RFID標籤匿名性之研究與分析

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：40

、訪客IP：3.145.69.255

姓名

程胤凱(Yin-kai Chen) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

RFID標籤匿名性之研究與分析
(Cryptanalysis on RFID Authentication Protocols with Tag Anonymity)

相關論文

★ 多種數位代理簽章之設計	★ 小額電子支付系統之研究
★ 實體密碼攻擊法之研究	★ 商業性金鑰恢復與金鑰託管機制之研究
★ AES資料加密標準之實體密碼分析研究	★ 電子競標系統之研究
★ 針對堆疊滿溢攻擊之動態程式區段保護機制	★ 通用型數域篩選因數分解法之參數探討
★ 於8051單晶片上實作可防禦DPA攻擊之AES加密器	★ 以非確定式軟體與遮罩分割對策防禦能量攻擊之研究
★ 遮罩保護機制防禦差分能量攻擊之研究	★ AES資料加密標準之能量密碼分析研究
★ 小額電子付費系統之設計與密碼分析	★ 公平電子現金系統之研究
★ RSA公開金鑰系統之實體密碼分析研究	★ 保護行動代理人所收集資料之研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

Hash-based RFID 認證協定可以幫助管理系統變的更加有效率，以及保護使用者的隱私。在本論文中，我們主要的研究是RFID 認證協定之標籤(Tag)匿名性。
在2008 年時，王等人提出了一種重送攻擊(Replay Attack)在Yang等人所提出的認證協定。此攻擊需在1)伺服器(Server)與讀取器(Reader)之間的通訊通道為不安全之通訊通道以及2)標籤不會執行更新金鑰之動作之假設下才能進行攻擊，當成功攻擊後，攻擊者可以透過從標謙所收集來的訊息來辨識標籤，使Yang 等人的協定不具有標籤匿名性。王等人對Yang 等人的認證協定進行改善，並提出一個新的認證協定。
而在此論文中，我們提出了新奇的重送攻擊在Yang 等人的認證協定以及王等人的認證協定上。此重送攻擊與王的重送攻擊差別在於，我們的重送攻擊可以1)幫助攻擊者透過伺服器所傳送出來的訊息來辨識標籤2)即使此攻擊只需使用上述中的第一項假設，即可攻擊成功。
在我們所提出的認證協定中，我們可以得知，若RFID 認證協定具有讀取器認證性(Reader authentication)以及標籤匿名性(Tag anonymity)，我們所提出的重送攻擊將無法攻擊成功。因此我們提出了一個改進的認證協定，此協定達到上述的兩種安全性質，因此可以成功的抵擋我們所提出的重送攻擊以及我們所定義的金鑰破解(Key compromise)攻擊，王等人所提出的重送攻擊與王等人所提出的DoS 攻擊。

摘要(英)

Hash-based RFID authentication protocols can help management systems to be more efficient and protect user privacy. In this thesis, our research focus on hash-based RFID authentication protocols with tag anonymity.
In 2008, Wang et al. proposed a replay attack on Yang et al.’’s protocol. Under two assumptions that 1) channels between servers and readers are insecure, and 2) tags do not update its secret key pair, the replay attack can help an adversary to recognize tags by processing outputs from tags. Wang et al. also proposed a protocol which can resist their replay attack.
We propose two novel replay attacks on Yang et al.’’s protocol and Wang et al.’’s protocol. Different from Wang et al.’’s replay attack, our proposed replay attacks can 1) help an adversary to recognize tag by comparing outputs from one server, and 2) successfully work only under the first assumption.
In our proposed replay attack, we deduce that if RFID authentication protocols satisfy strong tag anonymity and reader authentication, our proposed replay attacks will be failed. Therefore, we propose an improved protocol which satisfies these security properties, and can resist our proposed replay attacks, our defined key compromise attack, Wang et al.’’s replay attack and Wang et al.’’s DoS attack.

