跳到主要內容

臺灣博碩士論文加值系統

(18.97.14.87) 您好!臺灣時間:2024/12/05 20:03
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:曾燕芬
研究生(外文):Yan-Fen Tzeng
論文名稱:群組成員存取權限差異化與所有權可移轉之RFID系統
論文名稱(外文):Diversity of Group Member Access Right and Ownership Transferable in RFID System
指導教授:陳育毅
學位類別:碩士
校院名稱:國立中興大學
系所名稱:資訊科學與工程學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2008
畢業學年度:96
語文別:中文
論文頁數:60
中文關鍵詞:RFID存取控制授權認證所有權
外文關鍵詞:RFIDaccess controlauthorizationauthenticationownership
相關次數:
  • 被引用被引用:1
  • 點閱點閱:424
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:1
  最近幾年,RFID被廣泛的應用在製造業、供應鏈管理、存貨控制等各方面,因為RFID電子標籤能夠被同時及遠距批次處理的特性,提升貨品的管理效能,可以節省作業時間與成本。可是,如果RFID系統應用在個人的身分辨別,例如保全系統門禁管制、電子門票系統、醫療病歷管理、病患識別、病患接觸史追蹤等,未經授權的讀取器可能非法存取電子標籤資料,這將侵犯到使用者的隱私權。
  為了保護電子標籤的資料,一般的設計會對於想要進行存取的讀取器先確認其合法性,電子標籤才回應資訊,以設限及掌控讀取器的存取行為。然而,一些已知的存取控制機制[15,20,23,24,32,33,37],都是假設所有合法讀取器均有相同權限,但在某些應用環境需要區隔讀取器的權限時,這些機制即不適用。例如在醫院的環境中,每個醫生的讀取器即應區隔不同的存取權限,電子病歷資料應該只有病人的主治醫生有權限存取,才能保護使用者的隱私與資料的安全。
  在本篇論文,針對讀取器有不同權限之應用,提出三種存取控制協定以及一種所有權可移轉協定,第一種存取控制協定以單一主治醫生為主,電子病歷資料只有病人的主治醫生有權限存取;第二種存取控制協定考量主治醫生之下還有住院醫生及實習醫生,所以以主治醫生分群,每一群組再分為三級-祖父級、父級與子級,不同層級的醫生有不同的存取權限,並且這些層級之間有從屬關係,電子病歷資料只有病人的主治醫生的群組有權限存取;第三種存取控制協定則進一步考量更符合醫院的組織架構,在主治醫生之下有多個住院醫生及多個實習醫生,可以明確識別父級與子級的使用者;所有權可移轉協定則是適用於當病人需要轉診移轉至其他科別,更換主治醫生時,存取控制的轉移。
  以上四種設計,都以單向雜湊函數運算為基礎,在電子標籤的設計上,單向雜湊函數的運算複雜度是可接受的,而且本篇論文提出的存取控制協定能達到相互認證、匿名性、機密性和完整性的條件,所有權可移轉協定能達到機密性和完整性的條件。
  RFID has been considered as a time- and money-saving solution for a wide variety of applications, such as manufacturing, supply chain management, and inventory control, etc. However, the universal deployment of RFID devices in consumer items may expose new security and privacy risks. Some risks will be reduced if the RFID tag can be accessed only by the authorized readers. Therefore, some access control mechanisms [15,20,23,24,32,33,37] were proposed to achieve secure access in RFID systems.
  In 2006, John Ayoade [10] proposed a framework for hospital management. The patient’s anamnesis will be attached a RFID tag. For protecting the patient’s privacy, the critical information about the patient will be stored in the tag not be written on the anamnesis. And the tag’s access should be under some control mechanisms. Only the specific doctor, usually the patient’s doctor, can access the tag. In such situation, those proposed RFID access control mechanisms are not suitable. John Ayoade pointed out the authority of readers should be different for accessing different tags. However, John Ayoade did not propose how to make it work in practical.
  In this thesis, there are three RFID access control protocols and one ownership transfer protocol are proposed. The first access control protocol is a basic type for different authorized readers. For each tag, only one doctor can access it. Only some lightweight operations such as hash function and pseudorandom number generator are needed in the tags. Such design can be implement in practical. Besides, to consider the working model in a medium or large hospital, the extended designs are proposed in the second and third protocols. For hospital infrastructure with diversity of group member access right, each group’s access rights are distinguished as three grades. The security of authentication, anonymity, confidentiality, and integrity are guaranteed in the three access control protocols. Moreover, as another doctor takes the original one’s duty, the patient’s privacy is guaranteed after running the ownership transfer protocol. The security of confidentiality, and integrity are guaranteed in the ownership transfer protocol.
