無線射頻辨識(Radio Frequency Identification, RFID)系統由於具有遠距離自動辨識的能力，逐漸取代傳統條碼成為新一代的電子標籤；然而由於透過無線射頻進行辨識，在空氣中傳輸資料容易遭到竊聽、攔截或重送，而產生許多安全與隱私的問題。
隨著RFID技術發展日趨成熟，EPCglobal於2004年發佈被動式低成本標籤的全球新標準EPCglobal Class-1 Generation-2，由於符合此標準的標籤所具備的運算能力有限，因此在安全與隱私的保護設計上更具有挑戰性。目前針對此標準協定流程提出的改善協定，仍各有其安全問題，本論文提出改善協定，使被動式低成本的RFID亦能適用於安全需求的應用環境，使消費者能安心的享受RFID技術所帶來的便利。

Radio Frequency Identification (RFID) systems are used to identify remote objects equipped with RFID tags, and considered to be a possible successor to bar-code with added functionalities. However, the information transmitted in the air can be easily eavesdropped on, intercepted, or replayed. The issues of security and privacy are thus raised.
The new global standard for low-cost passive tags EPCglobal Class 1 Generation 2 was defined by EPCglobal in 2004. With limited computation ability, the designing of the security protocol is even more challenging. Many protocols conforming to EPCglobal Class-1 Generation-2 protocol flow have been proposed. However, most of them are still vulnerable to various attacks. This paper will propose improved protocols which could be applied in the environments demanding higher security. That allows consumers to enjoy the technological convenience brought by RFID.

誌 謝 ii
摘 要 iii
Abstract iv
目 錄 v
圖 目 錄 vii
表 目 錄 viii
第一章　緒論 1
1.1　研究背景 1
1.2　研究動機 4
1.3　研究目的 5
1.4　論文章節概述 6
第二章　文獻探討 7
2.1　RFID組織與標準 7
2.2　RFID的問題 10
2.3　RFID的安全防護 12
2.4　EPCglobal Class-1 Generation-2標準協定分析 13
第三章　符合RFID EPCglobal Class-1 Generation-2標準流程之協定分析 23
3.1　Kim等人的RFID協定 23
3.2　Choi等人的RFID協定 27
3.3　Sun與Ting的RFID協定 32
第四章　本論文提出Kim等人協定之改善 38
4.1　運作流程 39
4.2　協定分析 41
第五章　本論文提出Choi等人協定之改善 43
5.1　運作流程 44
5.2　協定分析 47
第六章　符合EPCglobal Class-1 Generation-2標準流程之協定比較分析 49
第七章　結論 50
參考文獻 51

1. 長庚大學RFID物流與供應鏈資源中心，“RFID安全與隱私”，線上檢索日期：2011年5月23日，取自：http://rfid.cgu.edu.tw/xoops/modules/tinyd3/index.php?id=6。
2. 高志中，“RFID資訊應用系統之設計實務”，許耀豪等(編)，博碩文化股份有限公司，2009。
3. 陳昱仁、廖耕億、許建隆及林仲志，“RFID概論”，鍾乾癸等(編)，台北：華泰文化，2009。
4. 陳美玲，“2010年流通領域將成為RFID技術最大應用市場”，工研院IEK系統能源組，2007年05月03日，線上檢索日期：2010年11月17日，取自：http://www.itis.org.tw/rptDetailFree.screen?rptidno=52A3B39061CF79E5482572D00008B60B。
5. 陳嘉華，“淺談RFID 之應用”，行政院主計處電子處理資料中心，2008年1月，線上檢索日期：2010年11月3日，取自：http://www.dgbas.gov.tw/public/Data/8351191571.pdf。
6. 經濟部RFID 公領域應用推動辦公室，“RFID 產業動態與公領域推動策略”，2009年10月20日，線上檢索日期：2010年2月15日，取自：http://www.gs1tw.org/twct/gs1w/download/1.pdf。
7. 黃惠香，“手持式RFID Reader應用”，精聯電子，線上檢索日期：2011年4月17日，取自：http://www.gs1tw.org/twct/gs1w/pubfile/p10-30.pdf。
8. 賴秋香，“RFID市場發展現況”，資策會創新應用服務研究所，2007年08月08日，線上檢索日期：2011年04月07日，取自：http://f2331.just.edu.tw/rfid/rfid%E5%B8%82%E5%A0%B4%E7%99%BC%E5%B1%95%E7%8F%BE%E6%B3%81.pdf。
9. 戴江准，“RFID工程概論”，王立群等(編)，學貫行銷股份有限公司，2008。
10. ABI Research, “RFID Market to Reach $5.35 Billion This Year”, Retrieved Feb 23, 2011 from http://www.abiresearch.com/press/1618-RFID+Market+to+Reach+$5.35+Billion+This+Year, Nov 2010.
