以動態身份為基礎來保護低成本被動式無線射頻辨識標籤的使用者隱私

Abstract

RFID被稱為「下個世代的barcode」，具備了不需要視覺接觸就能夠遠距離辨識身份的能力，將這項技術運用在各種應用上能帶來前所未有的便利。不過非視覺接觸的特性之下卻隱藏著RFID標籤上的資料隨著空氣中的電磁波在無形中被發送出來，透過收集這些資料，產品使用者的隱私便會暴露無疑。

使用者隱私主要分成資料隱私和位置隱私。欲同時保護這兩種隱私，RFID標籤的輸出必須要加密且動態改變，否則攻擊者可以預測標籤輸出的話仍然能夠追蹤該該標籤。另外一個議題是低成本的RFID標籤成本應該在五分錢美金，在這樣的成本之下，標籤能夠運用在保護隱私及安全上的資源相當有限，一般對稱式和非對稱式的加密演算法都因為成本限制而無法運用在低成本的RFID上。

目前嘗試解決隱私問題的論文主要可以分成經由認證、加密和動態改變身份三種方式。有效的認證可以防止未授權的RFID讀取器取得RFID標簽上的資料。可惜目前低成本的RFID標籤很容易遭到物理性的解析，進而取得RFID標籤上的資料以及認證用的金鑰，因此認證方式很容易因為系統中的一個標籤被破解而喪失保護的功能。以加密為基礎的方式雖然可以保護資料的隱私，但是由於密文是固定的所以並不能夠保護使用者免於被追蹤。動態身份則會遇到搜尋RFID標籤身份的效率不足以及更新週期中仍然會被追蹤的問題。

在這篇論文之中，我們提出了一個可實行於低成本被動式標籤的機制。每個標籤都有一個動態改變的身份，能夠輸出動態的資料。另外我們也證明這個機制可以抵擋重送攻擊、竊聽、偽造、和封包遺失等攻擊。

Radio Frequency Identification (RFID) is said to be the next generation bar code, which features contactless identification without visibility. We benefit greatly by adopting RFID in a variety of daily applications such as warehouse management, toll collection, library management, etc. However, RFID transmits data through radio frequency signals; therefore, attackers could analyze the radio frequency signals to acquire private data from users. If user privacy is not protected, users will be susceptible to personal identification and tracking by an adversary.

User privacy may include data privacy and location privacy. To protect both of them, the output of tags must be encrypted and unpredictable. Furthermore, the acceptable cost of a passive RFID tag, which is no more than five cents, severely restricts the resources available for security.

Schemes that protect user privacy in RFID applications are classified into three main categories: authentication, encryption, and dynamic identity. However, authentication-based schemes are easily broken. Because low-cost RFID tags do not contain tamper-resistant mechanisms, an adversary can steal the key for the authentication protocol. Encryption-based schemes can protect data privacy, but location privacy is still vulnerable since the ciphertext remains the same. Dynamic identity schemes are limited by exhaustive search problem, and the tag is still traceable in the period between identity updates.

In this thesis, we proposed a feasible scheme based on one-way hash function for low-cost passive RFID tags. Each tag has a dynamic identity. Therefore the output of tag changes each time. We also proved that the scheme can protect both data privacy and location privacy against threats of replay attacks, eavesdropping, spoofing, man-in-the-middle attack, and message loss.