RFID系统安全协议研究
|
摘要
随着无线射频识别(RFID)技术的不断进步,应用范围的不断扩大,整个社会对其的依赖程度也将会越来越高,那么针对其实施攻击的效益也将会越来越可观,对社会和应用市场造成的危害也会随之增大。由于在RFID开发之初,设计者们没有考虑安全问题的存在,使得电子标签恶意损坏、智能卡复制、移动支付终端身份假冒等现象频频出现,特别是当系统中的军事信息和商业秘密泄露时,可能会造成一些无法想象的后果。安全问题已成为制约RFID技术发展瓶颈的事实逐渐凸显,RFID系统的安全问题迫切需要得到解决。
针对RFID安全和隐私保护,近年来许多解决方案被提出,主要体现在物理保护和协议安全两个方面,物理机制由于成本高、破坏性大、需要额外设备支持等弱点而不被广泛采用。相反,基于密码技术的协议安全方式获得了更为广泛研究和应用。然而,这些协议在实现特定安全目标的同时,它们自身的安全或隐私保护能力也被广泛分析。遗憾的是,目前提出的协议经常存在基于密码算法弱、后台服务端计算负担重、协议机制不合理等安全和效率问题。为了解决这些问题,本文对RFID系统安全协议进行研究,具体研究内容及创新工作可归纳如下:
(1)基于椭圆曲线密码(ECC)的双向认证协议研究。通过研究椭圆曲线公钥密码的安全特性,及其在RFID实现的效率和可能性,首次进行标签和读写器无共享密钥安全机制研究,并提出了一个适用于RFID系统的双向认证协议。利用该协议,可以实现标签和读写器之间的相互认证,并且在没有明文传输标签身份值和不需要穷尽计算的情况下,实现标签身份的识别。基于ECC安全性的基础上,协议运行效率更高,取得了安全和效率之间的良好平衡。
(2)移动RFID双向认证协议研究。随着移动设备的广泛使用,移动RFID环境中的安全问题也备受关注,由于读写器和后台服务器之间采用无线通信,也即是,双向认证可以理解为标签、读写器和后台服务器三者之间的相互认证。为此,本文提出一个基于ECC的、适合移动RFID环境的双向认证协议。为保证认证效率,该协议同样采用无共享密钥机制。同时一个安全的读写器和后台服务器之间的数据传输方法被提出,利用该方法,在实现数据传输安全的同时,读写器还可以从收到的信息中恢复出标签的数据信息。
(3)标签查询协议研究。从某种意义上来说,标签查询协议是认证协议的延伸。二者的区别在于,前者是指定对象的认证,后者是没有指定对象的认证。标签查询协议使得读写器可以随时侦测到某个特定标签是否存在。该类协议主要应用于移动RFID环境中,有鉴于此,本文提出了一个无后台服务器的标签查询协议。新协议采用时间戳技术抵抗重放攻击。考虑到在标签端设定钟表装置的不现实性,提出了一个时间戳新鲜性验证方法。同时,采用GNY逻辑形式化证明显示,从协议的假设出发,经过运行可以达到该协议预先设定的目标。
(4)距离上界协议研究。为抵抗中继攻击,最好的方法就是将距离上界协议集成到RFID系统的物理层。对于距离测量问题,研究如何提高抵抗中继攻击(主要包括距离欺骗、黑手党欺骗和恐怖主义欺骗)能力,从挑战、响应比特与密钥关系的角度设定合理的逻辑体系,可以对安全的全面性和理想安全界的可达性起到更加直接的推动作用。因此,在基于轮交换时间测量的距离上界协议模型中,本文更加注重密钥参与快速比特交换方法的研究。
首先,考虑到无线信道的质量,快速交换阶段比特值的正确性需要进行验证。采用基于最终签名机制,提出了一个新的距离上界协议。首次将比特补的思想运用于快速阶段回复值的选取。利用该方式可以实现距离欺骗和黑手党欺骗的错误接受率达到理想界(1/2)n,这里n是一个安全参数。另外,本协议采用标签身份更新的方式来提高协议的运行效率;
其次,为了实现无最终签名的距离上界协议能抵抗恐怖主义欺骗攻击,并且实现几类攻击错误接受率的平衡,本文提出了一个增强安全的无最终签名的距离上界协议。新协议与之前协议不同之处在于,1)在协议慢速阶段,采用一个无条件安全的随机数分发方式,利用它验证者提供唯一的随机值给证明者,作为双方共享的预定义比特值。通过这种方式,证明者的计算能力被完全限制,结果,当仅仅考虑距离欺骗时,提出协议可以得到理想安全水平(1/2)n,其它同类协议最好只能达到(3/4)n;2)首次提出2比特挑战方式。为了降低欺骗攻击的成功概率,要求验证者发送00,01,10或11作为挑战值。同时,共享密钥比特也被要求参与到响应比特值的生成中。分析显示,本文提出协议可以同时抵抗3种欺骗攻击,并且具有相当低的错误接受率。
Along with radio frequency identification (RFID) technology continuous improvement in the coming months and years, the applied range of RFID is increasing daily. The whole social dependence on it becomes more and more advanced, so the benefits of attack to it will become more and more signifi-cant. Then the increasing harm to society and application market is also in-evitable. Due to the original designers of RFID development and application staff did not consider security issue, some phenomenon frequent appears, such as electronic tags malicious damage, smart cards copy, fake mobile payment terminals'identity, and so on. Even more serious is military secrets, confiden-tial business and personal information in the RFID system may be burgled and used. This is bound to cause incalculable losses on the states, collectives and individuals. People had to accept the fact that security has become a bottleneck of restricting the development of RFID. Safety issues of the RFID system urgent need to be addressed.
In recent years, many new methods have been proposed to improve RFID systems'security and privacy protection, which mainly reflected in two aspects of the physical protection and protocol security. Due to the high cost, serious de-struction, the need for additional device support and other weaknesses, physical mechanism has not been widely adopted. To the contrary, safety protocols based on cryptography technology has obtained a more extensive research and applica-tion. However, when these protocols achieved a specific security objective, their own security or privacy protection also has been extensively analyzed. Unfortu-nately, most existing protocols have some security and efficiency problems, such as the cryptography algorithm is weak, the back-end server computing burden is heavy, the mechanism of security protocol is irrational, and so on. In order to solve these problems, security protocols of RFID systems is researched in this thesis. Specific research contents and innovation can be summarized as follows:
(1) Research on elliptic curve cryptography (ECC) based mutual authen-tication protocols. By research elliptic curve public key cryptography security features, and its efficiency and the possibility of realization in the RFID, we first researched tags and readers with no shared key security mechanism. And we proposed a mutual authentication protocol for RFID system. This protocol can achieve mutual authentication between tags and readers, in the case of not re-quiring exhaustive calculation, achieving identification tags'identity. Based on the security of ECC, the proposed protocol has a high operating efficiency, and obtains a good balance between efficiency and security.
(2) Research on mobile RFID mutual authentication protocols. With the widespread use of mobile devices, security and privacy challenges in mobile R-FID environment has attracted much attention. Due to the use of wireless com-munication between the reader and the back-end server, that is, mutual authen-tication can be understood as the mutual authentication of among tags, readers and back-end server. In this thesis, we proposed an ECC-based mutual authenti-cation protocol for mobile RFID environment. In order to ensure the efficiency of protocol, no shared key mechanism has been used. At the same time, a new data transmission method for reader and back-end server has been proposed, us-ing this method, not only could ensure the data transmission security, but also the reader can recover the tag data from the received information.
(3) Research on tag search protocols. In a sense, tag search protocol is an extension of the authentication protocol. The former is designated specified ob-ject authentication, the latter is undesignated object. Tag search protocol allows the reader to detect whether a specific tag existence among multiple tags or not, mainly be used in mobile RFID environment. In this thesis, a new server-less tag search protocol which uses timestamp technology against replay attacks is proposed. Taking into account it is unrealistic that set a clock device in the tag side, we give a new the fresh of timestamp verification method. Meanwhile, using the GNY logic formal proves show that the departure from the assump- tions of the protocol, the protocol goals set in advance can be achieved after the operation.
(4) Research on distance bounding protocols. Distance bounding protocols is the best countermeasure against relay attacks, and it must be tightly integrated into the physical layer of the RFID system. For distance measurement, how to improve the resistance ability to relay attacks (including distance fraud, mafia fraud and terrorist fraud), from the challenge, response bit and key relationship point of view to set a reasonable logical system, it has played a key role in pro-moting against all relay attacks and achieved ideal security bound. Therefore, in the distance bounding protocols model, which based on the round trip time (RTT) of a bitwise challenge and response measure, we pay more attention to how key bits participated in fast bit exchange in this thesis.
First, considered the quality of the radio channel, the correctness of the val-ue of bits in the rapid exchange phase needs to be validated. Based on the final signature mechanism, we proposed a new distance bounding protocol, which the bit complement thought is the first time applied to select response bit in the fast phase. Using this method, our protocol can achieve the ideal security level against for the false acceptance rate of distance fraud and mafia fraud. In addi-tion, the protocol's operating efficiency be improved by updating tag's identify in the end of protocol each.
Secondly, in order to ensure the distance bounding protocol without the final signature can against terrorist fraud attacks, and achieve a good balance for the false acceptance rate of some attacks, an enhanced security distance bounding protocol without the final signature is proposed in this thesis. Our protocol is different in following sense,1) for restricting the computation capabilities of the prover, an unconditionally secure method has been used to deliver random num-ber from the verifier to the prover in slow phase. Thus, our protocol achieves the ideal security level (1/2)n when considering a distance fraud, the best result for other protocols is (3/4)n.2) two bits mixed challenges is used. For decreas-ing the success probability of these fraud attacks, we use two bits challenges that the verifier sending00,01,10or11. At the same time, the shared secret key bits are also required to participate in the generation of the response bit val-ue. Analysis shows that, the proposed protocol can prevent three fraud attacks simultaneously, and has a low false acceptance rate.
