隨著「無線射頻辨識（Radio Frequency Identification）技術在實際應用面上的快速拓展」與「無線射頻標籤成本逐漸下滑之趨勢」下，無線射頻辨識之相關技術研究與實務開發逐漸被產、官、學界所重視，新型態之殺手級應用更為企業與消費者所引頸期盼。然而，當無線射頻辨識技術的應用益發普及於人們日常生活中後，其伴隨而來的系統安全威脅與個人隱私危機也悄悄地伺伏於我們四周。有鑑於此，本研究係針對無線射頻辨識系統上之資訊存取與身份鑑別機制提出新的設計，冀達成無線射頻辨識應用的系統安全與個體隱私防護之功效。

針對無線射頻辨識系統的後端通訊（讀取器擁有者與後端伺服器間），本研究提供了六套不同性質之安全存取與身分鑑別機制。第一套身份辨識機制採用橢圓曲線加密法（Elliptic Curve Cryptosystems）作為核心設計，該機制著重於讀取器使用者之隱私洩漏與行為軌跡追蹤等問題解析，流程中利用一合法假名（Legitimate Pseudonym）取代個體辨識碼（Identity），進而達到匿名通訊。第二套身份鑑別機制則採用了「低強度但易記憶」密碼作為加密金鑰基準，並利用一套交互身分鑑別（Mutual Authentication）機制產生所需的會議金鑰（Session Key），該金鑰安全強度植基於Diffie-Hellman離散對數問題。近年來，由於智慧卡（Smart Card）的高度安全性、應用普及性與技術實用性，智慧卡鑑別系統已被廣泛應用於網路安全傳輸與日常生活中。為強化無線射頻辨識系統上的後端通訊，本研究提出了兩套以智慧卡為基底的鑑別系統。首先，為追求較佳之系統效能，吾人利用雜湊函數與簡易位元模組來設計出一套輕量級的身份鑑別機制，該方案成功地達到適當且穩固的系統安全。再者，另一方案採用動態辨識碼（Dynamic Identity）機制來達成遠端使用者的隱私防護，根據所提出的安全與效能分析，該方法十分適用於無線射頻辨識應用與服務的後端通訊防護。最後，為求解決方案的完整性，本研究更針對了現今網路應用中的多伺服器傳輸架構與行動商務等兩大系統模型進行存取控制機制設計的可行性瞭解，並根據此二架構分別設計出一套安全身份鑑別機制。

於無線射頻辨識系統的前端通訊（讀取器與標籤間）上，本論文提出了四套性質相異之安全存取與身分鑑別機制。礙於標籤的低成本限制，吾人首先針對無線射頻辨識系統的前端通訊設計了兩套以低成本雜湊函數建構而成的身份鑑別協定，此一雜湊函數的安全性與運算效率已被證實於研究 [180]，該二方法分別採用了金鑰自動更新（Key Auto-update）、金鑰冗餘設計（Key Redundancy Design）與流程導向設計（Process-oriented Design）來確保前向安全（Forward Security）與阻絕攻擊防護（Resistance to De-synchronization）之存在，文中提出的安全與效能分析更證實了提出方法的實用性。近來，無線射頻辨識安全社群逐漸將研究重心轉移到「輕量（lightweight）且安全」的身份鑑別機制設計，該概念主要採用具運算效率的安全防護模組來設計一套介於讀取器與標籤間的安全通訊。有鑑於此，本研究建議了一套符合EPCglobal組織標準 [47] 的資訊存取控制機制，冀提供目前實務界良好的規範參考。另一方面，吾人更設計了一套極輕量（Ultralightweight）身份鑑別機制，該機制中僅採用以位元為基準的運算模組，故其運算效率非常適用於低製造成本的無線射頻標籤。根據無線射頻技術實務上的特殊應用需求，本論文提出了兩套標籤共存證明（Coexistance Proof）機制，其產生之證明可提供各無線射頻技術應用中的標籤共存之證據，進而降低各應用中的貨物交易與商品往來爭議。最後，本研究提出了一套正式攻擊模組，用以分析目前已存在的無線射頻身分鑑別（RFID Authentication）協定，並發現金鑰冗餘設計與獨立性金鑰更新機制（Key Independent Update）的矛盾性。

The design of secure authentication protocol for Radio Frequency IDentification (RFID) systems has been extensively studied in recent years in view of the awareness of individual privacy and the requirement of robust system security. Most of previous works assume the communication channel between the RFID reader and the backend server is secure and only concentrate on authentication process design between the tags and the reader. However, the future communication environment for RFID sys-tems will be all wireless and inherently insecure. Meanwhile, a variety of security threats, privacy violation problems and heavy computation workload on authentica-tion process still exist in RFID system environment. It is more difficult to secure an RFID system than before without novel authentication protocols. In this dissertation, twelve mechanisms are introduced to support complex RFID environment in the fu-ture and provide more efficient and secure authentication process. In addition, we propose a formal analysis model to investigate the security of existing RFID authen-tication protocols.

The first part of this dissertation presents six authentication protocols which in-tend to secure the backend communication channel between the reader and the server in RFID systems against major security threats and user privacy disclosure. First, a mutual authentication scheme based on elliptic curve cryptosystems is proposed to defend against the privacy disclosure threat for the RFID reader and its owner. To the best of our knowledge, our scheme is the first RFID authentication protocol to handle reader owner privacy issue with a mutual agreement property. Secondly, in order to secure the legitimacy of accessed reader, we introduce three remote user authentica-tion schemes in sequence. The first one of these three proposals is password based and it can be utilized to secure the communication between the reader and the server within a hostile network. The other two schemes are built on the usage of smart card. For system efficiency, a lightweight authentication mechanism is firstly introduced which adopts only one-way hash function and exclusive-or operation to provide sys-tem security as well as computation efficiency. A dynamic ID based version is then derived to eliminate reader owner’s privacy threat and protect his/her authentication trajectories. This proposal is proved to be secure under the collision-resistance of hash function. Finally, in consideration of important and practical application scenarios on which RFID technology may be deployed in the future, two authentication schemes for multi-server architecture and mobile commerce are developed to support remote user authentication with access capability on multiple servers and mobile commerce transactions.

