本論文研究並提出一個適用於無線射頻辨識系統（RFID）應用環境中安全且有效率的鑑別技術，此方法適用於計算能力弱、記憶體容量小且不需附加電池之RFID被動式電子標籤，我們提出之安全鑑別技術運用Hash函數與互斥或運算並具備安全防護及雙向鑑別的功能，可以有效的防止電子標籤遭到分析追蹤與複製，可確實提供一個具安全功能的RFID應用模式，這項鑑別技術不但可以運用在RFID行動付費機制中，也同時具備防止偽造、雙重消費及追蹤等功能，以確保行動交易過程中的安全性與隱私性。

This paper we propose a security and efficient authentication technology that is suitable for Radio Frequency Identification (RFID) application environment. This technology is proper when the passive tag has weak computing ability, memory limitation and no on-board battery. Based on Hash function and exclusive-or operation, this technology not only offers data protection and mutual authentication, but also can protect the tag from analysis, tracing, or cloning. In the application to RFID mobile payment, this technology can prevent masquerade, double spending and tracing, ensuring the security during the transaction process.

目錄	I
圖目錄	IV
表目錄	V
第一章  前言	1
第二章  RFID簡介及運作原理	4
2-1 RFID簡介	4
2-2 讀取器（Reader）	4
2-3 電子標籤（Tag）	5
2-4 資料庫電腦系統	7
第三章  RFID安全問題	8
3-1 擷取或竊聽攻擊	8
3-2 位置追蹤攻擊	9
3-3 複製攻擊	10
第四章  相關研究	11
4-1 Kill標籤法	11
4-2 Dimitriou法	11
4-3 Zhai法	13
4-4 Kang法	15
第五章  我們的安全鑑別技術	17
5-1 符號定義	17
5-2 身分鑑別方法	17
第六章  安全分析	21
6-1 電子標籤鑑別合法讀取器功能	21
6-2 讀取器鑑別合法電子標籤的功能	21
6-3 防止讀取器及電子標籤的非同步攻擊	21
6-4分析對密鑰k與Si的防護	22
6-5 防止電子標籤位置追蹤的攻擊	22
6-6 防止擷取傳送資料後進行電子標籤複製	23
6-7 防止因一個電子標籤遭破解對整個系統威脅	23
第七章  效能分析	24
7-1 整體系統的運算過程有效率	24
7-2 適用於低成本的電子標籤	24
第八章  結合我們安全鑑別技術之交通票務機制	25
8-1 符號定義	26
8-2 登註儲值階段	27
8-3 進站登載階段	32
8-4 離站扣款階段	37
第九章  功能分析	40
9-1 對外部攻擊者或偽造的讀取器具有匿名性	40
9-2 防止偽造進站記錄	40
9-3 防止偽造儲值金額	40
9-4 防止重送攻擊	41
9-5 優惠票	42
9-6 遺失補發	43
第十章  效能分析	44
第十一章  結論與未來研究方向	45
參考文獻：	46
附錄-英文論文	51

圖 1：RFID系統架構示意圖	4
圖 2：被動式RFID標籤(左)與主動式RFID標籤(右)	7
圖 3：Dimitriou的方法	12
圖 4：Zhai的方法	14
圖 5：Kang的方法	16
圖 6：我們的身份鑑別方法	20
圖 7：登註儲值階段	31
圖 8：進站登載階段	36
圖 9：離站扣款階段	39

表一：電子標籤IDi與Si 及Zi對照表	18

[1] G. Avoine and P. Oechslin, “RFID traceability: A multilayer problem”, Proceedings of Financial Cryptography - FC 2005, LNCS 3570, Springer-Verlag, pp. 125-140, 2005.
[2] G. Avoine and P. OecGJJS04hslin, “A scalable and Provably Secure Hash-Based RFID Protocol”, Proceedings of IEEE PerSec 2005, Kauai Island, Hawail, March, 2005.
[3] E. Choi, S. Lee, and D. Lee, “Efficient RFID Authentication Protocol for Ubiquitous Computing Environment”, Proceedings of EUC Workshops 2005, LNCS 3823, Springer-Verlag, pp. 945-954, 2005.
[4] H. Chien, “Secure access control schemes for RFID systems with anonymity”, Proceedings of 2006 International Workshop on Future Mobile and Ubiquitous Information Technologies, May, 2006.
[5] H. Chien and C. Chen, “Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards”, Proceedings of Computer Standards & Interfaces 29, pp. 254-259, 2007.
[6] T. Dimitriou, “A Lightweight RFID Protocol to protect against Traceability and Cloning attacks”, Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks, pp. 59-66, 2005.
[7] X. Gao, Z. Xiang, H. Wang, J. Shen, J. Huang and S. Song, “An approach to security and privacy of RFID system for supply chain”, Proceedings of IEEE International Conference, pp. 164-168, 2004.
[8] D. Henrici and P. Muller, “Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers”, Proceedings of 2nd IEEE Annual Conference on Pervasive Computing andCommunications Workshops, pp. 149-153, 2004.
[9] D. Henrici and P. Muller, “Tackling Security and Privacy Issues in Radio Frequency Identification Devices”, Available: http://www.icsy.de/~archiv/DPArchiv.0086.pdf , 1/5/2008.
[10]A. Juels, “RFID Security and Privacy:A Research Survey”, IEEE Journal on Selected Areas in Communications, Vol. 24, Issue 2, pp. 381-394, 2006.
[11]A. Juels, R. Rivest, and M. Szydlo, “The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy”, Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 103-111, 2003.
[12]A. Juels, S. Garfinkel, and R. Pappu, “RFID privacy: An overview of problems and proposed solutions”, Proceedings of IEEE Security and Privacy, pp. 34-43, 2005.
[13]A. Juels, D. Molnar, and D. Wagner, “Security and privacy issues in e-passports”, Available: http://www.cs.berkeley.edu/dmolnar/papers/papers.html , 1/5/2008.
[14]K. Kim, E. Choi, S. Lee, and D. Lee, “Secure EPCglobal Class-1 Gen-2 RFID System Against Security and Privacy Problems”, Proceedings of OTM Workshops 2006, LNCS 4277, Springer-Verlag, pp. 362-371, 2006.
[15]S. Karthikeyan and M. Nesterenko, “RFID Security without Extensive Cryptography”, Proceedings of SASN’05, November, 2005.
[16]S. Kang and I. Lee, “A Study on New Low-Cost RFID System with Mutual Authentication Scheme in Ubiquitous”, Proceedings of IEEE International Conference on Multimedia and Ubiquitous Engineering, pp. 527-530, 2008.
[17]D. Molnar and D.Wagner, “Privacy and security in library RFID : Issues, practices, and architectures”, Proceedings of ACM Conference on Communications and Computer Security, pp. 210-219, 2004.
[18]R. Molva, G. Tsudik, and D. Westhoff, “RFID Authentication Protocol with Strong Resistance Against Traceability and Denial of Service Attacks”, Proceedings of ESAS 2005, LNCS 3813, Springer-Verlag, pp. 164-175, 2005.
[19]M. Ohkubo, K. Suzuki and S. Kinoshita, “Cryptographic Approach to “Privacy-Friendly” Tags”, In RFID Privacy Workshop, 2003. Available:http://lasecwww.epfl.ch/~gavoine/download/papers/OhkuboSK-2003-mit-paper.pdf , 1/5/2008.
[20]K. Rhee, J. Kwak, S. Kim, D. Won, “Challenge-response based RFID authentication protocol for distributed database environment”, Proceedings of International Conference on Security in Pervasive Computing— SPC 2005, pp. 70-84, 2005.
[21]S. Sarma, S. Weis, and D. Engels, “RFID systems and security and privacy implications”, Proceedings of Workshop on Cryptographic Hardware and Embedded System – CHES 2002, LNCS 2523, Springer-Verlag, pp. 454-469, 2002.
[22]B. Toiruul, K. Lee, H. Lee, Y. Lee,and Y. Park, “Mutual-Authentication Mechanism for RFID Systems”, Proceedings of MSN 2006, LNCS 4325, Springer-Verlag, pp. 449-460, 2006.
[23]S. Weis, S. Sarma, R. Rivest and D. Engels, “Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems”, Available:http://www.eicar.org/rfid/kickoffcd , 1/5/2008.
[24]J. Yang, J. Park, H. Lee, K. Ren, K. Kim, “Mutual authentication protocol for low-cost RFID”, Proceedings of the Ecrypt Workshop on RFID and Lightweight Crypto, 2005.
[25]J. Yang, K. Ren, K. Kim, “Security and privacy on authentication protocol for low-cost radio”, Proceedings of the 2005 Symposium on Cryptography and Information Security, 2005.
[26]L. Zhang, H. Zhou, R. Kong and F. Yang, “An Improved Approach to Security and Privacy of RFID Application System”, Proceedings of IEEE International Conference on Wireless Communications, Networking and Mobile Computing, pp. 1149-1152, 2005.
[27]J. Zhai, C. Park, and G. Wang, “Hash-Based RFID Security Protocol Using Randomly Key-Changed Identification Procedure”, Proceedings of ICCSA, LNCS 3983, Springer-Verlag, pp. 296-305, 2006.
[28] 廖慧幸.李明堂.包春林, “無線射頻辨識技術(RFID)應用於國防安全加密之研究”,新新季刊,第三十五卷第一期,第170-176頁,2007年.
[29]范俊逸, “無線射頻識別技術之應用與發展”,資訊安全通訊,第十三卷第一期,第3-6頁,2007年.
[30] Available: http://www.rfid.org.tw/content.php?sn=68 , 1/5/2008.
[31] Available: http://www.rfid.org.tw/content.php?sn=88 , 1/5/2008.
[32] Available: http://www.rfid.org.tw/content.php?sn=101 , 1/5/2008.
[33] Available: http://www.wisyst.com/W2A/sa.htm , 1/5/2008.
[34] Available: http://www.read.com.tw/web/hypage.cgi?HYPAGE=subject/sub_rfid.asp , 1/5/2008.