Qing Liu,Ying Zhuang,Juan Li,Dao Huang

2008-01-01

Journal of Computational Information Systems

Abstract:Radio frequency identification (RFID) is a newcomer in supply chain area. With the help of RFID technology, real time information can be collected. Multi-agent technology is a popular way to address distributed supply chain management (SCM), and information sharing plays a key role in multi-agent system. To give multi-agent based model more power and facility, we present a RFID based multi-agent model, in which information synchronization is realized by employing RFID technology at item level. The RFID based multi-agent system is constructed, intra- and inter-coordination mechanism of this system are discussed.

Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Kai Bu,Minyu Weng,Yi Zheng,Bin Xiao,Xuan Liu

DOI: https://doi.org/10.1109/comst.2017.2688411

2017-01-01

Abstract:Radio-frequency identification (RFID) is one of the driving technologies for Internet of Things. The architecture-succinctness and cost-effectiveness of RFID tags promise their proliferation as well as allure security and privacy breaches. The cloning attack using clone tags to impersonate genuine tags can lead to unimaginable threats because RFID applications equate tag genuineness to the authenticity of tagged objects. Proposed countermeasures, however, keep showing limitations in effectiveness, efficiency, security, privacy, or applicability as new RFID applications emerge. The countermeasures therefore require constant review and improvement to stay at the leading edge. In this paper, we conduct the first comprehensive and systematic survey of RFID clone prevention and detection solutions. We systematically classify existing RFID cloning countermeasures over the period 2003-2016, sketch the main idea and highlight the strengths and weaknesses of each solution type, and summarize the similarity and difference among solution types. We find that RFID cloning countermeasures turn to be much more complex to design than they were thought in the literature. Prevention solutions can hardly thwart RFID cloning completely. Detection solutions may have specific application requirements to take effect. Many open issues further complicate the design of RFID cloning countermeasures. We hope that our survey can provide academic researchers and industrial engineers with useful references to combat RFID cloning and therefore to secure RFID ecosystem.

Saiyu Qi,Yuanqing Zheng,Mo Li,Yunhao Liu,Jinli Qiu

DOI: https://doi.org/10.1109/ICNP.2014.28

2016-01-01

Abstract:By attaching RFID tags to products, supply chain participants can identify products and create product data to record the product particulars in transit. Participants along the supply chain share their product data to enable information exchange and support critical decisions in production operations. Such an information sharing essentially requires a data access control mechanism when the product data relate to sensitive business issues. However, existing access control solutions are ill-suited to the RFID-enabled supply chain, as they are not scalable in handling a huge number of tags, introduce vulnerability to the product data, and perform poorly to support privilege revocation of product data. We present a new scalable industry data access control system that addresses these limitations. Our system provides an item-level data access control mechanism that defines and enforces access policies based on both the participants’ role attributes and the products’ RFID tag attributes. Our system further provides an item-level privilege revocation mechanism by allowing the participants to delegate encryption updates in revocation operation without disclosing the underlying data contents. We design a new updatable encryption scheme and integrate it with ciphertext policy-attribute-based encryption to implement the key components of our system.

Saiyu Qi,Yuanqing Zheng,Mo Li,Li Lu,Yunhao Liu

DOI: https://doi.org/10.1109/tc.2016.2538260

2016-01-01

Abstract:Radio Frequency Identification (RFID) is a key emerging technology for supply chain systems. By attaching RFID tags to various products, product-related data can be efficiently indexed, retrieved and shared among multiple participants involved in an RFID-enabled supply chain. The flexible data access property, however, raises security and privacy concerns. In this paper, we target at security and privacy issues in RFID-enabled supply chain systems. We investigate RFID-enabled Third-party Supply chain (RTS) systems and identify several inherent security and efficiency requirements. We further design a Secure RTS system called SRTS, which leverages RFID tags to deliver computation-lightweight crypto-IDs in the RTS system to meet both the security and efficiency requirements. SRTS introduces a Private Verifiable Signature (PVS) scheme to generate computation-lightweight crypto-IDs for product batches, and couples the primitive in RTS system through careful design. We conduct theoretical analysis and experiments to demonstrate the security and efficiency of SRTS.

Thorsten Staake,Florian Michahelles,Elgar Fleisch,John R. Williams,Hao Min,Peter H. Cole,Sang-Gug Lee,Duncan McFarlane,Jun Murai

DOI: https://doi.org/10.1007/978-3-540-71641-9_2

2008-01-01

Abstract:Counterfeit trade developed into a severe problem for many industries. While established security features such as holograms, micro printings or chemical markers do not seem to efficiently avert trade in illicit imitation products, RFID technology, with its potential to automate product authentications, may become a powerful tool to enhance brand and product protection. The following contribution contains an overview on the implication of product counterfeiting on affected companies, provides a starting point for a structured requirements definition for RFID-based anti-counterfeiting systems, and outlines several principal solution approaches that are discussed in greater detail in the subsequent chapters.

Shaoying Cai,Yingjiu Li,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-30436-1_41

2012-01-01

Abstract:In this paper, we propose a distributed path authentication solution for dynamic RFID-enabled supply chains to address the counterfeiting problem. Compared to existing general anti-counterfeiting solutions, our solution requires non sharing of item-level RFID information among supply chain parties, thus eliminating the requirement on high network bandwidth and fine-grained access control. Our solution is secure, privacy-preserving, and practical. It leverages on the standard EPCglobal network to share information about paths and parties in path authentication. Our solution can be implemented on standard EPC class 1 generation 2 tags with only 720 bits storage and no computational capability.

Hua Wang,Lili Sun,Jianming Yong,Yongbing Zhang

DOI: https://doi.org/10.1109/cscwd.2009.4968136

2009-01-01

Abstract:This paper focuses on the challenges on the privacy of Radio Frequency Identification (RFID) systems. RFID systems have already widely applied in industry and have been bringing lots of benefits to our daily life, it also creates new security and privacy problems to individuals and organizations. The security and privacy challenges are analysed after a brief introduction of various RFID systems and their associated operations. A proposal to protecting security and privacy of customers, as a solution of the challenge for low-cost RFID systems is designed. Finally, comparisons to related works of the proposal are described.

Wei Xin,Zhi Guan,Tao Yang,Huiping Sun,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-37401-2_53

2013-01-01

Abstract:RFID technology is increasingly become popular in supply chain management. When passing tags on to the next partner in the supply chain, ownership of the old partner is transferred to the new partner. In this paper, we first introduce some existing RFID tag ownership transfer protocols, then give the security and privacy requirements for such kind of protocols, finally, we propose a novel RFID tag ownership transfer protocol which supports constant-time authentication, and effectively protects the privacy of the old tag owner and the new tag owner. © 2013 Springer-Verlag.

Kai Bu,Junze Bao,Minyu Weng,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1016/j.adhoc.2015.06.006

IF: 4.816

2016-01-01

Ad Hoc Networks

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring applications. Along with this trend, a corresponding important problem is to verify the intactness of a set of objects using that of their attached tags. Existing solutions necessitate the knowledge of tag identifiers (IDs), sharing the intuition that verifying whether any tag is absent comes after knowing which tags are supposed to be present. Such solutions, however, can hardly live up to the recent vision of anonymous RFID systems that isolate tag IDs from protocols design for privacy concern. In this paper, we take the first leap toward verifying intactness of anonymous RFID systems. We first identify three critical solution requirements—deterministic verification, anonymity preservation, and scalability—for applications tolerating no absence. Without tag IDs as a priori, we propose a series of crypto-free, lightweight protocols that satisfy the requirements. The proposed protocols explore tag-cardinality difference or leverage Direct-Sequence Spread Spectrum enabled RFID. We validate their performance in terms of accuracy, privacy, and scalability through both analytical and simulation results. To cater for applications that tolerate losing some tagged objects, we further explore probabilistic intactness verification to trade tiny accuracy for boosted efficiency.

Jun-Chao Lu,Yu-Yi Chen,Zhen-Jie Qiu,Jinn-Ke Jan

DOI: https://doi.org/10.48550/arXiv.1105.3790

2011-05-19

Cryptography and Security

Abstract:RFID has been regarded as a time and money-saving solution for a wide variety of applications, such as manufacturing, supply chain management, and inventory control, etc. However, there are some security problems on RFID in the product managements. The most concerned issues are the tracking and the location privacy. Numerous scholars tried to solve these problems, but their proposals do not include the after-sales service. In this paper, we propose a purchase and after-sales service RFID scheme for shopping mall. The location privacy, confidentiality, data integrity, and some security protection are hold in this propose mechanism.

Wei Xin,Huiping Sun,Tao Yang,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-34129-8_38

2012-01-01

Abstract:In this paper, we focus on designing of path-checking protocols to verify the valid paths in supply chains. By inputting a valid path, the reader at the check point is able to verify whether the tags have passed through the valid path or not. we propose a path-checking solution based on sequential aggregate message authentication codes. For security and privacy considerations, we add mutual authentication into path-checking protocols. In order to save resources, we use SQUASH as message authentication codes which is considered to be suited for RFID systems. Finally, we do some security and privacy analysis.

YU Yu,YANG Yu-qing,MIN Hao

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.07.040

2007-01-01

Abstract:Radio-frequency identification(RFID) is expected to take an important role for object identification as a ubiquitous infrastructure.As it will be pervasive in the social life,the security and privacy have to be concerned.Many jobs have been done in the communication between the reader and the backend database,however as an integrated technology the security of the reader and tag channel is also a weak point to be attacked.The challenge to provide RFID tag security is the limitation of its power resource,its cost requirement and even more the communication speed users bear such as EPC C1G2 standard defines the margin time the tag can process instructions.A peculiar security model of the channel between reader and tag is described in this paper,and based on the EPC C1G2 protocol the vulnerable points is analysed.The resource on the tag is recounted regarding the protocol.A modified scheme with security strategy is also suggested afterwards.