To secure the forward communication channel between the reader and the tags, four protocols are proposed to fit in different needs of RFID systems. Due to the na-ture of restricted computation ability and limited memory space of low-cost RFID tag, it is very difficult to implement a traditional, complicated but secure authentication cryptosystem. For this reason, two computation-efficient mechanisms with robust ac-cess control are proposed in which a low-cost hash function [180] is adopted as the underlying security operation module. The corresponding robustness and performance analyses show the practicality of these two schemes. As lightweight cryptosystem modules have been developed by research community in recent years, the design of lightweight authentication schemes for RFID systems is viewed as a must in the fu-ture. By following this trend, we introduce two authentication protocols in which one is compatible to EPCglobal Class 1 Generation 2 standards and the other one utilizes the ultralightweight computing operators. These two protocols are extremely compu-tation-efficient and suitable for very low-cost tags. In a RFID-tagged world, a mecha-nism that proves a group of objects with their corresponding RFID tags appeared at the same time and the same place can be very useful in various application scenarios. Two coexistence proofs protocols are proposed to produce robust evidences for the coexistence of multiple RFID tags. These evidences can be utilized to solve the con-troversy on tagged merchandise delivery. Finally, we study a general attack on current RFID authentication protocols. Our findings show that most of existing RFID authen-tication protocols cannot provide forward/backward security and resist to de-synchronization attack simultaneously.

中文摘要I
AbstractIV
誌 謝VII
ContentsVIII
List of FiguresX
List of TablesXI
Chapter 1 Introduction1
1.1 Background & Motivation1
1.2 RFID System Model5
1.3 Notations7
1.4 Outline of this Dissertation10
Chapter 2 Authentication on Backend Channel11
2.1. General Solutions11
2.1.1. An Elliptic Curve Cryptosystems (ECC) Based Mutual Agreement Protocol11
2.1.2. A Three-party Password based Authenticated Key Exchange Protocol24
2.2. SmartCard based Solutions37
2.2.1. An Efficient Remote User Authentication Scheme with Smart Cards37
2.2.2. A Dynamic ID based Remote User Authentication Protocol with Smart Cards52
2.3. Solutions for Specific Environment65
2.3.1. A Remote User Authentication Scheme for Multi-server Environment65
2.3.2. A Novel Authentication Scheme for Mobile Commerce Transactions77
Chapter 3. Authentication on Frontend Channel87
3.1. General Solutions87
3.1.1. Mutual RFID Authentication Scheme for Resource-constrained Tags87
3.1.2. Novel RFID Authentication Scheme for Security Enhancement105
3.2. Lightweight Solutions113
3.2.1. An Efficient Mutual Authentication Scheme for EPCglobal Class-1 Generation-2 RFID System113
3.2.2. An Efficient Ultralightweight Authentication Protocol for RFID Systems127
3.3. Investigations for Specific Purposes143
3.3.1. Anonymous Coexistence Proofs for RFID Tags143
3.3.2. New Findings on existing RFID Authentication Schemes against De-synchronization Attack161
Chapter 4 Conclusion and Future Work183
Bibliography189

1.An Y. and Oh S., ''RFID system for user's privacy protection,'' in Proc. of the Asia-pacific Conference on Communications, pp.516-519 (2005).
2.Argyroudis P.G., Verma R., Tewari H. and O’Mahony D., ''Performance analy-sis of cryptographic protocols on handheld devices,'' in Proc. of the 3rd Interna-tional Symposium on Network Computing and Applications, pp.169-174 (2004).
3.Avoine G., Dysli E. and Oechslin P., ''Reducing time complexity in RFID sys-tems,'' in Proc. of the 12th Annual Workshop on Selected Areas in Cryptography, LNCS 3879, pp.291-306 (2005).
4.Awasthi A.K. and Lal S., ''A remote user authentication scheme using smart cards with forward secrecy,'' IEEE Trans. on Consumer Electronics, vol.49, no.4, pp.1246-1248 (2003).
5.Awasthi A.K. and Lal S., ''Security analysis of a dynamic ID-based remote user authentication scheme,'' Cryptology ePrint Archive 238 (2004).
6.Ayoade J., ''Security implications in RFID and authentication processing framework,'' Computers & Security, vol.25, no.3, pp. 207-212 (2006).
7.Bellare M., Halevi S., Sahai A. and Vadhan S., ''Many-to-one trapdoor func-tions and their relations to public-key cryptosystems,'' in Proc. of the CRYPTO'98, LNCS 1462, pp.283-298 (1998).
8.Bellare M. and Rogaway P., ''Provably secure session key distribution - The three party case,'' in Proc. of the 27th ACM Symposium on the Theory of Com-puting, pp.162-169 (1995).
9.Bellare M., Pointcheval D. and Rogaway P., ''Authenticated key exchange se-cure against dictionary attacks,'' in Proc. of the EUROCRYPT 2000, LNCS 1807, pp.139-155 (2000).
10.Bellovin S.M. and Merritt M., ''Encrypted key exchange: password-based pro-tocols secure against password guessing attacks,'' in Proc. of the 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pp.72-84 (1992).
11.Bolotnyy L. and Robins G., ''Generalized Yoking-Proofs for a group of RFID tags,'' in Proc. of the 3rd Annual International Conference on Mobile and Ubiq-uitous Systems: Networking & Services, pp.1-4 (2006).
12.Bresson E., Chevassut O. and Pointcheval D., ''Provably-secure authenticated group Diffie-Hellman key exchange,'' ACM Trans. on Information and System Security, vol.10, no.3, article 10 (2007).
13.Bringer J., Chabanne H. and Dottax E., ''HB++: A lightweight authentication protocol secure against some attacks,'' in Proc. of the 2nd International Work-shop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, pp.28-33 (2006).
14.Burmester M. and Medeiros B. de, ''The security of EPC Gen2 compliant RFID protocols,'' in Proc. of the 6th International Conference of Applied Cryptography and Network Security, LNCS 5037, pp.490-506 (2008).
15.Burrows M., Abadi M. and Needham R., ''A logic of authentication,'' ACM Transactions on Computer Systems, vol.8, no.1, pp.18-36 (1990).
16.Buttyán L., Gbaguidi C., Staamann S. and Wilhelm U., ''Extensions to an au-thentication technique proposed for the global mobility network,'' IEEE Trans-action on Communication, vol.48, no.3, pp.373-376 (2000).
17.Cai S., Li Y., Li T. and Deng R.H., ''Attacks and improvements to an RFID mutual authentication protocol and its extensions,'' in Proc. of the 2nd ACM Conference on Wireless Network Security, pp.51-58 (2009).
18.Cao T., Bertino E. and Lei H., ''Security analysis of the SASI protocol,'' IEEE Transactions on Dependable and Secure Computing, vol.6, pp.73-77 (2008).
19.Chang C.C. and Chang Y.F., ''A novel three-party encrypted key exchange pro-tocol,'' Computer Standards and Interfaces, vol.26, no.5, pp.471-476 (2004).
20.Chang C.C. and Lee J.S., ''An efficient and secure multi-server password au-thentication scheme using smart card,'' in Proc. of the International Conference on Cyberworlds, pp.417-422 (2004).
21.Chang C.C. Lee J.S., and Kuo J.Y., ''Time-bound based authentication scheme for multi-server architecture,'' International Journal of Innovative Computing, Information and Control, vol.4, no.11, pp.2987-2996 (2008).
22.Chang Y.F., ''A practical three-party key exchange protocol with round effi-ciency,'' International Journal of Innovative Computing, Information and Con-trol, vol.4, no.4, pp.953-960 (2008).
23.Chen C.L. and Den Y.-Y., ''Conformation of EPC class 1 generation 2 standards RFID system with mutual authentication and privacy protection,'' Engineering Applications of Artificial Intelligence, vol.22, no.8, pp.1284-1291 (2009).
24.Chen H.B., Chen T.H., Lee W.B. and Chang C.C., ''Security enhancement for a three-party encrypted key exchange protocol against undetectable online pass-word guessing attacks,'' Computer Standards & Interfaces, vol.30, pp.95-99 (2008).
25.Chen T.H., Lee W.B. and Chen H.B., ''A round- and computation- efficient three-party authenticated key exchange protocol,'' Journal of Systems and Soft-ware, vol.81, no.9, pp.1581-1590 (2008).
26.Chen Y.C., Wang W.L. and Hwang M.S., ''RFID authentication protocol for anti-counterfeiting and privacy protection,'' in Proc. of the 9th International Conference on Advanced Communication Technology, pp.255-259 (2007).
27.Chen Y., Chou J.S. and Sun H.M., ''A novel mutual authentication scheme based on quadratic residues for RFID systems,'' Computer Networks, vol.52, no.12, pp.2373-2380 (2008).
28.Chien H.Y., ''SASI: A new ultralightweight RFID authentication protocol pro-viding strong authentication and strong integrity,'' IEEE Trans. on Dependable and Secure Computing, vol.4, pp.337-340 (2007).
29.Chien H.Y. and Chen C.H., ''Mutual authentication protocol for RFID con-forming to EPC class 1 generation 2 standards,'' Computer Standards & Inter-faces, vol.29, no.2, pp.254-259 (2007).
30.Chien H.Y. and Chen C.H., ''A remote authentication scheme preserving user anonymity,'' in Proc. of the 19th International Conference on Advanced Infor-mation Networking and Applications, pp.245-248 (2005).
31.Chien H.Y. and Huang C.W., ''Security of ultra-lightweight RFID authentica-tion protocols and its improvements,'' ACM SIGOPS Operating System Review, vol.41 pp.83-86 (2007).
32.Chien H.Y. and Wu T.C., ''Provably secure password-based three-party key exchange with optimal message steps,'' The Computer Journal, vol.52, no.6, pp.646-655 (2009).
33.Choi E.Y., Lee D.H. and Lim J.I., ''Ant-cloning protocol suitable to EPCglobal class-1 generation-2 RFID systems,'' Computer Standards & Interfaces, vol.31, pp.1124-1130 (2009).
34.Chung Y.F., Huang K.H., Lai F. and Chen T.S., ''ID-based digital signature scheme on the elliptic curve cryptosystem,'' Computer Standards & Interfaces, vol.29, pp.601-604 (2007).
35.Chung H.R. and Ku W.C., ''Three weaknesses in a simple three-party key ex-change protocol,'' Information Science, vol.178, no.1, pp.220-229 (2008).
36.Conti M., Pietro R. Di and Mancini L. V., ''RIPP-FS: an RFID identification, privacy preserving protocol with forward secrecy,'' in Proc. of the 5th Annual IEEE International Conference on Pervasive Computing and Communications Workshops, pp.229-234 (2007).
37.Conti M., Pietro R. Di, Mancini L. V. and Spognardi A., ''FastRIPP: RFID pri-vacy preserving protocol with forward secrecy and fast resynchronization,'' in Proc. of the 33rd Annual Conference of the IEEE Industrial Electronic Society, pp. 52-57 (2007).
38.Cramer R. and Shoup V., ''A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack,'' in Proc. of the Advanced in Cryp-tology-Crypto’98, pp.13-25 (1998).
39.Dai Y. and Zhang L., ''A security payment scheme of mobile commerce,'' in Proc. of the ICCT2003, pp.949-952 (2003).
40.D’Arco P. and Santis A. De, ''From weaknesses to secret disclosure in a recent ultra-lightweight RFID authentication protocol, Cryptology ePrint Archive 470 (2008).
41.Das M.L., Saxena A. and Gulati V.P., ''A dynamic ID-based remote user au-thentication scheme,'' IEEE Trans. Consumer Electronics, vol.50, no.2, pp.629-631 (2004).
42.Dimitriou T., ''A lightweight RFID protocol to protect against traceability and cloning attacks,'' in Proc. of the 2005 SecureComm (2005).
43.Ding Y. and Horster P., ''Undetectable on-line password guessing attacks,'' ACM Operating Systems Review, vol.29, no.4, pp.77-86 (1995).
44.Duan X., Liu J.W. and Zhang Q., ''Security improvement on Chien et al.’s re-mote user authentication scheme using smart cards,'' in Proc. of the IEEE Inter-national Conference on Computational Intelligence and Security, pp.1133-1135 (2006).
45.Duc D.N., Park J., Lee H. and Kim K., ''Enhancing security of EPCglobal GEN-2 RFID tag against traceability and cloning,'' in Proc. of the 2006 Sympo-sium on Cryptography and Information Security (2006).
46.ELGamal T., ''A public key cryptosystem and a signature scheme based on dis-crete logarithms,'' IEEE Trans. on Information Theory, vol.31, no.4, pp.469-472 (1985).
47.EPCTM Radio-Frequency Identification Protocols Class 1 Generation-2 UHF RFID Protocol for Communication at 860-960 MHz Version 1.0.9, EPCGlobal Inc. (2005).
48.Erguler I. and Anarim E., ''Scalability and security conflict for RFID authenti-cation protocols,'' Cryptology ePrint Archive (2010).
49.Fekih A., Xu H. and Chowdhury F., ''Neural networks based system identifica-tion techniques for model based fault detection of nonlinear systems,'' Interna-tional Journal of Innovative Computing, Information and Control, vol.3, no.5, pp.1073-1085 (2007).
50.Gao Z.X. and Tu Y.Q., ''An improvement of dynamic ID-based remote user au-thentication scheme with smart cards,'' in Proc. of the 7th World Congress on Intelligent Control and Automation, pp.4562-4567 (2008).
51.Garfinkel S.L., Juels A. and Pappu R., ''RFID privacy: an overview of problems and proposed solutions,'' IEEE Security & Privacy Magazine, vol.3, pp.34-43 (2005).
52.Gilbert H., Robshaw M. and Sibert H., ''An active attack against HB+ - a prova-bly secure lightweight authentication protocol,'' Cryptology ePrint Archive (2005).
53.Goldreich O. and Levin L., ''A hard-core predicate for all one-way functions,'' in Proc. of the 21st ACM Symposium on the Theory of Computing, pp.25–32 (1989).
54.Gong L., ''A security risk of depending on synchronized clocks,'' ACM Operating System Review, vol.26, no.1, pp.49-53 (1992).
55.Guo H., Li Z., Mu Y. and Zhang X., ''Cryptanalysis of simple three-party key exchange protocol,'' Computers and Security, vol.27, no.1-2, pp.16-21 (2008).
56.Han D. and Kwon D., ''Vulnerability of an RFID authentication protocol con-forming to EPC class 1 generation 2 standards,'' Computer Standards & Inter-faces, vol.31, no.4, pp.648-652 (2009).
57.Henrici D. and Műller P., ''Hash-based enhancement of location privacy for ra-dio-frequency identification devices using varying identifiers,'' in Proc. of the Second IEEE Annual Conference on Pervasive Computing and Communica-tions Workshops, pp.149-153 (2004).
58.Hernandex-Castro J.C., Estevex-Tapiador J.M., Peris-Lopez P. and Quisquater J.J., ''Cryptanalysis of the SASI ultralightweight RFID Authentication Proto-col,'' Cryptology ePrint Archive (2008).
59.Hsiang H.C. and Shih W.K., ''Weaknesses and improvements of the Yoon-Ryu¬-Yoo remote user authentication scheme using smart cards,'' Computer Commu-nications, vol.32, pp.649-652 (2009).
60.Huang H.F. and Wei W.C., ''A new efficient and complete remote user authen-tication protocol with smart card,'' International Journal of Innovative Comput-ing, Information and Control, vol.4, no.11, pp.2803-2808 (2008).
61.Hwang T., Chen Y. and Laih C.S., ''Non-interactive password authentication without password tables,'' in Proc. of the IEEE Region 10 Conference on Com-puter and Communication Systems, pp.429-431 (1990).
62.Hwang M.S. and Li L.H., ''A new remote user authentication scheme using smart cards,'' IEEE Trans. on Consumer Electronics, vol.46, no.1, pp.28-30 (2000).
63.Hwang K.F. and Chang C.C., ''A self-encryption mechanism for authentication of roaming and teleconference services,'' IEEE Trans. on Wireless Communica-tion, vol. 2, no.2, pp.400-407 (2003).
64.Hwang R.J., Li J.F., and Hsiao Y.K., ''A wireless-based authentication and anonymous channels for GSM system,'' Journal of Computers, vol.17, no.1, pp.31-36 (2006).
65.IEEE P1363.2/D15, Standard specifications for password-based public key cryptographic technologies (2004).
66.Impagaliazzo R. and Rudich S., ''Limits on the provable consequences of one-way permutations,'' in Proc. of the 21st ACM Symposium on the Theory of Computing, pp.44–61 (1989).
67.ISO/IEC FCD 11770-4, Information technology – security techniques – key management – part 4: mechanism based on weak secrets, Information Organi-zation for Standardization (2006).
68.Juang W.S., ''Efficient password authenticated key agreement using smart card,'' Computers & Security, vol.23, no.2, pp.167-173 (2004).
69.Juang W.S., ''Efficient multi-server password authenticated key agreement us-ing smart cards,'' IEEE Trans. on Consumer Electronics, vol.50, no.1, pp.251-255 (2004).
