無線射頻識別 (Radio Frequency Identification, RFID) 是採用非接觸式的方式對無線射頻標籤(Tag)達成自動化識別的技術，此技術已運用在不同領域上如物流供應鏈、門禁管制及醫療照護等。伴隨著RFID無線射頻標籤成本下降之趨勢，RFID標籤將會逐漸普及於日常生活中，並成為企業相繼引進的技術。
近年來RFID在電子商務的交易過程中有一個新的應用－所有權轉移，透過所有權轉移協定，將附有RFID標籤的商品之所有權轉移給他人，但現存的方法尚無法滿足所有權轉移安全需求，且有些方法大量使用加解密演算法或雜湊函數，試圖增加安全性，但卻花費太多計算成本。本論文提出一個安全且有效率的輕量運算演算法，來達成所有權轉移協定，安全地將嵌入電子標籤商品的所有權轉移至他人，經由分析比較，我們能達成RFID物件所有權轉移，並且可以在訊息傳遞上達到安全需求以及有較佳的效能表現。

Radio Frequency Identification (RFID) is a contactless automatic identification technology. With the low-cost and advancement of technology, RFID has been applied in various fields, including supply chain, access control, medical care and so on. Nevertheless, owing to the cost of RFID tags are decreasing, it will be anywhere in our life.
In recent year, RFID is applied to E-commerce transactions; moreover, the ownership transfer issue for RFID tags is extended during the process of transaction. Through the ownership transfer protocol, we can change the owner of the tag which is attached on objects so as to achieve complete transactions. In previous studies, the proposed protocols were challenged with their security threats, privacy violation problems and heavy computation. Therefore, we proposed a novel secure and efficient ownership transfer protocol for RFID tags using lightweight computing operators and also achieve the security requirements and safely change the owner of tags. Detailed analyses show that our proposed protocol can achieve security on messages passing and higher performance.

中文摘要i
Abstractii
致謝iii
Contentsiv
List of Figuresv
List of Tablesvi
Chapter 1 Introduction1
Chapter 2 Related Work6
2.1Ownership Transfer with RFID Tag6
2.1.1Ownership Transfer for Single Tag6
2.1.2Ownership Transfer for a Group of Tags10
2.2Authentication with RFID Tag11
Chapter 3 The Proposed OT-LE Protocol12
3.1Assumptions12
3.2Notations14
3.3OT-LE14
3.3.1Registration Phase15
3.3.2Current Ownership Suspension Phase16
3.3.3New Ownership Establishment Phase20
Chapter 4 Security and Efficiency Analysis23
4.1Security Analysis23
4.2Efficiency Analysis26
4.3Discussion29
Chapter 5 Conclusions31
References32

[1]K. Osaka, T. Takagi, K. Yamazaki, and O. Takahashi, “An Efficient and Secure RFID Security Method with Ownership Transfer,” Computational Intelligence and Security, Berlin, Guangzhou, pp. 1090 -1095, 2006.
[2]S. Fouladgar, and H. Afifi, “An Efficient Delegation and Transfer of Ownership Protocol for RFID Tags,” International Workshop on RFID Technology, Vienna, Austria, 2007.
[3]B. Song, “RFID Tag Ownership Transfer,” Workshop on RFID Security and privacy, Budapest, 2008.
[4]Y. Zuo, “Changing Hands Together: A Secure Group Ownership Transfer Protocol for RFID Tags,” Hawaii International Conference on System Sciences, Koloa, Kauai, HI, pp. 1-10, 2010.
[5]J. Saito, K. Imamoto, and K. Sakurai, “Reassignment Scheme of an RFID Tags Key for Owner Transfer,” Embedded and Ubiquitous Computing, Vol. 3823, pp. 1303-1312, 2005.
[6]L. Kulseng, Z. Yu, Y. Wei and Y. Guan, “Lightweight Mutual Authentication and Ownership Transfer for RFID Systems,” IEEE INFOCOM, San Diego, CA, 2010.
[7]H. Lei and T. Cao, “RFID Protocol Enabling Ownership Transfer to Protect against Traceability and DoS Attacks,” The First International Symposium on Data, Privacy, and E-Commerce, Chengdu, China, pp. 508-510, 2007.
[8]G. Kapoor, and S. Piramuthu, “Single RFID Tag Ownership Transfer Protocols”, IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, 2010.
[9]C.L. Chen, Y.L. Lai, C.C. Chen, Y. Y. Deng, and Y. C. Hwang, “RFID Ownership Transfer Authorization Systems Conforming EPCglobal Class-1 Generation-2 Standards,” International Journal of Network Security, Vol. 13, No. 1 pp. 41-48, 2011.
[10]S. Fouladgar and H. Afifi, “A Simple Delegation Scheme for RFID Systems (SiDeS),” IEEE International Conference on RFID, Grapevine, Texas, USA, pp. 1-6, 2007.
[11]E.J. Yoon, and K.Y. Yoo “Two Security Problems of RFID Security Method with Ownership Transfer,” Network and Parallel Computing, Shanghai, China, pp. 68-73, 2008.
[12]B. Song and C. J. Mitchell. “RFID Authentication Protocol for Low-cost Tags,” ACM Conference on Wireless Network Security, Alexandria, Virginia, USA, 2008.
[13]P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, T. Li, and Y. Li, “Vulnerability Analysis of RFID Protocols for Tag Ownership Transfer,” Computer Networks : The International Journal of Computer and Telecommunications Networking, Vol. 54, No. 16, pp. 1502-1508, 2010.
[14]H.Y. Chien, “SASI: A New Ultra-Lightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity,” IEEE Transactions on Dependable and Secure Computing, Vol. 4, No. 4, pp. 337 -340, 2007.
[15]S.S. Kumar and C. Paar, “Are Standards Compliant Elliptic Curve Cryptosystems Feasible on RFID?” Workshop on RFID Security and privacy, Graz, Austria, 2006.
[16]N.W. Lo and K.H. Yeh, “Mutual RFID Authentication Scheme for Resource-constrained Tags,” Journal of Information Science and Engineering, Vol. 26, No. 5, pp. 1875-1889, 2010.
[17]H.Y. Chien, “Secure Access Control Schemes for RFID Systems with Anonymity,” International Workshop on Future Mobile and Ubiquitous Information Technologies, Nara, Japan, 2006.
[18]L. Lu, J. Han, L. Hu, Y. Liu, and L. M. Ni, “Dynamic Key-updating: Privacy-preserving Authentication for RFID Systems,” IEEE International Conference on Pervasive Computing and Communications, New York, USA, pp. 13-22, 2007.
[19]H.Y. Chien, and C.H. Chen, “Mutual Authentication Protocol for RFID Conforming to EPC Class 1 Generation 2 Standards,” Computers Standards & Interfaces, Vol. 29, No. 2, pp. 254-259, 2007.
[20]C.L. Chen, and Y.Y. Deng, “Conformation of EPC Class 1 Generation 2 Standards RFID System with Mutual Authentication and Privacy Protection,” Engineering Applications of Artificial Intelligence, Vol. 22, No. 8, pp. 1284-1291 2009.
[21]P. Peris-Lopez, J.C. Hernandex-Castro, J.M. Estevex-Tapiador and A. Ribagorda, “LMAP: A Real Lightweight Mutual Authentication Protocol for Low-cost RFID Tags,” Workshop RFID Security, Graz, 2006.
[22]P. Peris-Lopez, J.C. Hernandex-Castro, J.M. Estevex-Tapiador and A. Ribagorda, “EMAP: An Efficient Mutual Authentication Protocol for Low-cost Tags,” OTM Federated Conference and Workshop, Springer, Berlin, Germany, pp. 352-361, 2006.
[23]P. Peris-Lopez, J.C. Hernandex-Castro, J.M. Estevex-Tapiador and A. Ribagorda, “M2AP: A Minimalist Mutual-authentication Protocol for Low-cost RFID Tags,” International Conference on Ubiquitous Intelligence and Computing, Wuhan and Three Gorges, China, Vol. 4159, pp. 912-923, 2006.
[24]P. Peris-Lopez, J. C. Hernandez-Castro, J. M. Estevez-Tapiador, and A. Ribagorda, “Solving The Simultaneous Scanning Problem Anonymously: Clumping Proofs for RFID Tags”, International Workshop on Security, Privacy
and Trust in Pervasive and Ubiquitous Computing, Istanbul, Turkey, 2007.