隨著無線射頻辨識技術被廣泛地應用於我們的日常生活，如何在無線射頻辨識相關的應用上，預防違法存取與資料洩漏是相當重要且十分關鍵的， 因此發展一個安全且著重隱私性的無線射頻辨識之認證協定則是有其必要性。最近，Lin等人提出了一個符合EPC第二代第一類標準的無線射頻辨識之雙向認證協定，藉以提供更周全的資料機密性，以及更強健的系統安全與運算效能。然而，在我們所模擬的一連串主動攻擊下，我們發現Lin等人所提出之雙向認證協定，在安全性上並未如其所宣稱般的強健。因此我們發展了一個嶄新的無線射頻辨識之雙向認證協定，在與Lin等人之認證協定具有相同計算複雜度下，可達到更強化之安全性，同時能夠有效預防標籤追蹤與秘密洩漏之威脅。

As RFID technology has emerged in our daily life, the prevention of illegal access and information leakage of RFID based applications becomes a practical requirement. A more secure and privacy aware RFID authentication protocol is devastatingly needed. Recently, Lin et al. proposed a mutual RFID authentication scheme conforming EPC Class 1 Generation 2 (EPC GEN 2) standard to deliver strong data privacy, robust system security and computation efficiency. However, their claimed security cannot hold. In this dissertation, we demonstrate how to break through Lin et al.’s authentication scheme by engaging a series of active attack procedures. The computational complexities of identified attacks are practical so that Lin et al.’s scheme cannot improve security any more than the EPC GEN 2 standard. Furthermore, we develop a new RFID authentication protocol to enhance security density, prevent threats of tag tracing and secrecy disclosure, and achieve the similar computational cost as Lin et al.’s protocol does.

[1] Alex Biryukov, Joseph Lano, and Bart Preneel, Recent Attacks on Alleged Securid and Their Practical Implications, Computers and Security, Vol.24, No.5,
2005, pp.364–370.
[2] Hung-Yu Chien and Che-Hao Chen, Mutual Authentication Protocol for RFID Conforming to EPC Class 1 Generation 2 Standards, Computer Standards and Interfaces, Vol.29, No.2, 2007, pp. 254–259.
[3] Dang Nguyen Duc, Jaemin Park, Hyunrok Lee, and Kwangjo Kim, Enhancing Security of EPCglobal Gen-2 RFID Tag against Traceability and Cloning, in: Proc. of Symposium on Cryptography and Information Security, Hiroshima, January, 2006.
[4] EPCglobal Inc. Available: http://www.epcglobalinc.org/.
[5] EPCTM Radio-Frequency Identification Protocols, Class 1 Generation-2 UHF RFID Protocol for Communication at 860-960 MHz Version 2.0.0, EPCGlobal Inc., November, 2013.
[6] Simson L Garfinkel, Ari Juels, and Ravi Pappu, RFID Privacy: An overview of Problems and Proposed Solutions, IEEE Security and Privacy Magazine, Vol.3, No.3, 2005, pp.34–43.
[7] Belal Chowdhury and Rajiv Khosla, RFID-based Hospital Real-time Patient Management System, in: Proc. of 6th IEEE/ACIS International Conference on Computer and Information Science, Melbourne, July, 2007.
[8] Daewan Han and Daesung Kwon, Vulnerability of An RFID Authentication Protocol Conforming to EPC Class 1 Generation 2 Standards, Computer Standards and Interfaces, Vol.31, No.4, 2009, pp.648–652.
[9] Junius K. Ho, Solving the Reader Collision Problem with a Hierarchical QLearning Algorithm, Master’s thesis, Massachusetts Institute of Technology, February, 2003.
[10] Jung Lyu Jr., Shiow-Yun Chang, and Tung-Liang Chen, Integrating RFID with Quality Assurance System – Framework and Applications, Expert Systems with Applications, Vol.36, No.8, 2009, pp.10877–10882.
[11] Ari Juels, David Molner, and David Wagner, Security and Privacy Nos in EPassports, in: Proc. of 1st International Conference of Security and Privacy for Emerging Areas in Communication Networks, Athens, September, 2005.
[12] Sindhu Karthikeyan and Mikhail Nesterenko, RFID Security without Extensive Cryptography, in: Proc. of ACM Workshop on Security of Ad Hoc and Sensor Networks, Alexandria, November, 2005.
[13] Yeong Lin Lai and Chih Cheng Chen, An Intelligent RFID Fall Notification System, International Journal of Innovative Computing, Information and Control, Vol.7, No.6, 2011, pp.3133–3145.
[14] Tri Van Le, Mike Burmester, and Breno de Medeiros, Universally Composable and Forward-secure RFID authentication and Authenticated Key Exchange, in: Proc. of ACM Symposium on InformAtion, Computer and Communications Security, Singapore, March, 2007.
[15] Iuon Chang Lin, Chi Wei Wang, Rui Kun Luo, and Hsin Chiang You, An Efficient Mutual Authentication Protocol for RFID Systems, International Journal
of Innovative Computing, Information and Control, Vol.7, No.6, 2011, pp.3097–3106.
[16] Iuon Chang Lin, Ching Wen Yang, and Shyh Chang Tsaur, Nonidentifiable RFID privacy protection with ownership transfer, International Journal of Innovative Computing, Information and Control, Vol.6, No.5, 2010, pp.2341–2352.
[17] Nai-Wei Lo and Kuo-Hui Yeh, Mutual RFID Authentication Scheme for Resource-constrained Tags, Journal of Information Science and Engineering, Vol.26, No.5, 2010, pp.1875–1889.
[18] Dursun Delen, Bill C. Hardgrave, and Ramesh Sharda, RFID for Better Supply-Chain Management through Enhanced Information Visibility, Production and Operations Management, Vol. 16, No.5, 2007, pp.613–624.
[19] David Molnar and David Wagner, Privacy and Security in Library RFID: Nos, Practices, and Architectures, in: Proc. of Conference on Computer and Communications Security, Washington, Octorber, 2004.
[20] Shien-Chii Shieh, Chang-Ching Lin, Tai-Fu Yang, and Gu-Han Tu, Using RFID Technology on Clinic’s Pharmacy Operation Management and Development of Intelligent Medicine Dispensing Cabinet, in: Proc. of IEEE International Conference on Industrial Engineering and Engineering Management, Singapore, December, 2008.
[21] Tzu-Chang Yeh, Yan-Jun Wang, Tsai-Chi Kuo, and Sheng-Shih Wang, Securing RFID Systems Conforming to EPC Class 1 Generation 2 Standard, Expert Systems with Applications, Vol.37, No.12, 2010, pp.7678–7683.