隨著資通訊技術的持續進步，民眾的生活正朝著「無所不在」網路(Uiquitous Network)的環境願景所發展，更將改變產業的經濟發展。未來的生活中，民眾將有更多的機會接觸並且享受科技帶來的便利性。過去幾年來「無所不在」的網路概念，持續有著相關的研究與技術發展被提出。為確實建構出未來如此便捷的概念，除網路和通訊的技術必須持續的提升改善外，如何辨識物品在網路中的身份也是相當重要的環節。因此，極具有發展淺力的無線射頻辨識系統(RFID)技術逐漸被人們所重視。

無線射頻辨識系統是透過無線訊號提供自動化的辨識。許多的組織期望無線射頻辨識系統能夠帶來有效益的自動化管理、增加商業流程或創新服務。近年來無線射頻辨識技術興起已經在許多的範疇上有多元化的應用，包括供應鏈管理、倉儲管理、大型量販店、健康照顧等。隨著無線的通訊環境來臨，無線射頻辨識系統各元件間資料交換應被確實的保護。因此我們提出考量既有成本和資源限制下，使用簡易的運算機制且能夠應用於無線環境裡，卻能夠對抗各種攻擊和威脅的相互驗證協定。已確保無線射頻辨識系統在資料傳送或交換時，能夠獲得隱私性和秘密性的保護。因此，未來在發展無線射頻辨識系統時，研究人員除應持續改善無線射頻辨識系統各元件的運作的效能外，同時也應更提昇安全性和隱私性的保護機制。

因此，在無線射頻辨識系統技術持續快速發展和應用創新時，電子產品碼(EPC)標準與跨組織間資料分享的系統發展也日益穩定成熟下，相信無線射頻辨識系統能夠普及的建置與應用在產業供應鏈或民眾的日常生活應用中。

The main function of RFID system is to provide automation identification of the product or people using radio wave. Many organizations plan RFID technology to enhance the performance of automated management, improve business process, and services. The industry wants to use RFID system that will bring more developments and applications, including supply chain management, warehouse management, retail stores, access control, healthcare, etc.
With the advent of wireless communications environment, the exchange of information between the components should be effectively protected. This paper proposes a secure RFID system based on reduced costs and resource constraints, which consider the low-cost and privacy protection of tags using XOR operations. A mutual authentication is also implemented to apply the XOR operations, thus still achieving effective protection against a variety of attacks and threats through mutual authentication protocols. The RFID system can ensure that the information in the transmission or exchange is more secure, and to protect privacy and confidentiality. For future development, researchers continue to improve the performance of the RFID system components to enhance security and privacy protection mechanisms.

Contents
致謝 iv
摘要 v
Abstract vii
Contents viii
List of Figures xi
List of Tables xii
1. Introduction 1
1.1. Background 1
1.2. Motivation 2
1.3. Purpose 3
1.4. Organization 4
2. Literature Review 6
2.1. RFID System Components 6
2.1.1. The Tag 7
2.2.2. The Reader 7
2.1.3. The Database 8
2.2. Characteristics 8
2.2.1. Readability 8
2.2.2. Unique Identification 9
2.2.3. Traceability 9
2.2.4. Environment resistance 9
2.3. Application of RFID 10
2.3.1. Food Safety 10
2.3.2. Supply Chain Management 10
2.3.3. Entrance Guard 11
2.3.4. Medical and Health 11
2.3.5. Education 12
2.3.6. Entertainments 12
2.4. Security Requirements 13
2.4.1. Keeping Anonymity 13
2.4.2. Individual Location Privacy 13
2.4.3. Forward Secrecy 14
2.4.4. Against Replay Attack 14
2.4.5. Against Man-In-The-Middle Attack 14
2.4.5. Against Denial of Service (DoS) Attack 15
2.5. The Review of RFID Previous Researches 15
2.5.1. The kill command tag scheme 15
2.5.2. The Faraday cage scheme 16
2.5.3. The blocker tag scheme 16
2.5.4. The active jamming scheme 17
2.5.5. The Duc et al. scheme 17
2.5.6. The Chien et al. scheme 19
2.5.7. The Kang et al. scheme 20
2.5.8. The Yen et al. scheme 22
3. The proposed scheme 24
3.1. Assumptions 24
3.2. The initialization stage 25
3.3. The proposed scheme 27
4. Security analysis 31
4.1. Against eavesdropping 32
4.2. Against spoofing 32
4.3. Protection anonymity 32
4.4. Protection location privacy 33
4.5. Protection forward secrecy 33
4.6. Against replay attack 34
4.7. Against man-in-the-middle attack 35
4.8. Against DoS attack 35
5. Conclusion and Direction of Future Research 37
5.1. Conclusion 37
5.2. Direction of Future Research 38
6. References 39
Index 44
Vita 47
個人簡歷 48
List of Figures
Figure 1.1 2005~2011 market in global for RFID development 2
Figure 1.3 Research procedure 5
Figure 2.1 RFID system operation model. 6
Figure 2.2 Duc et al. proposed scheme 18
Figure 2.3 Chien et al. proposed scheme. 20
Figure 2.4 Kang et al. proposed scheme. 21
Figure 2.5 Yen et al. proposed scheme. 23
Figure 3.1 Initialization stage of the proposed scheme. 26
Figure 3.2 Diagram of the proposed protection scheme 30

