進階搜尋


 
系統識別號 U0026-0812200914074002
論文名稱(中文) 兼具位置隱私與擴充性之雙向認證射頻辨識系統
論文名稱(英文) RFID Mutual Authentication Protocols with Location Privacy and Scalability
校院名稱 成功大學
系所名稱(中) 資訊工程學系碩博士班
系所名稱(英) Institute of Computer Science and Information Engineering
學年度 96
學期 1
出版年 97
研究生(中文) 沈意傑
研究生(英文) Yi-Jie Shen
電子信箱 staf@ismail.csie.ncku.edu.tw
學號 p7694131
學位類別 碩士
語文別 中文
論文頁數 55頁
口試委員 召集委員-李南逸
指導教授-黃宗立
口試委員-溫翔安
中文關鍵字 射頻辨識  擴充性  位置隱私  雙向認證 
英文關鍵字 tag  RFID  Location privacy  Scalability 
學科別分類
中文摘要 無線射頻辨識系統(RFID)是一種自動無線識別技術。由於射頻辨識系統的低成本與非接觸性的辨識特性,使得射頻辨識系統被廣泛的應用在各種領域上,如零售業、物流管理、製藥業、貨物控管等。然而,由於射頻辨識系統透過無線通訊,所以任何人均可竊聽通訊中的訊息。隨之而來的攻擊行為,如洩漏個人隱私,惡意追蹤,偽冒行為,都會危及使用者的安全與權益。
目前已經有許多相關的研究提出了各種方法來保護通訊的訊息,其中包含了使用認證協定來解決安全性的問題。但是這些研究中所提出方法都會有其缺點,有些會洩露使用者的位置隱私性,另一部份的協定雖然可以保護位置隱私性,但是卻會在辨識的過程中增加認證時的負擔,這樣的缺點,容易使系統遭受阻斷式攻擊,導致系統的癱瘓。
因此在本篇論文中,我們將探討無線射頻辨識系統的安全性問題,並討論一個安全的通訊協定應該要符合哪些安全性需求與特性,並分析為何目前這些被提出的協定無法滿足我們所提出安全性需求與特性。而在本研究中,吾人提出二種雙向認證協定。第一種協定能夠同時保護位置隱私性並減低系統在認證時的負擔。第二個協定不僅有第一個協定的特性,還徹底解決系統受到阻斷式攻擊的問題。
英文摘要 Radio Frequency Identification (RFID) is an automatic identification technology without the physical contact。Due to the low cost and conveniently identifying objects without physical contact,the RFID technology has been widely deployed in many applications that include
retail business,supply chain management, pharmaceutical industry, inventory control, etc. However, the wireless accessing characteristics of RFID system allows the outsider to easily eavesdrop the transmitted messages. The possible attacks including revealing user privacy, tracking problem and impersonation behavior produce the secure risk. Therefore, the design of an efficient and secure protocol without using complicate cryptographic
techniques for RFID systems is an important issue。
Though many authentication protocols for RFID have been proposed recently, they either cannot protect the location privacy of tags or have high overhead on identifying tags for the backed-end server。Moreover, an inefficient authentication protocol suffers easily the deny of service (DoS) attack. None of them provide satisfactory solution for both problems at the same time。
This paper proposes the security requirements and analyses the reason why these recently researches cannot fulfil the security requirements. This paper also proposes two mutual authentication protocols. The first protocol protects the location privacy and is efficiency on performing the authentication. The second protocol not only achieves the proposed requirements but also solve the attack of DoS completely.
論文目次 中文提要...IV
英文提要...V
致謝...VII
圖目錄...X
表目錄...X
第一章 導論...1
第1.1 節 研究背景...1
第1.2 節 基本架構...3
第1.3 節 研究動機...6
第1.4 節 章節概要...7
第二章 相關文獻探討...8
第2.1 節 安全性議題的探討...8
第2.2 節 相關文獻探討...11
第2.2.1 節 資料刪除法(Kill command)...11
第2.2.2 節 休眠裝置(Sleeping approach)...12
第2.2.3 節 法拉第之盒(Fraday cage)...13
第2.2.4 節 主動式人為干擾器(Active jamming)...13
第2.2.5 節 雜湊認證存取控制法(Hash Based Access Control)13
第2.2.6 節 亂數存取控制法(Randomized Access Control)...15
第2.2.7 節 雜湊鏈(Hash Chain)...16
第2.2.8 節 Dimitiou 提出的雙向認證協定...18
第2.2.9 節 Lee 等人提出的相互驗證協定...19
第2.2.10 節 O-trap 協定...21
第2.3 節 文獻之歸案與分析...23
第三章 列表搜尋式與狀態調整式的認證協定...25
第3.1 節 列表搜尋式協定(Table Search protocol) ...25
第3.2 節 狀態調整式協定(State Adjustable Protocol)...27
第3.4 節 列表狀態式認證協定(Table+State Protocol)...32
第3.5 節 安全性比較...35
第3.6 節 效能分析...36
第四章 植基於矩陣加密之雙向認證系統協定...38
第4.1 節 雙向認證系統協定...38
第4.2 節 分析與證明...40
第4.2.1 節 難題與假設...40
第4.2.2 節 位置隱私性(Location privacy)...41
第4.2.3 節 機密性(Confidentiality)...45
第4.2.4 節 不可偽冒性(Unforgeability) ...46
第4.2.5 節 擴充性(Scalability)...48
第4.3 節 安全性需求比較...48
第五章 結論與未來展望...50
參考文獻...51
參考文獻 [1] Auto-ID Center, "860MHz-960MHz Class I radio frequency identification tag radio
frequency & logi cal communication interface specification proposed
recommendation Version 1.0.0", Technical Report MIT-AUTOID-TR-007,
November 2002.
[2] Gildas Avoine, "Privacy Issues in RFID Banknote Protection Schemes." The 6th
International Conference on Smart Card Research and Advanced Applications
(CARDIS), Toulouse, France, August 22-27, 2004, pp. 33-48, Kluwer,
2004.
[3] ISMAIL I.A., AMIN Mohammed, DIAB Hossam, "How to repair the Hill
cipher", Journal of Zheijang University SCIENCE A, 2006 7(12):2022-2030
[4] Christy Chatmon and Tri van Le, and Mike Burmester. "Secure Anonymous RFID
Authentication Protocols.", Technical Report TR-0606112, Florida State
University, Department of Computer Science, Tallahassee, Florida, USA, 2006.
[5] Hung-Yu Chien, "Secure Access Control Schemes for RFID systems with
Anonymity", in proceedings of FMUIT'06, May 9, Japan, 2006.
[6] Tassos Dimitriou, "A Lightweight RFID Protocol to protect against Traceability and
Cloning attacks." Security and Privacy for Emerging Areas in Communications
Networks? 2005. SecureComm 2005. First International Conference. 05-09 Sept.2005 Page(s):59-66
[7] D. N. Duc, J. Park, H. Lee, K. Kim, "Enhancing Security of EPCglobal Gen-2
RFID Tag against Traceability and Cloning", The 2006 Symposium on Cryptography
and Information Security
[8] Martin Feldhofer, "An Authentication Protocol in a Security Layer for RFID Smart
Tags." IEEE Mediterranean Electrotechnical Conference - MELECON, May 2004
[9] Xingxin(Grace) Gao, Zhe(Alex) Xiang, Hao Wang, Jun Shen, Jian Huang, Song
Song, "AN APPROACH TO SECURITY AND PRIVACY OF RFID SYSTEM FOR
SUPPLY CHAIN" Proceedings of the IEEE International Conference on E-Commerce
Technology for Dynamic E-Business (CEC-East'04)
[10] Dirk Henrici and Paul Muller, "Hash-based enhancement of location privacy for
radio-frequency identification devices using varying identifiers". PerSec'04 at
PerCom, pp.149-153, Mar. 2004.
[11] L.S. Hill, 1929. Cryptography in an Algebraic Alphabet. Am. Math. Mon. 36:
306-312.
[12] Ari Juels, "RFID Security and Privacy: A Research Survey." Condensed version to
appear in 2006 in the IEEE Journal on Selected Areas in Communication
[13] Ari Juels and Ravikanth Pappu., "Squealing Euros: Privacy protection in
RFID-Enabled banknotes." In R. Wright, ed., Financial Cryptography '03, pages103-121. Springer-Verlag. 2003. LNCS no. 2742.
[14] Ari Juels, Ronald L. Rivest, and Michael Szydlo, "The blocker tag: selective
blocking of RFID tags for consumer privacy." In Vijay Atluri and Peng Liu, editors,
Proceedings of the 10th ACM Conference on Computer and Communication Security
(CCS-03), pages 103-111, New York, October 27-30 2003. ACM Press.
[15] Sindhu Karthikeyan and Mikhail Nesterenko, "RFID security without extensive
cryptography." SASN 2005: 63-67
[16] Sangshin Lee, Tomoyuki Asano and Kwangjo Kim, "RFID mutual Authentication
Scheme based on Synchronized Secret Information." (Paper, Presentation), Proc. of
SCIS 2006, Abstracts pp.98, Jan. 17~20,2006, Hiroshima, Japan.
[17] Yong Ki Lee and Ingrid Verbauwhede, "Secure and Low-cost RFID Authentication
Protocols." (Adaptive Wireless Networks - AWiN, November 2005)
[18] Zongwei Luo, Terry Chan, and Jenny S. Li, "A Lightweight Mutual
Authentication Protocol for RFID Networks" 2005 IEEE International Conference on
e-Business Engineering(ICEBE'05)
[19] Su-Mi Lee, Young Ju Hwang, Dong Hoon Lee, and Jong In Lim, "Efficient
authentication for low-cost RFID system", International conference on
Computational Science and its Applications - ICCSA, pp. 619-627, May 2005.[20] David Molnar and David Wanger, "Privacy and security in library RFID issues,
practice and architectures", ACM Conference on Computer and Communications
Security - ACM CCS, pp. 210-219, October 2004.
[21] Jerey Overbey, William Traves, and Jerzy Wojdylo, "On the Keyspace of the Hill
Cipher", Cryptologia, 29(1):59-72, 2005.
[22] Miyako Ohkubo., K. Suzuki and S. Kinoshita, "Cryptographic approach to
privacy-friendly tags" RFID Privacy Workshop, November 2003
[23] Shahrokh Saeednia, "How to Make the Hill Cipher Secure", Cryptologia, 24(4),
October 2000, pp353-360.
[24] Victor Shoup, "Sequences of Games: a Tool for Taming Complexity in Security
Proofs", manuscript, Available at www.shout.net, 2005.
[25] William Stallings, "Cryptography and network security: principles and practice."
Prentice-Hall, Upper Saddle River, New Jersey 07458, third edition, 2003.
[26] Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest, and Daniel W. Engels,
"Security and Privacy Aspects of Low-Cost Radio Frequency Identification
Systems", In Security in Pervasive Computing, volume 2802 of Lecture Notes in
Computer Science, pages 201--212, 2004. 5
[27] J. Yang, J. Park, H. Lee, K. Ren, K. Kim, "Mutual Authentication ProtocolMutual Authentication Protocol for Low for Low-cost RFID cost RFID", Handout of
the Ecrypt Workshop on RFID and Lightweight Crypto, 2005.
[28] Juels , R. L. Rivest and M. Szydlo, “The Blocker Tag: Selective Blocking of RFID
Tags for Consumer Privacy”, In V. Atluri, ed. 8th ACM Conference on Computer
and Communications Security, 2003, pp. 103-111.
論文全文使用權限
  • 同意授權校內瀏覽/列印電子全文服務,於2013-02-13起公開。
  • 同意授權校外瀏覽/列印電子全文服務,於2013-02-13起公開。


  • 如您有疑問,請聯絡圖書館
    聯絡電話:(06)2757575#65773
    聯絡E-mail:etds@email.ncku.edu.tw