Please use this identifier to cite or link to this item: http://hdl.handle.net/11455/19848
標題: RFID授權協定之安全性改善
Improving the security of an RFID delegation protocol
作者: 黃健城
Huang, Chien-Cheng
關鍵字: RFID;授權代理;安全;認證
出版社: 資訊科學與工程學系所
引用: [1] G. Avoine, “Cryptography in radio frequency identification and fair exchange protocols”, Ph.D. Thesis, Ecole Polytechnique Federale de Lausanne (EPFL), Lausanne, Switzerland, December 2005. [2] G. Avoine, P. Oechslin, “A scalable and provably secure hash based RFID protocol”, in: International Workshop on Pervasive Computing and Communication Security - PerSec 2005, IEEE Computer Society Press, Kauai Island, Hawaii, USA, 2005, pp. 110-114. [3] G. Avoine “RFID security & privacy” lounge,2010. http://www.avoine.net/rfid [4] H. Chien, C. Chen, “Mutual authentication protocol for RFID conforming to EPC class 1 generation 2 standards”, Computer Standards and Interfaces 29 (2) ,2007, 254-259. [5] T. Dimitriou “A lightweight RFID protocol to protect against traceability and cloning attacks”. in: Conference on security and privacy for emerging areas in communication networks—securecomm, Athens, Greece ,2005 [6] D.N. Duc, J. Park, H. Lee, K. Kim “Enhancing security of EPCglobal Gen-2 RFID tag against traceability and cloning”. in:Symposium on cryptography and information security. Hiroshima, Japan, 2006. [7] I. Erguler, E. Anarim, “Security flaws in a recent RFID delegation protocol” in Springer-Verlag London Limited, 2011. [8] S. Fouladgar, H. Afifi, “A simple privacy protecting scheme enabling delegation and ownership transfer for RFID tags”, Journal of Communications 2 (6), 2007, 6-13. [9] S. Fouladgar, H. Afifi “An efficient delegation and transfer of ownership protocol for RFID tags”. In: First international EURASIP workshop on RFID technology. Vienna, Austria, 2007. [10] J.C. Ha, S.J. Moon, J.M.G. Nieto, C. Boyd “Low-cost and strong-security RFID authentication protocol”. in: EUC workshops. Lecture Notes in Computer Science, Springer-Verlag 4809:795-807 [11] D. Henrici, P. Műller, “Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers”. in: International workshop on pervasive computing and communication security—PerSec 2004. IEEE Computer Society, Florida, USA, 2004, pp 149-153 [12] A. Juels, “RFID security and privacy: a research survey”, IEEE Journal on Selected Areas in Communications 24, 2006, 381-394. [13] A. Juels, “ The Physical Basis of RFID Security”, in: Springer-Verlag, RSA Laboratories, USA, 2010. [14] S. Karthikeyan, N. Nesterenko, “RFID security without extensive cryptography”, in: Workshop on Security of Ad Hoc and Sensor Networks - SASN'05, ACM Press, Alexandria, Virginia, USA, 2005, pp. 63-67. [15] C. Lim, T. Kwon, “Strong and robust RFID authentication enabling perfect ownership transfer”, in: P. Ning, S. Qing, N. Li (Eds.), Conference on Information and Communications Security - ICICS'06, Lecture Notes in Computer Science, vol. 4307, Springer, Raleigh, North Carolina, USA, 2006, pp. 1-20. [16] D. Molnar, D. Wagner “Privacy and security in Library RFID: issues, practices, and architectures”. in: Conference on computer and communications security. ACM CCS, Washington DC, USA, 2004, pp 210-219 [17] D. Molnar, A. Soppera, D. Wagner, “A scalable delegatable pseudonym protocol enabling ownership transfer of RFID tags”, in: B. Preneel, S. Tavares (Eds.), Selected Areas in Cryptography - SAC 2005, Lecture Notes in Computer Science, vol. 3897, Springer, Kingston, Canada, 2005, pp. 276-290. [18] P. Najera, J. Lopez, “RFID: technological issues and privacy concerns”, in: A. Acquisti, S. Gritzalis, C. Lambrinoudakis, S. di Vimercati (Eds.), Digital Privacy: Theory, Technologies and Practices, Taylor & Francis, London, 2008, pp. 285-306 (Chapter 14). [19] M. Ohkubo, K. Suzki, S. Kinoshita,” Cryptographic approach to ‘privacy-friendly' tags”, in: RFID Privacy Workshop, MIT, MA, USA, 2003. Available from: <http://www.rfidprivacy.us/2003/agenda.php>. [20] K. Rhee, J. Kwak, S. Kim, D. Won “Challenge-response based RFID authentication protocol for distributed database environment”. in: International conference on security in pervasive computing—SPC 2005. Lecture Notes in Computer Science, 2005, Springer-Verlag 3450:70-84 [21] A.R. Sadeghi, I. Visconti, C. Wachsmann “PUF-enhanced RFID security and privacy”. in: Workshop on Secure Component and System Identification (SECSI),2010. [22] C. Shaoying, Y. Li, T. Li, R. Deng “Attacks and improvements to an RFID mutual authentication protocol and its extensions”. in: Proceedings of the second ACM conference on wireless network security—WiSec'09. Zurich, witzerland, 2009 [23] B. Song, C.J. Mitchell, “RFID authentication protocol for low-cost tags”, in: V.D. Gligor, J. Hubaux, R. Poovendran (Eds.), ACM Conference on Wireless Network Security - WiSec'08, ACM Press, Alexandria, Virginia, USA, 2008, pp. 140-147. [24] B. Song, C.J. Mitchell, “Scalable RFID pseudonym protocol”, in: Proceedings of the Third International Conference on Network and System Security - NSS 2009, IEEE Computer Society, Gold Coast, Queensland, Australia, 2009, pp. 216-224. [25] B. Song, C.J. Mitchell “Scalable RFID security protocols supporting tag ownership transfer”, 2011, Comput Commun 34:556-566. [26] G. Tsudik “A family of dunces: trivial RFID identification and authentication protocols”. Cryptology ePrint Archive,2007, Report 2006/015 [27] I. Vajda, L. Buttyan, “Lightweight authentication protocols for low-cost RFID tags”, in: Second Workshop on Security in Ubiquitous Computing - Ubicomp 2003, Seattle, WA, USA, 2003. [28] S. Weis, “Security and privacy in radio-frequency identification devices”, Master's Thesis, Massachusetts Institute of Technology (MIT), Massachusetts, USA, May 2003. [29] S. Weis, S. Sarma, R. Rivest, D. Engels, “Security and privacy aspects of low-cost radio frequency identification systems”, in: D. Hutter, G. Muller, W. Stephan, M. Ullmann (Eds.), International Conference on Security in Pervasive Computing - SPC 2003, Lecture Notes in Computer Science, vol. 2802, Springer, Boppard, Germany, 2003, pp. 201-212. [30] Y. Zhang, P. Kitsos,” Security in RFID and Sensor Networks”, Auerbach Publications, 2009.
摘要: 
無線射頻辦識(Radio Frequency Identification,RFID)系統標籤授權,一個後端伺服器授權給特定的實體,能夠識別及認證標籤的能力。其目的是為了分擔後端伺服器系統在認證標籤計算上的成本。近期由Song和Mitchel提出的協定,可以滿足標籤授權代理的要求。Erguler和Anarim指出Song-Mitchel協定有兩個安全上的缺陷,即標籤模擬和不同步攻擊。同時提出一個改善後的協定。
在本論文中,我們分析他們的協定,在防範不誠信授權實體上仍然很脆弱,因為沒有提供一個互相認證的機制。因此,我們提出一個建議的改善。

Radio Frequency Identification (RFID) tag delegation enables a back-end server to delegate the ability to identify and authenticate a tag to a specified entity, such as a reader. It is used to reduce the tag authentication computational cost on a server. Recently, a delegation protocol is proposed by Song and Mitchell to meet the requirement of RFID tag delegation. Ergular and Anarim pointed out two security flaws in SM protocol regarding tag impersonation and desynchronization. They also proposed an improve protocol.
URI: http://hdl.handle.net/11455/19848
Appears in Collections:資訊科學與工程學系所

Show full item record
 

Google ScholarTM

Check


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.