第一章 緒論 1
 第一節 RFID的系統架構 1
 第二節 RFID的多元應用 1
 第三節 研究動機與目的 2
第二章 RFID存取控制機制 5
 第一節 存取控制相關研究介紹 5
  第1.1節 Weis''s hash-based access control scheme 5
  第1.2節 Weis''s randomized access control scheme 6
  第1.3節 Gao et al.''s authentication of a "good Reader" scheme 6
  第1.4節 Henrici et al.''s hash-based ID variation scheme 7
  第1.5節 Hwang et al.''s hash-based ID variation scheme 7
  第1.6節 Chien''s hash-based scheme 8
 第二節 安全存取控制的特性 9
第三章 不同權限讀取器安全存取控制協定 11
 第一節 環境介紹與符號列表 11
 第二節 協定的運作流程 12
  第2.1節 初始化階段 12
  第2.2節 存取階段 12
 第三節 安全性分析 15
  第3.1節 相互認證(Mutual Authentication) 15
  第3.2節 匿名性(Anonymity) 17
  第3.3節 機密性(Confidentiality) 17
  第3.4節 完整性(Integrity) 18
 第四節 複雜度分析 19
 第五節 結論 20
第四章 群組成員不同權限等級存取控制協定 21
 第一節 環境介紹與符號列表 21
 第二節 協定的運作流程 24
  第2.1節 初始化階段 24
  第2.2節 存取階段 24
 第三節 安全性分析 27
  第3.1節 相互認證(Mutual Authentication) 27
  第3.2節 匿名性(Anonymity) 29
  第3.3節 機密性(Confidentiality) 29
  第3.4節 完整性(Integrity) 30
 第四節 複雜度分析 31
 第五節 結論 32
第五章 群組成員存取權限差異化協定 33
 第一節 環境介紹與符號列表 33
 第二節 協定的運作流程 36
  第2.1節 初始化階段 36
  第2.2節 存取階段 36
 第三節 安全性分析 39
  第3.1節 相互認證(Mutual Authentication) 39
  第3.2節 匿名性(Anonymity) 41
  第3.3節 機密性(Confidentiality) 41
  第3.4節 完整性(Integrity) 42
 第四節 複雜度分析 43
 第五節 結論 44
第六章 群組所有權可移轉協定 45
 第一節 環境介紹與符號列表 45
 第二節 協定的運作流程 46
  第2.1節 初始化階段 46
  第2.2節 存取階段 48
 第三節 安全性分析 50
  第3.1節 機密性(Confidentiality) 50
  第3.2節 完整性(Integrity) 51
 第四節 複雜度分析 52
 第五節 結論 52
第七章 研究貢獻與未來工作 54
 第一節 研究貢獻 54
 第二節 未來工作 55
參考文獻 56
附錄-發表的論文 60
[1]李岳縉,“應用RFID於醫療院所之分析與系統規劃”,國立中正大學醫療資訊管理研究所碩士學位論文,2005。
[2]林彥君、鄭博仁、余敬虔,“無線射頻辨識防偽機制研究”,國立台灣科技大學資訊工程系碩士學位論文,台北,2006。
[3]陳育毅、曾燕芬,“RFID系統不同權限讀取器的安全存取控制協定”,興大工程學刊,Vol.19,No.1,pp.9-18,March,2008。
[4]陳育毅、詹進科、曾燕芬,“適用於群組成員不同權限等級之RFID安全存取控制協定”,中華民國九十六年全國計算機會議論文集(四),pp.535-545,Dec 20-21,2007。
[5]陳育毅、詹進科、曾燕芬,“群組成員存取權限差異化之RFID系統”, 2008 RFID科技論文研討會,Feb 1,2008。
[6]陳育毅、曾燕芬,“群組成員存取權限差異化與所有權可移轉之RFID系統”,第十九屆國際資訊管理學術研討會,May 16-17,2008。
[7]遠傳,“小兵立大功:微感商務”,企業整合通訊,pp.30-31,October,2001。
[8]鄭博仁、陳林福、陳品儀、謝德鑫,“無線射頻辨識技術與資訊安全應用”,資訊安全技術通訊,Vol.10,No.2,pp.78-86,台北,2004。
[9]Accenture , "Outlook Point of View",展望新知快訊,Aug,2001。
[10]John Ayoade, "Security implications in RFID and authentication processing framework", Computers & Security, Vol. 25, No. 3. May 2006, pp. 207–212.
[11]A. Aguilar, W. van der Putten, and F. Kirrane, "Positive patient identification using RFID and wireless networks", In HISI 11th Annual Conference and Scientific Symposium, Dublin, Ireland, November 2006.
[12]J. Bardram, "Hospitals of the future - ubiquitous computing support for medical work in hospitals", The Second International Workshop on Ubiquitous Computing, In Proceedings of UbiHealth 2003.
[13]J. Bardram, "Applications of context-aware computing in hospital work: examples and design principles", Proceedings of the 2004 ACM symposium on Applied computing, 2004, pp. 1574–1579.
[14]Vladimir Boginski, In K. Mun, Yuzhou Wu, Katherine P. Mason and Chuck Zhang, "Simulation and Analysis of Hospital Operations and Resource Utilization Using RFID Data", 2007 IEEE International Conference on RFID Gaylord Texan Resort, Grapevine, TX, USA, March 26-28, 2007.
[15]Hung-Yu Chien, "Secure Access Control Schemes for RFID Systems with Anonymity", IEEE International Conference on 10-12 May 2006, pp. 96–99.
