| ¡¡ | Chinese Journal of Computers Full Text |
| Title | A Universally Composable Secure RFID Communication Protocol in Supply Chains |
| Authors | ZHANG Fan1),2) SUN Xuan1),3) MA Jian-Feng1) CAO Chun-Jie1) ZHU Jian-Ming4) |
| Address | 1)(Key Laboratory of Computer Networks and Information Security, Xidian University, Xi¡¯an 710071) 2)(Institute of Beijing Computer Technology and Application, Second Academy of China Aerospace Science and Industry Corporation, Beijing 100854) 3)(Huhhot Railway Bureau£¬ Huhhot 010020) 4)(School of Information, Central University of Finance Economics, Beijing 100081) |
| Year | 2008 |
| Issue | No.10(1754¡ª1767) |
| Abstract & Background | Abstract Supply chain management is the major field for RFID application. However, little work has been conducted to address the security issues in this context. Existing RFID solutions cannot be applied directly in this field because of a set of special RFID security requirements to be addressed for supply chain management. The major contribution of this paper is to identify the unique set of security requirements for secure RFID communications in supply chains, propose a universally composable model that satisfies the security requirements, and design a lightweight protocol that realizes the universally composable model. This paper further defines the security requirement of unlinkability, and classifies the typical RFID protocols according to the security requirements. Keywords supply chain management; RFID; security; universally composable model; protocol Background In response to globalization, businesses and industries are increasingly moving towards using automated supply chains. Among the several technologies that are being explored, Radio Frequency Identification (RFID) technology has emerged as the one with the most potential to facilitate the creation of secure, reliable and efficient supply chains such that partners could operate, exchange and interact in a seamless, coordinated and optimal manner. RFID technologies enable product and other supply chain related information to be automatically collected, tracked, shared and managed efficiently. The primary reason is that a batch of tagged products can be identified by a RFID reader in a fast and contact-less manner. This helps to dramatically improve the efficiency of information collection in supply chains. MIT AutoID center under the support of UCC has standardized the Electronic Product Code (EPC) network by integrating RFID technology with the Internet. This allows for ease in sharing the RFID collected information among the partners of the supply chains. It is estimated that the savings due to the use of such RFID tags in global supply chains amounts to billions of dollars per year. However, two major issues, namely security and visibility have emerged as critical challenges which have to be addressed for RFID-enabled supply chains to become a reality. Supply chain security involves antitracking measures against unauthorized RFID readers (including those of outsiders and malicious insiders), while visibility ensures tracking by authorized parties (such as supply chain partners) and visibility authority. Currently the EPC standards depend entirely on honest supply chain partners to realize visibility in the entire chain without explicit accountability for any violations. Similarly, providing security with a focus only on a single RFID channel without considering the relationship among partners prevents the sharing of information among them. In this paper, the authors propose an efficient RFID protocol which aims to ensure both the security and visibility requirements of a modern supply chain. The major contribution of this paper is to identify the unique set of security requirements for secure RFID communications in supply chains, propose a universally composable model that satisfies the security requirements, and design a lightweight protocol that realizes the universally composable model. At the end of this paper, the authors further define the security requirement of unlinkability, and classify the typical RFID protocols according to the security requirements. |