List of Tables
Table 2.1 Differences between the active and passive RFID tag 7
Table 3.1 Notations 25
Table 4.1 comparisons of low-cost RFID operation function 31
Table 4.2 Comparison of low-cost RFID tag security protocol 34

[1]ABI Research, http://www.abiresearch.com/home.jsp, 2007.
[2]John Ayoade,"Security implications in RFID and authentication processing framework,” Computers & Security, Vol. 25, No. 3, pp. 207-212, May 2006.
[3]Chin-Ling Chen and Yong-Yuan Den “A practical RFID system: with mutual authentication and privacy protection," 2007 Taiwan Academic Network Conference (2007 TANET), pp.1-6, October 2007.
[4]Yalin Chen, Jue-Sam Chou and Hung-Min Sun,"A novel mutual authentication scheme based on quadratic residues for RFID systems," Computer Networks, Vol. 52, No. 12, pp. 2373-2380, August 2008.
[5]Hung-Yu Chien and Che-Hao Chen,"Mutual authentication protocol for RFID conforming to EPC class 1 generation 2 standards,”Computer Standards and Interfaces, Vol. 29 , Issue 2, pp. 254-259, February 2007.
[6]S.H. Choi and C.H. Poon,“An RFID-based anti-counterfeiting system,”IAENG International Journal of Computer Science, Vol. 35, No. 1, pp. 80-91, February 2008.
[7]Tassos Dimitriou,“A lightweight RFID protocol to protect against traceability and cloning attacks,”Proc. IEEE International Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm), pp. 59-66, Athens, Greece, 2005.
[8]Dang Nguyen Duc, Jaemin Park, Hyunrok Lee and Kwangjo Kim, "Enhancing security of EPCglobal gen-2 RFID tag against traceability and cloning,”Proc. IEEE Symposium on Cryptography and Information Security Hiroshima (SCIS), Japan, January 2006.
[9]Thomas Hjorth,“Supporting privacy in RFID systems,” Master thesis, Technical University of Denmark, Lyngby, Denmark, December 2004.
[10]Sozo Inoun and Hiroto Yasuura,“Privacy using user-controllable uniqueness,” Wireless Communications and Networking, Vol. 3, pp. 2041-2046, March 2003.
[11]Ari Juels, David Molnar and David Wagner,“Security and privacy issues in e-passports,” Proc. IEEE Conference on Security and Privacy for Emerging Areas in Communication Networks SecureComm, Athens, Greece, pp. 74-88, September 2005.
[12]Ari Juels, Ronald L Rivest and Michael Szydlo,“The blocker tag: selective blocking of RFID tags for consumer privacy,”Proc. 10th ACM Conference on Computer and Communications Security, pp. 103-111, 2003.
[13]Soo-Young Kang, Deok-Gyu Lee and Im-Yeong Lee,“A study on secure RFID mutual authentication scheme in pervasive computing environment,”Computer Communications, Vol. 31, Issue 18, pp. 4248-4254 December 2008.
[14]Soo-Young Kang and Im-Yeong Lee,“A study on new low-cost RFID system with mutual authentication scheme in ubiquitous,”Proc. 2008 International Conference on Multimedia and Ubiquitous Engineering, pp. 527-530, Korea, April 2008.
[15]Thomas Kelepouris, Katerina Pramatari and Georgios Doukidis,“RFID enabled traceability in the food supply chain,”Industrial Management and Data Systems, Vol. 107, Issue 2, pp. 183-200, 2007.
[16]Divyan M. Konidala and Kwangjo Kim,“Mobile, RFID security issues,”Proc. The 2006 Symposium on Cryptography and Information Security, Hiroshima, Japan, January 2006.
