Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
An approach to security and privacy of RFID system for supply chain
Gao X., Xiang Z., Wang H., Shen J., Huang J., Song S.  CEC-East ’04 (Proceedings of the IEEE International Conference on E-Commerce Technology for Dynamic E-Business, Sep 13-15, 2004)164-168.2004.Type:Proceedings
Date Reviewed: Jun 22 2005

The security and privacy issues that surround radio frequency identification (RFID) systems in practice are becoming ever more obvious, as the technology moves from the concept and pilot phase into full-scale production systems. While the authors primarily address the issues surrounding the use of RFID in supply chain scenarios, the same issues are relevant when discussing security and privacy in other situations, especially those that incorporate RFID into human identification systems, such as driver’s licenses and passports.

This paper presents a short review of RFID, and a sample of the security challenges. Several previous proposals are presented and their shortcomings are introduced, including scalability and the loss of functionality. The authors attempt to provide a solution that addresses these shortcomings, and describe a method that could be used within the supply chain.

The approach presented has some similarities to the hash lock [1] proposal, and thus meets the requirements of low processing and storage overhead on the tag itself, requiring the ability to calculate a cryptographic hash, produce a random number, and store an additional reader ID.

The presented algorithm is interesting, however it leaves four major challenges unaddressed. First, the system requires that each reader have access to the tag ID as well as the precomputed hash. In a system as large as the global supply chain, this presents a major challenge in ensuring that any possible reader in the chain has appropriate access to all of the possible tags that may pass within its domain. Second, since both the tag IDs and the hash algorithm will be widely known, there is a high likelihood that eavesdropping is feasible, simply by building a private database of tag ID/hash (tag ID) pairs, and correlating this with the eavesdropped information. Third, for each tag to be readable, the upstream reader must know the reader ID for the next downstream set of readers. This represents a formidable challenge in the global supply chain. Lastly, since each tag responds with static information (in this case, the hash of the tag ID), it is possible to track the tag over time, and, in fact, to go back in time based on a future read.

While the proposed approach does meet some of the requirements for securing the supply chain, continued work is needed to refine the approach and address the remaining issues.
Reviewer:  Kipp Jones Review #: CR131407 (0605-0500)
1) Weis, S.; Sarma, S.; Rivest, R.; Engles, D. Security and privacy aspects of low-cost radio frequency identification systems. In First Intl. Conf. on Security in Pervasive Computing Springer, 2003, 201–212.
Bookmark and Share
  Reviewer Selected
Featured Reviewer 		 
 
Real-Time Systems And Embedded Systems (D.4.7 ... )
 
 
Logistics (H.4.2 ... )
 
 
Security (K.4.4 ... )
 
 
Electronic Commerce (K.4.4 )
 
 
Types Of Systems (H.4.2 )
 
Would you recommend this review?
yes
no
Other reviews under "Real-Time Systems And Embedded Systems": Date
Real-time software techniques
Heath W., Van Nostrand Reinhold Co., New York, NY, 1991. Type: Book (9780442003050)		 Aug 1 1991
Developing safety systems
Pyle I., Prentice-Hall, Inc., Upper Saddle River, NJ, 1991. Type: Book (9780132042987)		 Jul 1 1992
Real-time systems with transputers
Zedan H.  Real-time systems with transputers,York, UK,Sep 18-20, 1990,1990. Type: Whole Proceedings		 Apr 1 1992
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy