臺灣博碩士論文加值系統

無線射頻辨識系統「RFID」被稱為本世紀最重要的前十大技術之一，增加生活中「無所不在」的便利性。未來舉凡到商場或便利店購物、圖書館借書、搭乘交通工具、繳停車費、門禁管理、高速公路的電子收費「ETC」、個人身分識別證或到醫院掛號領藥…等等，無一不如影隨形地和我們大眾一起生活著。
一個無所不在的網路環境將使社會不論何時何地都可方便地達到更好的資料存取服務，無線射頻辨識系統技術很可能將是這樣的一個容易管理的社會的一部分，而RFID是由讀取器(Reader)和RFID標籤(Tag)所組成的系統，其運作的原理是利用讀取器發射無線電波，觸動感應範圍內的RFID標籤，藉由電磁感應產生電流，供應RFID標籤上的晶片運作並發出電磁波回應感應器，若將此項技術運用在各種應用上便能帶來前所未有的便利；但是，越來越多的RFID被使用，而且其非接觸傳送資料的特性隨著空氣中的電磁波無形之下暴露著危險，可能造成對使用者隱私的一些威脅，因此現今保護隱私已經成為一個重要的議題。在這篇論文裡，我們提出一份相互驗證的協議來加強隱私的保護，而我們是使用動態識別的方法來設計這樣的一個機制，我們想要改良過去的一些方法，或是預防未來攻擊者破壞的一些弱點。
我們提出一個安全的協議在被動的標籤上，是使用密碼學的單向雜湊函數功能來防止一些攻擊，並且運用Session Key的概念來產生更新(Updating ID)的想法，這也是本文中的核心部份。因此，我們提出的方法是不需要強大的對稱式或非對稱式的加密法，即可各種應用領域上進行實作；並且達到一些目的，如：相互的驗證，加強資料的隱私，不被追蹤性，防止被竊聽、仿冒、重送攻擊、中間人攻擊的威脅，亦可提供應用在低成本的標籤上，以及防止非法讀取器存取標籤上的資料，所以我們相信此論文提出的方法將更加提升使用者隱私上面的保護。

A ubiquitous network environment will make society able to conveniently access better services anywhere and at any time. The Radio Frequency Identification (RFID) technology will most likely be part of such a manageable society. However, more and more deployment of RFIDs may create some threats to user privacy; therefore privacy protection has become an important issue nowadays. In this thesis, we propose a mutual authentication protocol to enhance the privacy protection, which uses the dynamic identification scheme. In this way, we want to reform some weaknesses which have in the past, or will in the future allow breaches by adversaries.
We present a security protocol to prevent some attacks using cryptographic one-way hash functions on the passive tags. Therefore, our proposed method could be deployed in many applications without strong symmetric or asymmetric encryption. We believe that the proposed approach will be available to enhance the protection of a user's privacy.

Table of Contents
摘要 - 2 -
Abstract - 4 -
1. Introduction - 9 -
1.1. Background - 9 -
1.2. Motivation - 9 -
1.3. Purpose - 10 -
1.4. Organization - 11 -
2. Literature Review - 12 -
2.1. RFID System Components - 12 -
2.1.1. Transponder or RFID tag - 13 -
2.1.2. Transceiver or RFID reader - 14 -
2.1.3. Back-end Database - 14 -
2.2. Applications of RFID - 14 -
2.3. RFID Personal Privacy Issues - 17 -
2.3.1. Data Privacy - 17 -
2.3.2. Location Privacy - 18 -
2.4. The Review of Previous Researches - 18 -
2.4.1. Public Key Cryptography Approach - 18 -
2.4.2. Hash Lock Scheme - 19 -
2.4.3. Randomized Hash Lock Scheme - 20 -
2.4.4. Re-encryption Scheme - 21 -
2.4.5. Other Approaches - 21 -
2.4.6. Cryptography and authentication on RFID passive tags - 22 -
3. The Proposed Protocol - 25 -
3.1. The initialization stage - 25 -
3.2. The details of the proposed protocol - 26 -
3.3. Illustration for the protocol - 28 -
4. Security Analysis - 31 -
4.1. Location Privacy Protection - 31 -
4.2. Against Replay Attack - 31 -
4.3. Against eavesdropping - 32 -
4.4. Against spoofing - 32 -
4.5. Against man-in-the-middle attack - 32 -
5. Conclusion and Future Research - 34 -
5.1. Conclusion - 34 -
5.1. Limitation and Future Research - 35 -
References - 36 -
Index - 39 -
個人簡歷 - 43 -
Vita - 45 -

List of Figures
Figure 1.1 Research Procedure - 11 -
Figure 2.1 A radio frequency identification system - 13 -
Figure 2.2 Hash lock scheme - 20 -
Figure 2.3 Randomized hash lock scheme - 21 -
Figure 2.4 The tags authentication protocol - 23 -
Figure 3.1 The initialization stage of the proposed protocol - 26 -
Figure 3.2 Diagram of the proposed privacy protection mechanism using dynamic identification scheme - 28 -


List of Tables
Table 2.1 Comparisons between the Active and Passive Tags - 13 -
Table 3.1 Data stored in the back-end database at the beginning - 29 -
Table 3.2 Data stored in this tag at the beginning - 29 -
Table 3.3 Data stored in the back-end database after one communication cycle - 30 -
Table 3.4 Data stored in this tag after one communication cycle - 30 -

[1] Stephen. A. Weis, “Radio-Frequency Identification Security and Privacy,” Master thesis, M.I.T. June 2003.
[2] Stephen. A.Weis, S. Sarma, R. Rivest, and D. Engels, “Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems,” Proc. First International Conference on Security in Pervasive Computing 2003, LNCS 2802, pp. 201-212, Springer-Verlag.
[3] D. Molnar and D. Wagner, “Privacy and Security in Library RFID Issues, Practices, and Architectures,” Proc. ACM Computer and communications Security ’04, Washington DC, USA, October 25 - 29, 2004.
[4] A. Juels and R. Pappu, “Squealing Euros: Privacy Protection in RFID-Enabled Banknotes,” Financial Cryptography ’03, R. Wright, Ed., Springer-Verlag, 2003.
[5] P. Golle, M. Jakobsson, A. Juels, and P. Syverson, “Universal Re-encryption for Mixnets,” RSA Conf. Cryptographers’ Track ’04, LNCS 2964, 2004, pp. 163–78, Springer-Verlag.
[6] A. Juels, R. L. Rivest, and M. Szydlo, “The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy,” Proc. ACM Computer and communications Security ’03, 2003, pp. 103-11.
[7] EPC global Inc. Sept. 17, 2007, http://www.epcglobalinc.org/home
[8] A. Cavoukian, “Tag, You’re It: Privacy Implications of Radio Frequency Identification (RFID) Technology,” Info. and Privacy Commissioner, Ontario, Toronto, Feb. 2004. http://www.ipc.on.ca/scripts/index_.asp?action=31&P_ID=15007
[9] “RFID White Paper,” Sept. 2007, http://www.rfidjournal.com/whitepapers/
[10] M. Ohkubo, K. Suzuki, and S. Kinoshita, “Cryptographic Approach to Privacy-Friendly tags,” Proc. RFID Privacy Workshop, MIT, USA, (2003).
[11] Ted Phillips, Tom Karygiannis, and Rick Kuhn, “Security Standards for the RFID Market,” IEEE Security and Privacy, Vol. 3, No. 6, pp. 85-89, Nov.-Dec. 2005.
[12] Yang Xiao, Xuemin Shen, Bo Sun, and Lin Cai, “Security and Privacy in RFID and Applications in Telemedicine,” Communications Magazine, IEEE, Vol. 44, pp. 64-72, April 2006.
[13] Pedro Peris-Lopez, Julio Cesar Hernandez-Castro, Juan M. Estevez-Tapiador, and Arturo Ribagorda, “RFID Systems: A Survey on Security Threats and Proposed Solutions,” Dec. 2007, http://lasecwww.epfl.ch/~gavoine/download/papers/PerisHER-2006-pwc.pdf
[14] Melanie R. Rieback, Bruno Crispo, and Andrew S. Tanenbaum, “The EVolution of RFID Security,” IEEE Pervasive Computing, Vol. 5, No. 1, 62-69, January-March 2006.
[15] Simson L. Garfinkel, Aril Juels and Ravi Pappu. “RFID Privacy: An Overview of Problems and Proposed Solutions,” IEEE Security and Privacy, Vol. 3, Issue 3, pp. 34-43, May 2005.
[16] A. Juels, D. Molnar, and D. Wagner, “Security and privacy issues in e-passports,” Proc. Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm, Athens, Greece, pp. 74-88, Sept. 2005.
[17] “Philips and the 2006 FIFA World Cup,” June 2006, http://www.ameinfo.com/88301.html
[18] Tucker Balch, Adam Feldman, and Wesley Wilson, “Assessment of an RFID System for Animal Tracking,” http://www.smartech.gatech.edu/dspace/bitstream/1853/6495/1/GIT-CC-04-10.pdf
[19] Sanjay E. Sarma, Stephen A. Weis, Daniel W. Engels, “RFID systems and security and privacy implications,” in: Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2002, LNCS no. 2523, 2003, 454–469.
[20] NTRU. GenuID. http://www.ntru.com/products/genuid.htm.
[21] Kirk H.M. Wong, Patrick C.L. Hui, Allan C.K. Chan, “Cryptography and authentication on RFID passive tags for apparel products,” Computers in Industry, Vol. 57, Issue 4, pp.342-349, May 2006.
[22] EPCTM Generation 1 Tag Data Standards, Version 1.1 rev 1.27, EPC Global Inc., May 2005, http://www.epcglobalinc.org/standards_ technology/specifications.html.
[23] “RFID tracks future everyday apps,” May 2005, http://www.eetasia.com/ARTICLES/2005MAY/B/2005MAY16_STECH_RFD_TA.pdf?SOURCES=DOWNLOAD