第五章 分析與討論
6.2 未來研究方向
目前我們已根據系統模型架構實作出雛型系統,但由於經費有限,對於真正 的 RFID 設備以及感測器的部份,皆以模擬方式呈現,因此,雖然已將會影響 RFID 在存取控管上的情境分成四大類,而且設立三個靜態存取規則和三個動態 存取規則,但畢竟沒有做實際的導入,所以如果未來可以找到廠商合作,做真正 實際導入的動作,而不只是以模擬方式來做探討,藉此發掘出更多不同之狀況,
此只注重於合法使用者的存取控制上,而未考慮非法使用者的存取,因此,未來 可以結合相關之RFID 安全機制,讓 RFID 在安全控管上,能夠有一個更完善的 保護。
參考文獻
[1] Ateniese, G., Camenisch, J., and Madeiros, B. de, “Untraceable RFID tags via insubvertible encryption,” Proceedings of the 12th ACM conference on Computer and communications security, 2005, November, pp.92-101.
[2] Ayoade, J., Takizawa, O., and Nakao, K., “A Prototype System of the RFID Authentication Processing Framework,” 3rd International Workshop in Wireless Security Technologies, 2005, April.
[3] Barkley, J., “Implementing Role Based Access Control Using Object Technology,” First ACM Workshop on Role Based Access Control, 1995, pp.II93-II98.
[4] Barkley, J., “Comparing Simple Role Based Access Control Models and Access Control Lists,” Second ACM workshop on Role-based access control, 1997, August, pp.127-132.
[5] Bernardi, P., Gandino, F., Lamberti, F., Montrucchio, B., Rebaudengo, M., and Sanchez, E.R., “An Anti-Counterfeit Mechanism for the Application Layer in Low-Cost RFID Devices,” In International Conference on Circuits and Systems for Communications, IEEE, 2006, July, pp.207-211.
[6] Chen, G., and Kotz, D., “A Survey of Context-Aware Mobile Computing Research,” Dartmouth Computer Science Technical Report 2000-381, 2000, November.
[7] Dey, A. K., “Understanding and Using Context,” Journal of Personal and Ubiquitous Computing, 2001, vol.5, no.1, pp.4-7.
[9] EAN.UCC, “White Paper on Radio Frequency Identification,” 1999.
[10] Ferraiolo, D. F., Barkley, J. F., and Kuhn, D. R., “A Role-Based Access Control Model and Reference Implementation within a Corporate Intranet,” ACM Transactions on Information System Security, 1999, vol.2, no.1, pp.34-64.
[11] Ferraiolo, D. F., and Kuhn, D. R., “Role-Based Access Control,” In Proceedings of the 15th NIST-NCSC National Computer Security Conference, 1992, October, pp.554-563.
[12] Forrester Research, Making Leaders Successful Every Day, 2005, http://www.forrester.com/rb/research.
[13] Huang, X., Wang, H., Chen, Z., and Lin, J., “A Context, Rule and Role-Based Access Control Model In Enterprise Pervasive Computing Environment,”
Pervasive Computing and Applications, 2006, August, pp.497-502.
[14] Giuri, L., and Iglio, P., “A Formal Model for Role-Based Access Control with Constraionts,” Proceedings of the 9th IEEE workshop on Computer Security Foundations, 1996, March, pp.136-145.
[15] Gligor, V. D., Gavrila, S. I., and Ferraiolo, D. F., “On the Formal Definition of Separation-of-Duty Policies and Their Composition,” Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy, 1998, May, pp.172-183.
[16] Heiko, K., and Hartmut, P., “RFID Security,” Information Security Technical Report, 2004, December, Volume 9, Issue 4, pp.39-50.
[17] Henrici, D., and Mullar, P., “Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers,” Proceedings of the Second IEEE Annual Conference, 2004, March, pp.149-153.
[18] Jules, A., Rivest, R. L., and Szydlo, M., “The Blocker Tag: Selective Blocking of
Computer and Communications Security, 2003, pp.103-111.
[19] Konomi, S., and Nam, C. S., “Using Context for Privacy Boundary Control in RFID Applications,” Proceedings of the IASTED International Conference on Human-Computer Interaction, 2005, November, pp.14-16.
[20] Li, Y.Z., Jeong, Y.S., Sun, N., and Lee, S.H., “Low-Cost Authentication Protocol of the RFID System Using Partial ID,” In Computational Intelligence and Security, IEEE, 2006, November, pp.1221-1224.
[21] Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E., “Role-Based Access Control Models,” IEEE Computer, 29(2), 1996, pp.38-47.
[22] Sandhu, R. S., Ferraiolo, D. F., and Kuhn, D. R., “The NIST Model for Role-Based Access Control: Towards A Unified Standard,” Proceedings of the 5th ACM workshop on Role-based access control, 2000, July, pp.47-63.
[23] Sandhu, R. S., and Munawer, Q., “How to do discretionary access control using roles,” Proceedings of the third ACM workshop on Role-based access control, 1998, pp.47-54.
[24] Sandhu, R. S., and Samarati, P., “Access Control: Principles and Practice,” IEEE Communication Magazine, 1994, September, pp.40-48.
[25] Sarma, S. E., Weis, S. A., and Engels, D. W., “RFID Systems, Security and Privacy Implications,” 4th International Workshop on Cryptographic Hardware and Embedded Systems, 2002, pp.454-469.
[26] Schilit, B. N., Adams, N., and Want, R., “Context-Aware Computing Applications,” In Proceedings Workshop on Mobile Computing Systems and Applications, IEEE, 1994, December, pp.85-90.
[28] Simon, R. T., and Zurko, M. E., “Separation of Duty in Role-Based Environments,” 10th Computer Security Foundations Workshop, 1997, June, pp.10-12.
[29] Radio-Frequency-IDentification, http://rfid-handbook.com/rfid/index.html
[30] Ryan, “Mobile Computing in a Fieldwork Environment: Metadata Elements,”
Project working document, version 0.2, 1997.
[31] Venture Development Corporation, Technology Market Researchers and Strategists, http://www.vdc-corp.com/aidc/rfid.asp, 2007.
[32] Weis, S. A., Sarma, S. E., Rivest, R. L., and Engels, D. W., “Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems,”
Proceedings of the First International Conference of Security in Pervasive Computing, 2003, Match, pp.201-212.
[33] Wolf, R., Keinz, T., and Schneider, M., “A Model for Context-dependent Access Control for Web-based Services with Role-based Approach,” Proceedings of the 14th International Workshop on Database and Expert Systems Applications, 2003, September, pp.209-214.
[34] Zhan, B., and Kurz, B., “A Multi-Context Visual Web Page Authoring Tool,”
Proceedings of the 3rd Annual Communication Networks and Services Research Conference, 2005, pp.45-47.
[35] Datapro Research Corporation,“中小型企業客製化資安維護系列專輯之七
- 資 訊 安 全 的 最 大 威 脅 - 人 員 安 全 ” , https://www.i-security.tw/topic/topic_sg.asp?id=29.
[36] RFID 產 業 資 料 庫 , “ RFID 架 構 以 及 運 作 原 理 介 紹 ” , http://www.u-rfid.com.tw/web/index.php?doc=03events_02content&id=0009, 2007.