極輕量型RFID安全協定ULAP的改善

Improvement of a Ultra light weight RFID Security Protocol－ULAP

隨著無線射頻識別（radio frequency identification, RFID）系統成本逐年降低，標籤已逐漸取代傳統條碼，廣泛地應用於我們的日常生活中。然而，由於透過無線傳輸進行辨識，在空氣中傳輸機密資料容易遭到竊聽、竄改或攔截，產生安全與隱私的問題。低成本的RFID標籤因運算能力有限，無法支援複雜的密碼學運算，因此其安全協定的設計更具挑戰性。2009年Peris-Lopez等學者利用簡單的位元運算提出極輕量的安全協定ULAP（ultra light authentication protocol），兼顧安全與隱私保護；然而其無法避免阻斷服務攻擊與追蹤攻擊且後端伺服器運算量大。本論文將詳細分析ULAP協定的安全問題，並提出改善協定，以有效地提升RFID應用的安全性，讓消費者可以安心地享受RFID技術所帶來的便利性。

RFID is a kind of contactless automatic identification system. As its cost declines, RFID is gradually replacing the traditional barcode and is anticipated to be widely used in our daily life. However, owing to the radio transmission nature of RFID, the information transmitted in the air could easily be eavesdropped on, modified, or intercepted. The issues of security and privacy are thus raised. Because the low cost RFID tags are with extremely limited resources, traditional security primitives cannot be incorporated well. The design of security protocol is thus more challenging. In 2009, Peris-Lopez et al. proposed the ultra light authentication protocol (ULAP) for very low-cost tags, which uses only simple bitwise operations on tags. However, it was found to be vulnerable to DoS attacks, tracking attacks. Moreover, each record in the back-end database needs to be computed and verified one by one for each tag reading. This paper will give demonstrations on what have caused these weakness, and more of that, an improved protocol is also proposed which is free from worries of those problems mentioned above. The improved protocol could thus be applied in environments requiring high level of security.