無線射頻辨識系統(Radio Frequency Identification, RFID)是一項新的科技，近年來廣泛的被應用在許多的層面，如供應鏈管理、物流管理，人員的身份識別，醫療照護等等。RFID在我們的生活周遭愈漸普及，除了希望用來取現行條碼(Barcode)，還能帶來革命性的便利性與生產力，然而當RFID充斥在日常活中時，幾乎每一件物品上都嵌有智慧型標籤(Smart Tag)，無形中RFID的應用不僅為我們的生活帶來龐大的利益，同時也為我們帶來許多潛藏的安全與隱私上的威脅。由於RFID系統是利用無線傳輸的方式，對使用者的安全與隱私將造成威脅。雖然目前已有大量的文獻出現，提供許多密碼學方法或資訊安全機制應用在低成本RFID系統上；但由於標籤(Tag)的運算、儲存資源有限，若將現行的密碼學方法應用在標籤中，可能導致運算過於複雜，效率過差或硬體成本過高；因此這些方法都無法兼顧安全性和降低資料庫的負擔，所以如何在有限的資源裡，提出一套合適RFID協定，並在安全與成本上取得平衡，是未來RFID實施時，不可或缺的一項前提假設。
故本研究希望發展出一套雙向認證機制，使用低成本運算來加強RFID安全與隱私上的保護，如:XOR，OR，AND，Rot位元旋轉(Bit Rotation)等，讓付出的成本能比現在的研究或產品更低，並且在我們的方法中將認證流程區分為相互認證與資料傳送兩部份，在確認標籤與讀取器彼此認證成功之後，標籤才會將認證訊息傳出，相較於其它的安全認證機制提供較好的安全機制以及個人隱私權保護。最後利用多種安全觀點來檢視我們所提出的新方法，縱使在不安全的環境下，此方法在操作的過程中依然能夠達成匿名性，資料機密性，防偽，向前安全，隱私權保護等要求。

Radio frequency identification (RFID) has widely applied to many applications including supply chain, logistics management, personnel identification and patient care management. With the increasing usage of a RFID system, information security and end-user privacy have become a critical concern. In terms of security schemes, most of previous RFID authentication researches are too sophisticated for a low-cost RFID system. Factors such as resource-constrained tag, cheaper reader implementation and efficient information search on backend database should all be considered along with the security and privacy protection schemes for low cost RFID systems.
In this thesis, we present a mutual authentication protocol which uses the lightweight bitwise logic and arithmetic operations on a low-cost RFID tag to defend against many malicious attacks and achieve security requirements for a RFID system. In our scheme, we use simple and low-cost operations as encryption tools. In order to guarantee communication security, after the reader is successfully verified by a tag, the tag transmits the enciphered ID information to a reader to avoid attacker getting ID information by eavesdropping and to increase the cost of password guessing attack. Our scheme can achieve privacy protection and comply with security requirements to provide secure properties such as anonymity, data confidentiality, anti-cloning, availability, and forward security.

中文摘要 I
Abstract III
誌謝 IV
Content V
List of Figures VI
List of Tables VII
Chapter 1. Introduction 1
Chapter 2. Preliminary 5
2.1 RFID System Components 5
2.2 EPCglobal Class-1 GEN-2 6
2.3 RFID Security 7
2.3.1 Threat Model 7
2.3.2 Security Requirements 8
2.4 Related Work 9
Chapter 3. Security Analysis of Chen and Chen’s Scheme 14
3.1 Brief Review of Chen and Chen’s Scheme 14
Chapter 4. Porposed Authentication Protocol Design 26
4.1 Overview 26
4.2 General Assumptions 27
4.3 Our Proposed Scheme 29
4.3.1 Authentication Initialization 29
4.3.2 Authentication Procedure 34
4.4 Security and Efficiency Analyses 37
Chapter 5. Conclusion 45
Reference 46

