| 摘要: | 隨著RFID (Radio-Frequency Identification)相關技術日漸成熟,其可應用之範圍亦會越來越廣泛,無論是應用於人員的身分識別系統、人員的門禁管制系統、購物商場的收費系統、倉儲的進銷存管理系統、醫療病例系統或是快速道路的收費系統等等,然而當非法的惡意存取技術也逐漸成熟時,隱藏在這些應用中的問題就會一一浮現出來,因此,一個完善的授權驗證過程以及隱私資料的保護機制,就會顯得越來越重要了。
在本論文中,我們簡介RFID的系統架構及其各種應用,並介紹RFID授權協定之相關研究,分別針對其初始設定、執行流程以及以其對機密資料竊聽的抵抗能力、對位置追蹤的抵抗能力、對重送攻擊的抵抗能力、對解除資料同步的抵抗能力、對資料發生碰撞的抵抗能力、前推安全的能力(Forward secrecy)、雙向驗證的能力(Mutual Authentication)等七種性質,加以分析個別通訊協定之優缺點,並提出一個修改自Liu, Wang及Huang所提出的協定,對其無法抵抗資料發生碰撞的抵抗能力加以補強,最後則是將我們所提出的授權協定與其它授權協定進行比較,並提出一個可以針對我們所提出的授權協定加以修改及加強的方向,使其更趨完備。
With the gradual mature of radio-frequency identification (RFID) related techniques, the range of its applications becomes wider and wider; they include people identification, entrance gate control, object identification of shopping malls, supply chain management, health care, automatic collection of road tolls, and so on. However, with the malicious attacks on these systems getting severe, a secure authentication scheme with privacy protection mechanism becomes more and more important.
In this paper, we will first introduce the system architecture of RFID and its various applications. We then survey the related research work on RFID authentication protocols, including the initial setting, the execution procedure, and analysis whether each of the seven security properties they possess: (1) resistance to eavesdropping, (2) resistance to tracking, (3) resistance to replaying, (4) resistance to de-synchronization, (5) resistance to key collision, (6) providing perfect forward secrecy, and (7) supporting mutual authentication. We will point out that the authentication scheme proposed by Liu-Wang-Huang is vulnerable to key collision. We then present an improved protocol to remedy the weakness of their scheme. Finally, we compare our improved authentication scheme with other related schemes and propose a guideline to further enhance our modified scheme. |
