题名

RFID的安全與隱私保護

并列篇名

Securing RFID Systems from Security and Privacy Threats

DOI

10.29688/MHJ.200808.0013

作者

葉慈章(Tzu-Chang Yeh);劉耀元(Yao-Yuan Liu);吳建宏(Chien-Hung Wu)

关键词

RFID ; 安全 ; 隱私 ; RFID ; Security ; Privacy

期刊名称

明新學報

卷期/出版年月

34卷2期(2008 / 08 / 08)

页次

183 - 198

内容语文

繁體中文
中文摘要

RFID在近年來廣泛的被應用於交通運輸與供應鏈管理等領域,以更有效率地即時追蹤管理,降低物流成本;目前更應用於新一代的近端付款上。然而,由於RFID採用非接觸式的遠距離讀取,在空中傳輸的機密資料,很容易遭到竊聽甚至是冒用;RFID tag內存的資料也可能遭到惡意的竄改;非法的RFID reader也可能進行未經授權的資料蒐集,分析消費者的購物習性,或是透過RFID tag 所傳出的固定值,追蹤消費者的位置。 目前已有許多研究針對RFID的安全問題提出了不少解決方案,這些解決方案多假設RFID reader與後端資料庫的傳輸架構在企業內部的有線環境,而通常將其定義為安全通訊區段。然而目前許多的應用環境需使用手持式(行動式)的RFID reader,以無線的方式與後端資料庫連結,因此本研究將使用隨機雜湊鎖的方法提出改善的協定,並在兼顧安全、效率以及EPC網路相容性的前提下,使RFID系統的安全性無需建立於這些假設之上。
英文摘要