针对RFID安全和隐私保护,近年来许多解决方案被提出,主要体现在物理保护和协议安全两个方面,物理机制由于成本高、破坏性大、需要额外设备支持等弱点而不被广泛采用。相反,基于密码技术的协议安全方式获得了更为广泛研究和应用。然而,这些协议在实现特定安全目标的同时,它们自身的安全或隐私保护能力也被广泛分析。遗憾的是,目前提出的协议经常存在基于密码算法弱、后台服务端计算负担重、协议机制不合理等安全和效率问题。为了解决这些问题,本文对RFID系统安全协议进行研究,具体研究内容及创新工作可归纳如下:
(1)基于椭圆曲线密码(ECC)的双向认证协议研究。通过研究椭圆曲线公钥密码的安全特性,及其在RFID实现的效率和可能性,首次进行标签和读写器无共享密钥安全机制研究,并提出了一个适用于RFID系统的双向认证协议。利用该协议,可以实现标签和读写器之间的相互认证,并且在没有明文传输标签身份值和不需要穷尽计算的情况下,实现标签身份的识别。基于ECC安全性的基础上,协议运行效率更高,取得了安全和效率之间的良好平衡。
(2)移动RFID双向认证协议研究。随着移动设备的广泛使用,移动RFID环境中的安全问题也备受关注,由于读写器和后台服务器之间采用无线通信,也即是,双向认证可以理解为标签、读写器和后台服务器三者之间的相互认证。为此,本文提出一个基于ECC的、适合移动RFID环境的双向认证协议。为保证认证效率,该协议同样采用无共享密钥机制。同时一个安全的读写器和后台服务器之间的数据传输方法被提出,利用该方法,在实现数据传输安全的同时,读写器还可以从收到的信息中恢复出标签的数据信息。
(3)标签查询协议研究。从某种意义上来说,标签查询协议是认证协议的延伸。二者的区别在于,前者是指定对象的认证,后者是没有指定对象的认证。标签查询协议使得读写器可以随时侦测到某个特定标签是否存在。该类协议主要应用于移动RFID环境中,有鉴于此,本文提出了一个无后台服务器的标签查询协议。新协议采用时间戳技术抵抗重放攻击。考虑到在标签端设定钟表装置的不现实性,提出了一个时间戳新鲜性验证方法。同时,采用GNY逻辑形式化证明显示,从协议的假设出发,经过运行可以达到该协议预先设定的目标。
(4)距离上界协议研究。为抵抗中继攻击,最好的方法就是将距离上界协议集成到RFID系统的物理层。对于距离测量问题,研究如何提高抵抗中继攻击(主要包括距离欺骗、黑手党欺骗和恐怖主义欺骗)能力,从挑战、响应比特与密钥关系的角度设定合理的逻辑体系,可以对安全的全面性和理想安全界的可达性起到更加直接的推动作用。因此,在基于轮交换时间测量的距离上界协议模型中,本文更加注重密钥参与快速比特交换方法的研究。
首先,考虑到无线信道的质量,快速交换阶段比特值的正确性需要进行验证。采用基于最终签名机制,提出了一个新的距离上界协议。首次将比特补的思想运用于快速阶段回复值的选取。利用该方式可以实现距离欺骗和黑手党欺骗的错误接受率达到理想界(1/2)n,这里n是一个安全参数。另外,本协议采用标签身份更新的方式来提高协议的运行效率;
其次,为了实现无最终签名的距离上界协议能抵抗恐怖主义欺骗攻击,并且实现几类攻击错误接受率的平衡,本文提出了一个增强安全的无最终签名的距离上界协议。新协议与之前协议不同之处在于,1)在协议慢速阶段,采用一个无条件安全的随机数分发方式,利用它验证者提供唯一的随机值给证明者,作为双方共享的预定义比特值。通过这种方式,证明者的计算能力被完全限制,结果,当仅仅考虑距离欺骗时,提出协议可以得到理想安全水平(1/2)n,其它同类协议最好只能达到(3/4)n;2)首次提出2比特挑战方式。为了降低欺骗攻击的成功概率,要求验证者发送00,01,10或11作为挑战值。同时,共享密钥比特也被要求参与到响应比特值的生成中。分析显示,本文提出协议可以同时抵抗3种欺骗攻击,并且具有相当低的错误接受率。
Along with radio frequency identification (RFID) technology continuous improvement in the coming months and years, the applied range of RFID is increasing daily. The whole social dependence on it becomes more and more advanced, so the benefits of attack to it will become more and more signifi-cant. Then the increasing harm to society and application market is also in-evitable. Due to the original designers of RFID development and application staff did not consider security issue, some phenomenon frequent appears, such as electronic tags malicious damage, smart cards copy, fake mobile payment terminals'identity, and so on. Even more serious is military secrets, confiden-tial business and personal information in the RFID system may be burgled and used. This is bound to cause incalculable losses on the states, collectives and individuals. People had to accept the fact that security has become a bottleneck of restricting the development of RFID. Safety issues of the RFID system urgent need to be addressed.
In recent years, many new methods have been proposed to improve RFID systems'security and privacy protection, which mainly reflected in two aspects of the physical protection and protocol security. Due to the high cost, serious de-struction, the need for additional device support and other weaknesses, physical mechanism has not been widely adopted. To the contrary, safety protocols based on cryptography technology has obtained a more extensive research and applica-tion. However, when these protocols achieved a specific security objective, their own security or privacy protection also has been extensively analyzed. Unfortu-nately, most existing protocols have some security and efficiency problems, such as the cryptography algorithm is weak, the back-end server computing burden is heavy, the mechanism of security protocol is irrational, and so on. In order to solve these problems, security protocols of RFID systems is researched in this thesis. Specific research contents and innovation can be summarized as follows:
(1) Research on elliptic curve cryptography (ECC) based mutual authen-tication protocols. By research elliptic curve public key cryptography security features, and its efficiency and the possibility of realization in the RFID, we first researched tags and readers with no shared key security mechanism. And we proposed a mutual authentication protocol for RFID system. This protocol can achieve mutual authentication between tags and readers, in the case of not re-quiring exhaustive calculation, achieving identification tags'identity. Based on the security of ECC, the proposed protocol has a high operating efficiency, and obtains a good balance between efficiency and security.
(2) Research on mobile RFID mutual authentication protocols. With the widespread use of mobile devices, security and privacy challenges in mobile R-FID environment has attracted much attention. Due to the use of wireless com-munication between the reader and the back-end server, that is, mutual authen-tication can be understood as the mutual authentication of among tags, readers and back-end server. In this thesis, we proposed an ECC-based mutual authenti-cation protocol for mobile RFID environment. In order to ensure the efficiency of protocol, no shared key mechanism has been used. At the same time, a new data transmission method for reader and back-end server has been proposed, us-ing this method, not only could ensure the data transmission security, but also the reader can recover the tag data from the received information.
(3) Research on tag search protocols. In a sense, tag search protocol is an extension of the authentication protocol. The former is designated specified ob-ject authentication, the latter is undesignated object. Tag search protocol allows the reader to detect whether a specific tag existence among multiple tags or not, mainly be used in mobile RFID environment. In this thesis, a new server-less tag search protocol which uses timestamp technology against replay attacks is proposed. Taking into account it is unrealistic that set a clock device in the tag side, we give a new the fresh of timestamp verification method. Meanwhile, using the GNY logic formal proves show that the departure from the assump- tions of the protocol, the protocol goals set in advance can be achieved after the operation.
(4) Research on distance bounding protocols. Distance bounding protocols is the best countermeasure against relay attacks, and it must be tightly integrated into the physical layer of the RFID system. For distance measurement, how to improve the resistance ability to relay attacks (including distance fraud, mafia fraud and terrorist fraud), from the challenge, response bit and key relationship point of view to set a reasonable logical system, it has played a key role in pro-moting against all relay attacks and achieved ideal security bound. Therefore, in the distance bounding protocols model, which based on the round trip time (RTT) of a bitwise challenge and response measure, we pay more attention to how key bits participated in fast bit exchange in this thesis.
First, considered the quality of the radio channel, the correctness of the val-ue of bits in the rapid exchange phase needs to be validated. Based on the final signature mechanism, we proposed a new distance bounding protocol, which the bit complement thought is the first time applied to select response bit in the fast phase. Using this method, our protocol can achieve the ideal security level against for the false acceptance rate of distance fraud and mafia fraud. In addi-tion, the protocol's operating efficiency be improved by updating tag's identify in the end of protocol each.
Secondly, in order to ensure the distance bounding protocol without the final signature can against terrorist fraud attacks, and achieve a good balance for the false acceptance rate of some attacks, an enhanced security distance bounding protocol without the final signature is proposed in this thesis. Our protocol is different in following sense,1) for restricting the computation capabilities of the prover, an unconditionally secure method has been used to deliver random num-ber from the verifier to the prover in slow phase. Thus, our protocol achieves the ideal security level (1/2)n when considering a distance fraud, the best result for other protocols is (3/4)n.2) two bits mixed challenges is used. For decreas-ing the success probability of these fraud attacks, we use two bits challenges that the verifier sending00,01,10or11. At the same time, the shared secret key bits are also required to participate in the generation of the response bit val-ue. Analysis shows that, the proposed protocol can prevent three fraud attacks simultaneously, and has a low false acceptance rate.
引文
[1]Yu N. C., Contributions to RFID security, University of Wollongong, New South Wales, Australia,2012
[2]Bolic M., Simplot-Ryl D., and Stojmenovic I., RFID systems:research trends and challenges,, John Wiley and Sons, Ltd.,2010
[3]Weinstein R., RFID:a technical overview and its application to the enterprise, IT professional,7 (3),2005, pp.27-33
[4]Lufthansa Technik Connection, The Lufthansa Technik Group Magazine, Ham-burg, Germany,2013, http://www.lufthansa-technik.com/documents/100446/160376/ Technik+Connection+1-2013.pdf
[5]米志强、杨署、王武等编著,《射频识别(RFID)技术与应用》,电子工业出版社,2011年
[6]Jones E. C. and Chung C. A., RFID in Logistics, In CRC Press, ISBN 978-0-8493-8526-1,2008
[7]Abyaneh M. R. S., Security Analysis Of Lightweight Schemes for RFID Systems, University of bergen, Norway,2012
[8]电子标签标准工作组,http://www.rfidgroup.org.cn/
[9]Sarma S., Weis S., and Engels D., Radio-frequency identification:Secure risks and challenges, RSA Laboratories Cryptobytes,2003, pp.2-9
[10]Engberg S. J., Harning M. B., and Jensen C. D., Zero-knowledge device authenti-cation:Privacy and security enhanced RFID preserving business value and consumer convenience, In Conference on Privacy, Security and Trust-PST, New Brunswick, Canada,2004
[11]Feldhofer M., Dominikus S., and Wolkerstorfer J., Strong authentication for RFID systems using the AES algorithm, in Workshop on Cryptographic Hardware and Em-bedded Systems-CHES 2004, ser. Lecture Notes in Computer Science, M. Joye and J.-J. Quisquater, Eds., IACR. Boston, Massachusetts, USA:Springer-Verlag,2004, pp. 357-370
[12]Saito J., Ryou J. C., and Sakurai K., Enhancing privacy of universal re-encryption scheme for RFID tags, EUC'04, Springer-Verlag, LNCS,2004, pp.879-890
[13]Vajda I. and Buttyan L., Lightweight authentication protocols for low-cost RFID tags, Security issue in Ubicomp'03,2003
[14]Weis S., Security and Privacy in Radio Frequency Identification Device, Cambridge, MA, USA:MIT,2003
[15]Weis S., Sarma S., Rivist R., et al., Security and Privacy Aspects of Low-cost radio Frequency Identification Systems, Lecture Notes in Computer Science,2802,2003, pp.201-202
[16]Ohkubo M., Suzuki K., and Kinoshita S., A Cryptographic Approach to'Privacy-Friendly'Tags, In:proceedings of RFID Privacy Workshop, Vol.82, Cambridge,2003
[17]Lee S. M., Hwang Y. J., Lee D. H., et al., Efficient authentication for low-cost RFID systems, ICCSA'05, LNCS 3840, Berlin,2005, pp.619-627
[18]Piramuthu S., RFID mutual authentication protocols, Decision Support Systems,50 (2),2011, pp.387-393
[19]Abyaneh M. R. S., Security analysis of lightweight schemes for RFID systems, Uni-versity of Bergen, Bergen,2012
[20]Cho J. S., James J., and Park J. H., High Attack Cost:Hash Based RFID Tag Mutual Authentication Protocol, Computer Science and Convergence,2012, pp.113-120
[21]Piramuthu S., Vulnerabilities of RFID protocols proposed in ISF, Information Systems Frontiers,14 (3),2012, pp.647-651
[22]Moriyama D., Matsuo S., and Ohkubo M., Relations among Notions of Privacy for RFID Authentication Protocols, Computer Security-ESORICS 2012, Springer Berlin Heidelberg,2012, pp.661-678
[23]Wang S. and Liu S., Attacks and improvements on the RFID authentication protocols based on matrix, Journal of Electronics (China),30 (1),2013, pp.33-39
[24]Fajarado J. M. and Dominguez A. P., Security in RFID and Sensor Networks, First Edition, ISBN:978-1-4200-6839-9, Auerbach publication,2009
[25]Lieshout M. V., Grossi L., Spinelli G., et al., RFID Technologies:Emerging Is-sues, Challenges and Policy Options, JRC Scientific and Technical Reports, European Commission,2007
[26]Juels A., Rivest R. L., and Szydlo M., The blocker tag:selective blocking of RFID tags for consumer privacy, CCS'03, ACM Press,2003, pp.103-111
[27]Bono S. C., Green M., Rubin A. D., et al, Security analysis of a cryptographically-enabled RFID device, in 14th USENIX Security Symposium, http://usenix.org/events/sec05/tech/bono/bono.pdf,2005, pp.1-16
[28]Gerhard F. D., Muijrers G. K. G. R., Rossum P., et al., Dismantling MIFARE Classic, ESORICS'08, Springer-Verlag, LNCS, Malaga, Spain,2008, pp.97-114
[29]Oswald D. and Paar C., Breaking mifare DESFire MF3ICD40:power analysis and templates in the real world, CHES'11, Springer Berlin Heidelberg,2011, pp.207-222
[30]Karjoth G. and Moskowitz P., Disabling RFID Tags with Visible Confirmation, W-PES'05, ACM Workshop on Privacy in the Electronic Society, ACM Press,2005, pp. 27-30
[31]Minime and Mahajivana, RFID Zapper,22nd Chaos Communication Congress Dec, https://events.ccc.de/congress/2005/wiki/RFID-Zapper(EN),2005
[32]Oren Y. and Shamir A., Remote Password Extraction from RFID Tags, IEEE Trans-actions on Computers archive,56 (9),2007 September, pp.1292-1296
[33]Grunwald L., New attacks against RFID-Systems, GmbH Germany, http://www. blackhat.com/presentations/bh-usa-06/BH-US-06-Grunwald.pdf,2006
[34]Kfir Z. and Wool A., Picking virtual pockets using relay attacks on contactless smart-card systems, http://eprint.iacr.org/2005/052,2005
[35]Han D. G., Takagi T., Kim H. W., et al., New security problem in RFID systems Tag Killing, ICCSC2006, Springer-Verlag, LNCS,2006, pp.375-384
[36]Ranasinghe D. C. and Cole P. H., Confronting security and privacy threats in modern rfid systems, ACSSC'06,2006, pp.2058-2064
[37]Heydt-Benjamin T. S., Bailey D. V., Fu K., et al., Vulnerabilities in first generation RFID-enabled credit cards, FC'07,2007, pp.2-14
[38]Laurie A., Practical attacks against RFID, Network Security,2007 (9),2007, pp.4-7
[39]Conway J. H., On Numbers and Games, Academic Press,1976
[40]Hu Y. C., Perrig A., and Johnson D. B., Wormhole attacks in wireless networks, IEEE Journal on Selected Areas in Communications (JSAC),2006, pp.370-380
[41]Juels A., RFID Security and Privacy:A Research Survey, Selected Areas in Commu-nications, IEEE Journal on,24 (2),2006, pp.381-394
[42]Rotter P., A Framework for Assessing RFID System Security and Privacy Risks, IEEE Pervasive Computing Magazine,7 (2),2008 April, pp.70-77
[43]Roberts C.M., Radio Frequency Identification (RFID), Elsevier Journal Computers& Security,25 (1),2006 February, pp.18-26
[44]Bundesamt fur Sicherheit in der Informations technic, Security Aspects and Prospec-tive Applications of RFID Systems, http://www.bsi.bund.de,2004
[45]NIST:Special Publication 800-98, Guidance for Securing Radio Frequency Identifica-tion (RFID) Systems, http://csrc.nist.gov/,2007
[46]Rieback M., Crispo B., and Tanenbaum A., Is your cat infected with a computer virus?, IEEE PERCOM'06, Pisa, Italy,2006, pp.169-179
[47]粟伟,低成本无线射频识别安全与隐私研究,中国科学院研究生院,北京,2006年
[48]Sakiyama K., Secure Design Methodology and Implementation for Embedded Public-key Cryptosystems, Katholieke Universiteit Leuven, Belgium,2007
[49]Auto-ID Center, Draft protocol specification for a 900 MHz class 0 radio frequency identification tag,2003
[50]Stajano F. and Anderson R., Then Resurrection Duckling:Security Issues for Ad-hoc Wireless Networks, Security Protocols,2000, pp.172-182
[51]丁治国,RFID关键技术研究与实现,中国科学技术大学,合肥,2009年
[52]Good N., Molnar D., Urban J. M., et al., Radio frequency ID and privacy with information goods, Proc. Workshop on Privacy in the Electronic Society, ACM,2004, pp.41-42
[53]Floerkemeier C., Schneider R., and Langheinrich M., Scanning with a purpose Supporting the fair information principles in RFID protocols, http://citeseer.ist.psu.edu/floerkemeier04scanning.html,2004
[54]Rieback M., Crispo B., and Tanenbaum A., RFID Guardian:A battery-powered mo-bile device for RFID privacy management, Security and Privacy, New York:Springer-Verlag:LNCS,2005, pp.184-194
[55]Juels A., Syverson P., and Bailey D., High-power proxies for enhancing RFID privacy andutility, Privacy Enhancing Technologies, Springer Berlin Heidelberg,,2006, pp. 210-226
[56]Juels A., Rivest R. L., and Szydlo M., The blocker tag:Selective blocking of RFID tags for consumer privacy, In Proceedings of the 10th ACM conference on Computer and communications security, ACM,2003, pp.103-111
[57]Juels A. and Brainard J., Soft blocking:Flexible blocker tags on the cheap, Proceed-ings of the 2004 ACM workshop on Privacy in the electronic society(WPES'04), ACM Press,2004, pp.1-7
[58]Fishkin K. P., Roy S., and Jiang B., Some methods for privacy in RFID communica-tion, ESAS 2004, Springer:Heidelberg, LNCS,2004, pp.42-53
[59]Rahmati A., Salajegheh M., Holcomb D., et al., TARDIS:Time and remanence decay in SRAM to implement secure protocols on embedded devices without clocks, USENIX Security'12, Bellevue, WA,2012
[60]Lopez P. P., Castro J. C. H., Tapiador J. M. E., et al., LMAP:A real lightweight mutual authentication protocol for low-cost RFID tags, RFIDSec'06,2006
[61]Lopez P. P., Castro J. C. H., Tapiador J. M. E., et al., M2AP:A minimalist mutual-authentication protocol for low-cost RFID tags, UIC'06, Springer-Verlag, L-NCS,2006, pp.912-923
[62]Lopez P. P., Castro J. C. H., Tapiador J. M. E., et al., EMAP:An efficient mutual authentication protocol for low-cost RFID tags, IS'06, Springer-Verlag, LNCS,2006, pp.352-361
[63]Tieyan L. and Guilin W., Security Analysis of Two Ultra-Lightweight RFID Authenti-cation Protocols, IFIP.Security and Communication Networks, DFIP SEC 2007, Sand-ton, Gauteng, South Africa,2007, pp.135-146
[64]Li T. and Deng R. H., Vulnerability analysis of EMAP-an efficient RFID mutual authentication protocol, Conference on AReS'07, Vienna, Austria,2007, pp.238-245
[65]Chien H. Y. and Huang C. W., Security of ultra-lightweight RFID authentication proto-cols and its improvements, ACM SIGOPS Operating Systems Review:Special Interest Group on Operating Systems,41 (4),2007 July, pp.83-86
[66]Barasz M., Boros B., Ligeti P., et al., Breaking LMAP, Proc. of RFIDSec'07, IEEE Press,2007, pp.11-16
[67]Barasz M., Boros B., Ligeti P., et al., Passive Attack Against the M2AP Mutual Au-thentication Protocol for RFID Tags, Proc. of First International EURASIP Workshop on RFID Technology, IEEE Press,2007, pp.37-48
[68]Li T. and Wang G., SLMAP:a secure ultra-lightweight RFID mutual authentication protocol, In Proceedings of Chinacrypt'07, Cheng Du, China,2007, pp.19-22
[69]Hernandez-Castro J. C., Tapiador J. E., Peris-Lopez P., et al., Metaheuristic traceabili-ty attack against SLMAP, an RFID lightweight authentication protocol, Proceedings of the 2009 IEEE International Symposium on Parallel & Distributed Processing,2009, pp.23-29
[70]Wang S. H. and Zhang W. W., Passive attack on SLMAP authentication protocol, Journal of Nanjing University of Posts and Telecommunications(Natural Science),3 (3),2012 March, pp.91-94
[71]Chien H. Y., SASI:A new ultralightweight rfid authentication protocol providing strong authentication and strong integrity, IEEE Transactions on Dependable and Se-cure Computing,4 (4),2007, pp.337-340
[72]Paolo D. A. and Alfredo D. S., From Weaknesses to Secret Disclosure in a Recent Ultra-Lightweight RFID Authentication Protocol, IACR Cryptology ePrint Archive, 2008, pp.470-470
[73]Sun H. M., Ting W. C., and Wang K. H., On the Security of Chien's Ultralightweight RFID Authentication Protocol. IEEE Trans, on Dependable and Secure Computing),8 (2),2011 March, pp.315-317
[74]Cao T. J., Bertino E., and Lei H., Security Analysis of the SASI Protocol, Dependable and Secure Computing, IEEE Trans, on,6(1),2009, pp.73-77
[75]Hernandez-Castro J. C., Tapiador J. M. E., Peris-Lopez P., et al., Cryptanalysis of the SASI Ultralightweight RFID Authentication Protocol, IEEE Trans, on Dependable and Secure Computing),6 (4),2009, pp.316-320
[76]Avoine G., Carpent X., and Martin B., Strong Authentication and Strong Integrity (SASI) Is Not That Strong, RFIDSec'10, Security and Privacy Issues, Springer-Verlag Berlin, Heidelberg,2010, pp.50-64
