Whitepapers

Enhancing Security of EPCGlobal Gen-2 RFID against Traceability and Cloning

admin — Fri, 19 Dec 2008 19:09:07 GMT

Enhancing Security of EPCGlobal Gen-2 RFID against Traceability and Cloning

15-01-07 10:15
Age: 2 yrs

BY: LEE, HYUNROK; YANG, JEONGKYU; KIM KWANGJO

Radio frequency identification (RFID) is the latest technology to play an important role for object identification as a ubiquitous infrastructure. However, current low-cost RFID tags are highly resource constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Our protocol firstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. Furthermore, we enhance our protocol to prevent tracking attack and desynchronization attack which are raised a question in previous version of our protocol by Ari juels. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works.

This paper is to appear in the book:
Networked RFID Systems and Lightweight Cryptography
Raising Barriers to Product Counterfeiting
Cole, Peter H.; Ranasinghe, Damith C. (Eds.)
2007, Approx. 360 p., Hardcover
ISBN: 978-3-540-71640-2
www.springer.com/dal/home/generic/search/results

Enhanced Mutual Authentication Protocol for Low-cost RFID

admin — Fri, 19 Dec 2008 19:07:26 GMT

Enhanced Mutual Authentication Protocol for Low-cost RFID

15-01-07 10:17
Age: 2 yrs

BY: LEE, SANGSHIN; LEE, HYUNROK; ASANO, TOMOYUKI; KIM, KWANGJO

Radio Frequency IDentification (RFID) is an automatic identification system, relying on storing and remotely retrieving data about objects we want to manage using devices called “RFID tag”. Even though RFID system is widely useful for industrial and individual applications, RFID tag has a serious privacy problem, i.e., traceability. To protect users from tracing, we propose an RFID mutual authentication scheme which utilizes a hash function and synchronized secret information like others. To the best of our knowledge, our scheme offers the most enhanced security feature in RFID mutual authentication scheme with respect to user privacy including resistance against tag cloning allowing an additional hash operation.

RFID Tag-Reader Mutual Authentication Scheme Utilizing Tag\'s Access Password

admin — Fri, 19 Dec 2008 19:06:14 GMT

RFID Tag-Reader Mutual Authentication Scheme Utilizing Tag\'s Access Password

15-01-07 10:19
Age: 2 yrs

BY: KONIDALA, DIVYAN; KIM, KWANGJO

Cloned fake RFID tags and malicious RFID readers pose a major threat to the RFID-based supply chain management system. The data (e.g., Electronic Product Code (EPC) number) on a genuine tag can be easily scanned and copied by a malicious RFID reader and the copied data can be embedded onto a fake tag. These cloned fake tags can be attached to\r\ncounterfeit products, which can be introduced into a genuine supply chain, or illegally sold at black and grey markets. Malicious readers may also try to corrupt and snoop on genuine tags. These threats can only be nullified by incorporating a RFID tag-reader mutual authentication scheme. In this paper we propose a simple, secure, and light-weight tagreader mutual authentication scheme that adheres to both EPCglobal Architecture Framework specification and EPCglobal Class 1 Gen 2 UHF RFID Protocol ratified standard. This scheme utilizes the tag\'s access password and also allows the manufacturer of the product to play a vital role in the tag-reader mutual authentication process. As a result we can achieve the following three goals: detect cloned fake tags, ward off maliciously snooping\r\nreaders, and in the process, the manufacturer can also keep track on the whereabouts of its products, which have genuine tags attached to them.

Security Assessment of EPCglobal Architecture Framework

admin — Fri, 19 Dec 2008 19:04:52 GMT

Security Assessment of EPCglobal Architecture Framework

15-01-07 10:21
Age: 2 yrs

BY: KONIDALA, DIVYAN; KIM, WOAN-SIK; KIM, KWANGJO

This paper focuses on RFID-based supply chain management system that adheres to the EPCglobal Architecture Framework specification. We approach this framework with a security point-of-view and the main idea is to secure this framework for a safe and secure RFIDbased\r\nsupply chain management system. At the outset this paper briefly describes the EPCglobal Architecture Framework and provides an example supply chain scenario. The framework is composed of entities like RFID Tag, RFID Reader, RFID Middleware, Electronic Product Code Information Service (EPCIS) Repository, EPCIS Accessing Application, Object Naming Service, and Subscriber Authentication. We analyze the various security threats that affect each of these entities and their communication interfaces. Some of these threats include cloned fake RFID tags, unauthorized access and/or modification of RFID tag\r\ninformation and its electronic pedigree (EPCIS data), and eavesdropping, spoofing and Denial of Service attack on EPCglobal Subscriber\'s network. Finally, we propose possible security requirements and needed security solutions to ward off these threats.

