Vehicle networking refers to the integration of any vehicle with the Internet through information-sensing devices such as radio frequency identification (RFID), environmental sensors, global positioning systems, millimeter-wave radars, etc., to exchange information and realize vehicles. A network that intelligently identifies, locates, tracks, monitors, and manages.
The registration and license management of vehicles has always been the management focus of the traffic management department. It is also a difficult point. The problems of black cars, deck cars, escape cars, and anti-counterfeiting of license plates have not been fundamentally resolved. The use of RFID technology to realize electronic license plate management is one of the effective ways to solve this problem. It can regulate vehicle management, strengthen the supervision of vehicles, realize the intelligent management of vehicle annual inspection, and strengthen the impact on illegal vehicles.
1 The electronic license plate system architecture adopts electronic license plate technology, which needs to ensure the safety and reliability of the technology, and solve a series of safety problems such as tampering of electronic tags, tampering of tag contents, anti-illegal reading, and anti-counterfeiting. The security scheme of the whole electronic license plate system involving the sensing layer (acquisition layer), the network layer, the application layer management network layer and the application layer has a large number of theoretical and practical applications in the Internet. This paper is only a kind of security for the electronic license plate sensing layer. Program. The architecture diagram of its electronic license plate management system is shown.
The sensing layer of the electronic license plate is basically divided into two parts: a reader and a tag; wherein the label is attached to the inside of the front windshield of the vehicle, and the reader is mounted on the roadside shelf (the hand-held reader is held in the hand of the person) ). The reader actively initiates operations such as reading and writing the inventory password, and the tag passively responds to the reader operation and responds. The working power of the tag is provided by the electromagnetic wave emitted by the reader, and the returned signal is modulated by backscattering on the carrier signal transmitted by the reader, and demodulated by the reader. The specific working principle is as shown.
However, since the readers and tags of passive UHF RFID tags are using common protocols and standards, the same standard readers can access tags that follow the same standards. At the same time, the passive UHF electronic tag power supply is realized by the reader to transmit ultra-high frequency electromagnetic waves at a long distance, the power supply is low, and complex authentication processes and algorithms cannot be applied on the tag, so the data on the tag cannot be shielded from the legal system. Read by the reader.
In the electronic license plate management system, the ID number of the electronic number plate is the unique identification code of the vehicle. Therefore, in the entire application system, it is necessary to ensure the uniqueness of the vehicle electronic number plate ID, realize one-to-one correspondence with the vehicle, and cannot Forged and falsified. The safety problem is a crucial issue in the vehicle management system. The license plate is the most obvious sign of the motor vehicle. In reality, people use the number plate to identify the illegal vehicle and the vehicle. Therefore, the system must ensure that the number plate data in the label cannot be arbitrarily Read, tamper or even forge. Therefore, the system requires efficient identification of valid tags, and can realize anti-reading, anti-tampering and anti-counterfeiting of electronic license plates. This paper provides a security scheme for the electronic license plate sensing layer.
2 The realization of the uniqueness of the electronic license plate ID In the 18000-6C standard, the TID is a unique identifier that is guaranteed by the manufacturer, that is, the physical unique identifier of the label, and the composition thereof is composed of a manufacturer identifier and a serial number of the label (. The number can be unique within the same manufacturer, and the EPC code is the unique identifier of the item represented by the label, which is authorized by the standard organization and can be used as the logical identifier. In the protocol, the EPC code can be rewritten. Therefore, it is only used as a unique identifier, and there is a hidden danger. However, using TID as a unique identifier has an efficiency problem, so the (last word) is used as the unique identifier of the label. In-a SAM corresponds to a key "program used.
2.1 "One SAM corresponds to one key" scheme The reader security device has a SAM security module that stores the system key at the factory. The physical uniqueness identifier TID of the 6C tag chip and the logically unique identifier EPC code are used, and the system key and the one-way algorithm stored in the SAM security module implement "one SAM corresponds to one key". Since the long array consisting of "the last word of EPC+TID + system key" is also unique, it can be approximated that the tag cipher generated by this array through the one-way hash function is also unique.
Due to the irreversibility of the one-way function, the security of the password lies in the security of the system key. The system key is only stored in the SAM chip and cannot be read or exported. The tag password can only be output by inputting the "label EPC+TID last word", thus ensuring the security of the system key.
The 6C tag access password and kill password use the same algorithm as the tag data encryption password, different system keys, to avoid partial leakage of the data encryption password after the air interface signal is intercepted and cracked.
2.2 Label Validation How the system can efficiently verify that a read label is a valid label is a critical issue. For the 6 (: protocol electronic license plate label, the system provides both online and offline verification solutions to suit different applications.
(last word), and query the corresponding data on the online database to determine whether the license plate is valid. The advantage of this method is that the amount of air interface data is small, which is suitable for applications that require fast transactions and have online working conditions.
(last word), and the label password is calculated by the EPC+TID (last word) + system key (stored in the SAM security module) one-way hash (MD5). Decrypt the verification data read by the user area or the EPC area. The plain text of the verification data is obtained, for example, the validity period of the annual fee paid, and it is judged whether the label is valid according to the content of the plain text. This solution is suitable for applications where online work is not possible.
2.3 Label Anti-reading There are two ways to effectively prevent data in the user area from being read by unauthorized readers.
The first is the use of read protection technology. That is, the read protection function is set in the user area of ​​the tag, and the air interface command that "i is accessing the tag must write the correct tag key, otherwise the user area data cannot be read.
The second is data encryption technology. The anti-reading requirement prevents the valid data in the tag from being read by storing the ciphertext on the electronic tag. Labels are not stored in plain text, preventing illegal users from directly obtaining valid data in the tag through unauthorized readers.
The encryption algorithm and key are stored in the SAM security module, and the plaintext is output by inputting EPC+TID (last one, word) and plaintext output ciphertext, or inputting EPC+TID (last word) and ciphertext.
2.4 Label Tamper Protection For the TID area, the unique identifier of the label TID is written by the chip manufacturer before leaving the factory and cannot be rewritten. For the user area and the EPC area, the EPC+TID (the last word) in the electronic license plate data generates the access password of the tag, and the access password needs to be known to change the tag data.
In addition, it is also possible to protect the data from being overwritten by setting the lock status of the corresponding area. For example, after setting the access password, the password area is permanently locked and cannot be read or written. The user area and the EPC area can be permanently locked according to the data type, such as the license plate number and the vehicle identification number, and other data blocks that need to be changed are not permanently locked. The area that is in the permanent lock state cannot be overwritten, and the area that is in the locked state needs to be password-accessed to be rewritten.
2.5 Label anti-forgery is similar to tamper-proof. For the TID area, the unique identifier of the label TID is written by the chip manufacturer before the factory and cannot be rewritten. Therefore, if you do not cooperate with the chip manufacturer, it is difficult to forge a TID area as a label for the specified content.
The content of the writer in the user area and the EPC area is cipher text, and the password and the TID are approximately in a mapping relationship. Even if the plaintext, encryption algorithm and TID are known, since the system key is not known, the data password corresponding to the TID cannot be obtained, and therefore the ciphertext that can pass the validity verification cannot be written.
2.6 Label Anti-Disassembly Normally, the electronic label is mounted on the front glass of the car: At this time, the electronic label uses a ceramic substrate, and its performance is similar to that of glass. When the front windshield of the vehicle is broken, the electronic label is automatically damaged and unavailable. At the same time, when the label is designed, the built-in dark grid method is used for anti-disassembly design. When someone tries to remove the label from the car glass, the label dark grid will automatically break the loss effect, which can prevent the illegal removal of the label to the user. Used on other vehicles.
In very few special cases, wireless signals are not easily penetrated due to the strong metal film on the car's glass. In this case, there are two treatment methods: one is to cut the glass film of the car, and then attach the label to the inside of the glass (also the tamper-proof label). Another method is to install the electronic tag on the actual physical license plate of the vehicle. It needs to adopt the anti-metal label design. At the same time, the label is designed to be integrated with the physical license plate, and the label cannot be separately removed. 2.7 The label issuance process needs to be built in during the card issuance process. The special card issuer with the same SAM security module, the workflow of issuing the card is as follows: C1) Firstly, it is judged whether the card is valid or not, and the access key is not set, and can be read and written normally; (2) The unique identifier of the TID area of ​​the tag is read, and used for Label key generation and data encryption; (3) The data of the EPC area planned by the writer can be used for grouping, classification, etc. of the vehicle; U) Write the planned USER area data, including the electronic file of the vehicle Information, payment mark information, etc.; (5) use one-way hash to generate the access key of the tag, write the password area of ​​the tag; (6) set the read and write permissions of each area, permanently lock the password area, and ensure the access secret The key cannot be read or written, and other areas can be set to reversible lock or permanent lock according to specific application requirements.