70.Juang W.S., Lei C.L. and Chang C.Y., ''Anonymous channel and authentication in wireless communication,'' Computer Communication, vol.22, pp.1502-1511 (1999).
71.Juels A., ''Yoking-proofs for RFID tags,'' in Proc. of the 2nd IEEE Annual Con-ference on Pervasive Computing and Communications Workshops, pp.138-143 (2004).
72.Juels A. and Weis S.A., ''Authenticating pervasive devices with human proto-cols,'' in Proc. of the CRYPTO’05, LNCS 3621, pp.293-308 (2005).
73.Karthikeyan S. and Nesterenko M., ''RFID security without extensive cryptog-raphy,'' in Proc. of the 3rd ACM Workshop on Security of Ad hoc and Sensor Networks, pp.63-67 (2005).
74.Kim H.W., Lim S.Y. and Lee H.J., ''Symmetric encryption in RFID authentica-tion protocol for strong location privacy and forward-security,'' in Proc. of the International Conference on Hybrid Information Technology, pp.718-723 (2006).
75.Kocher P., Jaffe J. and Jun B., ''Differential power analysis,'' in Proc. of CRYPTO 99, LNCS 1666, pp.388-397 (1999).
76.Ku W.C. and Chang S.T., ''Impersonation attack on a dynamic ID-based remote user authentication scheme using smart cards,'' IEICE Trans. Communication, vol.5, pp.2165-2167 (2005).
77.Lam K.Y., Chung S.L., Gu M. and Sun J.G., ''Lightweight security for mobile commerce transactions,'' Computer Communications, vol.26, pp.2052-2060 (2003).
78.Lamport L., ''Password authentication with insecure communication,'' Commu-nication of ACM, vol.24, no.11, pp.770-772 (1981).
79.Lamport L., ''Constructing digital signatures from a one way function,'' Techni-cal Report CSL-98, International SRI (1979).
80.Le T.V., Burmester M. and Medeiros B. de, ''Universally composable and for-ward-secure RFID authentication and authenticated key exchange,'' in Proc. of the 2nd ACM Symposium on Information, Computer and Communications Secu-rity, pp.242-252 (2007).
81.Lee C.C., Hwang M.S. and Yang W.P., ''A flexible remote user authentication scheme using smart cards,'' ACM Operating Systems Review, vol.36, no.3, pp.46-52 (2002).
82.Lee C.C, Hwang M.S and Yang W.P., ''Extension of authentication protocol for GSM,'' IEE Proc.-Commun., vol.150, no.2, pp.91-95 (2003).
83.Lee J.S., Chang Y.F. and Chang C.C., ''Secure authentication protocols for mo-bile commerce transactions,'' International Journal of Innovative Computing, Information and Control, vol.4, no.9, pp.2305-2314 (2008).
84.Lee J.S., Chang Y.F., and Chang C.C., ''A novel authentication protocol for multi-server architecture without smart cards,'' International Journal of Innova-tive Computing, Information and Control, vol.4, no.6, pp.1357-1364 (2008).
85.Lee S., Asano T. and Kim K., ''RFID mutual authentication scheme based on synchronized secret information,'' in Proc. of the 2006 Symposium on Cryptog-raphy and Information Security (2006).
86.Lee T.F., Hwang T. and Lin C.L., ''Enhanced three-party encrypted key ex-change without server public keys,'' Computers and Security, vol.23, no.7, pp.571-577 (2004).
87.Lee T.F., Chang C.C. and Hwang T.L., ''Private authentication techniques for the global mobility network,'' Wireless Personal Communication, vol.35, pp.329-336 (2005).
88.Lee S.W., Kim H.S. and Yoo K.Y., ''Efficient verifier-based key agreement protocol for three parties without server’s public key,'' Applied Mathematics and Computation, vol.167, no.2, pp.996-1003 (2005).
89.Li L., Lin I., and Hwang M., ''A remote password authentication scheme for multi-server architecture using neural networks, '' IEEE Trans. Neural Network, vol.12, no.6, pp.1498-1504 (2001).
90.Li T. and Deng R.H., ''Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol,'' in Proc. of the AReS’07 (2007).
91.Li T. and Wang G., ''Security analysis of two ultra-lightweight RFID authenti-cation protocols,'' in Proc. of the IFIP Information Security (2007).
92.Liao Y.P. and Wang S.S., ''A secure dynamic ID based remote user authentica-tion scheme for multi-server environment,'' Computer Standards and Interfaces, vol.31, no.2, pp.24-29 (2009).
93.Liaw H.T., Lin J.F. and Wu W.C., ''An efficient and complete remote user au-thentication scheme using smart cards,'' Mathematical and Computer Modeling, vol.44, no.1-2, pp.223-228 (2006).
94.Lien Y.H., Leng X.F., Mayes K. and Chiu J.H., ''Reading order independent grouping proof for RFID tags, '' in Proc. of the IEEE International Conference on Intelligence and Security Informatics, pp.128-136 (2008).
95.Lin C.C., Lai Y.C., Tygar J.D., Yang C.K., Chiang C.L., ''Coexistence proof us-ing chain of timestamps for multiple RFID tags,'' in Proc. of the International Workshop on Application and Security Service in Web and Pervasive Environ-ment, pp. 634-643 (2007).
96.Lin C.L., Sun H.M. and Hwang T., ''Three party-encrypted key exchange: at-tacks and a solution,'' ACM Operating Systems Review, vol.34, no.4, pp.12-20 (2000).
97.Lin C.L., Sun H.M., Steiner M. and Hwang T., ''Three-party encrypted key ex-change without server public-keys,'' IEEE Communication Letters, vol.5, no.12, pp.497-499 (2001).
98.Lin I.C., Hwang M.S. and Li L.H., ''A new remote user authentication scheme for multi-server architecture,'' Future Generation Computer Systems, vol.19, pp.13-22 (2003).
