| RFID technology related to a kind of technology that identifies object by the radiofrequency signal. It gets the tag’s information without contact. RFID techonologyapplies to many fields such as industrial management, information collection and trafficcontrol management because it has the merits of rapid target identification, long readingdistance, non-contact read etc. RFID technology has made a great convenience topeople’s life. Meanwhile its security and privacy get much attention. During the periodof reader and tag communicate with each other, the RFID system may suffer fromvarious attacks that can leak out the information of user. The attacker could make use ofuser’s information for counterfeit attack, replay attack or data interpretation. Thesecurity problems have constrained the rapid development of RFID technology appliesin a wide range of fields.This thesis proposes a novel strategy to resist the security problems mentionedabove. This strategy adopts random numbers to prevent replay attacks. Ownershipmanagement is added in this strategy to prevent unauthorized access because differentowner can only access the tag he controls. This strategy adopts mutual authenticationbetween the tag and the reader to prevent impersonation attacks. Digital certificate canencrypt and decrypt the message between the tag and the reader to ensure theconfidentiality, integrity and non-repudiation. The strategy adopts Openldap to storedigital certificates. Openldap can increase the system’s efficiency in searching user’sdigital certificate because they are stored as a tree. In the life of tag, the ownership oftag may changes. Ownership’s change about tag may cause the informationunsynchronized between tag and database. This strategy provides data recoverymechanism to ensure the robustness of RFID system. The proof of this strategy by BANlogic indicates there are no apparent vulnerabilities.The strategy proposed by this thesis is applied in low-cost RFID system, and it canresist the security problems mentioned above. |
PDF Full Text Request