[77]Molnar D. and Wagner D., Privacy and security in library RFID:Issues, practices, and architectures, ACM CCS'04, ACM Press,2004, pp.210-219
[78]Dimitriou T., A lightweight RFID protocol to protect against traceability and cloning attacks, SECURECOMM'05, IEEE Computer Society,2005
[79]Rhee K., Kwak J., Kim S., et al., Challenge-response based RFID authentication protocol for distributed database environment, SPC'05, Springer-Verlag, LNCS,2005, pp.70-84
[80]Berlekamp E., McEliece R., and Tilborg H. V., On the inherent intractability of certain coding problems, IEEE Trans. Inform. Theory,1978, pp.384-386
[81]Blum A., Furst M., Kearns M., et al., Cryptographic primitives based on hard learning problems, Advances in Cryptology CRYPTO'93, Springer-Verlag, LNCS,1994, pp. 278-291
[82]Hopper N. J. and Blum M., Secure Human Identication Protocols, Cryptology-Asiancrypt'2001, Springer-Verlag, LNCS,2001, pp.52-66
[83]Juels A. and Weis S., Authenticating pervasive devices with human protocols, CRYP-TO'05, Springer-Verlag, LNCS,2005, pp.293-308
[84]Bringer J., Chabanne H., and Dottax E., HB++:a lightweight authentication protocol secure against some attacks, SecPerU'06, IEEE Computer Society,2006
[85]Bringer J. and Chabanne H., Trusted-HB:a low-cost version of HB secure against man-in-the-middle attacks, arXiv,2008
[86]Munilla J. and Peinado A., HB-MP:A further step in the HB-family of lightweight authentication protocols, Computer Networks,51 (9),2007, pp.2262-2267
[87]Stepahne L. and Adrian T., Clone resistant mutual authentication for low-cost RFID technology, Cryptology ePrint Archive, Report'07,2007
[88]Gilbert H., Robshaw M., and Seurin Y., Good variants of HB+ are hard to find, In Proc. Financial Cryptography and Data Security,2008, pp.156-170
[89]Frumkin D. and Shamir A., Un-Trusted-HB:Security vulnerabilities of Trusted-HB, EPrint,2009
[90]Gilbert H., Robshaw M., and Seurin Y., HB#:Increasing the security and efficiency of HB, In Proc. EUROCRYPT, volume 4965,2008, pp.361-378
[91]Ouafi K., Overbeck R., and Vaudenay S., On the security of HB# against a man-in-the-middle attack, Proc. ASIACRYPT,2008
[92]Weis S., Security and Privacy in Radio-Frequency Identification Devices, MIT, USA, 2003
[93]Ohkubo M., Suzuki K., and Kinoshita S., Efficient hash-chain based RFID privacy protection scheme, Ubicomp'04, Nottingham, England,2004
[94]Weis S., Sarma S., Rivest R., et al., Security and privacy aspects of low-cost ra-dio frequency identification systems, Security in pervasive computing, Springer Berlin Heidelberg,2004, pp.201-212
[95]Juels A. and Pappu R., Squealing euros:Privacy protection in RFID-enabled ban-knotes, FC'03, ser. Lecture Notes in Computer Science, R. N. Wright, Ed., vol.2742, IFCA., Le Gosier, Guadeloupe, French West Indies:Springer-Verlag,2003, pp.103-121
[96]Avoine G., Privacy issues in RFID banknote protection schemes, CARDIS'04, Toulouse, France:Kluwer Academic Publishers,2004, pp.33-48
[97]Golle P., Jakobsson M., and Juels A., Universal reencryption for mixnets, CT-RSA'04, Springer-Verlag, LNCS,2004, pp.163-178
[98]Burmester M., Medeiros B. D., and Motta R., Robust, anonymous RFID authentica-tion with constant key-lookup, Symposium on ICCSS'08, ACM,2008, pp.283-291
[99]Liang B., Li Y., Ma C., et al., Robust, anonymous RFID authentication with constant key-lookup,5th International Conference on Information Systems Security-ICISS'09, 2009, pp.71-85
[100]Sakiyama K., Batina L., Mentens N., et al., Small-footprint ALU for public-key processors for pervasive security, Workshop on RFID Security, RFIDSec,2006
[101]Batina L., Guajardo J., Kerins T., et al., An elliptic curve processor suitable for RFID-tags, Cryptology ePrint Archive, Report 2006/227,2006
[102]Braun M., Hess E., and Meyer B., Using elliptic curves on RFID tags, International Journal of Computer Science and Network Security,2008, pp.1-9
[103]Avoine G., Kalach K., and Quisquater J. J., ePassport:Securing international contacts with contactless chips, in Financial Cryptography and Data Security-FC'08,2008
[104]Heydt-Benjamin T. S., Bailey D. V., Fu K., et al., Vulnerabilities in First-Generation RFID-Enabled Credit Cards, Manuscript,2006
[105]Feldhofer M., J.Wolkerstorfer, and Rijmen V., AES Implementation on a Grain of Sand, IEE Proceedings Information Security,152 (1),2005, pp.13-20
[106]Dominikus S., Oswald E., and Feldhofer M., Symmetric Authentication for RFID Systems in Practice, ECRYPT Workshop on RFID and Lightweight Crypto, Graz, Aus-tria,2005,July
[107]Lee J. and Yeora Y., Efficient RFID Authentication Protocols Based on Pseudorandom Sequence Generators, Cryptology ePrint Archive, Report 2008/343,2008
[108]Ma C., Li Y., Deng R., et al, RFID privacy:Relation Between Two Notions, Minimal Condition, and Efficient Construction, ACM CCS'09, ACM,2009, pp.54-65
[109]Gilbert H., Robshaw M., and Sibert H., An active attack against HB+- a provably secure lightweight authentication protocol, http://eprint.iacr.org/2005/237.pdf,2005
[110]Bringer J. and Chabanne H., Trusted-HB:A Low-Cost Version of HB+Secure Against Man-in-the-Middle Attacks, IEEE Transactions on Information Theory,2008
[111]Ouafi K., Overbeck R., and Vaudenay S., On the Security of HB# against a Man-in-the-Middle Attack, in Advances in Cryptology-Asiacrypt 2008,2008
[112]Alomair B. and Poovendran R., On the Authentication of RFID Systems with Bitwise Operations, in Advances in Cryptology-Asiacrypt 2008 New Technologies, Mobility and Security,2008. NTMS'08,2008
[113]Cho J. S., Yeo S. S., and Kim S. K., Securing against brute-force attack:A hash-based RFID mutual autherntication protocol using a secret value, Computer Communication-s,34 (3),2011 March, pp.391-397
[114]Yang J., Park J., Lee H., et al., Mutual authentication protocol for low-cost RFID, RFID and Lightweight Cryptography Workshop,2005, pp.17-24
[115]Henrici D. and Muller P., Hash-based enhancement of location privacy for radio fre-quency identification devices using varying identifiers, PerSec'04, IEEE,2004, pp. 149-153
[116]Kang S. Y., Lee D. G., and Lee I. Y., A study on secure RFID mutual authentication scheme in pervasive computing environment, Computer Communications,2008, pp. 4248-4254
[117]Santi M., Magda V., Concepcio R., et al., A secure elliptic curve-based RFID pro-tocol, Journal of Computer Science and Technology (JCST),24 (2),2009 march, pp. 309-318
[118]Chien H. Y. and Lain C. S., ECC-based lightweight authentication protocol with un-traceability for low-cost RFID, J. Parallel Distrib. Comput,69,2009, pp.848-953
[119]Miller V. S., Use of elliptic curves in cryptography, Proceeding on Advances in cryp-tology(CRYPTO'85), LNCS 218, Springer,1986, pp.417-426
[120]Koblitz N., Elliptic curve cryptosystems, Mathematics of computation,48,1987, pp. 203-209
[121]王峰,GF(2163)上椭圆曲线密码体制的FPGA实现,广州大学,广州,2006年
[122]Kim K. W., Le K. J., and Yoo K. Y., A New digit serial systolic multiplier for finite fields GF(2m), Info-tech and Info-net Proceedings 2001 International Conferences on,2001
[123]Wolkerstorfer J., Is elliptic-curve cryptography suitable to secure RFID tags?, E-CRYPT Workshop RFID and Lightweight Crypto, Graz, Austria,2005, pp.78-91
[124]Lee Y. K., Batina L., Sakiyama K., et al., Elliptic curve based security processor for RFID, IEEE Transactions on Computers,57 (11),2008 Nov, pp.1514-1527
[125]Furbass F. and Wolkerstorfer J., ECC processor with low die size for RFID appli-cations, In:Proceedings of the 40th IEEE International Symposium on Circuits and Systems (ISCAS 2007), IEEE,2007, pp.1835-1838
[126]Hein D., Elliptic-curve cryptography suitable for RFID systems, Master's the-sis, IAIK, Technical University of Graz, http://www.iaik.tugraz.at/teaching/11-diplomarbeiten/archive/hein.htm,2008
[127]Lee Y. K., Batina L., Singelee D., et al., Low-Cost Untraceable Authentication Protocols for RFID (extended version), In:S. Wetzel, C.N. Rotaru, F. Stajano (ed-s.) WiSec'10, ACM,2010, pp.55-64
[128]Lee Y. K., Batina L., and Verbauwhede I., EC-RAC (ECDLP Based Randomized Ac-cess Control):Provably Secure RFID authentication protocol, In:IEEE International Conference on RFID, IEEE,2008, pp.97-104
[129]Lee Y. K., Sakiyama K., Batina L., et al., Elliptic Curve Based Security Processor for RFID, In:IEEE International Conference on RFID, IEEE,2008, pp.97-104
[130]Schnorr C. P., Efficient Identification and Signatures for Smart Cards, In:G. Brassard (ed.) CRYPTO'89, LNCS,1989, pp.239-252
[131]Bringer J., Chabanne H., and Icart T., Cryptanalysis of EC-RAC, a RFID Identifi-cation Protocol, In:International Conference on Cryptology and Network Security-CANS'08, LNCS, Springer-Verlag,2008
[132]Godor G., Giczi N., and Dr S. I., Elliptic curve cryptography based mutual authen-tication protocol for low computational capacity RFID systems-performance analysis by simulations, IEEE, WCNIS'2010,2010, pp.650-657
[133]Lo N. W., Yeh K. H., and Yeun C. Y., New mutual agreement protocol to secure mobile RFID-enabled devices, Information Security Technical Report,13 (3),2008, pp.151-157
[134]Kang S. Y., Lee D. G., and Lee I. Y., A study on secure RFID mutual authenti-cation scheme in pervasive computing environment, Computer Communications,31 (18),2008, pp.4248-4254
[135]Kim S. C., Yeo S. S., and Kim S. K., MARP:Mobile agent for RFID privacy protec-tion, CARDIS'06, LNCS 3928,2006, pp.300-312
[136]Ikram M., Chowdhury A. H., Redwan H., et al., A lightweight mutual authentica-tion scheme for mobile radio frequency identification (mRFID) systems, Performance, Computing and Communications Conference, IPCCC 2008,2008, pp.289-296
[137]Kang S., Lee D., and Lee I., A study on secure RFID authentication protocol in in-secure communication, Workshop on Secure and Multimodal Pervasive Environments (SMPE'07),2007
[138]Wu K., Bai E., and Zhang W., A Hash-Based Authentication Protocol for Secure Mobile RFID Systems, The 1st International Conference on Information Science and Engineering (ICISE2009),2009, pp.2440-2443
[139]Yang M. H., Lightweight authentication protocol for mobile RFID networks, Int. J. Security and Networks,5 (1),2010, pp.53-62