99.Lo N.W. and K.H. Yeh, ''A novel authentication scheme for mobile commerce transactions,'' International Journal of Innovative Computing, Information and Control, to be published in vol.6, no.7 (2010).
100.Lo N.W. and Yeh K.H., ''A practical three-party authenticated key exchange protocol,'' International Journal of Innovative Computing, Information and Control, vol.6, no.6, pp.2469-2484 (2010).
101.Lo N.W. and Yeh K.H., ''Anonymous coexistence proofs for RFID tags,'' Jour-nal of Information Science and Engineering, to be published in vol.26, no.4 (2010).
102.Lo N.W. and Yeh K.H., ''Mutual RFID authentication scheme for re-source-constrained tags,'' Journal of Information Science and Engineering, In press (2010).
103.Lo N.W. and Yeh K.H., ''Cryptanalysis of two three-party encrypted key ex-change protocols,'' Computer Standards and Interfaces, vol.31, no.6, pp.1167-1174 (2009).
104.Lo N.W. and Yeh K.H., "An efficient mutual authentication scheme for EP-Cglobal class-1 generation-2 RFID system," Emerging Directions in Embedded and Ubiquitous Computing, LNCS 4809, pp.43-56 (2007).
105.Lo N.W. and Yeh K.H., "Novel RFID Authentication Schemes for Security Enhancement and System Efficiency," Secure Data Management, LNCS 4721, pp.203-212 (2007).
106.Lo N.W. and Yeh K.H., ''Hash-based mutual authentication protocol for mobile RFID systems with robust reader-side privacy,'' in Proc. of the 1st ACM Work-shop on Convergence of RFID and Wireless Sensor Networks and Their Appli-cations (2007).
107.Lo N.W. and Yeh K.H., "A secure communication protocol for EPCglobal class 1 generation 2 RFID systems," in Proc. of the 3rd International Workshop on RFID & WSN and its Industrial Applications (2010).
108.Lo N.W., Yeh K.H. and Chiang M.C., "Cryptanalysis of a simple three-party key exchange protocol," in Proc. of the 4th Joint Workshop on Information Security (2009).
109.Lo N.W., Yeh K.H. and Yeun C.Y., "New mutual agreement protocol to secure mobile RFID-enabled devices," Information Security Technical Report, vol.13, pp.151-157 (2008).
110.Lu R.X. and Cao Z.F., ''Simple three-party key exchange protocol,'' Computers and Security, vol.26, no.1, pp.94-97 (2007).
111.Ma C., Li Y., Li T., and Deng R. H., ''RFID Privacy: relation between two no-tions, minimal condition, and efficient construction,'' in Proc. of the 16th ACM Conference on Computer and Communication Security, pp.54-65 (2009).
112.Menezes A. and Vanstone S.A., ''Elliptic curve in cryptosystem and their im-plementation,'' Journal of Cryptology, pp.209-224 (1993).
113.Menezes A.J., Oorschot P.C. and Vanstone S.A., Handbook of Applied Crypto-graph, CRC Press, New York, 1997.
114.Merkle R.C., ''One way hash functions and DES,'' in Proc. of CRYPTO 89, LNCS 435, pp.428-446 (1989).
115.Messerges T.S., Dabbish E.A. and Sloan R.H., ''Examining smart-card security under the threat of power analysis attacks,'' IEEE Trans. on Computers, vol.51, no.5, pp.541-552 (2002).
116.Mi L. and Takeda F., ''Analysis of the robustness of the pressure-based individ-ual identification system based on neural networks,'' International Journal of Innovative Computing, Information and Control, vol.3, no.1, pp.97-110 (2007).
117.Miller A.S., ''Use of Elliptic curves in cryptography,'' in Proc. of CRYPTO 85, LNCS 218, pp.417-426 (2986).
118.Misbahuddin M., Ahmed M.A. and Shastri M.H., ''A simple and efficient solu-tion to remote user authentication using smart cards,'' Innovations in Informa-tion Technology, pp.1-5 (2006).
119.Mobile phone and RFID taxi tracking service, http://mobilementalism.com/ 2006/11/16/mobile-phone-and-rfid-taxi-tracking-service/ (2006).
120.Molnar D. and Wagner D., ''Privacy and security in library RFID: issues, prac-tices, and architectures,'' in Proc. of the Conference on Computer and Commu-nications Security, pp. 210-219 (2004).
121.Molva R., Tsudik G., Herreweghen E. van and Zatti S., ''KryptoKnight authen-tication and key distribution system,'' in Proc. of 1992 European Symposium on Research in Computer Security – ESORICS, pp.1-16 (1992).
122.Munilla J. and Peinado A., ''HB-MP: A further step in the HB-family of light-weight authentication protocols,'' Computer Networks (2007).
123.Nam J., Lee Y., Kim S. and Won D., ''Security weakness in a three-party pair-ing-based protocol for password authenticated key exchange,'' Information Sci-ences, vol.177, no.6, pp.1364-1375 (2007).
124.Nam J., Paik J., Kang H.K., Kim U.M. and Won D., ''An off-line dictionary at-tack on a simple three-party key exchange protocol,'' IEEE Communications Letters, vol.13, no.3, pp.205-207 (2009).
125.Neuman B.C. and Ts’o T., ''Kerberos: an authentication service for computer networks,'' IEEE communications Magazine, vol.32, no.9, pp.33-38 (1994).
126.Ng C.Y., Susilo W., Mu Y., Safavi-Naini R., ''New privacy results on synchro-nized RFID authentication protocols against tag tracing,'' in Proc. of 2009 European Symposium on Research in Computer Security – ESORICS, LNCS 5789, pp.321-336 (2009).
127.NIST FIPS PUB 180, Secure Hash Standard, National Institute of Standards and Technology, US Department of Commerce, Draft (1993).
128.Ohkubo M., Suzki K. and Kinoshita S., ''Cryptographic approach to ‘‘privacy-friendly” tags,'' in Proc. of the RFID Privacy Workshop (2003).
129.Okamoto T., ''Provably secure and practical identification schemes and corre-sponding signature schemes,'' in Proc. of CRYPTO 92, LNCS 740, pp.31-53 (1992).
130.Osaka K., Takagi T., Yamazaki K. and Takahashi O., ''An efficient and secure RFID security method with ownership transfer,'' in Proc. of the IEEE Interna-tional Conference on Computational Intelligence and Security, pp.1090-1095 (2006).
131.Ouafi K. and Phan Raphael C.-W., ''Privacy of recent RFID authentication pro-tocols,'' in Proc. of the ISPEC 2008, LNCS 4991, pp.263-277 (2008).
132.Park J.S. and Lee I.Y., ''RFID authentication protocol using ID synchronization in insure communication,'' in Proc. of the International Conference on Hybrid Information Technology, pp.664-667 (2006).
133.Peris-Lopez P., Hernandex-Castro J.C., Estevex-Tapiador J.M. and Ribagorda A., ''LAMED - a PRNG for EPC class-1 generation-2 RFID specification,'' Computer Standards & Interfaces, vol. 31, no. 1, pp.88-97 (2009).
134.Peris-Lopez P., Hernandex-Castro J.C., Estevex-Tapiador J.M. and Ribagorda A., ''LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags,'' in Proc. of the 2nd Workshop RFID Security (2006).
135.Peris-Lopez P., Hernandex-Castro J.C., Estevex-Tapiador J.M. and Ribagorda A., ''EMAP: an efficient mutual authentication protocol for low-cost tags,'' in Proc. of the OTM Federated Conf. and workshop: IS Workshop (2006).
136.Peris-Lopez P., Hernandex-Castro J.C., Estevex-Tapiador J.M. and Ribagorda A., ''M2AP: a minimalist mutual-authentication protocol for low-cost RFID tags,'' in Proc. of the UIC’06, pp.912-923 (2006).
137.Peris-Lopez P., Hernandex-Castro J.C., Estevex-Tapiador J.M. and Ribagorda A., ''Advances in ultralightweight cryptography for low-cost RFID tags: Gos-samer protocol,'' in Proc. of the Workshop Information Security Applications (2008).
138.Peris-Lopez P., Hernandez-Castro J.C., Estevez-Tapiador J.M., T. Li and Lubbe J.C.A. van der., ''Weaknesses in two recent lightweight RFID authentication protocols.'' in Proc. of Workshop on RFID Security (2009).
139.Peris-Lopez P., Hernandex-Castro J.C., Estevex-Tapiador J.M. and Ribagorda A., ''Solving the simultaneous scanning problem anonymously: Clumping proofs for RFID tags,'' in Proc. of the 3rd International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, pp.55-60 (2007).
140.Peris-Lopez P., Hernandex-Castro J.C., Estevex-Tapiador J.M. and Ribagorda A., ''Security flaws in a recent ultralightweight RFID protocol,'' in Proc. of the RFIDSec Asia'10 (2010).
141.Peris-Lopez P., Li T. and Hernandez-Castro J.C., ''Lightweight props on the weak security of EPC class-1 generation-2 standard,'' IEICE Trans. Information & Systems, vol.E93-D, no.3, pp.518-527 (2010).
142.Phan Raphael C.-W., ''Cryptanalysis of two password-based authentication schemes using smart cards,'' Computers & Security, vol.25, no.1, pp.52-54 (2006).
143.Phan Raphael C.-W., ''Cryptanalysis of a new ultralightweight RFID authenti-cation protocol – SASI,'' IEEE Trans. on Dependable and Secure Computing, vol.6, pp.316-320 (2009).
144.Phan Raphael C.W., Yau W.C. and Goi B.M., ''Cryptanalysis of simple three-party key exchange protocol (S-3PAKE),'' Information Sciences, vol.178, no.13, pp.2849-2856 (2008).
145.Piramuthu S., ''HB and related lightweight authentication protocols for secure RFID tag/reader authentication,'' in Proc. of the CollECTeR Europe Conference (2006).
146.Piramuthu S., ''On existence proofs for multiple RFID tags,'' in Proc. of the ACS/IEEE International Conference on Pervasive Services, pp.317-320 (2006).
147.Rhee K., Kwak J., Kim S. and Won D., ''Challenge-response based RFID au-thentication protocol for distributed database environment,'' in Proc. of the SPC 2005. LNCS 3450, pp.70-84 (2005).
148.Rivest R.L., ''The MD5 message-digest algorithm,'' RFC 1321, Internet Activi-ties Board, Internet Privacy Task Force (1992).
149.Rizomiliotis P., Rekleitis E. and Gritzalis S., ''Security analysis of the Song-Mitchell authentication protocol for low-cost RFID tags,'' IEEE Commu-nications Letters, vol.13, no.4, pp.274-276 (2009).
150.Rukhin A., Soto J., Nechvatal J., Smid M., Barker E., Leigh S., Levenson M., Vangel M., Banks D., Heckert A., Dray J. and Vo S., ''A statistical test suite for random and pseudorandom number generators,'' NIST Special Publication 800-22 (2000).
151.Saito J. and Sakurai K., ''Grouping proof for RFID tags,'' in Proc. of the 19th IEEE International Conference on Advanced Information Networking and Ap-plications, pp.621-624 (2005).
152.Shen J.J., Lin C.W. and Hwang M.S., ''A modified remote user authentication scheme using smart cards,'' IEEE Trans. on Consumer Electronics, vol.49, no.2, pp.414-416 (2003).
153.Song B. and Mitchell C., ''RFID Authentication Protocol for Low-cost Tags,'' in Proc. of the 1st ACM Conference on Wireless Network Security, pp.140-147 (2008).