Interests continue to grow in recent years for the adoption of Radio Frequency Identification (RFID) in many different areas including transportation and supply chain management. However, because of the contact-less retrieval, the transmission of data in the air is very vulnerable to eavesdropping or appropriation. A primary security concern surrounding RFID technology is the illicit tracking of consumer location and analyzing of their shopping habits or behavior. Recently, there are many solutions are proposed for RFID security, but most of the existing solutions assume the channel between RFID reader and the back-end database is secure, for it is structured in the wired environment of enterprise's interior. However, nowadays the wireless portable RFID readers are widely used to connect back-end databases. Therefore, this research will propose a lightweight secure protocol using randomized hash lock method without depending on the assumption mentioned above.
主题分类 人文學 > 人文學綜合
基礎與應用科學 > 基礎與應用科學綜合
工程學 > 工程學綜合
社會科學 > 社會科學綜合
参考文献
  1. EPCglobal
  2. National Institute of Standards and Technology
  3. GS1 Taiwan
  4. Forrester Research
  5. IDTechEx
  6. Alfonsi, B. J.(2004).Privacy Debate Centers on Radio Frequency Identification.IEEE Security & Privacy,2(2),12.
  7. Alippi, C.,Vanini, G.(2004).A Genetic-based Application Oriented Approach to Optimize RFID-like Passive Sensor Devices for Homeland Security.Computational Intelligence for Homeland Security and Personal Safety, 2004. CIHSPS 2004. Proceedings of the 2004 IEEE International Conference on
  8. Auto-ID Center(2002).Technical Report MIT-AUTOID-TR-007Technical Report MIT-AUTOID-TR-007,未出版
  9. Ayoade, John(2005).Security implications in RFID and authentication processing framework.Computers & Security,25(3),207-212.
  10. Bansal R.(2004).Microwave Surfing.IEEE microwave magazine,9(2),28-30.
  11. Bridgelall R.(2003).Enabling Mobile Commerce Through Pervasive Communications with Ubiquitous RF Tags.Wireless Communications and Networking, 2003. WCNC 2003. 2003 IEEE,3,2041-2046.
  12. Conti M.,Pietro R.D.,Mancini L.V.,Spognardi A(2007).RIPP-FS: An RFID Identification, Privacy Preserving Protocol with Forward Secrecy.Pervasive Computing and Communications Workshops, 2007. PerCom Workshops '07. Fifth Annual IEEE International Conference on
  13. IBM alphaWorks
  14. Gao X.,Zhe X.,Wang H.,Shen J.,Huang J.,Song S.(2004).An Approach to Security and Privacy of RFID System for Supply Chain.E-Commerce Technology for Dynamic E-Business, 2004. IEEE International Conference on
  15. Henrici D.,Muller P.(2004).Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers.Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second IEEE Annual Conference on
  16. Huang X.(2008).Quantifying Information Leakage in RFID Systems.Advanced Communication Technology, 2008. ICACT 2008. 10th International Conference on
  17. Inoue S.,Konomi S.,Yasuura H.(2002).Privacy in the Digitally Named World with RFID Tags.Workshop on Socially-Informed Design of Privacy-Enhancing Solutions in Ubiquitous Computing
  18. Inoue S.,Yasuura H.(2003).RFID Privacy Using User-Controllable Uniqueness.RFID Privacy Workshop@MIT.
  19. Juels A.,Rivest R.L.,Szydlo M.(2003).The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy.8th ACM Conference on Computer and Communications Security
  20. Karjoth G.,Moskowitz P.A(2005).Disabling RFID Tags with Visible Confirmation:Clipped Tags Are Silenced.Workshop On Privacy In The Electronic Society Proceedings of the 2005 ACM workshop on Privacy in the electronic society
  21. Karthikeyan S.,Nesterenko M.(2005).RFID Security without Extensive Cryptography.Workshop on Security of ad hoc and Sensor Networks Proceedings of the 3rd ACM workshop on Security of ad hoc and sensor networks
  22. Kinosita S.,Hoshino F.,Komuro T.,Fujimura A.,Ohkubo A.(2005).Non-identifiable Anonymous-ID Scheme for RFID Privacy Protection.Proc. Of CSS'03.
  23. Knospe H.,Pohl H.(2004).RFID Security.Information Security Technical Report.
  24. Lin H.C.,Leu H.(2005).Using AHP Approach to Establish a Decision Analysis Mechanism for Adopting RFID Systems.Communications of IICM (Institute of Information and Computing Machinery,8
  25. Ni L. M.,Liu Y.,Lau Y. C.,Patil A. P.(2004).LANDMARC: Indoor Location Sensing Using Active RFID.Wireless Networks,10(6),701-710.
  26. Ohkubo M.,Suzuki K.,Kinoshita S.(2005).RFID privacy issues and technical challenges.Communications of the ACM,48(9),66-71.
  27. Ortiz S.(2006).How Secure Is RFID?.Computer,39(7),17-19.
  28. Phillips T.,Karygiannis T.,Huhn R.(2005).Security Standards for the RFID Market.IEEE Security and Privacy,3(6),85-89.
  29. Piramuthu S.(2007).Protocols for RFID tag/reader authentication.Decision Support Systems,43(3),897-914.
  30. Simple Lightweight RFID Reader Protocol (slrrp)
  31. Roy W.(2004).Enabling Ubiquitous Sensing with RFID.Computer,37(4),84-86.
  32. Song B.,Mitchell C.J.(2008).RFID authentication protocol for low-cost tags.Conference On Wireless Network Security Proceedings of the first ACM conference on Wireless network security
  33. Staake T.,Thiesse F.,Fleisch E.(2005).Extending the EPC Network-The Potential of RFID in Anti-counterfeiting.Symposium on Applied Computing Proceedings of the 2005 ACM symposium on Applied computing
  34. Thornton F.,Haines B.,Das A. M.(2006).RFID Security-Chapter 3 Threat and Target Identification.Syngress
  35. RFID Journal
  36. Weis S.A.,Sarma S.E.,Rivest R.,Engels D.W..Proceedings of the 1st Security in Pervasive Computing.LNCS.
  37. William K.(2006).RFID-another technology, another security mess?.Infosecurity Today,3(3),35-37.
  38. Zhai J.,Park C.M.,Wang G. N.(2006).Hash-Based RFID Security Protocol Using Randomly Key-Changed Identification Procedure.Computational Science and Its Applications-ICCSA 2006.
  39. 日經BP RFID編輯部著(2004)。RFID技術與應用。台北市:旗標。
  40. 王明德(2005)。RFID全面參與企業生產流程。DigiTimes。
  41. 王玫文(2004)。國際標準底定RFID市場起飛。iThome電腦報。
  42. 何玉美(2004)。RFID帶給半導體業者無限商機。iThome電腦報。
  43. 奚正德、張克章(2006)。RFID相關應用與安全機制簡介。長庚大學。
  44. 莊裕澤、王蒼仁、簡雄飛(2005)。RFID簡介。台灣大學。
  45. 經濟日報(2004/11/09)
  46. 鄭吉宏(2004)。RFID為全球163.8億個貨品換發身分證。iThome電腦報。
  47. 鄭吉宏(2004)。何謂RFID。iThome電腦報。
  48. 鄭吉宏(2004)。昇陽積極布署臺灣RFID商機。iThome電腦報。
  49. 鄭吉宏(2004)。臺灣RFID的機會不只在晶片。iThome電腦報。
  50. 鄭同伯(2004)。RFID EPC無線射頻辨識完全剖析。台北縣:博碩文化。
  51. CNET Taiwan
print cancel