Secure and Private RFID-Enabled Third-Party Supply Chain Systems

Radio Frequency Identification (RFID) is a key emerging technology for supply chain systems. By attaching RFID tags to various products, product-related data can be efficiently indexed, retrieved and shared among multiple participants involved in an RFID-enabled supply chain. The flexible data access property, however, raises security and privacy concerns. In this paper, we target at security and privacy issues in RFID-enabled supply chain systems. We investigate RFID-enabled Third-party Supply chain (RTS) systems and identify several inherent security and efficiency requirements. We further design a Secure RTS system called SRTS, which leverages RFID tags to deliver computation-lightweight crypto-IDs in the RTS system to meet both the security and efficiency requirements. SRTS introduces a Private Verifiable Signature (PVS) scheme to generate computation-lightweight crypto-IDs for product batches, and couples the primitive in RTS system through careful design. We conduct theoretical analysis and experiments to demonstrate the security and efficiency of SRTS.

[1]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[2]  Matthias Schumann,et al.  Managing RFID data in supply chains , 2007, Int. J. Internet Protoc. Technol..

[3]  Angelo De Caro,et al.  jPBC: Java pairing based cryptography , 2011, 2011 IEEE Symposium on Computers and Communications (ISCC).

[4]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[5]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[6]  Shigang Chen,et al.  Privacy-preserving RFID authentication based on cryptographical encoding , 2012, 2012 Proceedings IEEE INFOCOM.

[7]  Adrian Perrig,et al.  SafeSlinger: easy-to-use and secure public-key exchange , 2013, MobiCom.

[8]  Georg Fuchsbauer,et al.  Automorphic Signatures in Bilinear Groups and an Application to Round-Optimal Blind Signatures , 2009, IACR Cryptol. ePrint Arch..

[9]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[10]  Ming Zhang,et al.  Efficient information collection protocols for sensor-augmented RFID networks , 2011, 2011 Proceedings IEEE INFOCOM.

[11]  Refik Molva,et al.  CHECKER: on-site checking in RFID-based supply chains , 2012, WISEC '12.

[12]  Bryan Parno,et al.  Unidirectional Key Distribution Across Time and Space with Applications to RFID Security , 2008, USENIX Security Symposium.

[13]  Mihir Bellare,et al.  Fast Batch Verification for Modular Exponentiation and Digital Signatures , 1998, IACR Cryptol. ePrint Arch..

[14]  Akhil Kumar,et al.  Leveraging Information Sharing to Increase Supply Chain Configurability , 2003, ICIS.

[15]  Adriana Rossiter Hofer,et al.  The Roles of Procedural and Distributive Justice in Logistics Outsourcing Relationships , 2012 .

[16]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[17]  Darren Leigh,et al.  A Software-Defined Radio System for Backscatter Sensor Networks , 2008, IEEE Transactions on Wireless Communications.

[18]  Chunhua Su,et al.  Protecting and Restraining the Third Party in RFID-Enabled 3PL Supply Chains , 2010, ICISS.

[19]  Refik Molva,et al.  Tracker: Security and Privacy for RFID-based Supply Chains , 2010, NDSS.

[20]  Bo Sheng,et al.  Secure and Serverless RFID Authentication and Search Protocols , 2008, IEEE Transactions on Wireless Communications.

[21]  Mike Burmester,et al.  Robust, anonymous RFID authentication with constant key-lookup , 2008, ASIACCS '08.

[22]  Mike Burmester,et al.  Universally composable and forward-secure RFID authentication and authenticated key exchange , 2007, ASIACCS '07.

[23]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, PerCom Workshops.

[24]  Alex X. Liu,et al.  RFIDGuard: a lightweight privacy and authentication protocol for passive RFID tags , 2010, Secur. Commun. Networks.

[25]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[26]  BRian L. Dos RfiD in the supply chain: Panacea or Pandora's Box? , 2008 .

[27]  Yuanqing Zheng,et al.  Fast tag searching protocol for large-scale RFID systems , 2011, ICNP 2011.

[28]  Tassos Dimitriou,et al.  A secure and efficient RFID protocol that could make big brother (partially) obsolete , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM'06).

[29]  Robert H. Deng,et al.  Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[30]  Tatsuaki Okamoto,et al.  A digital multisignature scheme using bijective public-key cryptosystems , 1988, TOCS.

[31]  Roy Want,et al.  An introduction to RFID technology , 2006, IEEE Pervasive Computing.

[32]  Yunhao Liu,et al.  ACTION: Breaking the Privacy Barrier for RFID Systems , 2009, IEEE INFOCOM 2009.

[33]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[34]  Shigang Chen,et al.  Efficient Protocols for Identifying the Missing Tags in a Large RFID System , 2013, IEEE/ACM Transactions on Networking.

[35]  Florian Kerschbaum,et al.  Industrial Privacy in RFID-based Batch Recalls , 2008, 2008 12th Enterprise Distributed Object Computing Conference Workshops.