Kaoutar Elkhiyaoui
ABSTRACT
Counterfeit detection in RFID-based supply chains aims at preventing adversaries from injecting fake products that do not meet quality standards. This paper introduces CHECKER, a new protocol for counterfeit detection in RFID-based supply chains through on-site checking. While RFID-equipped products travel through the supply chain, RFID readers can verify product genuineness by checking the validity of the product's path. CHECKER uses a polynomial-based encoding to represent paths in the supply chain. Each tag T in CHECKER stores an IND-CCA encryption of T's identifier ID and a signature of ID using the polynomial encoding of T's path as secret key. CHECKER is provably secure and privacy preserving. An adversary can neither inject fake products into the supply chain nor trace products. Moreover, RFID tags in CHECKER can be cheap read/write only tags that do not perform any computation. Per tag, only 120 Bytes storage are required.
- G. Ateniese, J. Camenisch, and B. de Medeiros. Untraceable RFID tags via insubvertible encryption. In CCS '05: Proceedings of the 12th ACM conference on Computer and communications security, pages 92--101, New York, NY, USA, 2005. ACM. ISBN 1-59593-226-7. Google Scholar
Digital Library
- G. Ateniese, J. Kirsch, and M. Blanton. Secret Handshakes with Dynamic and Fuzzy Matching. In Proceedings of the Network and Distributed System Security Symposium, NDSS. The Internet Society, 2007.Google Scholar
- L. Ballard, M. Green, B. de Medeiros, and F. Monrose. Correlation-Resistant Storage via Keyword-Searchable Encryption. Cryptology ePrint Archive, Report 2005/417, 2005. http://eprint.iacr.org/.Google Scholar
- E.-O. Blass, K. Elkhiyaoui, and R. Molva. Tracker: security and privacy for RFID-based supply chains. In NDSS'11, 18th Annual Network and Distributed System Security Symposium, 6-9 February 2011, San Diego, California, USA, ISBN 1-891562-32-0, 02 2011.Google Scholar
- D. Boneh, B. Lynn, and H. Shacham. Short signatures from the weil pairing. Journal of Cryptology, 17:297--319, 2004. ISSN 0933-2790. Google ScholarDigital Library
- T. Burbridge and A. Soppera. Supply chain control using a RFID proxy re-signature scheme. In RFID, 2010 IEEE International Conference on, pages 29--36, april 2010.Google ScholarCross Ref
- R. Cramer and V. Shoup. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In CRYPTO '98, pages 13--25. Springer-Verlag, 1998. Google ScholarDigital Library
- E. De Cristofaro and G. Tsudik. Practical private set intersection protocols with linear complexity. In R. Sion, editor, Financial Cryptography and Data Security, volume 6052 of Lecture Notes in Computer Science, pages 143--159. Springer Berlin / Heidelberg, 2010. ISBN 978-3-642-14576-6. Google ScholarDigital Library
- E. De Cristofaro, J. Kim, and G. Tsudik. Linear-complexity private set intersection protocols secure in malicious model. In M. Abe, editor, Advances in Cryptology - ASIACRYPT 2010, volume 6477 of Lecture Notes in Computer Science, pages 213--231. Springer Berlin / Heidelberg, 2010. ISBN 978-3-642-17372-1.Google Scholar
- T. Dimitrou. rfidDOT: RFID delegation and ownership transfer made simple. In Proceedings of International Conference on Security and privacy in Communication Networks, Istanbul, Turkey, 2008. ISBN 978-1-60558-241-2. Google ScholarDigital Library
- E. Fujisaki and T. Okamoto. How to Enhance the Security of Public-Key Encryption at Minimum Cost. In Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography, PKC '99, pages 53--68, London, UK, 1999. Springer-Verlag. ISBN 3-540-65644-8. Google ScholarDigital Library
- S. D. Galbraith, K. G. Paterson, and N. P. Smart. Pairings for cryptographers. Discrete Appl. Math., 156:3113--3121, September 2008. ISSN 0166-218X. Google ScholarDigital Library
- A. Juels and S. Weis. Defining Strong Privacy for RFID. In PerCom Workshops, pages 342--347, White Plains, USA, 2007. ISBN 978-0-7695-2788-8. Google ScholarDigital Library
- A. Miyaji, M. Nakabayashi, and S. Takano. New Explicit Conditions of Elliptic Curve Traces for FRReduction. TIEICE: IEICE Transactions on Communications/ Electronics/Information and Systems, 2001.Google Scholar
- G. Noubir, K. Vijayan, and H. J. Nussbaumer. Signaturebased method for run-time fault detection in communication protocols. Computer Communications Journal, 21(5):405--421, 1998. ISSN 0140-3664. Google ScholarDigital Library
- K. Ouafi and S. Vaudenay. Pathchecker: an RFID Application for Tracing Products in Suply-Chains. In Workshop on RFID Security -- RFIDSec'09, pages 1--14, Leuven, Belgium, 2009. http://www.cosic.esat.kuleuven.be/rfidsec09/Papers/pathchecker.pdf.Google Scholar
- A. Sadeghi, I. Visconti, and C. Wachsmann. Anonymizer- Enabled Security and Privacy for RFID. In 8th International Conference on Cryptology And Network Security-CANS'09, Kanazawa, Ishikawa, Japan, December 2009. Springer. ISBN 978-3-642-10432-9. Google ScholarDigital Library
- M. Scott. Authenticated ID-based Key Exchange and remote log-in with simple token and PIN number. Cryptology ePrint Archive, Report 2002/164, 2002. http://eprint. iacr.org/.Google Scholar
- UPM RFID Technology. UPM Raflatac MiniTrak datasheet, 2011. http://www.upmrfid.com/rfid/images/MiniTrack_SLI_datasheet.pdf/$FILE/MiniTrack_SLI_datasheet.pdf.Google Scholar
- S. Vaudenay. On Privacy Models for RFID. In Proceedings of ASIACRYPT, pages 68--87, Kuching, Malaysia, 2007. ISBN 978-3-540-76899-9. Google ScholarDigital Library
Index Terms
- CHECKER: on-site checking in RFID-based supply chains
Recommendations
On two RFID privacy notions and their relations
Privacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions in the literature: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on ...
A Novel Anonymous RFID Authentication Protocol Providing Strong Privacy and Security
MINES '10: Proceedings of the 2010 International Conference on Multimedia Information Networking and SecurityAs the radio frequency identification (RFID) technology continues to evolve and mature, RFID tags can be implemented in a wide range of applications. Due to the shared wireless medium between the RFID reader and the RFID tag, however, adversaries can ...
Impossibility results for RFID privacy notions
Transactions on computational science XIRFID systems have become increasingly popular and are already used in many real-life applications. Although very useful, RFIDs introduce privacy risks since they carry identifying information that can be traced. Hence, several RFID privacy models have ...
Comments