無線射頻辨識被認為是一項重要的科技，且在往後的世界將隨處可見到這項技術的使用。然而大量地使用RFID標籤可能會導致一些新的威脅。目前的RFID標籤大多只能散發出固定的辨識碼，因此很容易遭受到不法人將辨識碼予以複製。而且攜帶這類的標籤很容易變成被追蹤的對象。因此，RFID所引發的安全議題不僅是個人隱私權的侵害，更有可能導致企業的商業資料被竊取而蒙受損失。本研究有鑑於於此，本研究除了簡單描述RFID技術的相關元件之外，亦針對RFID所引發的安全議題進行探討。雖然目前已有許多學者針對RFID安全問題以及其解決之道提出相當多的研究，但尚未有學者針對這些議題與解決方法進行整理比較，因此本研究希望以分類歸納的方式將這些安全議題與解決方法作比較，以方便往後的研究學者或實務界相關人員更容易瞭解RFID的相關資訊。除此之外，本研究亦提出一套安全的RFID溝通機制，希望能保護Tag與Reader之間的溝通訊息，以提供RFID的安全保障。

This research presents a formal mechanism called Lightweight-ECC of a cryptographic authentication protocol for RFID - Radio Frequency Identification smart tags. These smart tags are nowadays embedded in the many items and may come soon into our daily life. The main goal of RFID systems is to identify objects remotely by embedding smart tags, tiny devices capable of transmitting data, into these objects. Goods in stores can be tagged in order to prevent shoplifting, or to speed up the goods registration process by using wireless scanning instead of human or optical scanning. However, these wireless devices have raised public concern regarding violation of privacy and information security like individual information leakage, behavioral traceability, spoofing and industrial sabotage. It is necessary to provide security for those objects. Many solutions have been proposed but almost as many ways have been found to break them. And existing protocols almost don’t include symmetric or asymmetric cryptosystem authentication mechanisms. They couldn’t solve RFID security problems efficiently. Therefore, a new mechanism for authentication is proposed in this research. We present the concept of lightweight-ECC model that provides a high degree of security assurance. This research also analyzes my protocol from both security and privacy points of view and explains how to overcome above-mentioned security problems.

一、 緒論 1
1.1 研究背景 1
1.2 研究動機 3
1.3 研究目的 3
1.4 研究流程 4
二、 文獻探討 6
2.1 無線射頻辨識技術 6
2.1.1卡片╱標籤（Tag） 6
2.1.2讀取器╱讀卡機（Reader） 8
2.1.3 後端資料庫（Back-End Database） 8
2.1.4 EPC（Electronic Product Code） 9
2.2 安全與隱私性之議題 9
2.2.1 竊聽（Eavesdropping） 10
2.2.2 追蹤（Traceability） 12
2.2.3 欺騙（Spoofing） 13
2.2.4 商業破壞（Industrial Sabotage） 15
2.3 安全議題的解決方法 16
2.3.1被動式Tag解決方法 17
2.3.1.1 Kill Tag Approach 17
2.3.1.2 Selective Blocker Tag 17
2.3.1.3 Physical ID Separation 23
2.3.1.4 Hash-Based Access Control 24
2.3.2主動式Tag解決方法 25
2.3.2.1 Rewritable Memory 25
2.3.2.2 Randomized Access Control 26
2.3.2.3 Hash Chain 29
2.3.2.4 XOR based One-Time Pad Scheme 30
2.4 橢圓曲線密碼學（Elliptic Curves Cryptography, ECC） 36
2.5 Kerberos認證協定與系統 37
2.6 本章小節 43
三、 橢圓曲線加解密 44
3.1橢圓曲線 (Elliptic Curves) 44
3.2 橢圓曲線上的乘法律 45
3.3 將明文轉換成橢圓曲線上的點 46
3.4 橢圓曲線的加解密 47
3.5 橢圓曲線加解密應用於RFID技術 49
四、 研究問題描述與系統架構 51
4.1 研究問題描述 51
4.2 系統考量 52
4.3 系統架構 53
4.3.1 被動式標籤（Passive Tag） 54
4.3.1.1 Tag記憶體配置 55
4.3.1.2 前端架構 58
4.3.1.3 後端架構 64
4.3.2 主動式標籤（Active Tag） 73
4.4 系統安全分析 75
4.4.1 資訊安全層面 76
4.4.2 RFID安全層面 79
五、 案例研究 85
5.1 RFID在航空產業行李運送的應用 85
5.2 RFID在航空產業行李追蹤的應用 89
六、 結論與未來研究 92
6.1 研究結論 92
6.2 研究限制 93
6.3 未來研究 93
參考文獻 96