[1]Ohkubo, M., K. Suzki, and S. Kinoshita, "Cryptographic Approach to 'Privacy friendly' Tags," Proc. of RFID Privacy Workshop, MIT, MA, USA, 2003.
[2]Rhee, K., J. Kwak, S. Kim and D. Won, "Challenge-Response Based RFID Authentication Protocols for Distributed Database Environment," Proc. of International Conference on Security in Pervasive Computing, pp.70-84, 2005.
[3]Ranasinghe, D.C., D.W. Engels and P.H. Cole, "Low-Cost RFID System: Confronting Security and Privacy, " Proc. of Auto-ID Laboratory Workshop, 2004.
[4]Feldhofer, M., S. Dominikus and J. Wolkerstorfer, "Strong Authentication for RFID Systems Using the AES Algorithm," Proc. of the 6th International Workshop on Cryptographic Hardware and Embedded Systems, LNCS Vol. 3156, pp.57-370, 2004.
[5]Weis, S.A., S.E. Sarma, R.L. Rivest and D.W. Engels, "Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems, " Proc. of International Conference on Security in Pervasive Computing, pp.201-212, 2003.
[6]Liu, Z. and D. Peng, "True Random Number Generator in RFID Systems against Traceability, "Proc. of the 3rd Internation Conference on Consumer Communications and Networking, 2006.
[7]Chien, H.Y. and C.H. Chen, "Mutual Authentication Protocol for RFID Conforming to EPC Class 1 Generation 2 Standard," Computer Standards & Interfaces , Vol. 29, Issue 2, pp.254-259.
[8]Duc, D.N., J. Park, H. Lee and K. Kim, "Enhancing Security of EPCglobal GEN-2 RFID Tag against Traceability and Cloning," Proc. of the 2006 Symposium on Cryptography and Information Security, Hiroshima, Japan, 2006.
[9]Karthikeyan, S. and M. Nesterenko, "RFID Security Without Extensive Cryptography," Proc. of the 3rd ACM Workshop on Security of Ad Hoc and Sensor Networks, 2005, pp.63-67.
[10]Osaka, K., T. Takagi, K. Yamazaki and O. Takahashi, "An Efficient and secure RFID Security Method with Ownership Transfer," Proc. of International Conference on Computational Intelligence and Security, Guangzhou, China, Vol.2, pp. 1090-1095, 2006.
[11]Henrici, D. and P. Müller, "Hash-Based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers," Proc. of International Conference on Pervasive Computing and Communications Security, Orlando, Florida, USA PERCOMW, 2004.
[12]Dimitriou, T., "A Lightweight RFID Protocol to Protect Against Traceability and Cloning Attacks, " Proc. of Internation Conference on Secuirty and Privacy for Emerging Areas in Communication Networks, Athens, Greece, 2005.
[13]Tsudik, G., "YATRAP: Yet Another Trivial RFID Authentication Protocol," Proc. of International Conference on Pervasive Computing and Communications, Pisa, Italy, 2006.
[14]Sarma, S., S. Weis, and D. Engels, "RFID Systems, Security and Privacy Implications," Technical Report MIT-AUTOID-WH014, AutoID Center, MIT, 2002.
[15]Chen, Y.J. and S.J. Chen, "Designing a Low-Cost RFID System with Security and Privacy Protection," Proc. of the 2007 Information Security Conference, 2007.
[16]Chien, H.Y., "SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity," Porc. Of International Conference on Transactions on Dependable and Secure Computing, Vol. 4, NO. 4, 2007.
[17]Peris-Lopez, P., J.C. Hernandez-Castro, J.M. Estervez-Tapiador and A. Ribagorda, "EMAP: An Efficient Mutual Authentication Protocol for Low-Cost RFID Tags," Proc. of OTM Federated Conferences on IS Workshop, 2006.
[18]Peris-Lopez, P., J.C. Hernandez-Castro, J.M. Estervez-Tapiador and A. Ribagorda, "M2AP: A minimalist Mutual Authenticaion Protocol for Low-Cost RFID tags," Proc. of International Conference on Ubiquitous Intelligence and Computing, LNCS Vol. 4159, pp: 912-923, 2006.
[19]Peris-Lopez, P., J.C. Hernandez-Castro, J.M. Estervez-Tapiador and A. Ribagorda, "LMAP: A Real Lightweight Mutual Authentciaion Protocol for Low-Cost RFID tags," Proc. of the 2nd Workshop on RFID Security, 2006.
[20]Li, T., and G. Wang, "Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols," Proc. of the IFIP International Information Security Conference, 2007.
[21]Chien, H.Y. and C.W. Huang, "Security of Ultra-Lightweight RFID Authentication Protocols and Its Improvements," ACM SIGOPS Operating Systems Review, Vol.41 Issue 4, 2007.
[22]Weis, S.A., "Security and Privacy in Radio-Frequency Identification Devices," Masters Thesis MIT., 2003.
[23]Juel, A. and S.A. Weis, "Authenticating Pervasive Devices with human Protocols," Advances in Cryptology, Lecture Notes in Computer Science. Springer-Verlag, http://www.rsasecurity.com/rsalabs/, 2005.
[24]Avoine, G., “Radio Frequency Identification: Adversary Model and Attacks on Existing Protocols,” Technical Report LASEC-REPORT-2005-001, EPFL, Lausanne, Switzerland, 2005.
[25]Tan, C.C., B. Sheng and Q. Li, "Serverlesss Search and Authentciation Protocols for RFID," Proc. of the 5th International Conference on Pervasive Computing and Communication, 2007.