RFID所有權轉移協定

RFID Ownership Transfer Protocols

無線射頻識別（radio frequency identification, RFID）系統由於成本低並具有遠距離自動辨識的能力，已逐漸取代傳統條碼；隨著RFID的普及，嵌有RFID標籤的物品在其生命週期內可能會進行多次的所有權轉移，然而透過空氣傳輸的訊息容易遭到竊聽、攔截、竄改，產生安全與隱私的問題。2011年Chen、Lai、Chen、Deng與Hwang等人提出RFID所有權轉移協定，然而我們發現其有假冒攻擊、向前安全性、阻斷服務攻擊與舊擁有者隱私的問題；本論文將詳細分析此協定，並提出改善以避免上述問題，使其可應用於高安全需求的環境。

Due to its low cost and remote automatic identification ability, RFID is taking place of barcodes. With the popularity of RFID, objects embedded with tags might be transferred to new owners for many times during their life cycle. However, the information transmitted in the air could easily be eavesdropped, intercepted or modified due to its radio transmission nature. The issues of security and privacy are thus raised. In 2011, Chen, Lai, Chen, Deng and Hwang proposed RFID ownership transfer authorization systems conforming EPCglobal Class-1 Generation-2 standards. However, we found that their protocols are vulnerable to impersonation attacks, forward security attacks, denial of service attacks and old owner privacy problem. This paper will give demonstrations on what have caused these weaknesses, and more of that, an improved protocol is also proposed which are free from worries of the problems mentioned above. The improved protocols could thus be applied in high security demanding environments.