关键词: 无线射频识别（RFID）, 物理不可克隆函数（PUF）, 安全认证, 保护位置隐私, 轻量级

Abstract: The application of RFID (radio frequency identification) technology in the supply chain management can greatly improve the traceability of commodity information and the identification efficiency of the supply chain system. With the advantages of long-distance identification and low-cost tag price, the EPC C1G2 (electronic product code class 1 generation 2) has become the most widely used protocol standard in the supply chain. Aiming at the security and privacy problem of low-cost tag, PUF (physical unclonable function) is adopted to generate the session key to resist impersonation attack and achieve anti-counterfeit protection of commodity. The security authentication of reader identity is introduced to adapt to the application environment of mobile authentication in the supply chain. The location privacy of the tag??s owner can be well protected by using the quadratic residue theorem and the constantly updated share key which achieves the tag??s forward untraceable and backward untraceable properties. Simulation results show that the identification efficiency of server is O(1) which means the proposed methods can meet the scalable requirement of supply chain system.

Key words: radio frequency identification (RFID), physical unclonable function (PUF), security authentication, location privacy protection, lightweight