關鍵字(中)

★ 標籤匿名性
★ RFID認證協定

關鍵字(英)

★ tag anonymity
★ RFID authentication protocol

論文目次

1 Introduction 1
1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3 Overview of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2 Preliminary of Radio Frequency Identification System 8
2.1 Introduction to RFID Systems . . . . . . . . . . . . . . . . . . . . . . 8
2.1.1 The primer of RFID systems . . . . . . . . . . . . . . . . . . . 8
2.1.2 Applications of RFID systems . . . . . . . . . . . . . . . . . . 11
2.2 Privacy Problems and Security Properties . . . . . . . . . . . . . . . 11
2.2.1 User privacy problems . . . . . . . . . . . . . . . . . . . . . . 11
2.2.2 Security properties . . . . . . . . . . . . . . . . . . . . . . . . 12
2.2.3 Attacks on RFID authentication protocols . . . . . . . . . . . 15
3 Radio Frequency Identification Authentication Protocols Based on
One Way Hash Function 17
3.1 Weis et al.'s Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.1.1 Hash-Lock protocol . . . . . . . . . . . . . . . . . . . . . . . . 17
3.1.2 Randomized-Hash-Lock protocol . . . . . . . . . . . . . . . . . 19
3.2 Ohkubo et al.'s Protocol . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.3 Yang et al.'s Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.4 Drawback of Yang et al.'s Protocol . . . . . . . . . . . . . . . . . . . 24
3.4.1 Selwyn's tracing attack . . . . . . . . . . . . . . . . . . . . . . 24
3.4.2 Reader authentication . . . . . . . . . . . . . . . . . . . . . . 26
3.5 Wang et al.'s Attacks and Protocol . . . . . . . . . . . . . . . . . . . 26
3.5.1 DoS attack on Yang et al.'s protocol . . . . . . . . . . . . . . 26
3.5.2 Replay attack on Yang et al.'s protocol . . . . . . . . . . . . . 27
3.5.3 Wang et al.'s improved protocol . . . . . . . . . . . . . . . . . 28
3.6 Security Analyses of Wang et al.'s Protocol . . . . . . . . . . . . . . . 31
III
4 Proposed Replay Attacks 35
4.1 Our Proposed First Replay Attack . . . . . . . . . . . . . . . . . . . 35
4.1.1 Our proposed replay attack on Yang et al.'s protocol . . . . . 36
4.1.2 Our proposed replay attack on Wang et al.'s protocol in synchronized case . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4.1.3 Threats of user's privacy of Attack . . . . . . . . . . . . . . . 41
4.1.4 Proposed countermeasures against the attack . . . . . . . . . 42
4.2 Our Proposed Second Replay Attack . . . . . . . . . . . . . . . . . . 42
4.2.1 The discussion of the proposed second replay attack . . . . . . 45
4.3 Summary of The Proposed Replay Attacks . . . . . . . . . . . . . . . 45
5 Proposed Protocol with Tag Anonymity 47
5.1 Our Proposed Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 47
5.2 Security and Performance Analyses . . . . . . . . . . . . . . . . . . . 50
5.2.1 The security analysis of the proposed protocol . . . . . . . . . 51
5.2.2 The performance analysis of the proposed protocol . . . . . . 54
5.3 Summary of The Proposed Protocol . . . . . . . . . . . . . . . . . . . 55
6 Conclusions 59
6.1 Brief Review of Main Contributions . . . . . . . . . . . . . . . . . . . 59
6.2 Future Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Bibliography...........................62

