( 您好!臺灣時間:2021/05/12 03:49
字體大小: 字級放大   字級縮小   預設字形  


研究生(外文):Chin-Yi Lin
論文名稱(外文):A Study of RFID Security and Privacy Issues
指導教授(外文):Dong-Her Shih
外文關鍵詞:PrivacyElliptic Curves CryptographyKerberos V5RFIDSecurity
  • 被引用被引用:8
  • 點閱點閱:237
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
This research presents a formal mechanism called Lightweight-ECC of a cryptographic authentication protocol for RFID - Radio Frequency Identification smart tags. These smart tags are nowadays embedded in the many items and may come soon into our daily life. The main goal of RFID systems is to identify objects remotely by embedding smart tags, tiny devices capable of transmitting data, into these objects. Goods in stores can be tagged in order to prevent shoplifting, or to speed up the goods registration process by using wireless scanning instead of human or optical scanning. However, these wireless devices have raised public concern regarding violation of privacy and information security like individual information leakage, behavioral traceability, spoofing and industrial sabotage. It is necessary to provide security for those objects. Many solutions have been proposed but almost as many ways have been found to break them. And existing protocols almost don’t include symmetric or asymmetric cryptosystem authentication mechanisms. They couldn’t solve RFID security problems efficiently. Therefore, a new mechanism for authentication is proposed in this research. We present the concept of lightweight-ECC model that provides a high degree of security assurance. This research also analyzes my protocol from both security and privacy points of view and explains how to overcome above-mentioned security problems.
一、 緒論 1
1.1 研究背景 1
1.2 研究動機 3
1.3 研究目的 3
1.4 研究流程 4
二、 文獻探討 6
2.1 無線射頻辨識技術 6
2.1.1卡片╱標籤(Tag) 6
2.1.2讀取器╱讀卡機(Reader) 8
2.1.3 後端資料庫(Back-End Database) 8
2.1.4 EPC(Electronic Product Code) 9
2.2 安全與隱私性之議題 9
2.2.1 竊聽(Eavesdropping) 10
2.2.2 追蹤(Traceability) 12
2.2.3 欺騙(Spoofing) 13
2.2.4 商業破壞(Industrial Sabotage) 15
2.3 安全議題的解決方法 16
2.3.1被動式Tag解決方法 17 Kill Tag Approach 17 Selective Blocker Tag 17 Physical ID Separation 23 Hash-Based Access Control 24
2.3.2主動式Tag解決方法 25 Rewritable Memory 25 Randomized Access Control 26 Hash Chain 29 XOR based One-Time Pad Scheme 30
2.4 橢圓曲線密碼學(Elliptic Curves Cryptography, ECC) 36
2.5 Kerberos認證協定與系統 37
2.6 本章小節 43
三、 橢圓曲線加解密 44
3.1橢圓曲線 (Elliptic Curves) 44
3.2 橢圓曲線上的乘法律 45
3.3 將明文轉換成橢圓曲線上的點 46
3.4 橢圓曲線的加解密 47
3.5 橢圓曲線加解密應用於RFID技術 49
四、 研究問題描述與系統架構 51
4.1 研究問題描述 51
4.2 系統考量 52
4.3 系統架構 53
4.3.1 被動式標籤(Passive Tag) 54 Tag記憶體配置 55 前端架構 58 後端架構 64
4.3.2 主動式標籤(Active Tag) 73
4.4 系統安全分析 75
4.4.1 資訊安全層面 76
4.4.2 RFID安全層面 79
五、 案例研究 85
5.1 RFID在航空產業行李運送的應用 85
5.2 RFID在航空產業行李追蹤的應用 89
六、 結論與未來研究 92
6.1 研究結論 92
6.2 研究限制 93
6.3 未來研究 93
參考文獻 96
1.Auto-ID Center, 2002, “860MHz-930MHz Class1 Radio Frequency Identification Tag Radio Frequency & Logical Communication Interface Specification Candidate Recommendation, Version 1.0.1”, November.
2.Auto-ID Center, 2003, “13.56 MHz ISM Band Class 1Radio Frequency Identification Tag Interface Specification: Recommended Standard, Version 1.0.0”, Feburary.
3.Auto-ID Center, 2003, “Auto-ID Reader Protocol 1.0”, Working Draft Version of 5, September.
4.Auto-ID Center, 2003, “Draft Protocol Specification for a Class 0 Radio Frequency Identification Tag”, February.
5.Auto-ID Center, 2003, “PML Core Specification 1.0”, September.
6.Auto-ID Center, 2003, “The Object Name Service Version 0.5 (Beta)”, August.
7.Auto-ID Center, 2003, “The Savant Version 0.1 (Alpha)”, September.
8.Avoine, G., 2004, “Privacy Issues in RFID Banknote Protection Schemes”, The Sixth International Conference on Smart Card Research and Advanced Applications, Toulouse, France, August, pp. 33-48.
9.Avonie, G., Oechslin, P., 2005, “A Scalable and Provably Secure Hash-Based RFID Protocol”, The 2nd IEEE International Workshop on Pervasive Computing and Communication Security, Kauai Island, Hawaii, USA, March.
10.Certicom Research, 2000, “SEC 1: Elliptic Curve Cryptography”, Standards for Efficient Cryptography Group, September.
11.Denning, D.E., 1982, “Cryptography and Data Security”, Addison-Wesley.
12.Diffie, W., Hellman, M.E., 1979, “Privacy and Authentication: An Introduction to Cryptography”, Proceeding of the IEEE, Vol.67, No.3, pp.397-427, March.