[140]Sandhya M. and Rangaswamy T. R., A forward secured authentication protocol for mobile RFID systems, International Journal of Information Technology and Knowl-edge Management,4 (2),2011 July, pp.549-553
[141]Ivan D. and Michael P., RFID Security:Tradeoffs between Security and Efficiency, Lecture Notes in Computer Science,4964,2008, pp.318-332
[142]Alomair B., Lazos L., and Poovendran R., Securing low-cost RFID systems:An unconditionally secure approach, Journal of Computer Security,19 (2),2011, pp.229-257
[143]Bellare M. and Palacio A., GQ and Schnorr identification schemes:Proofs of security against impersonation under active and concurrent attacks, In:Yung M. (ed.) CRYPTO 2002, LNCS,2002, pp.162-177
[144]Tan C., Sheng B., and Li Q., Secure and serverless RFID authentication and search protocols, IEEE Transactions on Wireless Communications,7 (4),2008, pp.1400-1407
[145]Safkhani M., Peris-Lopez P., Bagheri N., et al., On the security of tan et al. serverless RFID authentication and search protocols, In Radio Frequency Identification. Security and Privacy Issues, Springer Berlin Heidelberg,2013, pp.1-19
[146]Kulseng L., Yu Z., and Wei Y., Lightweight Secure Search Protocols for Low-cost RFID Systems, ICDCS'09, IEEE Computer Society, Washington, DC, USA,2009, pp. 40-48
[147]Lv C., Li H., Ma J. F., et al., Vulnerability analysis of lightweight secure search protocols for low-cost RFID systems, International Journal of Radio Frequency Iden-tification Technology and Applications,1 (4),2012, pp.3-12
[148]Kim Z., Kim J., Kim K., et al., Untraceable and serverless RFID authentication and search protocols,2011 Ninth IEEE International Symposium on Busan, Parallel and Distributed Processing with Applications Workshops (ISPAW), Busan,2011, pp. 278-283
[149]Lee C. F., Chien H. Y., and Laih C. S., Server-less RFID authentication and searching protocol with enhanced security, International Journal of Communication System,25 (3),2012, pp.376-385
[150]Zuo Y. J., Secure and private sear2ch protocols for RFID systems, Information System Front,12 (5),2010, pp.507-519
[151]Hoque M. E., Rahman F., and Ahamed S. L., S-search:finding RFID tags using scalable and secure search protocol, Symposium on Applied Computing (SAC) 2010, ACM, Sierre, Switzerland,2010, pp.439-443
[152]Cao Z. and Deng M. L., Universally composable search protocol for RFID, Journal of Huazhong University of Science and Technology (Natural Science Edition),39 (4), 2011, pp.56-59
[153]Yoon H. S. and Youm H. Y., An Anonymous Search Protocol for RFID Systems, Journal of Convergence Information Technology,8 (6),2011, pp.44-50
[154]Lin I. C., Tsaur S. C., and Chang K. P., Lightweight and server-less RFID authenti-cation and search protocol, Proceedings of the 2009 Second International Conference on Computer and Electrical Engineering, IEEE, Mew York,2009, pp.95-99
[155]Gong L., Needham R., and Yahalom R., Reasoning about belief in cryptographic protocols, IEEE SRSP'90, Oakland, California,1990, pp.234-248
[156]陈铁明,复杂安全协议的形式化分析、设计与验证研究,浙江工业大学,浙江,2004年
[157]Conway J. H., On Numbers and Games, Number 6 in London Mathematical Society Monographs, Academic Press, London-New-San Francisco,1976
[158]Desmedt Y., Goutier C., and Bengio S., Special Uses and Abuses of the Fiat-Shamir Passport Protocol, In C. Pomerance, editor, Advances in Cryptology-CRYPTO'87, Santa Barbara, California, USA,1988, pp.21-39
[159]Card M., Mastercard paypass, http://www.mastercard.com/,2010
[160]Visa, Visa conctless credit card, http://usa.visa.com/personal/cards/paywave/index.html, 2010
[161]Hancke G., A Practical Relay Attack on ISO 14443 Proximity Cards, Manuscript, 2005
[162]Levi A., Cetintas E., Aydos M., et al., Relay Attacks on Bluetooth Authentication and Solutions, ISCIS 2004, Springer Berlin Heidelberg, Kemer-Antalya, Turkey,2004, pp. 278-288
[163]Kfir Z. and Wool A., Picking Virtual Pockets Using Relay Attacks on Contactless Smartcard Systems, IEEE SecureComm'05, Athens, Greece,2005
[164]Hancke G., Practical Attacks on Proximity Identification Systems, In IEEE Sympo-sium on Security and Privacy-S & P 2006, Berkeley, California, USA,2006, pp. 328-333
[165]Francillon A., Danev B., and Capkun S., Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars, Cryptology ePrint Archive, Report 2010/332,2010
[166]Francis L., Hancke G., Mayes K., et al., Practical NFC Peer-to-Peer Relay Attack using Mobile Phones, In Workshop on RFID Security-RFIDSec'10, to appear in Lecture Notes in Computer Science, Istanbul, Turkey,2010
[167]Laurie A., Website, http://www.rfidiot.org/,2010
[168]Hal vac M. and Rosa T., A Note on the Relay Attacks on e-Passports:The Case of Czech e-Passports, Cryptology ePrint Archive, Report 2007/244,2007
[169]ISO/IEC 14443, Identification cards-contactless integrated circuit(s) cards-proximity cards
[170]Brands S. and Chaum D., Distance-bounding protocols, Advances in Cryptolo-gy-EUROCRYPT'93, Springer Berlin Heidelberg,1994, pp.344-359
[171]Capkun S., Buttya L., and Hubaux J. P., SECTOR:secure tracking of node encounters in multi-hop wireless networks, In:SASN'03, New York, USA,2003, pp.21-32
[172]Hancke G. and Kuhn M., An RFID Distance Bounding Protocol, IEEE SecureCom-m'05, Athens, Greec,2005, pp.67-73
[173]Munilla J., Ortiz A., and Peinado A., Distance Bounding Protocols with Void-Challenges for RFID, In Workshop on RFID Security-RFIDSec'06, Graz, Austria, 2006
[174]Singelee D. and Preneel B., Distance Bounding in Noisy Environments, ESAS 2007, LNCS 4572,2007, pp.101-115
[175]Munilla J. and Peinado A., Attack on a distance bounding protocol, Computer com-munications,33,2010, pp.884-889
[176]Gurel A., Arslan A., and Akgun M., Non-uniform stepping approach to RFID dis-tance bounding problem, Fifth International Workshop on Data Privacy Management, LNCS 6370,2010
[177]Kim C. H. and Avoine G., RFID Distance Bounding Protocol with Mixed Challenges to Prevent Relay Attacks, LNCS, Springer,5888,2009, pp.119-133
[178]Kim C. H. and Avoine G., RFID Distance bounding protocols with mixed challenges, IEEE Transaction on Wireless Communications,10 (5),2011 May, pp.1618-1626
[179]Avoine G. and Kim C. H., Mutual distance bounding protocols, IEEE Transactions on mobile computing,99,2012, pp.1-11
[180]Yum D. H., Kim J. S., Hong S. J., et al., Distance Bounding Protocol for Mutu-al Authentication, IEEE Transaction on Wireless Communications,10 (2),2011, pp. 592-601
[181]Kim C. H., Security analysis of YKHL distance bounding protocol with adjustable false acceptance rate, Communications Letters, IEEE,15 (10),2011, pp.1078-1080
[182]Yum D. H., Kim J. S., Hong S. J., et al., Distance Bounding Protocol with Adjustable False Acceptance Rate, IEEE Communications Letters,15 (4),2011, pp.434-436
[183]Ranganathan A., Tippenhauer N. O., Skoric B., et al., Design and Implementation of a Terrorist Fraud Resilient Distance Bounding System, Computer Security-ESORICS 2012, Lecture Notes in Computer Science,7459,2012, pp.415-432
[184]Avoine G., Floerkemeier C., and Martin B., RFID Distance Bounding Multistate En-hancement, Progress in Cryptology-INDOCRYPT 2009, Lecture Notes in Computer Science,5922(2009),2009, pp.290-307
[185]Tu Y. J. and Piramuthu S., RFID Distance Bounding Protocols, In First International EURASIP Workshop on RFID Technology, Vienna, Austria,2007
[186]Reid J., Nieto J. M. G., Tang T., et al., Detecting relay attacks with timing based protocols, In Proceedings of the 2nd ACM symposium on Information, computer and communications security, ASIACCS'07, New York, USA,2007, pp.204-213
[187]Kim C. H., Avoine G., Koeune F., et al., The Swiss-Knife RFID Distance Bounding Protocol, LNCS, vol.5461, Springer, Heidelberg,2009, pp.98-115
[188]Pedro P. L., Hernandez-Castro J., Tapiador J., et al., Cryptographic puzzles and dis-tance bounding protocols:Practical tools for RFID security,2010 IEEE International Conference on RFID, Orlando, Apr.,2010, pp.45-52
[189]Abyaneh M. R. S., Security Analysis of two Distance-Bounding Protocols, Can be found in:http://arxiv.org/abs/1107.3047v2,2011
[190]Cremers C., Rasmussen K., and Capkun S., Distance hijiacking attacks on distance bounding protocols, In Cryptology ePrint Archive:Report 2011/129,2011
[191]Rasmussen K. B. and Capkun S., Realization of RF distance bounding, In USENIX Security 2010:Proceedings of the 19th USENIX Security Symposium,2010
[192]Meadows C., Poovendran R., Pavlovic D., et al., Distance bounding protocols:Au-thentication logic analysis and collusion attacks, In R. Poovendran, S. Roy, and C. Wang, editors, Secure Localization and Time Syn-chronization for Wireless Sensor and Ad Hoc Networks, volume 30 of Advances in Information Security, Springer US, 2007, pp.279-298
[193]Avoine G., Bingol M. A., Kardas S., et al., A Formal Framework for Cryptanalyz-ing RFID Distance Bounding Protocols, Cryptology ePrint Archive, Report 2009/543, 2009
[194]Dolev D. and Yao A. C., On the security of public key protocols, IEEE Transactions on Information Theory,1983, pp.198-207
[195]Kara O., Karda S., Bingol M. A., et al., Optimal Security Limits of RFID Distance Bounding Protocols, editors Radio Frequency Identification:Security and Privacy Is-sues (RFIDSec), volume 6370 of LNCS,2010, pp.220-238
[196]Alomair B., Lazos L., and Poovendran R., Securing low-cost RFID systems:An unconditionally secure approach, Journal of Computer Security,19 (2),2011, pp.229-257
[2]Bolic M., Simplot-Ryl D., and Stojmenovic I., RFID systems:research trends and challenges,, John Wiley and Sons, Ltd.,2010
[3]Weinstein R., RFID:a technical overview and its application to the enterprise, IT professional,7 (3),2005, pp.27-33
[4]Lufthansa Technik Connection, The Lufthansa Technik Group Magazine, Ham-burg, Germany,2013, http://www.lufthansa-technik.com/documents/100446/160376/ Technik+Connection+1-2013.pdf
[5]米志强、杨署、王武等编著,《射频识别(RFID)技术与应用》,电子工业出版社,2011年
[6]Jones E. C. and Chung C. A., RFID in Logistics, In CRC Press, ISBN 978-0-8493-8526-1,2008
[7]Abyaneh M. R. S., Security Analysis Of Lightweight Schemes for RFID Systems, University of bergen, Norway,2012
[8]电子标签标准工作组,http://www.rfidgroup.org.cn/
