English  |  正體中文  |  简体中文  |  Items with full text/Total items : 2737/2828
Visitors : 3537702      Online Users : 26
RC Version 4.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Adv. Search
LoginUploadHelpAboutAdminister

Please use this identifier to cite or link to this item: http://ir.lib.stu.edu.tw:80/ir/handle/310903100/1276

Title: EPC Class-1 Generation-2 RFID認證機制之研究
The Research of EPC Class-1 Generation-2 RFID Authentication Protocols
Authors: 張國展
Kuo-Chan Chang
Contributors: Chun-Li Lin
資訊工程學系
Keywords: 無線射頻識別技術(RFID);EPC;Gen-2;隱私;身份認證;線上伺服器;離線伺服器
Radio Frequency Identification (RFID);Electronic Product Code (EPC);Gen-2;Privacy;Authentication;On-line Server;Off-line Server
Date: 2007
Issue Date: 2011-05-24 15:12:05 (UTC+8)
Publisher: 高雄市:[樹德科技大學資訊工程學系]
Abstract: 近年來由於無線射頻識別技術(Radio Frequency Identification, RFID)的快速發展,使得RFID的相關應用逐漸增加。EPC Class-1 Generation-2 (簡稱Gen-2)標準是EPCglobal Inc.近來發佈的RFID重要標準,標準中明確定義RFID讀取機與RFID電子標籤的通訊方式、運作程序、指令及標籤的相關規範。Gen-2標籤為一被動式的標籤,標籤內含有一電子產品編碼(Electronic Product Code, EPC)可識別特定單一物品,其主要安全特性是:僅支援擬亂數產生函數(PRNG)與循環冗餘碼(CRC)產生函數,而不支援進階的密碼函數,例如:單向雜湊及加解密函數等。

RFID認證機制主要是用來確認RFID電子標籤的有效性並保護RFID電子標籤的隱私。目前大部分的RFID認證機制是需要線上伺服器的參與,也就是線上伺服器-RFID讀取機-RFID電子標籤這種模式,其中,RFID讀取機只負責轉傳的動作,真正執行認證動作的是線上伺服器與RFID電子標籤,且線上伺服器與RFID讀取機之間是安全的通道。在上述的模式中,這個安全通道必須是可靠且持續保持連線的,然而在某些應用中,並不容易去維護這樣持續連線的安全通道,因此發展出具離線伺服器的RFID認證機制,在這種模式中,每次執行認證動作的是RFID讀取機與RFID電子標籤,而伺服器只有在必要的時候參與即可。

2006年,Duc et al.提出了一個適用Gen-2標準的具線上伺服器的認證機制,但是此機制仍存在有阻斷服務(Denial-of-Service)、偽造標籤(Counterfeit Tag)、及無法達到向前安全(Forward Security)等安全問題。同年,Chien et al.基於改善Duc et al.認證機制,也提出了新的認證機制,但是此機制仍舊存在偽造標籤及無法達到向前安全等安全問題。2007年,Tan et al.率先提出了一個具離線伺服器的RFID認證機制。但是此機制並不適用於Gen-2標準且仍無法達到向前安全。

本論文將分別研究發展具線上伺服器及具離線伺服器之Gen-2 RFID認證機制,主要的研究成果包括:

1. 具線上伺服器之RFID認證機制

(1) 指出Duc et al.機制易遭受阻斷服務(Denial-of-Service)、偽造標籤(Counterfeit Tag)、及無法達到向前安全(Forward Security)等安全問題。

(2) 指出Chien et al.機制易遭受偽造標籤(Counterfeit Tag)及無法達到向前安全(Forward Security)等安全問題。

(3) 我們提出一個新的認證機制,此機制可適用於Gen-2標準,且能夠解決先前安全機制上所存在之弱點。

2. 具離線伺服器之RFID認證機制

(1) 指出Tan et al.機制無法達到向前安全(Forward Security),且不適用於Gen-2標準。

(2) 我們提出一個新的認證機制,此機制可適用於Gen-2標準,且能夠解決先前安全機制上所存在之弱點。
By the rapid progress of Radio Frequency Identification technologies, many RFID-related applications have been developed. Recently, one of the most important RFID standards is the EPC Class-1 Generation-2 (Gen-2) standard which was proposed by EPCglobal Inc. The EPC Gen-2 standard defines the functionalities, communications, operations, and instructions between RFID readers and RFID tags. The EPC Gen-2 tag is a passive tag in which there is an Electronic Product Code (EPC) for identifying the object that it embeds in. The major security property of the EPC Gen-2 tag is that it only provides pseudo-random number generator and cyclic redundancy check function. That is, it does not support advanced cryptographic functions, like one-way hash functions and encryption functions.

The RFID authentication protocol is used to verify the validity of RFID tags and protect their privacy. Most RFID authentication protocols need an on-line server for the tag authentication. Between the on-line server and RFID tags, there is a RFID reader for forwarding messages. And the channel between the on-line server and the RFID reader is assumed to be secure and reliable. In some environments, however, to provide such a secure and reliable connection between the on-line server and the RFID reader is difficult. Hence, another type of RFID authentication protocols with off-line servers is developed. In the off-line server type, each authentication is performed between the RFID reader and the RFID tag. The server participates in the authentication only if necessary.

In 2006, Duc et al. proposed a RFID authentication protocol with an on-line server for Gen-2 standard. But this scheme is vulnerable to denial-of-service attack, counterfeit tag attack, and does dot provide forward secrecy. Subsequently, Chien et al. proposed an improvement of Duc et al.’s scheme. Unfortunately, Chien et al.’s improvement is still vulnerable to counterfeit tag attack and does dot provide forward secrecy. In 2007, Tan et al. first proposed a RFID authentication protocol with off-line servers. But this scheme is unsuitable for Gen-2 standard and does not provide forward secrecy.

In this thesis, we will research and develop Gen-2 RFID authentication protocols with on-line and off-line servers separately. The major research results include:

1. The RFID Authentication Protocol with on-line server

(1) We will point out that Duc et al.’s scheme is vulnerable to denial-of-service attack, counterfeit tag attack, and does dot provide forward secrecy.

(2) We will point out that Chien et al.’s scheme is vulnerable to counterfeit tag attack and does dot provide forward secrecy.


(3) We will propose a new RFID authentication protocol which is secure and suitable for Gen-2 standard.

2. The RFID Authentication Protocol with off-line server

(1) We will point out that Tan et al.’s scheme is unsuitable for Gen-2 standard and does not provide forward secrecy.

(2) We will propose a new RFID authentication protocols which is secure and suitable for Gen-2 standard.
Appears in Collections:[資訊工程系(所) ] 博碩士論文

Files in This Item:

File Description SizeFormat
EPC Class-1 Generation-2 RFID認證機制之研究__臺灣博碩士論文知識加值系統.htm國圖113KbHTML770View/Open


All items in STUAIR are protected by copyright, with all rights reserved.

 


無標題文件

著作權政策宣告:

1.

本網站之數位內容為樹德科技大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
 
2. 本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本校護人員(clairhsu@stu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
 
DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback