For wireless network such as wireless local area network or wireless metropolitan area network, security problems are far more serious than those of wired Ethernet. Radio Frequency Identification (RFID) faces security problems as well. Identity authentication and permission verification between a reader and an electronic tag in a RFID system have to be implemented effectively before secure communication can be performed. For all networks, security problems associated with the electronic tags are the most complicated, since the electronic tags themselves have quite different performances and functions, and the product configurations and application requirements thereof are difficult to be unified. Different security strategies have to be designed for each type of electronic tag and the particular application thereof.
Generally, the electronic tags can be classified into approximately three categories according to their usages and application environments: 1) high-level electronic tag with readable and writeable functions and having memory space and computational capacity; 2) mid-level electronic tag with similar functions but slightly poorer performance compared to the high-level electronic tag; 3) low-level electronic tag, which is only used to record some data information and ensures that the information is able to be read and written by a reader, and generally has no data processing function and computational capacity.
If an electronic tag has high performance, certain computational capacity and processing capacity, the bidirectional authentication and permission verification between the electronic tag and the reader may be implemented by using or adapting the secure access protocols of existing wireless network. For example, Chinese security standard of wireless local area network WAPI or the like can be employed. However, if an electronic tag has poor performance and cannot support existing protocols, a new security protocol has to be designed to implement the authentication and permission verification of the electronic tag.
Especially for electronic tags in ISO 18000-6 A category and ISO 18000-6 B category prescribed by International Organization for Standardization (ISO), typical public key algorithm based security protocols are difficult to be implemented due to the poor calculating and processing capabilities of the electronic tags. However, analysis shows that this type of tags can support pre-shared key based security protocols. Therefore, pre-shared key based security authentication protocols are effective solutions for the security problems associated with the electronic tags in ISO 18000-6 A category and ISO 18000-6 B category.
Additionally, it should be noted that in the field of electronic tag, electronic tag identity (ID) generally represents business secrets such as product prices, Producing areas and the like, so confidentiality of the ID needs to be guaranteed during the authentication. To avoid various attacks due to loss of the identity in the protocol with the ID being guaranteed not to be revealed, the ID must be replaced with a temporary identity. For the sake of security, the real identity of an electronic tag can be replaced with a random number to be authenticated during authentication process, such that confidentiality of the electronic tag ID is guaranteed.
Currently, pre-shared key based authentication protocols adapted for electronic tags have been proposed in the industry. However, analysis shows that these protocols commonly have some security problems and are difficult to be secure and practicable. Specifically, existing protocols have following security problems:
1. Updating of the shared key may introduce potential insecurity. In pre-shared key based security protocols, the shared key, the security of which is the basis of the whole system, is written manually in a reliable way. Dynamically updating the shared key in the protocols would inevitably introduce unsecure and unreliable components which degrade the security of the system.
2. Frequent writing of the shared key would cause large energy loss in the system, which may result in lower availability of the electronic tag because the performance of the electronic tag is sensible to energy.
3. Cyclic redundancy check (CRC) is used to check integrity of protocol message, and the calculation of the integrity check code involves no secret information shared between two communicating parties, so active attacks may not be resisted.
4. Updating of shared key has no forward-secrecy. If an updated key is deciphered by an attacker for one time, the attacker may calculate all of the shared keys negotiated later.
5. Updating of shared key has no backward-secrecy. If an updated key is deciphered by an attacker for one time, the attacker may calculate all of the shared keys negotiated earlier.
6. Both parties of the protocol have to store information related to integrity check of message calculated for each time, which would increase storage burden of the system.
7. Prior solutions perform authentication for each specific tag, other than perform a universal authentication for electronic tags of a same category. Therefore, a server has to store information related to each electronic tag, which means a heavy storage burden.
In view of above considerations, there is need for a new anonymous bidirectional authentication protocol, which is pre-shared key based and is adapted to authenticate electronic tags of a category instead of a separate one electronic tag, to implement bidirectional authentication and permission verification between the electronic tag and the reader, and to guarantee data security for the electronic tags of the category.