簡易檢索 / 詳目顯示

研究生: 黃冠儒
Kuan-Ju Huang
論文名稱: 以自動授權機制來達成RFID隱私權保護
An Efficient and Flexible Way to Protect Privacy in RFID Environment with Licenses
指導教授: 查士朝
Shi-Cho Cha
口試委員: 羅乃維
Nai-Wei Lo
鄧惟中
Wei-Chung Teng
學位類別: 碩士
Master
系所名稱: 管理學院 - 資訊管理系
Department of Information Management
論文出版年: 2009
畢業學年度: 97
語文別: 中文
論文頁數: 40
中文關鍵詞: 隱私權個人資料授權機制無線射頻識別
外文關鍵詞: Privacy, Online Personal Data Licensing, RFID
相關次數: 點閱:284下載:3
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報
  • 由於廠商使用RFID系統可能對消費者的隱私造成威脅,為了解決消費者對於隱私權保護的疑慮,使用RFID系統的廠商被要求當在使用RFID技術收集使用者資料之前,必須先向使用者揭露其RFID的使用政策,並且在取得使用者同意之後,依照其政策去進行相關活動。

    然而,目前RFID技術的研究大部份集中於防止未經授權的單位取得RFID標籤中的資料並預防廠商藉由RFID標籤所發出的資訊對使用者進行追蹤。但並沒有一個有效的機制,讓消費者能夠依照廠商所公佈之RFID政策,去決定是否要讓某個廠商可以取得其個人資料。同時,也缺乏一個機制能夠讓使用者方便地去管理不同廠商的權限。

    本研究提出了一項可因應RFID系統中個人資料隱私問題的新技術,運用我們過去所提出的個人資料授權架構(Online Personal Data Licensing,OPDL),並將此套用到RFID環境。針對前述現今RFID隱私權保護技術要達到RFID技術的公平資訊實施原則的缺口,來提供一套自動化的機制。

    在本研究所提議的方法中,廠商必須取得授權後,才可透過RFID技術收集個人資料,接著進行自動檢查數位授權,嚴格確保個人資料的收集及使用在個人同意的情況下進行。此外,個人可輕鬆自行控制可獲得其授權的人以及授權內容,因此預期此架構可提供有效且彈性的方法,補足目前RFID系統在隱私權保護技術上的不足。


    To release the tension between the convenience and the privacy risk brought by RFID systems, organizations are requested to disclose their policies about RFID activities, to obtain a customer's consent, and to adopt appropriate mechanisms to enforce the policies. However, current researches on RFID typically focus on the enforcement part to protect personal data stored in RFID tags and to prevent organizations from tracking a person through the information emitted by specified RFID tags. There is a missing piece for customers to achieve agreements with organizations efficiently and to limit organizations' RFID activities flexibly.

    This research proposes a new technical and legal approach for responding to concerns about the privacy of personal data in RFID systems by extending the framework of Online Personal Data Licensing (OPDL) and applying the framework to RFID environment.

    In our proposed approach, organizations must obtain licenses before collecting a person s data via RFID technologies. The digitalized and standard licenses can further be checked automatically to ensure that the collection and use of a person’s data is strictly under the person’s consent. While individuals can control who have licenses and the content of the licenses easily, the framework can hopefully provide an efficient and flexible way to overcome the deficiency of current privacy protection technologies for RFID system.

    摘要 I ABSTRACT III 目錄 V 第一章 緒論 1 1.1 研究背景 1 1.2 研究目的 3 1.3 章節介紹 4 第二章 文獻探討 5 2.1 RFID 的安全與隱私威脅 5 2.2 RFID隱私權保護技術 7 2.3 P3P隱私權偏好選項平台 14 2.4 線上個人資料授權 15 第三章 系統架構 18 第四章 主要元件 20 4.1 系統運作流程 20 4.2 授權提案及授權 21 4.3 授權交換中心 23 4.4 標籤識別 25 4.5 符合性原則 27 第五章 系統展示 28 5.1 系統情境 28 5.2 元件設計 29 5.3 系統畫面 31 第六章 結論與後續研究 34 6.1 結論 34 6.2 後續研究 34 參考文獻 36

    [1] Simson L. Garfinkel, Ari Juels, and Ravi Pappu. RFID privacy: An overview of problems and proposed solutions. IEEE Security and Privacy, 3(3):34–43, 2005.

    [2] Shingo Kinoshita, Miyako Ohkubo, Fumitaka Hoshino, Gembu Mo-rohashi, Osamu Shionoiri, and Atsushi Kanai. Privacy enhanced active RFID tag. In Proceedings of the International Workshop on Exploiting Context Histories in Smart Environments–ECHISE’05, Munich, Germany, May 2005.

    [3] Vance Lockton and Richard S. Rosenberg. RFID: The next serious threat to privacy. Ethics and Inf. Tech., 7(4):221–231, 2005.

    [4] Fr´ed´eric Thiesse. RFID, privacy and the perception of risk: A strategic framework. J. Strateg. Inf. Syst., 16(2):214–232, 2007.

    [5] Organization for Economic Cooperation and Development (OECD). Guidelines on the protection of privacy and transborder flows of personal data. Committee for Information, Computer, and Communication Policy, 1980.

    [6] CASPIAN, Privacy Rights Clearinghouse, ACLU, EFF, EPIC, Junk-busters, Meyda Online, and PrivacyActivism. RFID position statement of consumer privacy and civil liberties organizations. http://www.privacyrights.org/ar/RFIDposition.htm, 2003.

    [7] Martin Feldhofer, Sandra Dominikus, and Johannes Wolkerstorfer. Strong authentication for RFID systems using the AES algorithm. In Marc Joye and Jean-Jacques Quisquater, editors, Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems – CHES 2004, volume 3156 of Lecture Notes in Computer Science, pages 357–370, Boston, Massachusetts,USA,August 2004. IACR, Springer-Verlag.

    [8] Xingxin Gao, Zhe Xiang, Hao Wang, Jun Shen, Jian Huang, and Song Song. An approach to security and privacy of RFID system for supply chain. In Proceedings of the Conference on E-Commerce Technology for Dynamic E-Business–CEC-East’04, pages 164–168, Beijing, China, September 2005.IEEE, IEEE Computer Society.

    [9] Ari Juels and John Brainard. Soft blocking: flexible blocker tags on the cheap. In WPES ’04: Proceedings of the 2004 ACM workshop on Privacy in the electronic society, pages 1–7, New York, NY, USA, 2004. ACM.

    [10] Inseop Kim, Byunggil Lee, and Howon Kim. Privacy protection based on user-defined preferences in RFID system. In Proceedings of the International Conference on Advanced Communication Technology – ICACT’06, Phoenix Park, Korea, February 2006. IEEE, IEEE Press.

    [11] Stephen Weis, Sanjay Sarma, Ronald Rivest, and Daniel Engels. Security and privacy aspects of low-cost radio frequency identification systems. In Dieter Hutter, G¨unter M¨uller, Werner Stephan, and Markus Ullmann, editors, Proceedings of the International Conference on Security in Pervasive Computing – SPC 2003, volume 2802 of Lecture Notes in Computer Science, pages 454–469, Boppard, Germany, March 2003. Springer-Verlag.

    [12] Philippe Golle, Markus Jakobsson, Ari Juels, and Paul Syverson. Universalre-encryption for mixnets. In Tatsuaki Okamoto, editor, Proceedings of the The Cryptographers’ Track at the RSA Conference – CT-RSA, volume 2964 of Lecture Notes in Computer Science, pages 163–178, San Francisco, California, USA, February 2004. Springer-Verlag.

    [13] Ari Juels, Ronald Rivest, and Michael Szydlo. The blocker tag: Selective blocking of RFID tags for consumer privacy. In Vijay Atluri, editor, Proceedings of the Conference on Computer and Communica-tions Security–ACM CCS, pages 103–111, Washington, DC, USA, October 2003. ACM, ACM Press.

    [14] Ari Juels. Minimalist cryptography for low-cost RFID tags. In Carlo Blundo and Stelvio Cimato, editors, Proceedings of the International Conference on Security in Communication Networks – SCN 2004, volume 3352 of Lecture Notes in Computer Science, pages 149–164, Amalfi, Italia, September 2004. Springer-Verlag.

    [15] Miyako Ohkubo, Koutarou Suzuki, and Shingo Kinoshita. Cryptographic approach to "privacy-friendly" tags. In Proceedings of the RFID Privacy Workshop, MIT, MA, USA, November 2003.