13.ElGamal T, 1985, “A Public Key Cryptosystem and Signature Scheme Based on Discrete Logarithm”, IEEE Transactions on Information Theory, vol. 31, no. 4, pp. 469-472.
14.EPCglobal, 2004, “EPCTM Tag Data Standards Version 1.1 Rev.1.24”, Standard Specification, April.
15.Feder, B. J., 2005, “Radio Tags Can Find Stray Bags, but Can Airlines Afford Them?”, The New York Times, March 7
16.Feldhofer, M., 2004, “An Authentication Protocol in a Security Lay for RFID Smart Tags”, IEEE MELECON 2004, Dubrovnik, Coratia, May 12-15.
17.Finkenzeller, K., 2003, “RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification, Second Edition”, Second Edition, John Wiley & Sons, Ltd.
18.INOUE, S., YASUURA, H., 2003, “RFID Privacy Using User-controllable Uniqueness”, RFID Privacy Workshop, MIT, Massachusetts, USA, November.
19.Juels, A., 2004, “Minimalist Cryptography for Low-Cost RFID Tags”, The Fourth International Conference on Security in Communication Networks - SCN 2004, Amalfi, Italia, September.
20.Juels, A., et al.,2003, “The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy”, In Proceedings of 10th ACM conference on Computer and Communications Security(CCS 2003), Washington, DC, USA, October, pp. 103-111.
21.Juels, A., Pappu, R., 2003, “Squealing euros: Privacy protection in RFID-enabled banknotes”, In proceedings of Financial Cryptography – FC’03, Le Gosier, Guadeloupe, French West Indies, January, pp. 103-121.
22.Kim, W, Kim, S, et al., 2003, “A platform-based SoC design of a 32-bit smart card”, ETRI Journal, Vol. 25, no. 6, pp. 510-516. December.
23.Koblitz, N., 1987, “Elliptic Curve Cryptosystems”, Mathematics of Compution, vol. 48, pp. 203-309.
24.Kohl, J., Neuman B., 1993, “The Kerberos Network Authentication Service (V5)”, RFC 1510, September.
25.Landt, J., 2001, “Shrouds of Time: The history of RFID”, the Association of Automatic Identification and Data capture Technologies (AIM), October.
26.LARAN RFID, 2004, “A basic introduction to RFID technology and its use in the supply chain”, January.
27.Lenstra, H. W. Jr., 1987, “Factoring integers with elliptic curves”, Annals of Math, vol. 126, pp. 649-673.
28.Miller, V., 1986, “Use of Elliptic Curves in Cryptography”, Lecture Notes in computer science, vol. 218, pp. 417-426.
29.Neuman, B.C., TS’O, T., 1994, “Kerberos: An Authentication Service for Computer Networks”, IEEE Commun. Magazine, vol. 32, pp. 33-38, September.
30.Ohkubo, M., et al., 2004, “Efficient Hash-Chain Based (RFID) Privacy Protection Scheme”, “The Sixth International Conference on Ubiquitous Computing”, Nottingham, England, September.
31.Rivest, R. L., et al., 1978, “A Method for obtaining Digital Signatures and Public-key Cryptosystem”, Communications of the ACM, vol. 21, no. 2, pp. 120--126, February.
32.Sarma, S. E., Weis, S. A., 2002, “RFID Systems, Security & Privacy Implications”, Auto-ID Center, November.
33.Sharma, S., Shevade, U., 2003, “Interoperation of Kerberos and Public Key infrastructure Authentication Frameworks”, The University of Texas At Austin Computer Sciences, Master Thesis.
34.Shih, D.H., et al., 2005, “RFID Tags: Privacy and Security Aspects”, Int. J. Mobile Communications, Vol.3, No.3, pp.214-230.
35.Stallings, W., 2002, “Cryptography and Network Security: Principles and Practices”, Third Edition, New Jersey, Prentice Hall.
36.Steiner, J. G., et al., 1988, “Kerberos: An Authentication Service for Open Network Systems”, In Proceedings of the 1988 USENIX Conference, Dallas, TX, USA, March, pages 191-202.
37.Weis, S. A., 2003, “Security and Privacy in Radio-Frequency Identification Devices”, Massachusetts Institute of Technology (MIT), Master Thesis.
38.Weis, S. A., et al., 2003, “Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems”, International Conference on Security in Pervasive Computing - SPC 2003, Boppard, Germany, March, pp. 454-469.
39.Wheeler, D., Needham, R., 1994, “TEA, a Tiny Encryption Algorithm”, In: Proceedings of the 1994 Fast Software Encryption Workshop, Computer Laboratory, Cambridge University, England.

43.陳儒恩,2004,”RFID不飛則已 一飛沖天”,網路通訊,151期,頁44-49,資訊與電腦出版社,2月。
47.鄭同伯,2004,“RFID EPC無線射頻辨識完全剖析”,博碩文化,台北。

48.FKI Logistex Case Study Series, 2003, “HBS Baggage Hanbdling System Jacksonville International Airport”
49.Royal Air Force, History: 1940,
50.Wyld, D. C.,2004,汪曉蘭譯,“航空業利用射頻辨別進行行李追蹤”。
51.周世民,2004,“RFID Tag 5大採購須知”,
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