Kim等人RFID協定的改善

Improvement on Kim et al.'s RFID Protocol

10.29688/MHJ.201202.0010

葉慈章(Tzu-Chang Yeh)；羅仕京(Shih-Ching Lo)

RFID ； EPC Class-l Generation-2 ； 安全 ； 鑑別 ； RFID ； EPC Class-1 Generation-2 ； Security ； Authentication

明新學報

38卷1期（2012 / 02 / 01）

133 - 145

繁體中文

無線射頻辨識（Radio Frequency Identification，RFID）系統由於具有遠距離自動辨識的能力，逐漸取代傳統條碼成為新一代的電子標籤，然而由於透過空氣傳輸的資料容易遭到竊聽、攔截或竄改，因此產生許多安全與隱私的問題。RFID的普及需要靠成本的降低；EPC Class-l Generation-2是低成本被動式標籤的全球新標準，由於標籤的運算能力有限無法進行複雜的運算，因此在安全防護的設計上更具挑戰性。2006年Kim等人針對此標準協定提出改善，以避免其資訊洩漏與重送攻擊的問題; 然而我們發覺Kim等人的協定仍有追蹤攻擊、向前安全攻擊與阻斷服務攻擊等問題，本研究將詳細分析此協定，並提出改善以避免上述的問題，使消費者能安心的享受RFID帶來的便利。

RFID, capable of remote automatic identification, is taking the place of barcodes to become electronic tags of the new generation. However, the information transmitted in the air could easily be eavesdropped, interrupted or modified due to its radio transmission nature. On top of this, its prevalence has brought the stress on its security and privacy issues.The popularity of RFID depends on the cost reduction. EPC Class-1 Generation-2, a new global standard for passive tags, has limited computation and memory capacity due to its implementation cost constraint. That makes the designing of the security protocol for the standard become even more challenging. In 2006, Kim et al. proposed an improved protocol to avoid information leakage and replay attacks which the standard suffers from. However, we found that their protocol is still vulnerable to tracking attacks, forward secrecy attacks and denial of service attacks. This paper will give demonstrations on what have caused these weaknesses and more of that, an improved protocol is proposed to avoid the problems mentioned above. That allows consumers to enjoy the technological convenience brought by RFID.

1. EPCglobal Inc. (2005). EPCglobal Object Name Service (ONS) Standard Version 1.0..
2. EPCglobal Inc. (2008). EPCTM Radio-Frequency Identity Protocols Class-1 Generation-2 UHF RFID Protocol for Communication at 860 MHz-960 MHz Version 1.2.0. Retrieved July. 2011, from http://www.gs1.org/gsmp/kc/epcglobal/uhfc1g2/uhfc1g2_1_2_0-standard-20080511.pdf
3. Burmester, M.,Medeiros, B.,Munilla, J.,Peinado, A.(2009).Secure EPC Gen2 compliant Radio Frequency Identification.Lecture Notes in Computer Science,5793,227-240.
4. Chien, H.Y.,Chen, C.H.(2007).Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards.Computer Standards and Interfaces,29,254-259.
5. Choi, E.Y.,Lee, D.H.,Lim, J.I.(2009).Anti-cloning protocol suitable to EPCglobal Class-1 Generation-2 Systems.Computer Standards and Interfaces,31,1124-1130.
6. Deursen, T.,Radomirovic, S.(2008).Attacks on RFID Protocols.Cryptology ePrint Archive,1-56.
7. Duc, D. N.,Park, J.,Lee, H.,Kim, K.(2006).Enhancing security of EPCglobal GEN-2 RFID tag against traceability and cloning.Symposium on Cryptography and Information Security
8. Kim, K.H.,Choi, E.Y.,Lee, S.M.,Lee, D.H.(2006).Secure EPCglobal Class-1 Gen-2 RFID System Against Security and Privacy Problems.Lecture Notes in Computer Science,4277,362-371.
9. Kok, Guido R.(2007).,Faculty of Electrical Engineering, Mathematics and Computer Science of the University of Twente.
10. Lo, N. W.,Yeh, K. H.(2010).A Secure Communication Protocol for EPCglobal Class 1 Generation 2 RFID Systems.IEEE Information Networking and Applications Workshops,10,562-566.
11. Peris-Lopez, P.,Hernandez-Castro, J.C.,Estevez-Tapiador, J.M.,Ribagorda, A.(2006).Workshop on RFID Security(RFIDSec'06)Workshop on RFID Security(RFIDSec'06),未出版
12. Rieback, M. R.,Crispo, B.,Tanenbaum, A. S.(2006).The Evolution of RFID Security.Pervasive Computing IEEE,5,62-69.
13. Roberts, C. M.(2006).Radio frequency identification (RFID).Computers and Security,25,18-26.
14. Rotter, P.(2008).A Framework for Assessing RFID System Security and Privacy Risks.Security & Privacy,7(2),70-77.
15. Sun, H.M.,Ting, W.C.(2009).A Gen2-Based RFID Authentication Protocol for Security and Privacy.Transactions on Mobile Computing,8,1052-1062.
16. Weinstein, R.(2005).RFID: A Technical Overview and Its Application to the Enterprise.IEEE Computer Society,27-33.
17. 陳昱仁、廖耕億、許建隆、林仲志(2009)。RFID概論。台北:華泰文化。