Wireless Sensor Networks

admin — Fri, 19 Dec 2008 19:03:40 GMT

Wireless Sensor Networks

23-01-08 10:42
Age: 331 days

BY: SÁNCHEZ, TOMÁS;KIM, DAEYOUNG

Recently, the debate over the integration of Wireless\r\nSensor Networks (WSN) and Radio Frequency Identification\r\n(RFID) has garnered an increasing amount of attention despite\r\ntheir appearing to be disparate technologies. On one hand, the\r\nRFID community realizes how adding sensor data to their\r\ninfrastructures could provide added value to the RFID-based\r\nservices. On the other hand, the use of unique identifiers in\r\nWSN would improve their manageability in a future where\r\nmillions of sensor nodes could be scattered across the globe.\r\nHowever, not only is it not clear which specific applications\r\nsuch an integration could bring, there is also no consensus\r\nregarding the best approach to achieve it. In this article, we\r\npropose a framework in which WSN and RFID coexist to\r\nprovide context information about users and objects. WSN\r\ninformation is coupled with unique identifiers and participates\r\nin the RFID core services. Additionally, context aware services\r\ninteract with the RFID infrastructure and provide real-time\r\nservice to the users participating in the framework.

Improving the performance of retail stores subject to execution errors: coordination versus RFID technology

admin — Fri, 19 Dec 2008 19:02:20 GMT

Improving the performance of retail stores subject to execution errors: coordination versus RFID technology

03-09-07 15:48
Age: 1 yrs

BY: REKIK, YACINE; JEMAI, ZIED; SAHIN, EVREN; DALLERY, YVES

This paper analyzes a Newsvendor type inventory model in which a\r\nmanufacturer sells a single product to a retailer store whose inventory is subject to errors stemming from execution problems. Hence, within the store, all of the products are not available on shelf for sales either because the replenishment of the shelf\r\nfrom the backroom is subject to execution errors that mainly result in products lost in the backroom or products misplaced on the other shelves of the store. We compare two situations: in the first situation, the two supply chain actors are aware of errors\r\nand optimize their ordering decisions by taking into account this issue. The second situation deals with the case where an advanced automatic identification system such as the Radio Frequency Identification technology is deployed in order to eliminate\r\nerrors. Each situation is developed for three scenarios: in the centralized scenario,we consider a single decision-maker who is concerned with maximizing the entire supply chain’s profit; in the decentralized uncoordinated scenario, the retailer and the manufacturer act as different parties and do not cooperate. The third scenario is the decentralized coordinated scenario where we give conditions for coordinating the channel by designing a buyback contract.

Deckard: A System to Detect Change of RFID Tag Ownership

admin — Fri, 19 Dec 2008 19:01:11 GMT

Deckard: A System to Detect Change of RFID Tag Ownership

31-10-07 04:59
Age: 1 yrs

BY: MIROWSKI,LUKE; HARTNETT, JACKY

Change of tag ownership compromises the security goals of Radio Frequency Identification (RFID). When an attacker clones or steals an authorized subject’s tag, they are willingly granted access as RFID assumes the owner of a tag is always the authorized entity. We present Deckard, a new approach to preventing change of tag ownership. Deckard uses the principles of intrusion detection to look for anomalous behavior which may indicate a change of tag ownership has occurred. We have evaluated its performance in detecting synthesized attacks inside a sanitized RFID proximity tag audit log. The results suggest that intrusion detection systems can be used in RFID, although the weaknesses of statistical anomaly detection are also apparent when used on RFID data. We conclude with a call to further research of intrusion detection in RFID systems.

RFID, Privacy and the Perception of Risk: a strategic framework

admin — Fri, 19 Dec 2008 19:00:04 GMT

RFID, Privacy and the Perception of Risk: a strategic framework

10-10-07 10:28
Age: 1 yrs

BY: THIESSE, FRÉDÉRIC

Against the background of the first RFID-Rollouts by large retailers in North America and Europe, this paper concerns itself with the perception of RFID technology as a risk to privacy. The objective of our contribution is to identify, at a relatively early phase of the risk development, strategic options with which RFID suppliers and users can positively influence the public acceptance of the technology. We propose a strategic framework based on research findings on risk perception and technology acceptance as well as a set of options for coping with the public perception of RFID-related privacy risks.

Lifecycle ID and Lifecycle Data Management

admin — Fri, 19 Dec 2008 18:58:55 GMT

Lifecycle ID and Lifecycle Data Management

10-10-07 10:36
Age: 1 yrs

BY: HARRISON, MARK; PARLIKAD, AJITH KUMAR

This paper focuses on issues that must be considered in the design of lifecycle ID and data management systems, considering both intra-organizational issues and inter-organizational issues.

