Interoperable internet scale security framework for RFID networks

It is estimated that over 3 billion radio frequency identification (RFID) tags have been deployed through 2007. Most tags are used in supply chains where the electronic product code (EPC) and associated business event data are transmitted through RFID networks. Security and privacy issues are critically important in RFID networks because EPC data and their associated business events are valuable assets. Companies need to share these data with restricted business partners and, under some conditions, such as product recall, more widely with regulators and non business partners. At present, no security or privacy framework has been chosen as an EPCglobal standard due to the difficulty of sharing information between parties who have no direct business relationships and hence no business rules for sharing these data. To date, no security schemes have been deployed that can support multiple identity techniques and interchangeable complex business rules, as required by RFID networks. In this paper, we propose an Interoperable Internet Scale Security framework (IISS) for RFID networks. IISS performs authentication and authorization based on an aggregation of business rules, enterprise information, and RFID tag information. IISS provides a protocol for several authentication schemes and identity techniques detailed here. It also provides an engine for reasoning over business rules across domains. Moreover, IISS is able to resolve provenance information of RFID tags, which can identify the track of a particular piece of EPC data. We describe the IISS framework and the ontologies to model the information in IISS. We also discuss how the IISS framework can be developed for access control in RFID enabled supply chains.

[1]  Avishai Wool,et al.  Picking Virtual Pockets using Relay Attacks on Contactless Smartcard , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[2]  Paul F. Syverson,et al.  High-Power Proxies for Enhancing RFID Privacy and Utility , 2005, Privacy Enhancing Technologies.

[3]  Bing Jiang,et al.  Some Methods for Privacy in RFID Communication , 2004, ESAS.

[4]  Ari Juels,et al.  Squealing Euros: Privacy Protection in RFID-Enabled Banknotes , 2003, Financial Cryptography.

[5]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[6]  Hans Dobbertin Cryptanalysis of MD5 Compress , 1996 .

[7]  L. Stein,et al.  OWL Web Ontology Language - Reference , 2004 .

[8]  Simson L. Garfinkel,et al.  RFID privacy: an overview of problems and proposed solutions , 2005, IEEE Security & Privacy Magazine.

[9]  Gerhard P. Hancke,et al.  A Practical Relay Attack on ISO 14443 Proximity Cards , 2005 .

[10]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[11]  Matthew Green,et al.  Security Analysis of a Cryptographically-Enabled RFID Device , 2005, USENIX Security Symposium.

[12]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Authority Information Access Certificate Revocation List (CRL) Extension , 2005, RFC.

[13]  Kazuo Takaragi,et al.  An Ultra Small Individual Recognition Security Chip , 2001, IEEE Micro.

[14]  Ian Horrocks,et al.  OWL Web Ontology Language Reference-W3C Recommen-dation , 2004 .

[15]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[16]  Thomas R. Gruber,et al.  Toward principles for the design of ontologies used for knowledge sharing? , 1995, Int. J. Hum. Comput. Stud..

[17]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[18]  Sozo Inoue,et al.  RFID Privacy Using User-Controllable Uniqueness , 2003 .

[19]  Paul J. Walmsley,et al.  XML Schema Part 0: Primer Second Edition , 2004 .

[20]  Steffen Staab,et al.  DILIGENT: Towards a fine-grained methodology for Distributed, Loosely-controlled and evolving Engineering of oNTologies , 2004, ECAI.

[21]  Ari Juels,et al.  "Yoking-proofs" for RFID tags , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[22]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[23]  Dong Seong Kim,et al.  A Security Framework in RFID Multi-domain System , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[24]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[25]  Stephen Thomas SSL and TLS Essentials: Securing the Web , 2000 .

[26]  Dan Brickley,et al.  Rdf vocabulary description language 1.0 : Rdf schema , 2004 .

[27]  Ernesto Compatangelo,et al.  EER-CONCEPTOOL: a "reasonable" environment for schema and ontology sharing , 2002, 14th IEEE International Conference on Tools with Artificial Intelligence, 2002. (ICTAI 2002). Proceedings..

[28]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[29]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[30]  R GruberThomas Toward principles for the design of ontologies used for knowledge sharing , 1995 .

[31]  Daniel W. Engels,et al.  RFID Systems and Security and Privacy Implications , 2002, CHES.

[32]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[33]  Joseph Timothy Foley An infrastructure for electromechanical appliances on the Internet , 1999 .

[34]  Andrew S. Tanenbaum,et al.  RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management , 2005, ACISP.

[35]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[36]  Ari Juels,et al.  Minimalist Cryptography for Low-Cost RFID Tags , 2004, SCN.

[37]  Michael B. Jones,et al.  Design Rationale behind the Identity Metasystem Architecture , 2007, ISSE.

[38]  Dana S. Nau,et al.  Forward-Chaining Planning in Nondeterministic Domains , 2004, AAAI.