154.Song B. and Mitchell C., ''Scalable RFID authentication protocol,'' in Proc. of the Network System Security, pp.216-224 (2009).
155.Steiner M., Tsudik G. and Waidner M., ''Refinement and extension of encrypted key exchange,'' ACM Operating Systems Review, vol.29, no.3, pp.22-30 (1995).
156.Sun H.M., ''An Efficient remote user authentication scheme using smart cards,'' IEEE Trans. on Consumer Electronics, vol.46, no.4, pp.958-961 (2000).
157.Sun H.M., Ting W.C. and Wang K.H., ''On the security of Chien’s ultralight-weight RFID authentication protocol,'' Cryptology ePrint Archive (2008).
158.Sun H.M., Chen B.C. and Hwang T., ''Secure key agreement protocols for three-party against guessing attacks.'' Journal of Systems and Software, vol.75, no.1-2, pp.63-68 (2005).
159.Suzuki S. and Nakada K., ''An authentication technique based on distributed security management for the global mobility network,'' IEEE Journal on Se-lected Areas in Communications, vol.15, no.8, pp.1608-1617 (1997).
160.Thirsty Koreans fight duff whisky with mobiles, http://www.theregister.co.uk/ 2007/08/01/whisky_bottle_rfid/ (2007).
161.Tsai J.L., ''Efficient multi-server authentication scheme based on one-way hash function without verification table,'' Computers & Security, vol.27, no.3-4, pp.115-121 (2008).
162.Tsalagatidou A. and Pitoura E., ''Business models and transaction in mobile electronic commerce: requirements and properties,'' Computer Networks, vol.37, pp.221-236 (2001).
163.Tsuar W.J., Wu C.C. and Lee W.B., ''An enhanced user authentication scheme for multi-server internet services,'' Applied Mathematics and Computation, vol.170, pp.258-266 (2005).
164.Tsuar W.J., ''A flexible user authentication scheme for multi-server internet ser-vices,'' in Proc. of the ICN 2001, LNCS 2093, pp.174-183 (2001).
165.Wang Y.Y., Liu J.Y., Xiao F.X., Dan J., ''A more efficient and secure dynamic ID-based remote user authentication scheme,'' Computer Communications, vol.32, pp.583-585 (2009).
166.Weis S.A., Sarma S.E., Rivest R.L. and Engels D.W., ''Security and privacy as-pects of low-cost radio frequency identification systems,'' in Proc. of the Secu-rity in Pervasive Computing, pp.201-212 (2003).
167.Wen H.A., Lee T.F. and Hwang T., ''Provably secure three-party pass-word-based authenticated key exchange protocol using Weil pairing, '' IEE Proceedings-Communications, vol.152, no.2, pp.138-143 (2005).
168.Wilson S.B. and Menezes A., ''Authenticated Diffie-Hellman key agreement protocols,'' in Proc. of the 5th Annual Workshop on Selected Areas in Cryptog-raphy, LNCS 1556, pp.339-361 (1998).
169.Yang J., Park J., Lee H., Ren K. and Kim K., ''Mutual authentication protocol for low-cost RFID,'' in Proc. of the Encrypt Workshop on RFID and Light-weight Crypto (2005).
170.Yeh K.H., Lo N.W. and Li Y., "A dynamic-ID based remote user authentication protocol for multi-server architecture," International Journal of Communication Systems, In press (2010).
171.Yeh K.H. and Lo N.W., "Improvement of two lightweight RFID authentication protocols," Information Assurance and Security Letters, vol.1, pp.6-11 (2010).
172.Yeh K.H. and Lo N.W., "An enhanced remote user authentication scheme for multi-server environment," International Journal of Innovative Computing, In-formation and Control, to be published in vol.6, no.8 (2010).
173.Yeh K.H. and Lo N.W., "Improvement of an EPC GEN2 compliant RFID au-thentication protocol," in Proc. of the 5th International Conference on Informa-tion Assurance and Security (2009).
174.Yeh K.H., Lo N.W. and Winata E., "Cryptanalysis of an efficient remote user authentication scheme with smart cards," International Journal of Innovative Computing, Information and Control, vol.6, no.6, pp.2595-2608 (2010).
175.Yeh K.H., Lo N.W. and Winata E., "An efficient ultralightweight authentication protocol for RFID systems," in Proc. of the RFIDsec’10 Asia (2010).
176.Yi W.S., Go W., Won D. and Kwak J., "Secure authentication protocol with biometrics in an M-commerce environment," in Proc. of the 4th Joint Workshop on Information Security (2009).
177.Yoon E.J., Ryu E.K. and Yoo K.Y., "An improvement of Hwang-Lee-Tang’s simple remote user authentication scheme," Computers & Security, vol.24, no.1, pp.50-56 (2005).
178.Yoon E.J., Ryu E.K. and Yoo K.Y., "Further improvement of an efficient pass-word based remote user authentication scheme using smart cards," IEEE Trans. on Consumer Electronics, vol.50, no.2, pp.612-614 (2004).
179.Yoon E.J. and Yoo K.Y., "Improving the novel three-party encrypted key ex-change protocol," Computer Standards & Interfaces, vol.30, pp.309-314 (2008).
180.Yuksel K., ''Universal hashing for ultra-low-power cryptographic hardware ap-plications,'' Master’s Thesis, Department of Electrical Engineering, Worcester Polytechnic Institute (2004).
181.Zhang X. and King B., ''Security requirements for RFID computing systems,'' International Journal of Network Security, vol.6, no.2, pp.214-226 (2008).
182.Zhang X., Feng Q.Y. and Li M., ''A modified dynamic ID-based remote user authentication scheme,'' in Proc. of International Conference on Communica-tions, Circuits and Systems, pp.1602-1604 (2006).
183.Zhang Z., Fang B., Hu M. and Zhang H., ''Security analysis of session initiation protocol,'' International Journal of Innovative Computing, Information and Control, vol.3, no.2, pp.457-469 (2007).