[9]Sarma S., Weis S., and Engels D., Radio-frequency identification:Secure risks and challenges, RSA Laboratories Cryptobytes,2003, pp.2-9
[10]Engberg S. J., Harning M. B., and Jensen C. D., Zero-knowledge device authenti-cation:Privacy and security enhanced RFID preserving business value and consumer convenience, In Conference on Privacy, Security and Trust-PST, New Brunswick, Canada,2004
[11]Feldhofer M., Dominikus S., and Wolkerstorfer J., Strong authentication for RFID systems using the AES algorithm, in Workshop on Cryptographic Hardware and Em-bedded Systems-CHES 2004, ser. Lecture Notes in Computer Science, M. Joye and J.-J. Quisquater, Eds., IACR. Boston, Massachusetts, USA:Springer-Verlag,2004, pp. 357-370
[12]Saito J., Ryou J. C., and Sakurai K., Enhancing privacy of universal re-encryption scheme for RFID tags, EUC'04, Springer-Verlag, LNCS,2004, pp.879-890
[13]Vajda I. and Buttyan L., Lightweight authentication protocols for low-cost RFID tags, Security issue in Ubicomp'03,2003
[14]Weis S., Security and Privacy in Radio Frequency Identification Device, Cambridge, MA, USA:MIT,2003
[15]Weis S., Sarma S., Rivist R., et al., Security and Privacy Aspects of Low-cost radio Frequency Identification Systems, Lecture Notes in Computer Science,2802,2003, pp.201-202
[16]Ohkubo M., Suzuki K., and Kinoshita S., A Cryptographic Approach to'Privacy-Friendly'Tags, In:proceedings of RFID Privacy Workshop, Vol.82, Cambridge,2003
[17]Lee S. M., Hwang Y. J., Lee D. H., et al., Efficient authentication for low-cost RFID systems, ICCSA'05, LNCS 3840, Berlin,2005, pp.619-627
[18]Piramuthu S., RFID mutual authentication protocols, Decision Support Systems,50 (2),2011, pp.387-393
[19]Abyaneh M. R. S., Security analysis of lightweight schemes for RFID systems, Uni-versity of Bergen, Bergen,2012
[20]Cho J. S., James J., and Park J. H., High Attack Cost:Hash Based RFID Tag Mutual Authentication Protocol, Computer Science and Convergence,2012, pp.113-120
[21]Piramuthu S., Vulnerabilities of RFID protocols proposed in ISF, Information Systems Frontiers,14 (3),2012, pp.647-651
[22]Moriyama D., Matsuo S., and Ohkubo M., Relations among Notions of Privacy for RFID Authentication Protocols, Computer Security-ESORICS 2012, Springer Berlin Heidelberg,2012, pp.661-678
[23]Wang S. and Liu S., Attacks and improvements on the RFID authentication protocols based on matrix, Journal of Electronics (China),30 (1),2013, pp.33-39
[24]Fajarado J. M. and Dominguez A. P., Security in RFID and Sensor Networks, First Edition, ISBN:978-1-4200-6839-9, Auerbach publication,2009
[25]Lieshout M. V., Grossi L., Spinelli G., et al., RFID Technologies:Emerging Is-sues, Challenges and Policy Options, JRC Scientific and Technical Reports, European Commission,2007
[26]Juels A., Rivest R. L., and Szydlo M., The blocker tag:selective blocking of RFID tags for consumer privacy, CCS'03, ACM Press,2003, pp.103-111
[27]Bono S. C., Green M., Rubin A. D., et al, Security analysis of a cryptographically-enabled RFID device, in 14th USENIX Security Symposium, http://usenix.org/events/sec05/tech/bono/bono.pdf,2005, pp.1-16
[28]Gerhard F. D., Muijrers G. K. G. R., Rossum P., et al., Dismantling MIFARE Classic, ESORICS'08, Springer-Verlag, LNCS, Malaga, Spain,2008, pp.97-114
[29]Oswald D. and Paar C., Breaking mifare DESFire MF3ICD40:power analysis and templates in the real world, CHES'11, Springer Berlin Heidelberg,2011, pp.207-222
[30]Karjoth G. and Moskowitz P., Disabling RFID Tags with Visible Confirmation, W-PES'05, ACM Workshop on Privacy in the Electronic Society, ACM Press,2005, pp. 27-30
[31]Minime and Mahajivana, RFID Zapper,22nd Chaos Communication Congress Dec, https://events.ccc.de/congress/2005/wiki/RFID-Zapper(EN),2005
[32]Oren Y. and Shamir A., Remote Password Extraction from RFID Tags, IEEE Trans-actions on Computers archive,56 (9),2007 September, pp.1292-1296
[33]Grunwald L., New attacks against RFID-Systems, GmbH Germany, http://www. blackhat.com/presentations/bh-usa-06/BH-US-06-Grunwald.pdf,2006
[34]Kfir Z. and Wool A., Picking virtual pockets using relay attacks on contactless smart-card systems, http://eprint.iacr.org/2005/052,2005
[35]Han D. G., Takagi T., Kim H. W., et al., New security problem in RFID systems Tag Killing, ICCSC2006, Springer-Verlag, LNCS,2006, pp.375-384
[36]Ranasinghe D. C. and Cole P. H., Confronting security and privacy threats in modern rfid systems, ACSSC'06,2006, pp.2058-2064
[37]Heydt-Benjamin T. S., Bailey D. V., Fu K., et al., Vulnerabilities in first generation RFID-enabled credit cards, FC'07,2007, pp.2-14
[38]Laurie A., Practical attacks against RFID, Network Security,2007 (9),2007, pp.4-7
[39]Conway J. H., On Numbers and Games, Academic Press,1976
[40]Hu Y. C., Perrig A., and Johnson D. B., Wormhole attacks in wireless networks, IEEE Journal on Selected Areas in Communications (JSAC),2006, pp.370-380
[41]Juels A., RFID Security and Privacy:A Research Survey, Selected Areas in Commu-nications, IEEE Journal on,24 (2),2006, pp.381-394
[42]Rotter P., A Framework for Assessing RFID System Security and Privacy Risks, IEEE Pervasive Computing Magazine,7 (2),2008 April, pp.70-77
[43]Roberts C.M., Radio Frequency Identification (RFID), Elsevier Journal Computers& Security,25 (1),2006 February, pp.18-26
[44]Bundesamt fur Sicherheit in der Informations technic, Security Aspects and Prospec-tive Applications of RFID Systems, http://www.bsi.bund.de,2004
[45]NIST:Special Publication 800-98, Guidance for Securing Radio Frequency Identifica-tion (RFID) Systems, http://csrc.nist.gov/,2007
[46]Rieback M., Crispo B., and Tanenbaum A., Is your cat infected with a computer virus?, IEEE PERCOM'06, Pisa, Italy,2006, pp.169-179
[47]粟伟,低成本无线射频识别安全与隐私研究,中国科学院研究生院,北京,2006年
[48]Sakiyama K., Secure Design Methodology and Implementation for Embedded Public-key Cryptosystems, Katholieke Universiteit Leuven, Belgium,2007
[49]Auto-ID Center, Draft protocol specification for a 900 MHz class 0 radio frequency identification tag,2003
[50]Stajano F. and Anderson R., Then Resurrection Duckling:Security Issues for Ad-hoc Wireless Networks, Security Protocols,2000, pp.172-182
[51]丁治国,RFID关键技术研究与实现,中国科学技术大学,合肥,2009年
[52]Good N., Molnar D., Urban J. M., et al., Radio frequency ID and privacy with information goods, Proc. Workshop on Privacy in the Electronic Society, ACM,2004, pp.41-42
[53]Floerkemeier C., Schneider R., and Langheinrich M., Scanning with a purpose Supporting the fair information principles in RFID protocols, http://citeseer.ist.psu.edu/floerkemeier04scanning.html,2004
[54]Rieback M., Crispo B., and Tanenbaum A., RFID Guardian:A battery-powered mo-bile device for RFID privacy management, Security and Privacy, New York:Springer-Verlag:LNCS,2005, pp.184-194
[55]Juels A., Syverson P., and Bailey D., High-power proxies for enhancing RFID privacy andutility, Privacy Enhancing Technologies, Springer Berlin Heidelberg,,2006, pp. 210-226
[56]Juels A., Rivest R. L., and Szydlo M., The blocker tag:Selective blocking of RFID tags for consumer privacy, In Proceedings of the 10th ACM conference on Computer and communications security, ACM,2003, pp.103-111
[57]Juels A. and Brainard J., Soft blocking:Flexible blocker tags on the cheap, Proceed-ings of the 2004 ACM workshop on Privacy in the electronic society(WPES'04), ACM Press,2004, pp.1-7
[58]Fishkin K. P., Roy S., and Jiang B., Some methods for privacy in RFID communica-tion, ESAS 2004, Springer:Heidelberg, LNCS,2004, pp.42-53
[59]Rahmati A., Salajegheh M., Holcomb D., et al., TARDIS:Time and remanence decay in SRAM to implement secure protocols on embedded devices without clocks, USENIX Security'12, Bellevue, WA,2012
[60]Lopez P. P., Castro J. C. H., Tapiador J. M. E., et al., LMAP:A real lightweight mutual authentication protocol for low-cost RFID tags, RFIDSec'06,2006
[61]Lopez P. P., Castro J. C. H., Tapiador J. M. E., et al., M2AP:A minimalist mutual-authentication protocol for low-cost RFID tags, UIC'06, Springer-Verlag, L-NCS,2006, pp.912-923
[62]Lopez P. P., Castro J. C. H., Tapiador J. M. E., et al., EMAP:An efficient mutual authentication protocol for low-cost RFID tags, IS'06, Springer-Verlag, LNCS,2006, pp.352-361
[63]Tieyan L. and Guilin W., Security Analysis of Two Ultra-Lightweight RFID Authenti-cation Protocols, IFIP.Security and Communication Networks, DFIP SEC 2007, Sand-ton, Gauteng, South Africa,2007, pp.135-146
[64]Li T. and Deng R. H., Vulnerability analysis of EMAP-an efficient RFID mutual authentication protocol, Conference on AReS'07, Vienna, Austria,2007, pp.238-245
[65]Chien H. Y. and Huang C. W., Security of ultra-lightweight RFID authentication proto-cols and its improvements, ACM SIGOPS Operating Systems Review:Special Interest Group on Operating Systems,41 (4),2007 July, pp.83-86
[66]Barasz M., Boros B., Ligeti P., et al., Breaking LMAP, Proc. of RFIDSec'07, IEEE Press,2007, pp.11-16
[67]Barasz M., Boros B., Ligeti P., et al., Passive Attack Against the M2AP Mutual Au-thentication Protocol for RFID Tags, Proc. of First International EURASIP Workshop on RFID Technology, IEEE Press,2007, pp.37-48
[68]Li T. and Wang G., SLMAP:a secure ultra-lightweight RFID mutual authentication protocol, In Proceedings of Chinacrypt'07, Cheng Du, China,2007, pp.19-22
[69]Hernandez-Castro J. C., Tapiador J. E., Peris-Lopez P., et al., Metaheuristic traceabili-ty attack against SLMAP, an RFID lightweight authentication protocol, Proceedings of the 2009 IEEE International Symposium on Parallel & Distributed Processing,2009, pp.23-29
[70]Wang S. H. and Zhang W. W., Passive attack on SLMAP authentication protocol, Journal of Nanjing University of Posts and Telecommunications(Natural Science),3 (3),2012 March, pp.91-94
[71]Chien H. Y., SASI:A new ultralightweight rfid authentication protocol providing strong authentication and strong integrity, IEEE Transactions on Dependable and Se-cure Computing,4 (4),2007, pp.337-340
[72]Paolo D. A. and Alfredo D. S., From Weaknesses to Secret Disclosure in a Recent Ultra-Lightweight RFID Authentication Protocol, IACR Cryptology ePrint Archive, 2008, pp.470-470