Data Synchronization Specification

admin — Fri, 19 Dec 2008 18:57:59 GMT

Data Synchronization Specification

10-10-07 11:08
Age: 1 yrs

BY: SUZUKI, SHIGEYA; HARRISON, MARC

Report Abstract: Generalized synchronization of tag data and networked database is a challenging topic, but once synchronization-based data distribution is provided, operators such as maintenance mechanics can update information without connectivity to the network or networked databases.\r\nThis report presents an overview of requirements and an initial proposal of data synchronization. This report also covers topics that need to be discussed with partners, as a vehicle to share current thoughts and issues around this research.\r\n

Track and Trace Case Studies Report

admin — Fri, 19 Dec 2008 18:57:05 GMT

Track and Trace Case Studies Report

10-10-07 11:15
Age: 1 yrs

BY: KELEPOURIS, THOMAS; BAYNHAM, TOM; MCFARLANE, DUNCAN

As part of the track and trace theme of the Aero-ID programme, a series of case studies are being undertaken to establish the role of identification technologies can play in improving tracking and tracing. This report presents some initial results from two case studies focused on track and trace operations, which took place at a distribution centre for commercial aircraft parts and a military aircraft spare parts supply chain. The aims of the case studies were to analyze companies’ main operations and to identify potential areas of operational improvement. The report explores issues regarding both logistics operations and repairable parts management. Through the study, we identify the needs for improved tracking and tracing information quality; we propose how automatic identification technologies can improve information quality and in turn optimize operational efficiency.\r\n\r\n

Automatic ID Systems: Enablers for Track and Trace Performance

admin — Fri, 19 Dec 2008 18:56:06 GMT

Automatic ID Systems: Enablers for Track and Trace Performance

10-10-07 11:27
Age: 1 yrs

BY: KELEPOURIS, THOMAS; BLOCH DA SILVA, SAMUEL; MCFARLANE, DUNCAN

Report Abstract: This report presents the results from a series of case studies regarding track and trace performance in the aerospace industry. The report briefly describes the tracking and tracing operations of the companies studied, and identifies the challenges they face with regard to tracking and tracing. The report analyzes the factors that affect track and trace effectiveness. It further analyzes how each factor affects performance and how automatic identification technologies can optimize effectiveness and efficiency in the respective operations. Finally, the report describes how these findings can provide the basis for a track and trace performance measurement framework, which will be able to assess the performance of a company in different track and trace operations.\r\n\r\n

EPC Identifiers for aerospace

admin — Fri, 19 Dec 2008 18:54:41 GMT

EPC Identifiers for aerospace

10-10-07 11:28
Age: 1 yrs

BY: HARRISON, MARK

Report Abstract: This paper is a technical report developed in conjunction with the ATA ‘RFID on Parts’ work group to express end-user requirements and propose a technical solution, aligned with existing EPCglobal Tag Data Standards.\r\n \r\n

Operating Appliances with Mobile Phones –Strengths and Limits of a Universal Interaction Device

admin — Fri, 19 Dec 2008 18:53:33 GMT

Operating Appliances with Mobile Phones –Strengths and Limits of a Universal Interaction Device

10-10-07 11:33
Age: 1 yrs

BY: RODUNER, CHRISTOF; LANGHEINRICH, MARC; FLOERKEMEYER, CHRISTIAN; SCHWARZENTRUB, BEAT

Mobile phones are increasingly becoming ubiquitous computational devices that are almost always available, individually adaptable, and nearly universally connectable (using both wide area and short range communication capabilities). Until Star Trek-like speech interfaces are fully developed, mobile phones seem thus poised to become our main devices for interacting with intelligent spaces and smart appliances, such as buying train passes, operating vending machines, or controlling smart homes (e.g., TVs, stereos, and dishwashers, as well as heating and light). But how much can a mobile phone simplify our everyday interactions, before it itself becomes a usability burden? What are the capabilities and limitations of using mobile phones to control smart appliances, i.e., operating things like ATMs or coffee makers that typically do not benefit from remote control? This paper presents a user study investigating the use of a prototypical, mobile phone based interaction system to operate a range of appliances in a number of different task settings. Our results show that mobile devices can greatly simplify appliance operation in exceptional situations, but that the idea of a universal interaction device is less suited for general, everyday appliance control.

Features, Identity, Tracing, and Cryptography in Product Authentication

admin — Fri, 19 Dec 2008 18:52:02 GMT

Features, Identity, Tracing, and Cryptography in Product Authentication

10-10-07 11:35
Age: 1 yrs

BY: LEHTONEN, MIKKO; OERTEL, NINA; VOGT, HARALD

Product authentication is needed in anti-counterfeiting to distinguish genuine products from counterfeit ones. In spite of the current availability of sophisticated techniques and solution concepts for product authentication, secure authentication of different kinds of physical products remains an unsolved problem in practice. This paper presents a systematic overview of product authentication techniques. Our goal is to identify and analyze fundamental approaches for product authentication, investigate the available and emerging technologies and to evaluate them. The results are used to derive a set of decision variables, or constraints, that need to be taken into consideration when choosing which approach is most suitable to authenticate a given product.