B Chen,Hy Gu,O Wang

2004-01-01

Abstract:It has been widely recognized that RFID related technologies will greatly improve the visibility, the efficiency and the collaboration of industry supply chain. In this new "product driven" supply chain scenario, manufacturer, supplier, and third party share and coordinate the use of diverse resources in distributed "virtual organizations". It challenges the security issues, which demand new technical approaches. In collaboration with researchers in Auto-ID Labs China, we have developed a service-oriented framework based on CA and Web Services, which supports inexpensive mediation of product information among rapidly evolving, heterogeneous information sources. Our architecture defines a user-driven security model that allows users to create entities and policy domains within virtual organizations. We emphasize that standard Web Services tools and software provide both stateless and stateful forms of secured communication.

Kai Bu,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1109/PADSW.2014.7097801

2014-01-01

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring systems. Along with this trend, tagged objects' value and privacy become a primary concern. A corresponding important problem is to verify the intactness of a set of tagged objects without leaking tag identifiers (IDs). However, existing solutions necessitate the knowledge of tag IDs. Without tag IDs as a priori, this paper studies intactness verification in anonymous RFID systems. We identify three critical solution requirements, that is, deterministic verification, anonymity preservation, and scalability. We propose Cardiff and Divar, two crypto-free, lightweight protocols that isolate tag IDs from intactness verification and satisfy solution requirements. Cardiff explores tag cardinality as intactness proof while Divar leverages Direct-Sequence Spread Spectrum (DSSS) enabled RFID. Both analytical and simulation results demonstrate that Cardiff and Divar can satisfy the requirements of accuracy, privacy, and scalability.

J Yang,Kui Ren,Kwangjo Kim

2005-01-01

Abstract:In the near future, radio frequency identiflcation (RFID) technology is expected to play an important role for object identiflcation as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Difierent from the previous works (4, 14), our protocol flrstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.

Behzad Abdolmaleki,Karim Baghery,Shahram Khazaei,Mohammad Reza Aref

DOI: https://doi.org/10.1007/s11277-017-4145-z

IF: 2.017

2017-04-29

Wireless Personal Communications

Abstract:Recently, Radio Frequency Identification (RFID) and Near Field Communication systems are found in various user-friendly services that all of us deal with in our daily lives. As these systems are ubiquitously deployed in different authentication and identification applications, inferring information about our behavior will be possible by monitoring our use of them. In order to provide privacy and security requirements of RFID users in novel authentication applications, lots of security schemes have been proposed which have tried to provide secure and untraceable communication for end-users. In this paper, we investigate the privacy of three RFID security schemes which have been proposed recently. For privacy analysis, we use the well-known RFID formal privacy model proposed by Ouafi and Phan. We show that all the studied protocols have some privacy drawbacks, making them vulnerable to various traceability attacks. Moreover, in order to overcome all the reported weaknesses and prevent the presented attacks, we apply some modifications in the structures of the studied protocols and propose an improved version of each one. Our analyses show that the modified protocols are more efficient than their previous versions and new modifications can omit all the existing weaknesses on the analyzed protocols. Finally, we compare the modified protocols with some new-found RFID authentication protocols in the terms of security and privacy.

telecommunications

Shouqin Zhou,Weiqing Ling,Zhongxiao Peng

DOI: https://doi.org/10.1007/s00170-006-0506-6

IF: 3.563

2006-04-04

The International Journal of Advanced Manufacturing Technology

Abstract:The disconnected flow of inventory and information will lead to a lack of real-time information and a build-up of excess inventory to buffer uncertainties in supply and demand. In this paper, a radio frequency identification (RFID) based remote monitoring system over the Internet is proposed to provide a transparent and visible information flow for supply chain and enterprise internal resource management. RFID technology has been a hot technology to replace barcodes in supply chain management in recent years. Actually, it has been successfully applied by the US Army in military logistics in 1991. Recently, the superman of the supermarket, Wal-Mart, mandates that its top 100 suppliers must equip RFID tags on their supplied items. However, RFID technology is still not a standard form acceptable for global use. The first big problem is to select a global universal radio frequency (RF) for active and passive RFID systems, but because of the advantages of RFID technology, it is unassailable that it will be popularly used in various fields very soon, such as supply chain management, enterprise resources planning (ERP), sales management, and so on. In this paper, the RFID-based monitoring system for enterprise internal production management is introduced. The RFID technology, Bluetooth, and Internet technology are employed to form a remote system for the monitoring of the production status of a factory. Based on this system, the management department can transparently master and control the status of the production line and supply chain, including raw materials and outsourcing supply/consumption status, production status of parts and components, production status of the finished products, etc. This system will be of benefit to greatly improve the productivity and reduce the cost for the enterprise.

engineering, manufacturing,automation & control systems

Tan, C.C.,Qun Li,Lei Xie

DOI: https://doi.org/10.1109/rfid.2010.5467261

2010-01-01

Abstract:RFID technology is increasingly being deployed in ubiquitous computing environments for object tracking and localization. Existing tracking architecture usually assumes the use of a trusted server which is invulnerable to compromise by internal and external adversaries. However, maintaining such a trusted server is unlikely in the real world. In this paper, we consider the problem of adding privacy protection to object tracking systems built upon passive RFID tags, without relying on a trusted server assumption. Our protocol continues to protect user privacy in the event of partial compromise of a server.