research-article

RFID-based supply chain partner authentication and key agreement

Authors:
Florian Kerschbaum

SAP Research, Karlsruhe, Germany

SAP Research, Karlsruhe, Germany
View Profile

,
Alessandro Sorniotti

SAP Research and Institut Eurecom, Sophia Antipolis, France

SAP Research and Institut Eurecom, Sophia Antipolis, France
View Profile

WiSec '09: Proceedings of the second ACM conference on Wireless network securityMarch 2009Pages 41–50https://doi.org/10.1145/1514274.1514281

Published:16 March 2009Publication History

WiSec '09: Proceedings of the second ACM conference on Wireless network security

Pages 41–50

ABSTRACT

The growing use of RFID in supply chains brings along an indisputable added value from the business perspective, but raises a number of new interesting security challenges. One of them is the authentication of two participants of the supply chain that have possessed the same tagged item, but that have otherwise never communicated before. The situation is even more complex if we imagine that participants to the supply chain may be business competitors. We present a novel cryptographic scheme that solves this problem. In our solution, users exchange tags over the cycle of a supply chain and, if two entities have possessed the same tag, they agree on a secret common key they can use to protect their exchange of business sensitive information. No rogue user can be successful in a malicious authentication, because it would either be traceable or it would imply the loss of a secret key, which provides a strong incentive to keep the tag authentication information secret and protects the integrity of the supply chain. We provide game-based security proofs of our claims, without relying on the random oracle model.

References

A. Asif and M. Mandviwalla. Integrating the supply chain with rfid: A technical and business analysis. In Communications of the Association for Information Systems, vol. 15, pages 393--427, 2005.Google ScholarCross Ref
G. Ateniese, M. Blanton, and J. Kirsch. Secret handshakes with dynamic and fuzzy matching. In Network and Distributed System Security Symposuim, pages 159--177. The Internet Society, 02 2007. CERIAS TR 2007--24.Google Scholar
G. Ateniese, K. Fu, M. Green, and S. Hohenberger. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Transactions on Information and System Security, 9(1), 2006. Google ScholarDigital Library
G. Ateniese and S. Hohenberger. Proxy re-signatures: new definitions, algorithms, and applications. In ACM Conference on Computer and Communications Security, 2005. Google ScholarDigital Library
D. Balfanz, G. Durfee, N. Shankar, D. K. Smetters, J. Staddon, and H.-C. Wong. Secret handshakes from pairing--based key agreements. In IEEE Symposium on Security and Privacy, pages 180--196, 2003. Google ScholarDigital Library
M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In ACM Conference on Computer and Communications Security, pages 62--73, 1993. Google ScholarDigital Library
Y. Bendavid, S. F. Wamba, and L. A. Lefebvre. Proof of concept of an rfid-enabled supply chain in a b2b e-commerce environment. In ICEC '06: Proceedings of the 8th international conference on Electronic commerce, pages 564--568, New York, NY, USA, 2006. ACM. Google ScholarDigital Library
M. Blaze, G. Bleumer, and M. Strauss. Divertible protocols and atomic proxy cryptography. In EUROCRYPT, 1998.Google ScholarCross Ref
D. Boneh and X. Boyen. Efficient selective-id secure identity-based encryption without random oracles. In EUROCRYPT, pages 223--238, 2004.Google ScholarCross Ref
D. Boneh and M. K. Franklin. Identity-based encryption from the weil pairing. SIAM J. Comput., 32(3):586--615, 2003. Google ScholarDigital Library
D. Boneh, B. Lynn, and H. Shacham. Short signatures from the weil pairing. Journal of Cryptology, 17(4), 2004. Google ScholarDigital Library
R. Canetti and S. Hohenberger. Chosen-ciphertext secure proxy re-encryption. In ACM Conference on Computer and Communications Security, 2007. Google ScholarDigital Library
H. Chabanne, D. H. Phan, and D. Pointcheval. Public traceability in traitor tracing schemes. In EUROCRYPT, pages 542--558, 2005. Google ScholarDigital Library
W. Diffie and M. Hellman. New directions in cryptography. Information Theory, IEEE Transactions on, 22(6):644--654, Nov 1976.Google ScholarDigital Library
S. Garfinkel, A. Juels, and R. Pappu. Rfid privacy: an overview of problems and proposed solutions. Security & Privacy, IEEE, 3(3):34--43, May-June 2005. Google ScholarDigital Library
M. Green and G. Ateniese. Identity-based proxy re-encryption. In Conference on Applied Cryptography and Network Security, 2007. Google ScholarDigital Library
A. Joux. A one round protocol for tripartite diffie-hellman. Journal of Cryptology, 17(4), 2004. Google ScholarDigital Library
A. Juels. RFID Security and Privacy: A Research Survey. IEEE Journal on Selected Areas in Communications, 24(2):381--394, February 2006. Google ScholarDigital Library
A. Juels, R. Pappu, and B. Parno. Unidirectional key distribution across time and space with applications to rfid security. In USENIX Security Symposium, 2008. Google ScholarDigital Library
A. Juels and S. A. Weis. Defining strong privacy for rfid. Pervasive Computing and Communications Workshops, 2007. PerCom Workshops '07. Fifth Annual IEEE International Conference on, pages 342--347, March 2007. Google ScholarDigital Library
S. Lal and P. Kushwah. Multi-pkg id based signcryption. Cryptology ePrint Archive, Report 2008/050, 2008.Google Scholar
H. Lee and J. Kim. Privacy threats and issues in mobile rfid. Availability, Reliability and Security, 2006. ARES 2006. The First International Conference on, pages 5 pp.--, April 2006. Google ScholarDigital Library
B. Libert and D. Vergnaud. Multi-use unidirectional proxy re-signatures. CoRR, abs/0802.1113, 2008.Google Scholar
B. D. Santos and L. Smith. Rfid in the supply chain: panacea or pandora's box? Communications of the ACM, 51(10), 2008. Google ScholarDigital Library
A. Shamir. Identity-based cryptosystems and signature schemes. In CRYPTO, pages 47--53, 1984. Google ScholarDigital Library
S. F. Wamba and H. Boeck. Enhancing information flow in a retail supply chain using rfid and the epc network. J. Theor. Appl. Electron. Commer. Res., 3(1):92--105, 2008. Google ScholarDigital Library
B. Waters. Efficient identity-based encryption without random oracles. In EUROCRYPT, pages 114--127, 2005. Google ScholarDigital Library
Y. Yousuf and V. Potdar. A survey of rfid authentication protocols. Advanced Information Networking and Applications -- Workshops, 2008. AINAW 2008. 22nd International Conference on, pages 1346--1350, March 2008. Google ScholarDigital Library

