無線射頻辨識技術已經被廣泛地應用在許多環境中，如零售業供應鏈、付費系統、門禁系統等。為了避免使用者隱私受到侵犯，在無線射頻辨識系統上的防護措施有其必要性。過去文獻已提出許多機制以解決隱私問題，然而，這些機制仍然有無法抵擋的攻擊並有一些缺點。即使在標籤上做硬體防護可以阻止被未經許可的讀取，但現實中的應用卻會受到限制。目前，已有許多措施用密碼認證以保護隱私。由於標籤的運算能力和資源有限，強大的加解密演算法不適合實作在低成本的被動式標籤上，但比較簡易的密碼學方式是可行的。
在過去的無線射頻辨識系統中，後端伺服器和讀取器被視為同一方角色，它們之間的通訊管道被假定為安全而不遭受竊聽的。許多機制只提供在標籤和讀取器之間的認證。在行動環境中，任何人可以持有一個內嵌主動式無線射頻辨識發送及接收器的行動裝置，讀取物品上附著的標籤且得到回應訊息後，透過無線通道傳送資料給後端伺服器並獲取資訊及服務。雖然這樣的架構很方便，可是通訊管道變得不再安全。此外若資料庫內所有標籤的相關資訊，不是所有讀取器有授權可以存取時，將構成資料隱私權的一項威脅。
在這篇論文中，我們提出的兩套認證機制皆有提供存取授權的管理以及解決在無線環境下的可能威脅。第ㄧ套機制可以抵擋數個在無線射頻辨識系統上會遭遇的攻擊，並且提供一個有效率的標籤辨識的方法，避免伺服器在資料庫中搜尋時耗費大量運算而導致效率低落。透過一把共享的秘密金鑰，伺服器得以判斷某一個讀取器有哪些標籤的讀取權限，進而達到每一個標籤的存取權限管理。另外一套機制則強化了過去交易的隱私保護，以及針對讀取器持有人的位置隱私，確保讀取器發送的請求訊息可以防止敵人追蹤。根據應用環境的需求，我們可以在效率和安全兩個考量上選擇最適合的機制。

There have been various mechanisms proposed to address privacy problems, however, they are still vulnerable to different attacks and leaves a few weaknesses. Although existing hardware-based approaches prevent unauthorized reading, those are restricted in practice. At present, many solutions introducing cryptographic authentication have been suggested to protect user privacy. Because of constraint resources, strong cryptography is not suitable for passive and low-cost RFID tags, but weaker cryptographic primitives are widely adopted among authentication protocols.
In the past works, a reader and the back-end server are considered as a single entity, and the internal communication channel is secure. Many schemes only provide authentication between a server and a tag. In the mobile RFID environment, anyone who possesses a mobile device equipped with active RFID transmitter/receiver can interact with RFID-tagged objects, and acquire information from a back-end server through wireless communications. For this reason, it ought to achieve proper reader authentication.
In this thesis, we propose two authentication schemes to resolve privacy threats in a mobile environment, where a mobile reader is not authorized to acquire every tag’s related data. One achieves many security requirements with efficient tag identification, which helps the server save an exhaustive search in its database. This scheme determines whether if a reader has the proper access right or not through a shared secret key. The other is able to enhance forward privacy of transactions, and keep a reader anonymous when a reader user’s location privacy is considered. These two authentication schemes are trade-off and based on two chief considerations: efficiency and security. The trade-offs are chosen relying on what application environment the RFID system is applied in.

[1] A. Juels, “Minimalist Cryptography for Low-Cost RFID Tags,” International Conference on Security in Communication Networks – SCN’04, LNCS 3352, pp. 149-164, Springer- Verlag, September 2004.
[2] Auto-ID Center, “860MHz-960MHz Class I Radio Frequency Identification Tag Radio Frequency & Logical communication Interface Specification Proposed Recommendation Version 1.0.0,” Technical Report MIT-AUTOID-TR-007, November 2002.
