資訊管理學報
葉慈章;吳家陞;
頁: 389-405
日期: 2012/04
摘要: 隨著無線射頻辨識系統(Radio Frequency Identification;RFID)成本逐年降低,標籤已逐漸取代傳統條碼,廣泛地應用於我們的日常生活中。然而,由於透過無線傳輸進行辨識,在空氣中傳輸機密資料容易遭到竊聽、竄改或攔截,產生安全與隱私的問題。低成本的RFID標籤因運算能力有限,無法支援複雜的密碼學運算,因此其安全協定的設計更具挑戰性。2007年Chien利用簡單的位元運算提出極輕量的鑑別協定SASI,兼顧安全與隱私保護;然而其無法避免阻斷服務攻擊、完全洩漏攻擊與追蹤攻擊。本論文將詳細分析SASI協定的安全問題,並提出改善協定,以有效地提升RFID應用的安全性,讓消費者可以安心地享受RFID技術所帶來的便利性。
關鍵字: RFID;SASI;安全;極輕量;鑑別;
Abstract: RFID (Radio Frequency Identification) is a kind of contactless automatic identification system. As its cost declines, RFID is gradually replacing the traditional barcode and is anticipated to be widely used in our daily life. However, owing to the radio transmission nature of RFID, the information transmitted in the air could easily be eavesdropped on, modified, or intercepted. The issues of security and privacy are thus raised. Because the low-cost RFID tags are with extremely limited resources, traditional security primitives cannot be incorporated well. The design of security protocol is thus more challenging. In 2007, Chien proposed an ultralightweight strong authentication and strong integrity (SASI) protocol for very low-cost tags. Using only simple bitwise operations on tags, SASI is highly efficient. However, it was found to be vulnerable to DoS attacks, full-disclosure attacks and tracking attacks. This paper will give demonstrations on what have caused these weaknesses, and more of that, an improved protocol is also proposed which is free from worries of those problems mentioned above. The improved protocol could thus be applied in environments requiring high level of security.
Keywords: RFID;SASI;Security;Ultralightweight;Authentication;
瀏覽次數: 15184 下載次數: 6905
引用 導入Endnote
頁: 389-405
日期: 2012/04
摘要: 隨著無線射頻辨識系統(Radio Frequency Identification;RFID)成本逐年降低,標籤已逐漸取代傳統條碼,廣泛地應用於我們的日常生活中。然而,由於透過無線傳輸進行辨識,在空氣中傳輸機密資料容易遭到竊聽、竄改或攔截,產生安全與隱私的問題。低成本的RFID標籤因運算能力有限,無法支援複雜的密碼學運算,因此其安全協定的設計更具挑戰性。2007年Chien利用簡單的位元運算提出極輕量的鑑別協定SASI,兼顧安全與隱私保護;然而其無法避免阻斷服務攻擊、完全洩漏攻擊與追蹤攻擊。本論文將詳細分析SASI協定的安全問題,並提出改善協定,以有效地提升RFID應用的安全性,讓消費者可以安心地享受RFID技術所帶來的便利性。
關鍵字: RFID;SASI;安全;極輕量;鑑別;
An Enhanced Ultralightweight RFID Authentication Protocol
Abstract: RFID (Radio Frequency Identification) is a kind of contactless automatic identification system. As its cost declines, RFID is gradually replacing the traditional barcode and is anticipated to be widely used in our daily life. However, owing to the radio transmission nature of RFID, the information transmitted in the air could easily be eavesdropped on, modified, or intercepted. The issues of security and privacy are thus raised. Because the low-cost RFID tags are with extremely limited resources, traditional security primitives cannot be incorporated well. The design of security protocol is thus more challenging. In 2007, Chien proposed an ultralightweight strong authentication and strong integrity (SASI) protocol for very low-cost tags. Using only simple bitwise operations on tags, SASI is highly efficient. However, it was found to be vulnerable to DoS attacks, full-disclosure attacks and tracking attacks. This paper will give demonstrations on what have caused these weaknesses, and more of that, an improved protocol is also proposed which is free from worries of those problems mentioned above. The improved protocol could thus be applied in environments requiring high level of security.
Keywords: RFID;SASI;Security;Ultralightweight;Authentication;
瀏覽次數: 15184 下載次數: 6905
引用 導入Endnote