A Cost-based Model for Risk Management in RFID-Enabled Supply Chain Applications

Radio Frequency IDentification (RFID) is a dedicated short range communication (DSRC) technology that enables a physically linked world where every object is identified, catalogued, and tracked through the use of a RFID tag, comprised of an IC (Integrated Circuit) chip and antenna that sends information to the RFID reader in response to a wireless probe. In contrast to barcodes, RFID does not require line of sight or contact between readers (also known as interrogators) and tagged objects. The main advantages of RFID systems are price efficiency and accuracy of stock management. In addition to emerging applications in retail and distribution, RFID has gradually been adopted and deployed in other service industries, including aircraft maintenance; baggage handling; laboratory procedures; security; and healthcare. Although RFID technology has obvious advantages, including increased visibility and fast identification, there are still some problems, including limitation of RFID tag’s hardware storage and memory; threat of counterfeiting; and other security and privacy issues (Juels, 2006). This study focuses on the counterfeiting problem of RFID technology in supply chain management (SCM). This problem appears as RFID tag cloning and fraud attacks (Gao et.al, 2004) that lead to financial losses and loss of trust and confidence. The RFID tag cloning and fraud attacks can hinder the adoption and acceptance of RFID technology (Choi et.al, 2008; Lehtonen, 2007). Therefore trust management plays an important role as an instrument of decision making whether a system is worthwhile to be used with a minimal risk (Kutvonen, 2005). The tradeoff of trust is considered against risk handling, security and privacy management. The significance of trust in the new emerging ubiquitous technology in a context of RFID is critical. Supply chain involves open network connectivities, physical products transportation, and transaction management, where trust counts in the selection of partners; the selection of software and hardware infrastructure; as well as the adoption of communication systems (Derakshan et.al, 2007). Public acceptance of RFID implications systems is still an open question due to its current limitations and vulnerabilities, (Lehtonen, 2007). In our previous work (Mahinderjit-Singh & Li, 2009; Mahinderjit-Singh & Li 2010), we proposed a novel seven layers trust framework for RFID-enabled supply chain management (SCM). Our seven-layer trust framework provides an approach to establish trustworthiness of large scale tracking systems and

[1]  Patrick T. Harker,et al.  The Art and Science of Decision Making: The Analytic Hierarchy Process , 1989 .

[2]  Damith C. Ranasinghe,et al.  Networked RFID Systems and Lightweight Cryptography: Raising Barriers to Product Counterfeiting , 2010 .

[3]  Tom Fawcett,et al.  Adaptive Fraud Detection , 1997, Data Mining and Knowledge Discovery.

[4]  Jian Huang,et al.  An approach to security and privacy of RFID system for supply chain , 2004, IEEE International Conference on E-Commerce Technology for Dynamic E-Business.

[5]  Qiang Yang,et al.  Test strategies for cost-sensitive decision trees , 2006, IEEE Transactions on Knowledge and Data Engineering.

[6]  Damith C. Ranasinghe,et al.  EPC Network Architecture , 2008 .

[7]  Florian Michahelles,et al.  Trust and Security in RFID-Based Product Authentication Systems , 2007, IEEE Systems Journal.

[8]  Chi-Sung Laih,et al.  IDSIC: an intrusion detection system with identification capability , 2007, International Journal of Information Security.

[9]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[10]  Jacky Hartnett,et al.  Deckard: A System to Detect Change of RFID Tag Ownership , 2007 .

[11]  Sherali Zeadally,et al.  TMS-RFID: Temporal management of large-scale RFID applications , 2011, Inf. Syst. Frontiers.

[12]  Manmeet Mahinderjit Singh,et al.  Trust Framework for RFID Tracking in Supply Chain Management , 2009, IWRT.

[13]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[14]  Salvatore J. Stolfo,et al.  A Multiple Model Cost-Sensitive Approach for Intrusion Detection , 2000, ECML.

[15]  Ari Juels,et al.  Strengthening EPC tags against cloning , 2005, WiSe '05.

[16]  Matthew Green,et al.  Security Analysis of a Cryptographically-Enabled RFID Device , 2005, USENIX Security Symposium.

[17]  Isij Monitor,et al.  Network Intrusion Detection: An Analyst’s Handbook , 2000 .

[18]  Leonid Bolotnyy,et al.  Physically Unclonable Function-Based Security and Privacy in RFID Systems , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom'07).

[19]  Vijay Varadharajan,et al.  A Hybrid Trust Model for Enhancing Security in Distributed Systems , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[20]  Erland Jonsson,et al.  How to systematically classify computer security intrusions , 1997, S&P 1997.

[21]  Xue Li,et al.  RFID Data Management: Challenges and Opportunities , 2007, 2007 IEEE International Conference on RFID.

[22]  Manmeet Mahinderjit Singh,et al.  Trust in RFID-enabled Supply-Chain Management , 2010, Int. J. Secur. Networks.

[23]  Thomas J. McCabe,et al.  The Pareto principle applied to software quality assurance , 1998 .

[24]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[25]  Kwangjo Kim,et al.  Enhancing Security of EPCglobal Gen-2 RFID Tag against Traceability and Cloning , 2006 .

[26]  Lea Kutvonen,et al.  Trust Management Survey , 2005, iTrust.

[27]  Dong Hoon Lee,et al.  Anti-cloning protocol suitable to EPCglobal Class-1 Generation-2 RFID systems , 2009, Comput. Stand. Interfaces.

[28]  Patrick T. Harker,et al.  The Analytic hierarchy process : applications and studies , 1989 .

[29]  Elgar Fleisch,et al.  How to detect cloned tags in a reliable way from incomplete RFID traces , 2009, 2009 IEEE International Conference on RFID.

[30]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[31]  David Evans,et al.  Reverse-Engineering a Cryptographic RFID Tag , 2008, USENIX Security Symposium.

[32]  Vijay Varadharajan,et al.  Trust based risk management for distributed system security - a new approach , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[33]  T. Saaty An exposition of the AHP in reply to the paper “remarks on the analytic hierarchy process” , 1990 .