[73]Sun H. M., Ting W. C., and Wang K. H., On the Security of Chien's Ultralightweight RFID Authentication Protocol. IEEE Trans, on Dependable and Secure Computing),8 (2),2011 March, pp.315-317
[74]Cao T. J., Bertino E., and Lei H., Security Analysis of the SASI Protocol, Dependable and Secure Computing, IEEE Trans, on,6(1),2009, pp.73-77
[75]Hernandez-Castro J. C., Tapiador J. M. E., Peris-Lopez P., et al., Cryptanalysis of the SASI Ultralightweight RFID Authentication Protocol, IEEE Trans, on Dependable and Secure Computing),6 (4),2009, pp.316-320
[76]Avoine G., Carpent X., and Martin B., Strong Authentication and Strong Integrity (SASI) Is Not That Strong, RFIDSec'10, Security and Privacy Issues, Springer-Verlag Berlin, Heidelberg,2010, pp.50-64
[77]Molnar D. and Wagner D., Privacy and security in library RFID:Issues, practices, and architectures, ACM CCS'04, ACM Press,2004, pp.210-219
[78]Dimitriou T., A lightweight RFID protocol to protect against traceability and cloning attacks, SECURECOMM'05, IEEE Computer Society,2005
[79]Rhee K., Kwak J., Kim S., et al., Challenge-response based RFID authentication protocol for distributed database environment, SPC'05, Springer-Verlag, LNCS,2005, pp.70-84
[80]Berlekamp E., McEliece R., and Tilborg H. V., On the inherent intractability of certain coding problems, IEEE Trans. Inform. Theory,1978, pp.384-386
[81]Blum A., Furst M., Kearns M., et al., Cryptographic primitives based on hard learning problems, Advances in Cryptology CRYPTO'93, Springer-Verlag, LNCS,1994, pp. 278-291
[82]Hopper N. J. and Blum M., Secure Human Identication Protocols, Cryptology-Asiancrypt'2001, Springer-Verlag, LNCS,2001, pp.52-66
[83]Juels A. and Weis S., Authenticating pervasive devices with human protocols, CRYP-TO'05, Springer-Verlag, LNCS,2005, pp.293-308
[84]Bringer J., Chabanne H., and Dottax E., HB++:a lightweight authentication protocol secure against some attacks, SecPerU'06, IEEE Computer Society,2006
[85]Bringer J. and Chabanne H., Trusted-HB:a low-cost version of HB secure against man-in-the-middle attacks, arXiv,2008
[86]Munilla J. and Peinado A., HB-MP:A further step in the HB-family of lightweight authentication protocols, Computer Networks,51 (9),2007, pp.2262-2267
[87]Stepahne L. and Adrian T., Clone resistant mutual authentication for low-cost RFID technology, Cryptology ePrint Archive, Report'07,2007
[88]Gilbert H., Robshaw M., and Seurin Y., Good variants of HB+ are hard to find, In Proc. Financial Cryptography and Data Security,2008, pp.156-170
[89]Frumkin D. and Shamir A., Un-Trusted-HB:Security vulnerabilities of Trusted-HB, EPrint,2009
[90]Gilbert H., Robshaw M., and Seurin Y., HB#:Increasing the security and efficiency of HB, In Proc. EUROCRYPT, volume 4965,2008, pp.361-378
[91]Ouafi K., Overbeck R., and Vaudenay S., On the security of HB# against a man-in-the-middle attack, Proc. ASIACRYPT,2008
[92]Weis S., Security and Privacy in Radio-Frequency Identification Devices, MIT, USA, 2003
[93]Ohkubo M., Suzuki K., and Kinoshita S., Efficient hash-chain based RFID privacy protection scheme, Ubicomp'04, Nottingham, England,2004
[94]Weis S., Sarma S., Rivest R., et al., Security and privacy aspects of low-cost ra-dio frequency identification systems, Security in pervasive computing, Springer Berlin Heidelberg,2004, pp.201-212
[95]Juels A. and Pappu R., Squealing euros:Privacy protection in RFID-enabled ban-knotes, FC'03, ser. Lecture Notes in Computer Science, R. N. Wright, Ed., vol.2742, IFCA., Le Gosier, Guadeloupe, French West Indies:Springer-Verlag,2003, pp.103-121
[96]Avoine G., Privacy issues in RFID banknote protection schemes, CARDIS'04, Toulouse, France:Kluwer Academic Publishers,2004, pp.33-48
[97]Golle P., Jakobsson M., and Juels A., Universal reencryption for mixnets, CT-RSA'04, Springer-Verlag, LNCS,2004, pp.163-178
[98]Burmester M., Medeiros B. D., and Motta R., Robust, anonymous RFID authentica-tion with constant key-lookup, Symposium on ICCSS'08, ACM,2008, pp.283-291
[99]Liang B., Li Y., Ma C., et al., Robust, anonymous RFID authentication with constant key-lookup,5th International Conference on Information Systems Security-ICISS'09, 2009, pp.71-85
[100]Sakiyama K., Batina L., Mentens N., et al., Small-footprint ALU for public-key processors for pervasive security, Workshop on RFID Security, RFIDSec,2006
[101]Batina L., Guajardo J., Kerins T., et al., An elliptic curve processor suitable for RFID-tags, Cryptology ePrint Archive, Report 2006/227,2006
[102]Braun M., Hess E., and Meyer B., Using elliptic curves on RFID tags, International Journal of Computer Science and Network Security,2008, pp.1-9
[103]Avoine G., Kalach K., and Quisquater J. J., ePassport:Securing international contacts with contactless chips, in Financial Cryptography and Data Security-FC'08,2008
[104]Heydt-Benjamin T. S., Bailey D. V., Fu K., et al., Vulnerabilities in First-Generation RFID-Enabled Credit Cards, Manuscript,2006
[105]Feldhofer M., J.Wolkerstorfer, and Rijmen V., AES Implementation on a Grain of Sand, IEE Proceedings Information Security,152 (1),2005, pp.13-20
[106]Dominikus S., Oswald E., and Feldhofer M., Symmetric Authentication for RFID Systems in Practice, ECRYPT Workshop on RFID and Lightweight Crypto, Graz, Aus-tria,2005,July
[107]Lee J. and Yeora Y., Efficient RFID Authentication Protocols Based on Pseudorandom Sequence Generators, Cryptology ePrint Archive, Report 2008/343,2008
[108]Ma C., Li Y., Deng R., et al, RFID privacy:Relation Between Two Notions, Minimal Condition, and Efficient Construction, ACM CCS'09, ACM,2009, pp.54-65
[109]Gilbert H., Robshaw M., and Sibert H., An active attack against HB+- a provably secure lightweight authentication protocol, http://eprint.iacr.org/2005/237.pdf,2005
[110]Bringer J. and Chabanne H., Trusted-HB:A Low-Cost Version of HB+Secure Against Man-in-the-Middle Attacks, IEEE Transactions on Information Theory,2008
[111]Ouafi K., Overbeck R., and Vaudenay S., On the Security of HB# against a Man-in-the-Middle Attack, in Advances in Cryptology-Asiacrypt 2008,2008
[112]Alomair B. and Poovendran R., On the Authentication of RFID Systems with Bitwise Operations, in Advances in Cryptology-Asiacrypt 2008 New Technologies, Mobility and Security,2008. NTMS'08,2008
[113]Cho J. S., Yeo S. S., and Kim S. K., Securing against brute-force attack:A hash-based RFID mutual autherntication protocol using a secret value, Computer Communication-s,34 (3),2011 March, pp.391-397
[114]Yang J., Park J., Lee H., et al., Mutual authentication protocol for low-cost RFID, RFID and Lightweight Cryptography Workshop,2005, pp.17-24
[115]Henrici D. and Muller P., Hash-based enhancement of location privacy for radio fre-quency identification devices using varying identifiers, PerSec'04, IEEE,2004, pp. 149-153
[116]Kang S. Y., Lee D. G., and Lee I. Y., A study on secure RFID mutual authentication scheme in pervasive computing environment, Computer Communications,2008, pp. 4248-4254
[117]Santi M., Magda V., Concepcio R., et al., A secure elliptic curve-based RFID pro-tocol, Journal of Computer Science and Technology (JCST),24 (2),2009 march, pp. 309-318
[118]Chien H. Y. and Lain C. S., ECC-based lightweight authentication protocol with un-traceability for low-cost RFID, J. Parallel Distrib. Comput,69,2009, pp.848-953
[119]Miller V. S., Use of elliptic curves in cryptography, Proceeding on Advances in cryp-tology(CRYPTO'85), LNCS 218, Springer,1986, pp.417-426
[120]Koblitz N., Elliptic curve cryptosystems, Mathematics of computation,48,1987, pp. 203-209
[121]王峰,GF(2163)上椭圆曲线密码体制的FPGA实现,广州大学,广州,2006年
[122]Kim K. W., Le K. J., and Yoo K. Y., A New digit serial systolic multiplier for finite fields GF(2m), Info-tech and Info-net Proceedings 2001 International Conferences on,2001
[123]Wolkerstorfer J., Is elliptic-curve cryptography suitable to secure RFID tags?, E-CRYPT Workshop RFID and Lightweight Crypto, Graz, Austria,2005, pp.78-91
[124]Lee Y. K., Batina L., Sakiyama K., et al., Elliptic curve based security processor for RFID, IEEE Transactions on Computers,57 (11),2008 Nov, pp.1514-1527
[125]Furbass F. and Wolkerstorfer J., ECC processor with low die size for RFID appli-cations, In:Proceedings of the 40th IEEE International Symposium on Circuits and Systems (ISCAS 2007), IEEE,2007, pp.1835-1838
[126]Hein D., Elliptic-curve cryptography suitable for RFID systems, Master's the-sis, IAIK, Technical University of Graz, http://www.iaik.tugraz.at/teaching/11-diplomarbeiten/archive/hein.htm,2008
[127]Lee Y. K., Batina L., Singelee D., et al., Low-Cost Untraceable Authentication Protocols for RFID (extended version), In:S. Wetzel, C.N. Rotaru, F. Stajano (ed-s.) WiSec'10, ACM,2010, pp.55-64
[128]Lee Y. K., Batina L., and Verbauwhede I., EC-RAC (ECDLP Based Randomized Ac-cess Control):Provably Secure RFID authentication protocol, In:IEEE International Conference on RFID, IEEE,2008, pp.97-104
[129]Lee Y. K., Sakiyama K., Batina L., et al., Elliptic Curve Based Security Processor for RFID, In:IEEE International Conference on RFID, IEEE,2008, pp.97-104
[130]Schnorr C. P., Efficient Identification and Signatures for Smart Cards, In:G. Brassard (ed.) CRYPTO'89, LNCS,1989, pp.239-252
[131]Bringer J., Chabanne H., and Icart T., Cryptanalysis of EC-RAC, a RFID Identifi-cation Protocol, In:International Conference on Cryptology and Network Security-CANS'08, LNCS, Springer-Verlag,2008
[132]Godor G., Giczi N., and Dr S. I., Elliptic curve cryptography based mutual authen-tication protocol for low computational capacity RFID systems-performance analysis by simulations, IEEE, WCNIS'2010,2010, pp.650-657
[133]Lo N. W., Yeh K. H., and Yeun C. Y., New mutual agreement protocol to secure mobile RFID-enabled devices, Information Security Technical Report,13 (3),2008, pp.151-157
[134]Kang S. Y., Lee D. G., and Lee I. Y., A study on secure RFID mutual authenti-cation scheme in pervasive computing environment, Computer Communications,31 (18),2008, pp.4248-4254
[135]Kim S. C., Yeo S. S., and Kim S. K., MARP:Mobile agent for RFID privacy protec-tion, CARDIS'06, LNCS 3928,2006, pp.300-312
[136]Ikram M., Chowdhury A. H., Redwan H., et al., A lightweight mutual authentica-tion scheme for mobile radio frequency identification (mRFID) systems, Performance, Computing and Communications Conference, IPCCC 2008,2008, pp.289-296
[137]Kang S., Lee D., and Lee I., A study on secure RFID authentication protocol in in-secure communication, Workshop on Secure and Multimodal Pervasive Environments (SMPE'07),2007
[138]Wu K., Bai E., and Zhang W., A Hash-Based Authentication Protocol for Secure Mobile RFID Systems, The 1st International Conference on Information Science and Engineering (ICISE2009),2009, pp.2440-2443
[139]Yang M. H., Lightweight authentication protocol for mobile RFID networks, Int. J. Security and Networks,5 (1),2010, pp.53-62
[140]Sandhya M. and Rangaswamy T. R., A forward secured authentication protocol for mobile RFID systems, International Journal of Information Technology and Knowl-edge Management,4 (2),2011 July, pp.549-553
[141]Ivan D. and Michael P., RFID Security:Tradeoffs between Security and Efficiency, Lecture Notes in Computer Science,4964,2008, pp.318-332
[142]Alomair B., Lazos L., and Poovendran R., Securing low-cost RFID systems:An unconditionally secure approach, Journal of Computer Security,19 (2),2011, pp.229-257
[143]Bellare M. and Palacio A., GQ and Schnorr identification schemes:Proofs of security against impersonation under active and concurrent attacks, In:Yung M. (ed.) CRYPTO 2002, LNCS,2002, pp.162-177
[144]Tan C., Sheng B., and Li Q., Secure and serverless RFID authentication and search protocols, IEEE Transactions on Wireless Communications,7 (4),2008, pp.1400-1407
[145]Safkhani M., Peris-Lopez P., Bagheri N., et al., On the security of tan et al. serverless RFID authentication and search protocols, In Radio Frequency Identification. Security and Privacy Issues, Springer Berlin Heidelberg,2013, pp.1-19
[146]Kulseng L., Yu Z., and Wei Y., Lightweight Secure Search Protocols for Low-cost RFID Systems, ICDCS'09, IEEE Computer Society, Washington, DC, USA,2009, pp. 40-48
[147]Lv C., Li H., Ma J. F., et al., Vulnerability analysis of lightweight secure search protocols for low-cost RFID systems, International Journal of Radio Frequency Iden-tification Technology and Applications,1 (4),2012, pp.3-12
[148]Kim Z., Kim J., Kim K., et al., Untraceable and serverless RFID authentication and search protocols,2011 Ninth IEEE International Symposium on Busan, Parallel and Distributed Processing with Applications Workshops (ISPAW), Busan,2011, pp. 278-283
[149]Lee C. F., Chien H. Y., and Laih C. S., Server-less RFID authentication and searching protocol with enhanced security, International Journal of Communication System,25 (3),2012, pp.376-385
[150]Zuo Y. J., Secure and private sear2ch protocols for RFID systems, Information System Front,12 (5),2010, pp.507-519
[151]Hoque M. E., Rahman F., and Ahamed S. L., S-search:finding RFID tags using scalable and secure search protocol, Symposium on Applied Computing (SAC) 2010, ACM, Sierre, Switzerland,2010, pp.439-443
[152]Cao Z. and Deng M. L., Universally composable search protocol for RFID, Journal of Huazhong University of Science and Technology (Natural Science Edition),39 (4), 2011, pp.56-59
[153]Yoon H. S. and Youm H. Y., An Anonymous Search Protocol for RFID Systems, Journal of Convergence Information Technology,8 (6),2011, pp.44-50
[154]Lin I. C., Tsaur S. C., and Chang K. P., Lightweight and server-less RFID authenti-cation and search protocol, Proceedings of the 2009 Second International Conference on Computer and Electrical Engineering, IEEE, Mew York,2009, pp.95-99
[155]Gong L., Needham R., and Yahalom R., Reasoning about belief in cryptographic protocols, IEEE SRSP'90, Oakland, California,1990, pp.234-248
[156]陈铁明,复杂安全协议的形式化分析、设计与验证研究,浙江工业大学,浙江,2004年
[157]Conway J. H., On Numbers and Games, Number 6 in London Mathematical Society Monographs, Academic Press, London-New-San Francisco,1976
[158]Desmedt Y., Goutier C., and Bengio S., Special Uses and Abuses of the Fiat-Shamir Passport Protocol, In C. Pomerance, editor, Advances in Cryptology-CRYPTO'87, Santa Barbara, California, USA,1988, pp.21-39
[159]Card M., Mastercard paypass, http://www.mastercard.com/,2010
[160]Visa, Visa conctless credit card, http://usa.visa.com/personal/cards/paywave/index.html, 2010
[161]Hancke G., A Practical Relay Attack on ISO 14443 Proximity Cards, Manuscript, 2005
[162]Levi A., Cetintas E., Aydos M., et al., Relay Attacks on Bluetooth Authentication and Solutions, ISCIS 2004, Springer Berlin Heidelberg, Kemer-Antalya, Turkey,2004, pp. 278-288
[163]Kfir Z. and Wool A., Picking Virtual Pockets Using Relay Attacks on Contactless Smartcard Systems, IEEE SecureComm'05, Athens, Greece,2005
[164]Hancke G., Practical Attacks on Proximity Identification Systems, In IEEE Sympo-sium on Security and Privacy-S & P 2006, Berkeley, California, USA,2006, pp. 328-333
[165]Francillon A., Danev B., and Capkun S., Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars, Cryptology ePrint Archive, Report 2010/332,2010
[166]Francis L., Hancke G., Mayes K., et al., Practical NFC Peer-to-Peer Relay Attack using Mobile Phones, In Workshop on RFID Security-RFIDSec'10, to appear in Lecture Notes in Computer Science, Istanbul, Turkey,2010
[167]Laurie A., Website, http://www.rfidiot.org/,2010
[168]Hal vac M. and Rosa T., A Note on the Relay Attacks on e-Passports:The Case of Czech e-Passports, Cryptology ePrint Archive, Report 2007/244,2007
[169]ISO/IEC 14443, Identification cards-contactless integrated circuit(s) cards-proximity cards
[170]Brands S. and Chaum D., Distance-bounding protocols, Advances in Cryptolo-gy-EUROCRYPT'93, Springer Berlin Heidelberg,1994, pp.344-359
[171]Capkun S., Buttya L., and Hubaux J. P., SECTOR:secure tracking of node encounters in multi-hop wireless networks, In:SASN'03, New York, USA,2003, pp.21-32
[172]Hancke G. and Kuhn M., An RFID Distance Bounding Protocol, IEEE SecureCom-m'05, Athens, Greec,2005, pp.67-73
[173]Munilla J., Ortiz A., and Peinado A., Distance Bounding Protocols with Void-Challenges for RFID, In Workshop on RFID Security-RFIDSec'06, Graz, Austria, 2006
[174]Singelee D. and Preneel B., Distance Bounding in Noisy Environments, ESAS 2007, LNCS 4572,2007, pp.101-115
[175]Munilla J. and Peinado A., Attack on a distance bounding protocol, Computer com-munications,33,2010, pp.884-889
[176]Gurel A., Arslan A., and Akgun M., Non-uniform stepping approach to RFID dis-tance bounding problem, Fifth International Workshop on Data Privacy Management, LNCS 6370,2010
[177]Kim C. H. and Avoine G., RFID Distance Bounding Protocol with Mixed Challenges to Prevent Relay Attacks, LNCS, Springer,5888,2009, pp.119-133
[178]Kim C. H. and Avoine G., RFID Distance bounding protocols with mixed challenges, IEEE Transaction on Wireless Communications,10 (5),2011 May, pp.1618-1626
[179]Avoine G. and Kim C. H., Mutual distance bounding protocols, IEEE Transactions on mobile computing,99,2012, pp.1-11
[180]Yum D. H., Kim J. S., Hong S. J., et al., Distance Bounding Protocol for Mutu-al Authentication, IEEE Transaction on Wireless Communications,10 (2),2011, pp. 592-601
[181]Kim C. H., Security analysis of YKHL distance bounding protocol with adjustable false acceptance rate, Communications Letters, IEEE,15 (10),2011, pp.1078-1080
[182]Yum D. H., Kim J. S., Hong S. J., et al., Distance Bounding Protocol with Adjustable False Acceptance Rate, IEEE Communications Letters,15 (4),2011, pp.434-436
[183]Ranganathan A., Tippenhauer N. O., Skoric B., et al., Design and Implementation of a Terrorist Fraud Resilient Distance Bounding System, Computer Security-ESORICS 2012, Lecture Notes in Computer Science,7459,2012, pp.415-432
[184]Avoine G., Floerkemeier C., and Martin B., RFID Distance Bounding Multistate En-hancement, Progress in Cryptology-INDOCRYPT 2009, Lecture Notes in Computer Science,5922(2009),2009, pp.290-307
[185]Tu Y. J. and Piramuthu S., RFID Distance Bounding Protocols, In First International EURASIP Workshop on RFID Technology, Vienna, Austria,2007
[186]Reid J., Nieto J. M. G., Tang T., et al., Detecting relay attacks with timing based protocols, In Proceedings of the 2nd ACM symposium on Information, computer and communications security, ASIACCS'07, New York, USA,2007, pp.204-213
[187]Kim C. H., Avoine G., Koeune F., et al., The Swiss-Knife RFID Distance Bounding Protocol, LNCS, vol.5461, Springer, Heidelberg,2009, pp.98-115
[188]Pedro P. L., Hernandez-Castro J., Tapiador J., et al., Cryptographic puzzles and dis-tance bounding protocols:Practical tools for RFID security,2010 IEEE International Conference on RFID, Orlando, Apr.,2010, pp.45-52
[189]Abyaneh M. R. S., Security Analysis of two Distance-Bounding Protocols, Can be found in:http://arxiv.org/abs/1107.3047v2,2011
[190]Cremers C., Rasmussen K., and Capkun S., Distance hijiacking attacks on distance bounding protocols, In Cryptology ePrint Archive:Report 2011/129,2011
[191]Rasmussen K. B. and Capkun S., Realization of RF distance bounding, In USENIX Security 2010:Proceedings of the 19th USENIX Security Symposium,2010
[192]Meadows C., Poovendran R., Pavlovic D., et al., Distance bounding protocols:Au-thentication logic analysis and collusion attacks, In R. Poovendran, S. Roy, and C. Wang, editors, Secure Localization and Time Syn-chronization for Wireless Sensor and Ad Hoc Networks, volume 30 of Advances in Information Security, Springer US, 2007, pp.279-298
[193]Avoine G., Bingol M. A., Kardas S., et al., A Formal Framework for Cryptanalyz-ing RFID Distance Bounding Protocols, Cryptology ePrint Archive, Report 2009/543, 2009
[194]Dolev D. and Yao A. C., On the security of public key protocols, IEEE Transactions on Information Theory,1983, pp.198-207
[195]Kara O., Karda S., Bingol M. A., et al., Optimal Security Limits of RFID Distance Bounding Protocols, editors Radio Frequency Identification:Security and Privacy Is-sues (RFIDSec), volume 6370 of LNCS,2010, pp.220-238
[196]Alomair B., Lazos L., and Poovendran R., Securing low-cost RFID systems:An unconditionally secure approach, Journal of Computer Security,19 (2),2011, pp.229-257