Research On The Security And Privacy Issues In RFID-based Supply Chain

Radio Frequency Identifcation (RFID) technology represents a fundamentalchange in the information technology infrastructure. It is a non-contact, automaticidentifcation technology that uses radio signals to identify, track, sort and detect avariety of objects including people, vehicles, goods and assets without the need fordirect contact. Nowadays, RFID technology is becoming popular and begins to entermany spheres of everyday life and industrial sectors. Supply chain management isone of the most signifcant application domains using RFID solutions. With thedeployment of RFID technologies which provide rich and timely information, supplychain management process has been signifcantly improved.RFID systems bring along its share of security and privacy related problemssuch as eavesdropping, tracking and relay attacks. The RFID security and privacychallenge is formidable mainly because of the extremely scarce resources available ona typical tag. Only simple operations are allowed such as XOR, bit inner product,pseudorandom number generator (PRNG) and hash function.RFID-based supply chain system is more complicated than a single tag anda single reader RFID system, It embraces the subjects of how to deal with theinteractions between a single tag and multiple readers, ownership transfer problems in the supply chain life cycle, products recovery issues, the path security of thesupply chain etc., which bring new challenges to researchers. The paper mainlypays attention to four aspects: path-checking, ownership transfer, grouping-proofand relay attacks. The main contributions are listed as follows:1. We propose two novel path-checking protocols namely PSAM and PCOMSrespectively. PSAM is based on sequential aggregate message authenticationcodes and uses mutual authentication to guarantee tag privacy. In order tosave resources, we use SQUASH as message authentication codes which isconsidered to be suited for RFID systems. PCOMS is based on Boldyreva’sordered multisignatures (OMS), a reader will provide its own signature when atag passes by in order to record the path information, we improve Boldyreva’sscheme to implement verifcation by designated readers, which also protectthe path privacy of the tags.2. We propose a novel RFID tag ownership transfer scheme namely FIT basedon Trust Third Party (TTP). It has the following advantages: First, it lever-ages Elgamal re-encryption of index to support constant-time authentication.Second, the old owner privacy is guaranteed by backward untraceability ofFIT scheme, the new owner privacy is assured by updating the index and thestate of the tag as well. Third, it provides the function of issuer verifcation.3. We present two grouping-proof protocols GPO and GPI for order dependentand order independent respectively. GPO is based on circular linked list witha master tag, which efectively resists multiple impersonation attacks. GPIleverages the time stamp and the signature of verifer to prevent grouping-proof forging of malicious readers. Additionally, we use improved OSK au-thentication protocol at the tag side which can efectively resist privacy at-tacks.4. We propose two diferent distance bounding protocols for resisting relay at-tacks named MEED and HKM respectively. MEED leverages only2n bits ofmemory, which is less than most existing protocols. In addition, the tag inMEED is able to detect adversary’s malicious queries. HKM improves the ef- fciency of memory of HK protocol and mixes the predefned challenge and therandom challenge to decrease the adversary’s probability of success. Finally,relay attacks are implemented on NFC mobile phones.