簡易檢索 / 詳目顯示
| 研究生: |
沈意傑 Shen, Yi-Jie |
|---|---|
| 論文名稱: |
兼具位置隱私與擴充性之雙向認證射頻辨識系統 RFID Mutual Authentication Protocols with Location Privacy and Scalability |
| 指導教授: |
黃宗立
Hwang, Tzonelih |
| 學位類別: |
碩士 Master |
| 系所名稱: |
電機資訊學院 - 資訊工程學系 Department of Computer Science and Information Engineering |
| 論文出版年: | 2008 |
| 畢業學年度: | 96 |
| 語文別: | 中文 |
| 論文頁數: | 55 |
| 中文關鍵詞: | 射頻辨識 、擴充性 、位置隱私 、雙向認證 |
| 外文關鍵詞: | tag, RFID, Location privacy, Scalability |
| 相關次數: | 點閱:71 下載:2 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
無線射頻辨識系統(RFID)是一種自動無線識別技術。由於射頻辨識系統的低成本與非接觸性的辨識特性,使得射頻辨識系統被廣泛的應用在各種領域上,如零售業、物流管理、製藥業、貨物控管等。然而,由於射頻辨識系統透過無線通訊,所以任何人均可竊聽通訊中的訊息。隨之而來的攻擊行為,如洩漏個人隱私,惡意追蹤,偽冒行為,都會危及使用者的安全與權益。
目前已經有許多相關的研究提出了各種方法來保護通訊的訊息,其中包含了使用認證協定來解決安全性的問題。但是這些研究中所提出方法都會有其缺點,有些會洩露使用者的位置隱私性,另一部份的協定雖然可以保護位置隱私性,但是卻會在辨識的過程中增加認證時的負擔,這樣的缺點,容易使系統遭受阻斷式攻擊,導致系統的癱瘓。
因此在本篇論文中,我們將探討無線射頻辨識系統的安全性問題,並討論一個安全的通訊協定應該要符合哪些安全性需求與特性,並分析為何目前這些被提出的協定無法滿足我們所提出安全性需求與特性。而在本研究中,吾人提出二種雙向認證協定。第一種協定能夠同時保護位置隱私性並減低系統在認證時的負擔。第二個協定不僅有第一個協定的特性,還徹底解決系統受到阻斷式攻擊的問題。
Radio Frequency Identification (RFID) is an automatic identification technology without the physical contact。Due to the low cost and conveniently identifying objects without physical contact,the RFID technology has been widely deployed in many applications that include
retail business,supply chain management, pharmaceutical industry, inventory control, etc. However, the wireless accessing characteristics of RFID system allows the outsider to easily eavesdrop the transmitted messages. The possible attacks including revealing user privacy, tracking problem and impersonation behavior produce the secure risk. Therefore, the design of an efficient and secure protocol without using complicate cryptographic
techniques for RFID systems is an important issue。
Though many authentication protocols for RFID have been proposed recently, they either cannot protect the location privacy of tags or have high overhead on identifying tags for the backed-end server。Moreover, an inefficient authentication protocol suffers easily the deny of service (DoS) attack. None of them provide satisfactory solution for both problems at the same time。
This paper proposes the security requirements and analyses the reason why these recently researches cannot fulfil the security requirements. This paper also proposes two mutual authentication protocols. The first protocol protects the location privacy and is efficiency on performing the authentication. The second protocol not only achieves the proposed requirements but also solve the attack of DoS completely.
[1] Auto-ID Center, "860MHz-960MHz Class I radio frequency identification tag radio
frequency & logi cal communication interface specification proposed
recommendation Version 1.0.0", Technical Report MIT-AUTOID-TR-007,
November 2002.
[2] Gildas Avoine, "Privacy Issues in RFID Banknote Protection Schemes." The 6th
International Conference on Smart Card Research and Advanced Applications
(CARDIS), Toulouse, France, August 22-27, 2004, pp. 33-48, Kluwer,
2004.
[3] ISMAIL I.A., AMIN Mohammed, DIAB Hossam, "How to repair the Hill
cipher", Journal of Zheijang University SCIENCE A, 2006 7(12):2022-2030
[4] Christy Chatmon and Tri van Le, and Mike Burmester. "Secure Anonymous RFID
Authentication Protocols.", Technical Report TR-0606112, Florida State
University, Department of Computer Science, Tallahassee, Florida, USA, 2006.
[5] Hung-Yu Chien, "Secure Access Control Schemes for RFID systems with
Anonymity", in proceedings of FMUIT'06, May 9, Japan, 2006.