[3] G. Avoine and P. Oechslin, “RFID Traceability: A Multilayer Problem,” Financial Cryptography – FC’05, LNCS 3570, pp. 125−140, Springer-Verlag, February – March 2005.
[4] D. Eastlake and P. Jones, US Secure Hash Algorithm 1 (SHA1), Internet RFC 3174, September 2001.
[5] A. Juels, “RFID Security and Privacy: A Research Survey,” IEEE Journal on Selected Areas in Communication, vol. 24, pp. 381−394, February 2006.
[6] J. Kim and H. Kim, “A Wireless Service for Product Authentication in Mobile RFID Environment,” International Symposium on Wireless Pervasive Computing – ISWPC’06, pp. 1−5, January 2006.
[7] T. Dimitriou, “A Lightweight RFID Protocol to Protect against Traceability and Cloning Attacks,” Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm’05, pp. 59−66, IEEE Computer Society Press, September 2005.
[8] S. Sarma, S. Weis, and D. Engels, “RFID Systems and Security and Privacy Implication,” Workshop on Cryptographic Hardware and Embedded Systems – CHES’02, LNCS vol. 2523, pp. 454−469, Springer-Verlag, August 2002.
[9] K. Takaragi, M. Usami, R. Imura, R. Itsuki, and T. Satoh, “An Ultra Small Individual Recognition Security Chip,” IEEE Micro, vol. 21, pp. 43–49, November/December 2001.
[10] M. Feldhofer, S. Dominikus and J. Wolkerstorfer, “Strong Authentication for RFID Systems Using the AES Algorithm,” Workshop on Cryptographic Hardware and Embedded Systems – CHES’04, LNCS 3156, pp. 357−370, Springer-Verlag, August 2004.
[11] M. Ohkubo, K. Suzuki and S. Kinoshita, “Cryptographic Approach to Privacy-Friendly Tags,” RFID Privacy Workshop 2003, MIT, November 2003.
[12] S. L. Garfinkel, A. Juels and R. Pappu, “RFID Privacy: An Overview of Problems and Proposed Solutions,” IEEE Security and Privacy, vol.3, pp. 33−34, May/June 2005.
[13] S. A. Weis, S. E. Sarma, R. L. Rivest and D. W. Engels, “Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems,” International Conference on Security in Pervasive Computing – SPC’03, LNCS 2802, pp. 454−469, Springer-Verlag, March 2003.
[14] G. Avoine and P. Oechslin, “A Scalable and Provably Secure Hash Based RFID Protocol,” International Workshop on Pervasive Computing and Communication Security – PerSec’05, pp. 110−114, IEEE Computer Society Press, March 2005.
[15] A. Juels, R. Rivest, and M. Szydlo, “The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy,” ACM Conference on Computer and Communications Security – CCS’03, pp. 103−111, ACM Press, October 2003.
[16] K. Fishkin, S. Roy, and B. Jiang. “Some Methods for Privacy in RFID Communication,” European Workshop on Security in Ad-hoc and Sensor Networks – ESAS’04, LNCS 3313, pp. 42−53, Springer-Verlag, August 2005.
[17] J. Yang, J. Park, H. Lee, K. Ren, and K. Kim, “Mutual Authentication Protocol for Low-Cost RFID,” Handout of the Ecrypt Workshop on RFID and Lightweight Crypto, July 2005.
[18] D. Henrici and P. Muller, “Hash-Based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers,” Workshop on Pervasive Computing and Communications Security – PerSec’04, pp. 149−153, IEEE Computer Society Press, March 2004.
[19] J. Yoshida, “Euro bank notes to embed RFID chips by 2005,”
http://www.eetimes.com/story/OEG20011219S0016, December 2001.
[20] A. J. Menezes, P.C. van Oorschot, and S.A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997.
