臺灣博碩士論文加值系統

　　隨著NFC(Near Field Communication)的普及率也不斷地提高，NFC卡片可以做到的事情也相對的變多，例如目前的門禁系統是透過NFC卡片或磁扣的卡號與資料庫比對，就可管理大門或電梯的啟用狀態，也因此讀卡式門禁就有著安全的疑慮。因隨著科技不斷的進步，使得偽冒卡號的門檻也被越來越低，有心人士能輕易的利用非法的軟體或工具模擬他人的卡號，若擁有眾多功能的NFC卡片若遺失，將會帶來不只是錢財的損失，就連安全上也可能會受到威脅。

　　因此本研究透過非對稱式加密演算法及數位簽章兩種技術，且簽名時會同時加入隨著時間重新隨機產生的亂數，透過這上述技術可以排除非法偽造的使用者，建立一個有效且安全的機制，使資訊傳輸上無法被輕易偽冒，提升門禁系統的安全性，更能給予自己財產和安全上的保障，讓使用者在生活中能夠更安心且放心的使用卡片。

With the rising popularity of NFC (Near Field Communication), what NFC cards can do are also increasing in recent years. For example, an access control system can manage the activation status of the door or elevator by using NFC cards or RFID keys. However, security problems may be getting more and more serious in such NFC applications. Thresholds of making the counterfeit card are getting lower and lower, hacker or intruder may also easily use illegal software or tools to imitate other people's cards. Once a NFC card with multiple functions is lost, there may be serious problems of not only the loss of money, but also the risk for security. In this research, two kinds of encryption techniques are adopted, including the asymmetric encryption algorithm and digital signature. When someone is signing into a system, random number will be added onto the signature and the random number will be consistently regenerated over time. By doing so, illegal counterfeit may be effectively eliminated because information transmission cannot be forged easily. NFC card users can use the card more relieved in their lives.

一、 緒論 1
1.1 研究背景 1
1.2 研究動機與目的 2
1.3 論文架構 3
二、 背景知識與相關文獻探討 4
2.1 RFID與NFC介紹 4
2.2 智慧手機卡模擬模式 5
2.3 應用於門禁系統的NFC及架構 6
2.4 門禁控管系統與偽冒卡號流程 9
2.5 RSA的潛在危險及安全 11
2.6 將OTP原理應用於NFC門禁系統 13
2.7 將數位簽章應用於門禁 14
2.8 將人臉辨識應用於RFID門禁系統 16
2.9 補強應用於RFID門禁系統的人臉辨識 17
2.10 將隱寫術應用於NFC門禁系統 17
三、 系統架構與設計 19
3.1 身份驗證流程設計 19
3.2 身份種類 20
3.3 身份驗證流程與系統實作 20
四、 效益評估 25
五、 結論 27
六、 參考文獻 28

[1] Want, Roy. "An introduction to RFID technology." IEEE pervasive computing 5.1 (2006): 25-33.
[2] Coskun, Vedat, Busra Ozdenizci, and Kerem Ok. "A survey on near field communication (NFC) technology." Wireless personal communications 71.3 (2013): 2259-2294.
[3] Haller, Neil, et al. A one-time password system. No. RFC 2289. 1998.
[4] Patauner, C., et al. "High speed RFID/NFC at the frequency of 13.56 MHz." EURASIP Workshop on RFID. 2007.
[5] Roland, Michael. "Software card emulation in NFC-enabled mobile phones: great advantage or security nightmare." Fourth International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use. 2012.
[6] Ok, Kerem, et al. "Current benefits and future directions of NFC services." Education and Management Technology (ICEMT), 2010 International Conference on. IEEE, 2010.
[7] Want, Roy. "Near field communication." IEEE Pervasive Computing 10.3 (2011): 4-7.
[8] Hameed, Sufian, Usman Murad Jamali, and Adnan Samad. "Integrity protection of ndef message with flexible and enhanced nfc signature records." Trustcom/BigDataSE/ISPA, 2015 IEEE. Vol. 1. IEEE, 2015.
[9] Roland, Michael, and Josef Langer. "Digital signature records for the NFC data exchange format." Near Field Communication (NFC), 2010 Second International Workshop on. IEEE, 2010.
[10] Chen, Cheng Hao, Iuon Chang Lin, and Chou Chen Yang. "NFC attacks analysis and survey." Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2014 Eighth International Conference on. IEEE, 2014.
[11] Madlmayr, Gerald, et al. "NFC devices: Security and privacy." Availability, Reliability and Security, 2008. ARES 08. Third International Conference on. IEEE, 2008.
[12] Garfinkel, Simon, and Beth Rosenberg. RFID: Applications, security, and privacy. Pearson Education India, 2006.
[13] Rivest, Ronald. "RFC 1321: The MD5 message-digest algorithm, April 1992." Status: INFORMATIONAl (2014).
[14] Kale, Archita, and Utkarsh Dhawan. "TOTP Based 2-Factor Authentication: Future of Security." Imperial Journal of Interdisciplinary Research 2.10 (2016).
[15] Tolani, Rohit, A. Yeole, and S. Gavhane. "An HOTP Based Algorithm to Enhance Wi-Fi Security." International Journal of Advanced Research in Computer Science and Software Engineering (2013).
[16] Saparkhojayev, Nurbek, et al. "NFC-enabled access control and management system." Web and Open Access to Learning (ICWOAL), 2014 International Conference on. IEEE, 2014.
[17] Ceipidor, U. Biader, et al. "NFC: Integration between RFID and Mobile, state of the art and future developments." RFIDays (2008).
[18] Pellegrini, Andrea, Valeria Bertacco, and Todd Austin. "Fault-based attack of RSA authentication." Proceedings of the conference on Design, automation and test in Europe. European Design and Automation Association, 2010.
[19] Schaller, Robert R. "Moore's law: past, present and future." IEEE spectrum 34.6 (1997): 52-59.
[20] Nordrum, A. "Quantum Computer Comes Closer to Cracking RSA Encryption." IEEE Spectrum (2016).
[21] Huang, Chao-Hsi, and Shih-Chih Huang. "RFID systems integrated OTP security authentication design." Signal and Information Processing Association Annual Summit and Conference (APSIPA), 2013 Asia-Pacific. IEEE, 2013.
[22] Chang, Chuan-Yu, and Jyun-Jie Liao. "Combination of RFID and face recognition for access control system." Consumer Electronics-Taiwan (ICCE-TW), 2015 IEEE International Conference on. IEEE, 2015.
[23] Pan, Xiang. "Research and implementation of Access Control System based on RFID and FNN-Face Recognition." Intelligent System Design and Engineering Application (ISDEA), 2012 Second International Conference on. IEEE, 2012.
[24] Jing, Bing-Zhong, et al. "Anti-spoofing system for RFID access control combining with face recogntion." Machine Learning and Cybernetics (ICMLC), 2010 International Conference on. Vol. 2. IEEE, 2010.
[25] Larchikov, Andrey, et al. "Combining RFID-based physical access control systems with digital signature systems to increase their security." Software, Telecommunications and Computer Networks (SoftCOM), 2014 22nd International Conference on. IEEE, 2014.
[26] Teh, Peng-Loon, Huo-Chong Ling, and Soon-Nyean Cheong. "NFC smartphone based access control system using information hiding." Open Systems (ICOS), 2013 IEEE Conference on. IEEE, 2013.
[27] Mohan, Madan, Vidyasagar Potdar, and Elizabeth Chang. "Recovering and restoring tampered RFID data using steganographic principles." Industrial Technology, 2006. ICIT 2006. IEEE International Conference on. IEEE, 2006.