英文文獻：
1.Auto-ID Center, 2002, “860MHz-930MHz Class1 Radio Frequency Identification Tag Radio Frequency & Logical Communication Interface Specification Candidate Recommendation, Version 1.0.1”, November.
http://www.autoidlabs.org/whitepapers/mit-autoid-tr007.pdf
2.Auto-ID Center, 2003, “13.56 MHz ISM Band Class 1Radio Frequency Identification Tag Interface Specification: Recommended Standard, Version 1.0.0”, Feburary.
http://www.autoidlabs.org/whitepapers/mit-autoid-tr011.pdf
3.Auto-ID Center, 2003, “Auto-ID Reader Protocol 1.0”, Working Draft Version of 5, September.
4.Auto-ID Center, 2003, “Draft Protocol Specification for a Class 0 Radio Frequency Identification Tag”, February.
5.Auto-ID Center, 2003, “PML Core Specification 1.0”, September.
6.Auto-ID Center, 2003, “The Object Name Service Version 0.5 (Beta)”, August.
7.Auto-ID Center, 2003, “The Savant Version 0.1 (Alpha)”, September.
8.Avoine, G., 2004, “Privacy Issues in RFID Banknote Protection Schemes”, The Sixth International Conference on Smart Card Research and Advanced Applications, Toulouse, France, August, pp. 33-48.
9.Avonie, G., Oechslin, P., 2005, “A Scalable and Provably Secure Hash-Based RFID Protocol”, The 2nd IEEE International Workshop on Pervasive Computing and Communication Security, Kauai Island, Hawaii, USA, March.
10.Certicom Research, 2000, “SEC 1: Elliptic Curve Cryptography”, Standards for Efficient Cryptography Group, September.
11.Denning, D.E., 1982, “Cryptography and Data Security”, Addison-Wesley.
12.Diffie, W., Hellman, M.E., 1979, “Privacy and Authentication: An Introduction to Cryptography”, Proceeding of the IEEE, Vol.67, No.3, pp.397-427, March.
13.ElGamal T, 1985, “A Public Key Cryptosystem and Signature Scheme Based on Discrete Logarithm”, IEEE Transactions on Information Theory, vol. 31, no. 4, pp. 469-472.
14.EPCglobal, 2004, “EPCTM Tag Data Standards Version 1.1 Rev.1.24”, Standard Specification, April.
15.Feder, B. J., 2005, “Radio Tags Can Find Stray Bags, but Can Airlines Afford Them?”, The New York Times, March 7
http://www.nytimes.com/2005/03/07/technology/07baggage.html?ex=1267938000&en=18c992a6a5195f02&ei=5088&partner=rssnyt
16.Feldhofer, M., 2004, “An Authentication Protocol in a Security Lay for RFID Smart Tags”, IEEE MELECON 2004, Dubrovnik, Coratia, May 12-15.
17.Finkenzeller, K., 2003, “RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification, Second Edition”, Second Edition, John Wiley & Sons, Ltd.
18.INOUE, S., YASUURA, H., 2003, “RFID Privacy Using User-controllable Uniqueness”, RFID Privacy Workshop, MIT, Massachusetts, USA, November.
19.Juels, A., 2004, “Minimalist Cryptography for Low-Cost RFID Tags”, The Fourth International Conference on Security in Communication Networks - SCN 2004, Amalfi, Italia, September.
20.Juels, A., et al.,2003, “The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy”, In Proceedings of 10th ACM conference on Computer and Communications Security(CCS 2003), Washington, DC, USA, October, pp. 103-111.
21.Juels, A., Pappu, R., 2003, “Squealing euros: Privacy protection in RFID-enabled banknotes”, In proceedings of Financial Cryptography – FC’03, Le Gosier, Guadeloupe, French West Indies, January, pp. 103-121.
22.Kim, W, Kim, S, et al., 2003, “A platform-based SoC design of a 32-bit smart card”, ETRI Journal, Vol. 25, no. 6, pp. 510-516. December.
23.Koblitz, N., 1987, “Elliptic Curve Cryptosystems”, Mathematics of Compution, vol. 48, pp. 203-309.
24.Kohl, J., Neuman B., 1993, “The Kerberos Network Authentication Service (V5)”, RFC 1510, September.
25.Landt, J., 2001, “Shrouds of Time: The history of RFID”, the Association of Automatic Identification and Data capture Technologies (AIM), October.
26.LARAN RFID, 2004, “A basic introduction to RFID technology and its use in the supply chain”, January.
27.Lenstra, H. W. Jr., 1987, “Factoring integers with elliptic curves”, Annals of Math, vol. 126, pp. 649-673.
28.Miller, V., 1986, “Use of Elliptic Curves in Cryptography”, Lecture Notes in computer science, vol. 218, pp. 417-426.
29.Neuman, B.C., TS’O, T., 1994, “Kerberos: An Authentication Service for Computer Networks”, IEEE Commun. Magazine, vol. 32, pp. 33-38, September.
30.Ohkubo, M., et al., 2004, “Efficient Hash-Chain Based (RFID) Privacy Protection Scheme”, “The Sixth International Conference on Ubiquitous Computing”, Nottingham, England, September.
31.Rivest, R. L., et al., 1978, “A Method for obtaining Digital Signatures and Public-key Cryptosystem”, Communications of the ACM, vol. 21, no. 2, pp. 120--126, February.
32.Sarma, S. E., Weis, S. A., 2002, “RFID Systems, Security & Privacy Implications”, Auto-ID Center, November.
33.Sharma, S., Shevade, U., 2003, “Interoperation of Kerberos and Public Key infrastructure Authentication Frameworks”, The University of Texas At Austin Computer Sciences, Master Thesis.
34.Shih, D.H., et al., 2005, “RFID Tags: Privacy and Security Aspects”, Int. J. Mobile Communications, Vol.3, No.3, pp.214-230.
35.Stallings, W., 2002, “Cryptography and Network Security: Principles and Practices”, Third Edition, New Jersey, Prentice Hall.
36.Steiner, J. G., et al., 1988, “Kerberos: An Authentication Service for Open Network Systems”, In Proceedings of the 1988 USENIX Conference, Dallas, TX, USA, March, pages 191-202.
37.Weis, S. A., 2003, “Security and Privacy in Radio-Frequency Identification Devices”, Massachusetts Institute of Technology (MIT), Master Thesis.
38.Weis, S. A., et al., 2003, “Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems”, International Conference on Security in Pervasive Computing - SPC 2003, Boppard, Germany, March, pp. 454-469.
39.Wheeler, D., Needham, R., 1994, “TEA, a Tiny Encryption Algorithm”, In: Proceedings of the 1994 Fast Software Encryption Workshop, Computer Laboratory, Cambridge University, England.
http://www.ftp.cl.cam.ac.uk/ftp/papers/djw-rmn/djw-rmn-tea.html