參考文獻

[1] A.-I. Center, “900 MHz class 0 radio frequency (RF) identification tag specification. draft," March 2003.
[2] N. J. Hopper and M. Blum, “Secure human identification protocols," in ASI-ACRYPT '01: Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security, (London, UK), pp. 52 - 66, Springer, 2001.
[3] H. Gilbert, M. Robshaw, and H. Sibert, “Active attack against HB+: A provably secure lightweight authentication protocol," Electronics Letters, vol. 41, pp. 1169 - 1170, October 2005.
[4] J. Bringer, H. Chabanne, and E. Dottax, “HB++: A lightweight authentication protocol secure against some attack," Second International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, pp. 28-33, June 2006.
[5] S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels, “Security and privacy
aspects of low-cost radio frequency identification system," in Security in Pervasive Computing, vol. 2802 of Lecture Notes in Computer Science, pp. 50 - 59, Springer, January 2004. http://theory.lcs.mit.edu/sweis/spc-r¯d.pdf.
[6] M. Ohkubo, K. Suzuki, and S. Kinoshita, “Cryptographic approach to “privacy-friendly" tags," in RFID Privacy Workshop, 2003.
[7] J. Yang, J. Park, H. Lee, K. Ren, and K. Kim, “Mutual authentication protocol for low-cost RFID," in Handout of the Encrypt Workshop on RFID and Lightweight Crypto, 2005.
[8] N. Lo and K.-H. Yeh, “An efficient mutual authentication scheme for epcglobal class-1 generation-2RFID system," in Emerging Directions in Embedded and Ubiquitous Computing, pp. 43-56, Springer, 2007.
[9] C.-H. Wang and W.-Y. Tasi, “An RFID authentication scheme for wireless communication channel," in Crypto and Information Security Conference '08, June 2008.
[10] Y.-H. Liao and W.-G. Tzeng, “A secure RFID authentication protocol based on strongly 2-universalhash function," in Cryptology and Information Security Conference '08, June 2008.
[11] K. Osaka, T. Takagi, K. Yamazaki, and O. Takahashi, “An efficient and secure RFID security method with ownership transfer," in Computational Intelligence and Security, vol. 4456 of Lecture Notes in Computer Science, pp. 778-787, Springer, September 2007.
[12] P. Peris-Lopez, J. C. Hernandez-Castro, J. M. Estevez-Tapiador, and A. Ribagorda, “RFID systems: A survey on security threats and proposed solutions," in Personal Wireless Communications, vol. 4217 of Lecture Notes in Computer Science, pp. 159-170, Springer Berlin / Heidelberg, 2006.
[13] E. Berlekamp, R. McEliece, and H. van Tilborg, “On the inherent intractability of certain coding problems (corresp.)," IEEE Transactions on Information Theory, vol. 24, pp. 384-386, May 1978.
[14] K. YAuksel, “Universal hashing for ultra-low-power cryptographic hardware applications," Master's thesis, Dept. of Electronical Engineering, WPI, 2004.
[15] EPCglobal, .
[16] P. Peris-Lopez, J. C. Hernandez-Castro, J. Estevez-Tapiador, and A. Ribagorda, “RFID systems: A survey on security threats and proposed solutions," in 11th IFIP International Conference on Personal Wireless Communications - PWC'06, vol. 4217 of Lecture Notes in Computer Science, pp. 159 - 170, Springer, September 2006.
[17] A. Juels, R. Pappu, and T. Llc, “Squealing euros: Privacy protection in RFID-enabled banknotes," in Financial Cryptography '03, pp. 103 - 121, Springer, 2002.
[18] S. J. Goetz and H. Swaminathan, “Wal-Mart and county-wide poverty," Social Science Quarterly, vol. 87, no. 2, pp. 211-226, 2006.
[19] Y. Chen, J.-S. Chou, and H.-M. Sun, “A novel mutual authentication scheme based on quadratic residues for RFID systems," Computer Networks, vol. 52, pp. 2373-2380, August 2008.
[20] S. Piramuthu, “Protocols for RFID tag/reader authentication," Decis. Support Syst., vol. 43, no. 3, pp. 897-914, 2007.

指導教授

顏嵩銘(Sung-Ming Yen)

審核日期

2009-7-23

推文