[17]William Knight,“RFID-another technology, another security mess?,”Infosecurity Today, Vol. 3, Issue 3, pp. 35-37, May-June 2006.
[18]Learn about RFID, http://www.spartan-solutions.com/learn_about _rfid/index.html, Spartan Solutions.
[19]Katina Michael and Luke McCathie,“The pros and cons of RFID in supply chain management,”Proc. International Conference on Mobile Business (ICMB'05), pp. 623-629, July 2005.
[20]E. W. T. Ngai, T. C. E. Cheng, S. Au and Kee-hung Lai, "Mobile commerce integrated with RFID technology in a container depot," Decision Support Systems, Vol. 43, Issue 1, pp. 62-76, Feb. 2007.
[21]Matthew J.B. Robshaw,“An overview of RFID tags and new cryptographic developments,”Information Security Technical Report, Vol. 11, Issue 2, pp. 82-88, 2006.
[22]T. Scott Saponas, Jonathan Lester, Carl Hartung and Tadayoshi Kohno,“Devices that tell on you: the nike+ipod sportkit,”Proc. Technical report, Department of Computer Science and Engineering, University of Washington, 2007.
[23]Masahiro Shiomi, Takayuki Kanda, Hiroshi Ishiguro, and Norihiro Hagita,“Interactive Humanoid Robots for a Science Museum,”Intelligent Systems, Vol. 22, Issue. 2, pp.25-32, 2007.
[24]Boyeon Song and Chris J. Mitchell, “RFID authentication protocol for low-cost tags,” Proc. First ACM Conference on Wireless Network Security ACM WISec’08, pp. 140-147, Virginia, USA, 2008.
[25]Laurie Sullivan,“RFID's the ticket for secure games,” http://www.rfid-world.com/news/209902703?queryText=Olympic+, August, 2008.
[26]Masataka Suzukit, Kazukuni Kobarat and Hideki Imait,“Privacy enhanced and light weight RFID system without tag synchronization and exhaustive search,” Proc. IEEE International Conference on Systems, Man, and Cybernetics, Vol. 2, pp. 1250-1255, October 2006.
[27]May Tajima,“Strategic value of RFID in supply chain management,”Journal of Purchasing and Supply Management, Vol. 13, Issue 4, pp. 261-273, December 2007.
[28]Batbold Toiruul, KyungOh Lee,“An advanced mutual authentication algorithm using AES for RFID systems,” Computer Science and Network Security, Vol. 6, No. 9, pp.156-162, September 2006.
[29]Kirk H.M. Wong, Patrick C.L. Hui and Allan C.K. Chan,“Cryptography and authentication on RFID passive tags for apparel products,”Computers in Industry, Vol. 57, Issue 4, pp. 342-349, May 2006.
[30]Yang Xiao, Xuemin Shen, Bo Sun and Lin Cai,“Security and privacy in RFID and applications in telemedicine,”IEEE Transactions on Communications Magazine, Vol. 44, Issue 4, pp. 67-72, April 2006.
[31]Li-Chih Yen and Henry Ker-Chang Chang,“A Study on the security of RFID with enhancing privacy protection,”The 7th European Conference on Information Warfare and Security (ECIW 2008), pp. 35-40, University of Plymouth, UK, June, 2008.
[32]EPCglobalTM Generation 1 tag data standards, Version 1.4, EPCglobal Inc., June 2008,http://www.epcglobalinc.org/standards/tds/tds_1_4-standard-20080611.pdf
[33]RFID在醫療產業的應用,http://cdnet.stpi.org.tw/techroom/
market/eerfid/rfid014.htm, STPI, March 2005.
[34]RFID在醫療保健產業將有的成長動能, http://cdnet.stpi.org.tw/
techroom/market/eerfid/rfid036.htm, STPI, DEC 2005.