11. AIM, “What is RFID”, Retrieved May 2, 2010, from http://www.aimglobal.org/technologies/RFID/what_is_rfid.asp.
12. Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., and Verbauwhede, I., “Public-Key Cryptography for RFID Tags”, in Proceedings of the Fifth Annual IEEE International Conference on Pervasive Computing and Communication Security, 2007, pp. 217-222.
13. Burmester, M., Medeiros, B., Munilla, J., and Peinado, A., “Secure EPC Gen2 compliant Radio Frequency Identification”, Lecture Notes in Computer Science, Vol. 5793, 2009, pp. 227-240.
14. Chai, Q. and Gong, G., “A Lightweight Protocol to Robust TID-Based Anti-Counterfeiting”, Retrieved Mar 7, 2011, from http://www.cacr.math.uwaterloo.ca/techreports/2010/cacr2010-09.pdf.
15. Chen, Y., Chou, J. S., and Sun, H. M., “A Novel Mutual Authentication Scheme Based on Quadratic Residues for RFID Systems”, Computer Networks: The International Journal of Computer and Telecommunications Networking, Vol. 52, No. 12, 2008, pp. 2373-2380.
16. Chien, H. Y. and Chen, C. H., “Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards”, Computer Standards and Interfaces, Vol. 29, 2007, pp. 254-259.
17. Chien, H. Y., “SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity”, IEEE Transactions on Dependable and Secure Computing, Vol. 4, No. 4, 2007, pp. 337-340.
18. Chien, H. Y., and Huang, C.W., “A Lightweight Authentication Protocol for Low-Cost RFID”, Journal of Signal Processing Systems, Vol. 59, No. 1, 2010, pp. 95–102.
19. Choi, E. Y., Lee, D. H., and Lim, J. I., “Anti-cloning Protocol Suitable to EPCglobal Class-1 Generation-2 RFID systems”, Computer Standards and Interfaces, Vol. 31, 2009, pp. 1124-1130.
20. Deursen, T., and Radomirovic, S., “Attacks on RFID Protocols”, Cryptology ePrint Archive, 2008, pp. 1-56.
21. Duc, D. N., Park, J., Lee, H., and Kim, K., “Enhancing security of EPCglobal GEN-2 RFID tag against traceability and cloning”, Symposium on Cryptography and Information Security. 2006.
22. EPCglobal Inc., “EPCglobal Tag Data Standards Version 1.4”, 2005.
23. EPCglobal Inc., “EPCglobal Object Name Service (ONS) Standard Version 1.0”, 2005.
24. EPCglobal Inc., “EPCglobal Object Name Service (ONS) Standard”, Retrieved Feb 23, 2011 from http://www.gs1tw.org/twct/web/EPC/epc12.html.
25. EPCglobal Inc., “EPCTM Radio-Frequency Identity Protocols Class-1 Generation-2 UHF RFID Protocol for Communication at 860 MHz-960 MHz Version 1.2.0”, 2008.
26. Garfinkel, S. L., Juels, A., and Pappu, R., “RFID Privacy: An Overview of Problems and Proposed Solutions”, IEEE Security & Privacy, Vol. 3, No 3, 2005, pp.34-43
27. Han, D., and Kwon, D., “Vulnerability of an RFID authentication protocol conforming to EPC Class 1 Generation 2 Standards”, Computer Standards & Interfaces, Vol. 31, No. 4, 2009, pp. 648-652.
28. Karjoth, G., and Moskowitz, P., “Disabling RFID Tags with visible confirmation: Clipped Tags are silenced”, Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society (WPES05), 2005, pp. 27-30.
29. Kim, K. H., Choi, E. Y., Lee, S. M., and Lee, D. H., “Secure EPCglobal Class-1 Gen-2 RFID System Against Security and Privacy Problems”, Lecture Notes in Computer Science, Vol. 4277, 2006, pp. 362-371.
30. Kok, Guido R., “RFID Jamming”, Faculty of Electrical Engineering, Mathematics and Computer Science of the University of Twente, 2007.
31. Lo, N. W., and Yeh, K. H., “A Secure Communication Protocol for EPCglobal Class 1 Generation 2 RFID Systems”, IEEE Information Networking and Applications Workshops, Vol. 10, 2010, pp. 562-566.
32. Ohkubo, M., Suzuki, K., Kinoshita, S., “RFID Privacy Issues and Technical Challenges”, Communications of the ACM, Vol.48, No.9, 2005, pp.66-71.
33. Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., and Ribagorda,A., “An Ultra Light Authentication Protocol Resistant to Passive Attacks under the Gen-2 Specification”, Journal of Information Science and Engineering, Vol. 25, No. 1, 2009, pp. 33-57.
34. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., and Ribagorda A., “LMAP: A Real Lightweight MutualAuthentication Protocol for Low-cost RFID tags”, Workshop on RFID Security(RFIDSec’06), 2006.
35. Razaq, A., Luk, W., Shum, K., Cheng, L., and Yung, K., “Second-Generation RFID”, IEEE Security and Privacy, 2008, pp. 21-27.
36. RFID Journal LLC, “A Summary of RFID Standards”, Retrieved May. 7, 2010, from http://www.rfidjournal.com/articleview/1335/129.
37. RFID Journal LLC, “The Cost of RFID Equipment”, Retrieved Feb 23, 2011 from http://www.rfidjournal.com/faq/20.
38. Rieback, M. R., Crispo, B., and Tanenbaum, A. S., “The Evolution of RFID Security”, Pervasive Computing IEEE, Vol. 5, 2006, pp. 62-69.
39. Roberts, C. M., “Radio Frequency Identification (RFID)”, Computers and Security, Vol. 25, 2006, pp. 18-26.
40. Robshaw, Matthew J.B, “An overview of RFID tags and new cryptographic developments”, Information Security Technical Report, Vol. 11, 2006, pp. 82-88.
41. Rotter, P., “A Framework for Assessing RFID System Security and Privacy Risks”, Security & Privacy, Vol. 7, No. 2, 2008, pp. 70-77.
42. Sarma, S. E., Weis, S. A., and Engels, D. W., “Radio frequency-identification security risks and challenges”, CryptoBytes, Vol. 6, 2003.
43. Selwyn Piramuthu, “Protocols for RFID tag/reader authentication”, Decision Support Systems, Vol. 43, 2007, pp. 897-914.
44. Smart Card Alliance, “Contactless Smart Cards vs EPC Gen 2 RFID Tags: Freuqently Asked Questions”, Retrieved May 10, 2010., http://www.smartcardalliance.org/pages/publications-epc-gen2-faq#6.
45. Song, B. and Mitchell, C. J., “RFID authentication protocol for low-cost tags”, Wireless Network Security (WISEC), 2008, pp. 140-147.
46. Stockman, H. “Communication by Means of Reflected Power”, The Institute of Radio Engineers, Vol. 36, No. 10, 1948, pp. 1196-1204.
47. Sun, H. M. and Ting, W. C., “A Gen2-Based RFID Authentication Protocol for Security and Privacy”, Transactions on Mobile Computing, Vol. 8, 2009, pp. 1052-1062.
48. Tieyan Li, Guilin Wang, Robert H. Deng, “Security Analysis on a Family of Ultra-lightweight RFID Authentication Protocols”, Journal of software, Vol. 3, No. 3, 2008, pp. 1-10.
49. Weinstein, R., “RFID: A Technical Overview and Its Application to the Enterprise”, IEEE Computer Society, Vol. 7, 2005, pp. 27-33.
50. Wu, N. C., Nystrom, M. A., Lin, T. R., and Yu, H. C., “Challenges to Global RFID Adoption”, PICMET, 2006, pp. 9-13.
51. Xiao, Q., Boulet, C., and Gibbons, T., “RFID Security Issues in Military Supply Chains”, Second International Conference on Availability, Reliability and Security, 2007.