3 reader device startup process When the reader device starts, the SAM and CPU are authenticated in both directions to prevent the device or SAM from being replaced. The process of mutual authentication is as follows: the CPU generates a random number RN1, performs 3DES encryption with the encryption key, and sends the result to the SAM security module; the SAM decrypts the received data, obtains RN1, and generates a random number RN2, which is added in After RN1, 3DES encryption is performed, and the result is sent to the CPU again. After the SAM security module decrypts, it is ensured that the RN2 resent by the CPU is consistent with the one generated by itself, and the authentication is passed.
Thereafter, the process of obtaining the system master key is as follows: (1) The SAM security module adds the system key after the RN2, and encrypts it with 3DES, and sends the encryption result to the CPU. C2) After the CPU decrypts, the system key is obtained. And cached for use in subsequent security operations.
4 Vehicle transit process The vehicle uses the special reader/writer with built-in SAM security module to collect the information of the electronic tag to determine whether the vehicle is legal and valid, and whether it can pass. The specific process is as follows: query the back-end database to determine whether the vehicle is legal. Valid; (.last 1-word) and the system key stored by the SAM security module jointly generate a tag access key to read the user area data of the tag to determine whether the vehicle is legally valid; (5) normal and valid vehicles can be normal Pass, otherwise proceed accordingly.
5 encryption algorithm SAM security module uses internal key management mechanism, the encryption and decryption process is dynamically performed by encryption algorithm operation, it is difficult to be deciphered and attacked in practical applications; after installing SAM security module in the reader, key and encryption operation They are all encapsulated inside the SAM security module and are independent of the arithmetic processing unit of the reader. In this way, the security of the system can only be related to the card issuer or the operator, and has nothing to do with the device provider.
SAM security module information transmission mode and external dimensions adopt IS07616-3 international standard, interface compatibility is good, and replacement is convenient.
5.1 Data Encryption Algorithm U) The access password and kill password generation of the tag are generated using the MD5 algorithm. The input data string is TID+system key KM1. The output is 128-bit MD5 digits. The access and kill passwords are generated by a 128-bit number. The code is as follows: The data encryption password is generated using the MD5 algorithm. The input data string is TID+system key KM2. The output is 128 bits, and the MD5 number is used as the data encryption password. The code is: K In recent years, although the security of the MD5 algorithm has been greatly challenged.
But for the crack of MD5 is limited to collision, the algorithm is still irreversible. The data generated by the MD5 algorithm here is to protect the system root key KM. In the case of known plaintext and ACCESSCODE and KILLCODE, it is impossible to calculate the system root key KM. mode. Shown is the encryption process of the 3DES algorithm. Shown is the decryption process of the 3DES algorithm.
When reading data, you can read only the license plate number or electronic information code.
The 3DES algorithm refers to encrypting an 8-byte plaintext data block into a ciphertext data block using a double-length (I6 byte) key K. The code is as follows: The decryption method is as follows: KEYR>. Beijing: Electronic Industry Press, 2012. Li Jiang, Sheng Huiping, Hou Zongrong. Application research of electronic license plate in traffic congestion management. Journal of the Hebei Academy of Sciences. 2011 He Ming. He Yongxiang. Use electronic license plates to advance the intelligent traffic process. China automatic identification (continued from page 53) As shown in Table 1, when the time slot selection is greater than 15ms, the time division multiple access system can operate at three baud rates.
In addition, a concentrator with 50-terminal nodes using a time division multiple access technology is set up for long-term operation, so that the wireless overnight baud rate is selected to be 38.4 Kb/s (select 10 Kb/s wave). The data transmission of the special rate is too slow, and the data transmission distance of 100Kb/s is limited. Therefore, the centered 38.4Kb/s is selected, and the time slots Ar are respectively set to 20ms, 30ms and 40ms, respectively, for the systems under different time slots. The stability was tested and the test results are listed in Table 2.
Test results of slot system stability time slot (A beacon period test result 000ms a large number of nodes dropped after re-entering the network 000ms a few nodes dropped after re-entering the network 000ms no node dropped, communication is normal 6 conclusion according to the test data of this article, explain When the baud rate, time slot and beacon period are selected at 38.4Kb/s, 40ms and 3s, very stable test results can be obtained.
The actual use proves that the wireless access technology is applied to the intelligent parking management system, and the stability and real-time performance of the system have achieved good application effects.
It is suitable for high-grade warp and weft kntting produts with high needles and high requirements on departmental organization and flatness.
High Uniformity Spandex,High Grade Spandex,Custom Uniformity Spandex,White Bare Spandex Yarn
Huafon Chemical Co., Ltd. , https://www.qianxispandex-intl.com