[16]Belal Chowdhury and Rajiv Khosla, "RFID-based Hospital Real-time Patient anagement System", 6th IEEE/ACIS International Conference on Computer and Information Science (ICIS 2007), 2007.
[17]J. Ericson, "RFID for Hospital Care", in Line 56, the E-Business Executive Daily. July 23, 2004.
[18]Sepideh Fouladgar , Hossam Afifi, "A Simple Delegation Scheme for RFID Systems (SiDeS) ", RFID, 2007. IEEE International Conference on 2007, pp.1 – 6, Gaylord Texan Resort, Grapevine, TX, USA March 26-28, 2007.
[19]Jill A. Fisher and Torin Monahan, "Tracking the social dimensions of RFID systems in hospitals", international journal of medical informatics 77, 2008, pp.176–183.
[20]Xingxin Gao, Zhe Xiang, Hao Wang, Jun Shen, Jian Huang, Song Song, "An approach to security and privacy of RFID system for supply chain", E-Commerce Technology for Dynamic E-Business, 2004. IEEE International Conference on 2004, pp.164 – 168
[21]Su Mi Lee, Young Ju Hwang, Dong Hoon Lee, and Jong In Lim, "Efficient Authentication for Low-Cost RFID systems", International Conference on Computational Science and its Applications - ICCSA 2005, pp.619-627, 2005.
[22]Dirk Henrici, Paul Müller, "Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers", Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second IEEE Annual Conference on 14-17 March 2004, pp.149 – 153
[23]Hun-Wook Kim, Shu-Yun Lim, Hoon-Jae Lee, "Symmetric Encryption in RFID Authentication Protocol for Strong Location Privacy and Forward-Security", IEEE International Conference on Hybrid Information Technology - Vol2 (ICHIT''06) 2006 pp. 718-723
[24]Hyun-Seok Kim, Jung-Hyun Oh, Jin-Young Choi, "Analysis of the RFID Security Protocol for Secure Smart Home Network", Hybrid Information Technology, ICHIT''06. International Conference on Volume 2, Nov. 2006 pp.356 – 363
[25]H. Knospe, H. Pohl, "RFID Security", Information Security Technical Report , Volume 9, No. 4, Dec 2004.
[26]Mikko Lehtonen, Thorsten Staake, Florian Michahelles, and Elgar Fleisch, "From Identification to Authentication–A Review of RFID Product Authentication Techniques", Printed handout of Workshop on RFID Security-RFIDSec, 2006, Springer.
[27]Huiyun Li, Fengqi Yu, and Yun Hu, "A Solution to Privacy Issues in RFID Item-level Applications", Proceedings of the 2007 IEEE, International Conference on Integration Technology, March 20 - 24, 2007, Shenzhen, China.
[28]Huzaifa Al Nahas and Jitender S. Deogun, "Radio Frequency Identification Applications in Smart Hospitals", Twentieth IEEE International Symposium on Computer-Based Medical Systems, 2007.
[29]M. Ohkubo, K. Suzuki, and S. Kinoshita. "Cryptographic approach to "privacy-friendly" tags", RFID Privacy Workshop, Cambridge, 2003.
[30]Pedro Peris-Lopez, Julio Cesar Hernandez-Castro, Juan M. Estevez-Tapiador, and Arturo Ribagorda, "LAMED-A PRNG for EPC Class-1 Generation-2 RFID specification", Computer Standards & Interfaces, 2007 – Elsevier.
[31]Pedro Peris-Lopez, Julio Cesar Hernandez-Castro, Juan M. Estevez-Tapiador, and Arturo Ribagorda, "LMAP: A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags", Proceedings of 2nd Workshop on RFID Security, 2006.
[32]S. A. Weis, "Security and Privacy in Radio-Frequency Identification Devices", Master’s Thesis, Massachusetts Institute of Technology, May, 2003.
[33]S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels, "Security and privacy aspects of low-cost radio frequency identification systems", Security in Pervasive Computing, Lecture Notes in Computer Science, Volume 2802, pp. 201–212, Berlin 2004.
[34]Shang-Wei Wang, Wun-Hwa Chen, Chorng-Shyong Ong, Li Liu, Yun-Wen Chuang, "RFID applications in hospitals: a case study on a demonstration RFID project in a Taiwan hospital", Proceedings of the 39th Hawaii International Conference on System Sciences, 2006.
[35]Jianping Wang, Huiyun Li, and Fengqi Yu, "Design of Secure and Low-Cost RFID Tag Baseband", Wireless Communications, Networking and Mobile Computing, 2007. WiCom 2007. International Conference on Publication Date: 21-25 Sept. 2007.
[36]Yang Xiao, Xuemin Shen, Bo Sun and Lin Cai, "Security and Privacy in RFID and Applications in Telemedicine", IEEE Communications Magazine, April 2006, pp.64-72.
[37]Lan Zhang, Huaibei Zhou, Ruoshan Kong, Fan Yang, "An improved approach to security and privacy of RFID application system", Wireless Communications, Networking and Mobile Computing, 2005. Proceedings. 2005 International Conference on Volume 2, 23-26 Sept. 2005, pp.1195 – 1198.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top