RFID-based supply chain partner authentication and key agreement

The growing use of RFID in supply chains brings along an indisputable added value from the business perspective, but raises a number of new interesting security challenges. One of them is the authentication of two participants of the supply chain that have possessed the same tagged item, but that have otherwise never communicated before. The situation is even more complex if we imagine that participants to the supply chain may be business competitors. We present a novel cryptographic scheme that solves this problem. In our solution, users exchange tags over the cycle of a supply chain and, if two entities have possessed the same tag, they agree on a secret common key they can use to protect their exchange of business sensitive information. No rogue user can be successful in a malicious authentication, because it would either be traceable or it would imply the loss of a secret key, which provides a strong incentive to keep the tag authentication information secret and protects the integrity of the supply chain. We provide game-based security proofs of our claims, without relying on the random oracle model.

[1]  Ran Canetti,et al.  Chosen-ciphertext secure proxy re-encryption , 2007, CCS '07.

[2]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[3]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[4]  WambaSamuel Fosso,et al.  Enhancing information flow in a retail supply chain using RFID and the EPC network , 2008 .

[5]  Jeeyeon Kim,et al.  Privacy threats and issues in mobile RFID , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[6]  Simson L. Garfinkel,et al.  RFID privacy: an overview of problems and proposed solutions , 2005, IEEE Security & Privacy Magazine.

[7]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[8]  Munir Mandviwalla,et al.  Integrating the Supply Chain with RFID: A Technical and Business Analysis , 2005, Commun. Assoc. Inf. Syst..

[9]  Susan Hohenberger,et al.  Proxy re-signatures: new definitions, algorithms, and applications , 2005, CCS '05.

[10]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[11]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[12]  Bryan Parno,et al.  Unidirectional Key Distribution Across Time and Space with Applications to RFID Security , 2008, USENIX Security Symposium.

[13]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[14]  Matthew Green,et al.  Identity-Based Proxy Re-encryption , 2007, ACNS.

[15]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[16]  Ygal Bendavid,et al.  Proof of concept of an RFID-enabled supply chain in a B2B e-commerce environment , 2006, ICEC '06.

[17]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[18]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[19]  Vidyasagar Potdar,et al.  A Survey of RFID Authentication Protocols , 2008, 22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008).

[20]  David Pointcheval,et al.  Public Traceability in Traitor Tracing Schemes , 2005, EUROCRYPT.

[21]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[22]  Brian L. Dos Santos,et al.  RFID in the supply chain , 2008, Commun. ACM.

[23]  Marina Blanton,et al.  Secret Handshakes with Dynamic and Fuzzy Matching , 2007, NDSS.

[24]  Benoît Libert,et al.  Multi-use unidirectional proxy re-signatures , 2008, CCS.

[25]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[26]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[27]  Sunder Lal,et al.  Multi-PKG ID based signcryption , 2008, IACR Cryptol. ePrint Arch..

[28]  Diana K. Smetters,et al.  Secret handshakes from pairing-based key agreements , 2003, 2003 Symposium on Security and Privacy, 2003..