RFID系統多層安全認證協定之設計與實現

Abstract

無線射頻識別技術(Radio Frequency Identification, 簡稱RFID)是一種非接觸式的自動識別技術，能以射頻信號自動辨識目標物件，並獲取相關資料。然而，在利用射頻訊號進行資料傳輸時，卻容易因攻擊者監聽、掃描而威脅使用者之隱私安全問題。因此，在本論文中，為了確保RFID 系統中的資料安全傳輸與身份認證，我們提出ㄧ套適用於RFID無線通訊系統中的安全認證協定。考量到RFID標籤(Tag)的低運算能力，因此，本論文中所提的身份認證協定僅利用簡單的雜湊與亂數等技術來保護射頻資料、保護使用者隱私，並進而防止他人的惡意攻擊。為了提供更多的彈性，使此協定得以應用於實際環境中，在本協定中，亦提供不同安全等級的身份認證與資料保護機制。當RFID標籤與讀取器(Reader)完成身份認證之後，後端的資料庫系統將針對不同安全等級的讀取器，給予不同安全等級的使用者資料。例如，安全等級低的讀取器，只能由資料庫中讀取低安全性的使用者資料；安全敏感度高的資料則只能透過高安全等級的讀取器取得。

Radio Frequency Identification (RFID) technology refers to wireless systems that allow a device to read information contained in a RFID tag from a distance without making any physical contact. However, the information exchanged between the RFID tag and reader is not protected and thus is easily vulnerable to being eavesdropped, tracked and disclosed. Thus, we propose a secure authentication protocol for RFID systems in this thesis. Considering the low computing power in the RFID tag, the proposed protocol adopts only hash function and random number. In the proposed protocol, the RFID tags, readers and database can perform the information exchange only after the authentication process is done. The information exchanged between the reader and tag is hashed using the session key, which is generated after they are authenticated. Moreover, to provide higher flexibility for various applications, a multi-level authentication is also performed upon sending user information from the database to readers with different security levels. For instance, the RFID readers with lower security level can retrieve data with less security requirement from the database; while readers with highest security level can access the complete user information. This is useful in various applications.