    [16] Shi-Cho Cha and Yuh-Jzer Joung. Online Personal Data Licensing. In Proceedings of the 3rd International Conference of Law and Technology (LAWTECH2002), pages 28–33, Boston, USA, 2002.

    [17] Shi-Cho Cha and Yuh-Jzer Joung. From P3P to OPDL. In Proceedings of the 3rd Workshop on Privacy Enhancing Technologies (PET2003), Dresden, Germany,March 26-28, 2003.

    [18] L. Cranor, B. Dobbs, S. Egelman, G. Hogben, J. Humphrey,M. Langheinrich, M. Marchiori, M. Presler-Marshall, J. Reagle,M. Schunter, D. A. Stampley, and R. Wenning, “The Platform for Privacy Preferences 1.1 (P3P1.1) specification,” 2006, w3C Working Group Note.

    [19] A. Juels. Rfid security and privacy: a research survey. IEEE Journal on Selected Areas in Communications, 24(2):381–394, Feb. 2006.

    [20] Melanie Rieback, Bruno Crispo, and Andrew Tanenbaum. The evolution of RFID security. IEEE Pervasive Computing, 5(1):62–69, January–March 2006.

    [21] Melanie Rieback, Georgi Gaydadjiev, Bruno Crispo, Rutger Hofman, and Andrew Tanenbaum. A platform for RFID security and privacy administration. In Proceedings of the USENIX/SAGE Large Instal-lation System Administration conference, pages 89–102, Washington DC, USA, December 2006.

    [22] Lejla Batina, Jorge Guajardo, Tim Kerins, Nele Mentens, Pim Tuyls, and Ingrid Verbauwhede. Public-key cryptography for RFID-tags. In Proceedings of the International Workshop on Pervasive Computing and Communication Security – PerSec 2007, pages 217–222, New York, USA, March 2007. IEEE, IEEE Computer Society Press.

    [23] EPCGlobal Inc. EPC radio-frequency identity protocols class-1 generation-2 UHF RFID: Protocols for communications at 860MHz -960MHz, 2005. EPC Global Specification for RFID Air Interface.

    [24] Gildas Avoine and Philippe Oechslin. A scalable and provably secure hash based RFID protocol. In Proceedings of the International Workshop on Pervasive Computing and Communication Security – PerSec 2005, pages 110–114, Kauai Island, Hawaii, USA, March 2005. IEEE, IEEE Computer Society Press.

    [25] Stephen A. Juels, Ari; Weis.Defining strong privacy for RFID. In Proceedings of the Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops – PerCom Workshops’ 07, pages 342–347, 19-23 March 2007.

    [26] Tassos Dimitriou. A lightweight RFID protocol to protect against traceability and cloning attacks. In Proceedings of the Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm, Athens,Greece, September 2005. IEEE.

    [27] Tassos Dimitriou. A secure and efficient rfid protocol that could make big brother (partially) obsolete. In Proceedings of the International Conference on Pervasive Computing and Communications – PerCom 2006, Pisa, Italy, March 2006. IEEE, IEEE Computer Society Press.

    [28] David Molnar and David Wagner. Privacy and security in library RFID: issues, practices, and architectures. In CCS ’04: Proceedings of the 11th ACM conference on Computer and communications security, pages 210–219, New York, NY, USA, 2004. ACM.

    [29] Ari Juels and Ravikanth Pappu. Squealing euros: Privacy protection in RFID-enabled banknotes. In Rebecca N. Wright, editor, Proceedings of the Financial Cryptography – FC’03, volume 2742 of Lecture Notes in Computer Science, pages 103–121, Le Gosier, Guadeloupe, French West Indies, January 2003. IFCA, Springer-Verlag.

    [30] R. Langheinrich, M.; Marti. Practical minimalist cryptography for RFID privacy. IEEE Systems Journal, 1(2):115–128, Dec. 2007.

    [31] Lorrie Cranor, Marc Langheinrich, and ETH Zurich. A P3P PreferenceExchange Language 1.0 (APPEL1.0). In W3C Working Draft, 2002. Retrieved from http://www.w3c.org/TR/P3P-preferences.html

    無法下載圖示 全文公開日期 2014/07/28 (校內網路)
    全文公開日期 本全文未授權公開 (校外網路)
    全文公開日期 本全文未授權公開 (國家圖書館:臺灣博碩士論文系統)
    QR CODE