有許多協定被提出來保護無線射頻辨識系統的隱私性與安全性。在這些協定裡，有一些被設計使用對稱式金鑰加密演算法或公開金鑰加密演算法來保護無線射頻辨識系統長期的安全，其餘的被設計來保護使用者的匿名。在實用上，無線射頻辨識技術的生命週期是較短的，例如在供應鏈以及商品結帳方面等等。而且，我們知道設計一個安全的演算法來長期的保護無線射頻辨識標籤需要許多不同方面的考慮，然而任何提高無線射頻辨識技術的安全性都會使得標籤的成本提高而造成它廣泛部署的困難。舉例來說，需要大量計算資源的公開金鑰加密演算法與對稱式金鑰加密演算法(如RSA與AES)無法合適地被應用來保護無線射頻辨識系統的安全性與隱私性。另外，由於許多無線射頻辨識標籤的資源限制(如電源，計算資源與通訊頻寬)與在空氣中傳播不安全的公開通訊特性，這些因素給予我們動機來研究一個對無線射頻辨識系統安全性與隱私性有效率與低成本的解決方案。在這篇論文裡，我們提出了一個嶄新、有效能以二元樹為基礎的一般性金鑰交換協定，並且說明它可以被應用來提升以低成本及資源受限制為特性的無線射頻辨識系統的安全性。
接下來第一章介紹無線射頻辨識系統。我們會在第二章敘述無線射頻辨識系統所遭受的威脅，這些威脅主要是由於無線射頻辨識系統的低成本限制與讀取器和標籤之間不安全的通訊所導致。在第三章研究目前已經公開的金鑰交換協定並且簡短地分析這些金鑰交換協定的缺點。我們在第四章提出一個稱為BKAP以二元樹為基礎的嶄新金鑰交換協定以及它的改良版本稱為EBKAP，並且詳細的描敘如何應用二元樹來建立金鑰交換協定而無需傳送任何機密的資料到空氣中。在第五章分析此二元樹為基礎的BKAP與EBKAP金鑰交換協定的效能與安全性。在第六章我們提出兩種EBKAP所衍生出來的通訊協定(ERP與BMAP)來提升無線射頻辨識系統的安全性與隱私性。在第七章我們會分析這兩個通訊協定，確定兩者是符合低成本與擁有短期安全性。最後我們在第八章結束本篇論文，提出我們的結論與未來研究方向及需要解決的問題。

There are many protocols proposed for protecting Radio Frequency Identification (RFID) system privacy and security. A number of these protocols are designed for protecting long-term security of RFID system using symmetric key or public key cryptosystem. Others are designed for protecting user anonymity. In practice, the use of RFID technology often has a shorter lifespan, such as commodity check out, supply chain management and so on. Furthermore, we know that designing long term security architecture to protect the security and privacy of RFID tags information requires a thorough consideration from many different aspects. However, any security enhancement on RFID technology will jack up its cost which may be detrimental to its widespread deployment. Due to the severe constraints of RFID tag resources (e.g., power source, computing power, communication bandwidth) and open air communication nature of RFID usage, it is a great challenge to secure a typical RFID system. For example, computational heavy public key and symmetric key cryptography algorithms (e.g., RSA and AES) may not be suitable or over-killed to protect RFID security or privacy. These factors motivate us to research an efficient and cost effective solution for RFID security and privacy protection. In this thesis, we propose a new effective generic binary tree based key agreement protocol and its variations and show how it can be applied to secure the low cost and resource constraint RFID system.
Following the Introduction in Chapter 1, we will describe vulnerabilities of low cost RFID systems in Chapter 2. These vulnerabilities are mainly due to the cost constraint of the RFID system and the insecure channel between the reader and the tags. In Chapter 3, we survey the existing key agreement protocols and briefly analyze the vulnerabilities of these key agreement protocols. In Chapter 4, we present a new key agreement protocol based on a binary tree traversal technique called BKAP and its enhanced version called EBKAP. We describe how to use binary trees to build a key agreement protocol without transmitting sensitive information in the air. In Chapter 5, we analyze the security and performance of these two binary tree based key agreement protocol with special focus on EBKAP. In Chapter 6, we present two applications and derivations of the BKAP (ERP and BMAP) to improve the security and privacy of RFID technology. First derivation is using BKAP to develop an EPC retrieval protocol. Second derivation is to develop a mutual authentication protocol between a reader and a tag. In Chapter 7, we analyze these two protocols to ensure these two binary tree based protocols achieving low cost, efficient implementation and short-term security requirements. Finally, we ended the thesis with open problems and future directions in Chapter 8.

[1]R. Weinstein, “RFID: A technical overview and its application to the enterprise,” IT Professional, Vol. 7, No. 3, pp.27-33, 2005.
[2]K. Finkenzeller, RFID Handbook: Fundamentals and Application in Contactless Smart cards and Identification 2nd ed., John Wiley & Sons, UK, 2003.
[3]M. Shimizu, M. Kobayashi, M. Umehira, “Overview of RFID Technologies for Ubiquitous Services, NTT Technical Review, Vol. 1, No. 9, pp.12-18, December 2003.
[4]M. J.B. Robshaw, “An overview of RFID tags and new cryptographic developments,” Inf Secur Tech Rep, Vol. 11, No. 2, pp.82-88, 2006.
[5]R. Damith, and C. Peter, “Security in Low Cost RFID”, Technical Report Adelaide-AUTOID-WP-HARDWARE-027, Adelaide Auto-ID Center, Sep. 2006.
[6]W. Stallings, CRYPTOGRAPHY AND NETWORK SECURITY Principles and Practice 3rd ed., Pearson Education Inc., USA, 2004.
[7]Sanjay E. Sarma. “Towards the Five-Cent Tag,” Technical Report MIT-AUTOID-WH-006, MIT Auto-ID Center, 2001.
[8]S.H. Weigart, “Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defences,” Lecture Notes in Computer Science, Vol. 1965, pp.302-317, 2000.
[9]R. Andreson, M. Kuhn, “Low cost attacks on tamper resistant devices,” Lecture Notes in Computer Science,” Vol. 1361, pp.125, 1997.
[10]Victor Shoup, “On Formal Models for Secure Key Exchange,” IBM Zurich Research Lab, url = http://citeseer.ist.psu.edu/shoup99formal.html, 1999.
[11]W. Diffie, “The First Ten Years of Public-Key Cryptography,” Proceedings of the IEEE, Vol. 76, No. 5, pp.560-577, 1988.
[12]Y. Yu, Y. Yang, Y. Fan, H. Min, “Security Scheme for RFID Tag,” Technical Report FUDAN-AUTOID-WP-HARDWARE-022, FUDAN Auto-ID Center, Sep. 2006.
[13]EPCglobal Inc. Class-1 Generation-2 UHF RFID Protocol. Version 1.0.9, Apr. 2004.
[14]R. Ghosal, M. Jantscher, Alfio R. Grasso, Peter H. Cole, “One Time Codes,” Technical Report Adelaide-AUTOID-WP-HARDWARE-030, Adelaide Auto-ID Center, Sep. 2006.
[15]David Molnar, Andrea Soppera, David Wagner, “A scalable, delegatable pseudonym. Protocol enabling ownership transfer of RFID tags,” Lect. Notes Comput. Sci., Vol. v 3897 LNCS, pp.276-290, 2006.
[16]C. Castelluccia, G. Avoine, “Noisy tags: A pretty good key exchange protocol for RFID tags,” Lect. Notes Comput. Sci., Vol. v 3928 LNCS, pp. 289-299, 2006.
[17]E. Horowitz, S. Sahni, D. Mehta, FUNDAMENTALS OF DATA STRUCTURES IN C++, Computer Science Press, pp.246-329, New York, 1995.
[18]B. M. Mireille, “Sorted and/or sortable permutations”, Discrete Mathematics, Vol. 225, No. 1, pp.25-50, 2000.
[19]T. Karygiannis, B. Eydt, G. Barber, L. Bunn, T. Phillips, “Guidance for Securing Radio Frequency Identification (RFID) Systems (Draft)”, Special Publication 800-98, Recommendations of the National Institute of Standards and Technology, September 2006.
[20]A. Juels and R. Pappu, “Squealing euros: Privacy protection in RFID - enabled banknotes,” Proc. Financial Cryptography - FC’03, Le Gosier, Guadeloupe, French West Indie, vol. 2742s, pp. 103-121, January 2003.