[21] Wal-Mart Details RFID Requirement
http://www.rfidjournal.com/article/articleview/642/1/1/
[22] D. Molnar and D. Wagner, “Privacy and Security in Library RFID: Issues, Practices, and Architectures,” ACM Conference on Computer and Communications Security – CCS’04, pp. 210−219, ACM Press, October 2004.
[23] S. Sackmann, J. Str□ker, and R. Accorsi, “Personalization in Privacy-Aware Highly Dynamic Systems,” Communications of the ACM, vol. 49, pp. 32–38, September 2006.
[24] G. Avoine, E. Dysli, and P. Oechslin, “Reducing Time Complexity in RFID Systems,” Selected Area in Cryptography – SAC’05, LNCS 3897, pp. 291−306, Springer-Verlag, August 2005.
[25] S. M. Lee, Y. J. Hwang, D. H. Lee, and J. I. Lim, “Efficient Authentication for Low-Cost RFID Systems,” International Conference on Computational Science and its Applications – ICCSA’05, LNCS 3480, pp. 619–629, Springer-Verlag, May 2005.
[26] K. Rhee, J. Kwak, S. Kim, and D. Won, “Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment,” International Conference on Security in Pervasive Computing – SPC’05, LNCS 3450, pp. 70−84, Springer-Verlag, April 2005.
[27] D. Morikawa, M. Honjo, A. Yamaguchi, S. Nishiyama, and M. Ohashi, “Cell-Phone Based User Activity Recognition, Management and Utilization,” International Conference on Mobile Data Management – MDM’06, pp. 51, May 2006.
[28] J. Bringer, H. Chabanne, E. Dottax, “HB++: A Lightweight Authentication Protocol Secure against Some Attacks,” International workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing – SerPerU’06, pp. 28−33, June 2006.
[29] Nokia unveils RFID phone reader.
http://www.rfidjournal.com/article/view/834/
[30] Electronic Product Code Global Inc.
http://www.epcglobalinc.org/
[31] P. Golle, M. Jackson, A. Juels, and P. Syverson, “Universal Re-encryption for Mixnets,” The cryptographers’ Track at the RSA Conference – CT-RSA, LNCS 2964, pp. 163−178, Springer-Verlag, February 2004.
[32] J. Saito, J. C. Ryou, and K. Sakurai, “Enhancing Privacy of Universal Re-encryption Scheme for RFID Tags,” International Conference on Embedded and Ubiquitous Computing – EUC’04, LNCS 3207, pp. 879−890, Springer-Verlag, August 2004.
[33] N. Hopper and M. Blum, “Secure Human Identification Protocols,” Advances in Cryptography – ASIACRYPT’01, LNCS 2248, pp. 52−66, Springer-Verlag, December 2001.
[34] S. Weis, “Security Parallels between People and Pervasive Devices,” International Workshop on Pervasive Computing and Communication Security – PerSec’05, pp. 105−109, IEEE Computer Society Press, March 2005.
[35] A. Juels and S. Weis, “Authenticating Pervasive Devices with Human Protocols,” Advances in Cryptography – CRYPTO’05, LNCS 3621, pp. 293−308, Springer-Verlag, August 2005.
[36] H. Gilbert, M. Robshaw, H. Sibert, “Active Attack against HB+: A Provably Secure Lightweight Authentication Protocol,” IEE Electronics Letters, vol. 41, pp. 1169−1170, October 2005.
[37] H. Lee and J. Kim, “Privacy Threats and Issues in Mobile RFID,” International Conference on Availability, Reliability and Security – ARES’06, pp. 5, April 2006.
[38] Z. Liu and D. Peng, “True Random Number Generator in RFID Systems against Traceability,” Conference on Consumer Communications and Networking – CCNC’06, vol. 1, pp. 620−624, January 2006.
[39] R. L. Rivest, “The MD5 Message Digest Algorithm,” Technical Report RFC 1321, MIT Lab for Computer Science and RSA Laboratories, April 1992.