[6] Tassos Dimitriou, "A Lightweight RFID Protocol to protect against Traceability and
Cloning attacks." Security and Privacy for Emerging Areas in Communications
Networks? 2005. SecureComm 2005. First International Conference. 05-09 Sept.2005 Page(s):59-66
[7] D. N. Duc, J. Park, H. Lee, K. Kim, "Enhancing Security of EPCglobal Gen-2
RFID Tag against Traceability and Cloning", The 2006 Symposium on Cryptography
and Information Security
[8] Martin Feldhofer, "An Authentication Protocol in a Security Layer for RFID Smart
Tags." IEEE Mediterranean Electrotechnical Conference - MELECON, May 2004
[9] Xingxin(Grace) Gao, Zhe(Alex) Xiang, Hao Wang, Jun Shen, Jian Huang, Song
Song, "AN APPROACH TO SECURITY AND PRIVACY OF RFID SYSTEM FOR
SUPPLY CHAIN" Proceedings of the IEEE International Conference on E-Commerce
Technology for Dynamic E-Business (CEC-East'04)
[10] Dirk Henrici and Paul Muller, "Hash-based enhancement of location privacy for
radio-frequency identification devices using varying identifiers". PerSec'04 at
PerCom, pp.149-153, Mar. 2004.
[11] L.S. Hill, 1929. Cryptography in an Algebraic Alphabet. Am. Math. Mon. 36:
306-312.
[12] Ari Juels, "RFID Security and Privacy: A Research Survey." Condensed version to
appear in 2006 in the IEEE Journal on Selected Areas in Communication
[13] Ari Juels and Ravikanth Pappu., "Squealing Euros: Privacy protection in
RFID-Enabled banknotes." In R. Wright, ed., Financial Cryptography '03, pages103-121. Springer-Verlag. 2003. LNCS no. 2742.
[14] Ari Juels, Ronald L. Rivest, and Michael Szydlo, "The blocker tag: selective
blocking of RFID tags for consumer privacy." In Vijay Atluri and Peng Liu, editors,
Proceedings of the 10th ACM Conference on Computer and Communication Security
(CCS-03), pages 103-111, New York, October 27-30 2003. ACM Press.
[15] Sindhu Karthikeyan and Mikhail Nesterenko, "RFID security without extensive
cryptography." SASN 2005: 63-67
[16] Sangshin Lee, Tomoyuki Asano and Kwangjo Kim, "RFID mutual Authentication
Scheme based on Synchronized Secret Information." (Paper, Presentation), Proc. of
SCIS 2006, Abstracts pp.98, Jan. 17~20,2006, Hiroshima, Japan.
[17] Yong Ki Lee and Ingrid Verbauwhede, "Secure and Low-cost RFID Authentication
Protocols." (Adaptive Wireless Networks - AWiN, November 2005)
[18] Zongwei Luo, Terry Chan, and Jenny S. Li, "A Lightweight Mutual
Authentication Protocol for RFID Networks" 2005 IEEE International Conference on
e-Business Engineering(ICEBE'05)
[19] Su-Mi Lee, Young Ju Hwang, Dong Hoon Lee, and Jong In Lim, "Efficient
authentication for low-cost RFID system", International conference on
Computational Science and its Applications - ICCSA, pp. 619-627, May 2005.[20] David Molnar and David Wanger, "Privacy and security in library RFID issues,
practice and architectures", ACM Conference on Computer and Communications
Security - ACM CCS, pp. 210-219, October 2004.
[21] Jerey Overbey, William Traves, and Jerzy Wojdylo, "On the Keyspace of the Hill
Cipher", Cryptologia, 29(1):59-72, 2005.
[22] Miyako Ohkubo., K. Suzuki and S. Kinoshita, "Cryptographic approach to
privacy-friendly tags" RFID Privacy Workshop, November 2003
[23] Shahrokh Saeednia, "How to Make the Hill Cipher Secure", Cryptologia, 24(4),
October 2000, pp353-360.
[24] Victor Shoup, "Sequences of Games: a Tool for Taming Complexity in Security
Proofs", manuscript, Available at www.shout.net, 2005.
[25] William Stallings, "Cryptography and network security: principles and practice."
Prentice-Hall, Upper Saddle River, New Jersey 07458, third edition, 2003.
[26] Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest, and Daniel W. Engels,
"Security and Privacy Aspects of Low-Cost Radio Frequency Identification
Systems", In Security in Pervasive Computing, volume 2802 of Lecture Notes in
Computer Science, pages 201--212, 2004. 5
[27] J. Yang, J. Park, H. Lee, K. Ren, K. Kim, "Mutual Authentication ProtocolMutual Authentication Protocol for Low for Low-cost RFID cost RFID", Handout of
the Ecrypt Workshop on RFID and Lightweight Crypto, 2005.
[28] Juels , R. L. Rivest and M. Szydlo, “The Blocker Tag: Selective Blocking of RFID
Tags for Consumer Privacy”, In V. Atluri, ed. 8th ACM Conference on Computer
and Communications Security, 2003, pp. 103-111.
校內:2013-02-13公開校外:2013-02-13公開