- 學位論文
RFID安全 — 距離限制協定、伺服器與讀取器之輕量化認證協定與Mifare Ultralight 標籤案例探討
RFID Security — Distance-Bounding Protocol, Server-Reader Lightweight Authentication Protocol and Mifare Ultralight Case Study
摘要
隨著RFID技術的廣泛應用,其安全相關議題也愈趨重要。其中,低成本RFID受限於有限的電力與計算能力,能夠提供的安全加密演算法有限,因此在資料傳輸安全上倍受挑戰。本篇論文主要分為三個部分:(1)討論RFID上利用距離限制協定防範攻擊者做距離欺騙攻擊、(2)後端伺服器與讀取器間相互認證與安全的建立通訊金鑰,以及(3)探討目前使用中的Mifare Ultralight卡片的安全疑慮。 距離限制協定(Distance-bounding protocol)是一種能夠驗證兩個設備間距離的協定;利用結合實體與密碼學特性來決定驗證者(Verifier)與證明者(Prover)間距離的上限。距離限制協定允許證明者向驗證者證明自己的身份,而驗證者能檢查證明者是否位在特定的範圍內。一個安全的距離限制協定要能夠防禦以下三種即時的距離欺騙攻擊:距離欺騙攻擊(Distance fraud attack)、黑幫欺騙攻擊(Mafia fraud attack)與恐怖份子欺騙攻擊(Terrorist fraud attack)。本篇論文將以距離限制協定為主軸,對過去學者所提出的協定作安全分析並提出一個新的、有效防止距離欺騙攻擊與降低錯誤接受率的安全協定。 過去RFID的安全討論與研究多著重在讀取器與標籤間的安全通訊協定,對於後端伺服器與讀取器則是假設有足夠的計算資源做複雜的運算。然而Lo等人指出,未來在後端伺服器與讀取器間可能採用無線傳輸的方式,此外簡單且計算資源相較有限的移動式讀取器也將越來越普及。這些移動式讀取器不能支援太繁複的安全演算法運算,故Lo等人提出應用在RFID後端設備上的雙向認證協定。然而,我們發現此協定可能洩漏可信賴第三方的私密金鑰與無法對所產生的通訊金鑰作認證。因此,本篇論文提出利用身份識別為基礎(ID-based),以及使用橢圓曲線加密法設計新的雙向認證協定,藉此降低計算成本與提升協定效能與安全。 由恩智普半導體(NXP semiconductor)所研發的RFID產品系列中,Mifare代表著非接觸式RFID產品與技術的商標;隨著Mifare卡被廣泛應用在全球各個國家與城市中,Mifare 卡的安全議題也越來越引起大家的重視。其中,Mifare Ultralight卡秉持著使用最低成本的花費,便能達到支援快速應用程式為設計理念。在晶片設計上並沒有加入任何安全機制—認證機制或是任何金鑰的儲存,使得任意使用者皆有完全的權限對記憶體區塊做存取。本篇論文將探討Mifare Ultralight卡記憶體配置與安全上的缺失,並以荷蘭OV-chipkaart系統為例,說明其安全漏洞與可能威脅。
並列摘要
Nowadays, RFID technologies are widely deployed in applications and systems, but due to the technology is not mature yet and the security has not been defined well. Thus, there are security problems on RFIDs that we should pay great attention. This paper consists of three RFID related topics. The first topic is “Distance-bounding protocol”. Distance-bounding protocol is one that can authenticate the distance of two equipments. A secure distance-bounding protocol should resist to the following three real-time distance fraud attacks - distance fraud attack, mafia fraud attack and terrorist fraud attack. In this section, we reviewed the related work on seceral distance-bounding protocols in wireless sensor networks and in RFIDs, and analysed the security properites. Finally, we propose a new RFID distance-bounding protocol to avoiding distance fraud attacks and providing mutual authentication. The second topic is “Server-Reader Lightweight Authentication Protocol”. Recently, Lo et al.’s had addressed that building a light-weight secure communication is necessary for reader-to-server channel in RFID systems, because resource-limited mobile readers are becoming more and more popular. Therefore, Lo et al. proposed an elliptic curve cryptography (ECC) - based lightweight authentication protocol for reader-server channel. However, we find that their scheme has few security weaknesses: (1) the trusted third party’s private key would be disclosed such that the whole system would be broken and (2) there is no authentication of the keying materials. To conquer while preserving the light-weight property, we propose a new authentication protocol for reader-server channel using ID-based cryptography from elliptic curves. The final topic is a case study in Mifare Ultralight. The Dutch transport ticketing system, which is called OV-chipkaart, based on NXP semiconductors Mifare technology. The Mifare Classic 4K cards are used as regular cards - personal and anonymous while the cheaper Mifare Ultralight cards are applied as temporary passes. Unlike Mifare Classic 4K cards which have keys, crypto algorithm and provide authentication process, the Mifare Ultralight cards do not employ encryption or keys. Thus, the Mifare Ultralight cards can be read or written by anyone. The report from University of Amsterdam revealed that irregular usage behaviors disclose three vulnerabilities of OV-chipkaart: (1) failure of defense mechanism, (2) repeated check-out and (3) free travel. We suggest that the security of the OV-chipkaart system should improve the designe of memory configuration and the software semantics.
參考文獻
延伸閱讀
- 林品仲(2011)。具隱私保護的輕量級RFID認證協定〔碩士論文,長榮大學〕。華藝線上圖書館。https://doi.org/10.6833/CJCU.2011.00080
- Pai, J. P. (2009). RFID鑑別協定之計數器不同步問題之研究 [master's thesis, Asia University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0118-0807200916285126
- Wang, H. W. (2013). 主動式RFID的定位機制與輕量加密方法之研究 [doctoral dissertation, National Taipei University of Technology]. Airiti Library. https://doi.org/10.6841/NTUT.2013.00388
- 陳昱潭(2008)。一種RFID的標籤擁有者轉換之安全協定-適用於零售通路商品與售後服務〔碩士論文,國立中興大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0005-0006202200000006
- Liao, W. C. (2011). Secure and Efficient Mutual Authentication Protocol for RFID systems [master's thesis, National Chiao Tung University]. Airiti Library. https://doi.org/10.6842/NCTU.2011.00869