中文摘要：

为有效降低RFID标签的硬件开销,设计一种面向无源RFID标签的超轻量级安全认证协议,根据读写器在实际应用中是否连线数据库分为离线和在线认证协议。离线认证协议将用户数据及其哈希摘要值加密存储在标签中,读写器根据RFID标签的全球唯一标识号进行加密与哈希运算,生成标签的读写口令,抵抗假冒攻击、信息篡改攻击和窃听攻击;在线认证协议以离线协议为基础,利用公钥密码技术实现读写器与数据库之间的双向认证,在数据交换过程中加入随机数,保证每次通信的新鲜性,有效防止重放攻击,保证信息的机密性、完整性、可用性。与现有的超轻量级方案相比,该协议能够为RFID系统的应用安全提供多种保障,对标签的计算能力不做任何要求。

英文摘要：

To reduce the hardware cost of RFID tags in engineering applications,a security authentication protocol based on passive RFID was proposed.Based on the issues whether readers are networked to the database in practical applications,online and offline authentications were designed.In offline authentication protocol,RFID tags＇ globally unique ID number was encrypted as Hash function input to generate a read-write password of the tag.The user＇s data with its Hash value was stored encrypted,which resisted counterfeit copy attacks,information tampering attacks and the eavesdropping attacks.Based on the offline authentication,mutual authentication was adopted in the online authentication.Random number was generated to keep the freshness of the communication,which resisted replay attacks.Security analysis shows that the protocol can effectively guarantee the passive RFID＇s confidentiality,integrity and availability.