信息安全研究, 2023, 9(E1): 25-.
[3]	陆明远, 侯春燕, 王劲松. 基于 Softplus 函数的神经网络的 Reluplex 算法验证研究[J]. 信息安全研究, 2022, 8(9): 917-.
[4]	何占博王颖张国宇刘军. 基于区块链的RFID数据采集溯源系统设计与实现[J]. 信息安全研究, 2021, 7(7): 621-631.
[5]	徐鹏翱滕济凯马鸿洋. 基于M序列的轻量级RFID认证协议[J]. 信息安全研究, 2018, 4(6): 555-558.
[6]	闫靖晨. 基于前推的密码协议形式化分析方法[J]. 信息安全研究, 2017, 3(5): 462-468.
[7]	景亮方晖蒋坚迪. 城市轨道交通自动售检票系统（AFC）的安全设计[J]. 信息安全研究, 2017, 3(11): 1045-1052.
[8]	谭洋. 基于Grain-v1算法的国军标安全认证协议[J]. 信息安全研究, 2016, 2(6): 513-518.
[9]	刘振吉. 便携计算机防盗提示器设计及无线认证策略[J]. 信息安全研究, 2016, 2(6): 527-532.
[10]	胡凯. 智能合约的形式化验证方法[J]. 信息安全研究, 2016, 2(12): 1080-1089.