中文文獻：
40.周利欽，2000，“Kerberos系統密碼認證之改進”，元智大學電機與資訊工程研究所，碩士論文。
41.林文儀，2003，“橢圓曲線版的ElGamal數位簽署及其變形”，東海大學，應用數學研究所碩士論文。
42.高增英，2005，“無線射頻辨識技術在機場之應用”，中國航空太空學會會刊，53卷，第1期，四月。
http://www.cast.itri.org.tw/aasrc/society_journal/35_1/1-3.htm
43.陳儒恩，2004，”RFID不飛則已 一飛沖天”，網路通訊，151期，頁44-49，資訊與電腦出版社，2月。
44.粘添壽，吳順裕，2004，“資訊與網路安全技術”，旗標出版，台北。
45.黃昌宏，2003，“RFID無線射頻識別標識系統的探討(上)”，印刷新訊，49期，大中華印藝網，九月。
http://www.cgan.com/science/newtech/tech/04052301.htm
46.蔡子宏，2005，“RFID是創意產業的動力之一”，電工資訊，170期，台灣區電機電子工業同業公會，二月。
http://www.teema.org.tw/publish/moreinfo.asp?autono=2351
47.鄭同伯，2004，“RFID EPC無線射頻辨識完全剖析”，博碩文化，台北。

網站資料：
48.FKI Logistex Case Study Series, 2003, “HBS Baggage Hanbdling System Jacksonville International Airport”
http://www.asieurope.com/documents/pdf/JIA_Case_Study.pdf
49.Royal Air Force, History: 1940,
http://www.raf.mod.uk/history/line1940.html
50.Wyld, D. C.，2004，汪曉蘭譯，“航空業利用射頻辨別進行行李追蹤”。
http://www.morerfid.hk/review/2005/hk_rfidWine0503.htmla
51.周世民，2004，“RFID Tag 5大採購須知”，
http://www.eedesign.com.tw/article/document/dc989.htm