Index Terms

RFID-based supply chain partner authentication and key agreement
1. Networks
  1. Network protocols
    1. Application layer protocols
2. Security and privacy
  1. Cryptography
  2. Systems security
    1. Operating systems security

Recommendations

A new provably secure authentication and key agreement mechanism for SIP using certificateless public-key cryptography

The session initiation protocol (SIP) is considered as the dominant signaling protocol for calls over the Internet. However, SIP authentication typically uses HTTP digest authentication, which is vulnerable to many forms of known attacks. This paper ...
Read More
New identity-based three-party authenticated key agreement protocol with provable security

Key agreement allows multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. In the recent years, several identity-based (ID-based) authenticated key agreement protocols ...
Read More
On Elliptic Curve Based Untraceable RFID Authentication Protocols
IH&MMSec '15: Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security

An untraceable RFID authentication scheme allows a legitimate reader to authenticate a tag, and at the same time it assures the privacy of the tag against unauthorized tracing. In this paper, we revisit three elliptic-curve based untraceable RFID ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
WiSec '09: Proceedings of the second ACM conference on Wireless network security
March 2009
280 pages
ISBN:9781605584607
DOI:10.1145/1514274
General Chair:
David Basin
ETH Zurich, Switzerland
,
Program Chairs:
Srdjan Capkun
ETH Zurich, Switzerland
,
Wenke Lee
Georgia Tech, USA
Copyright © 2009 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 16 March 2009
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
authentication
key agreement
proof of possession
rfid
supply chain
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate98of338submissions,29%
Upcoming Conference
WiSec '24

Sponsor:

sigsac

17th ACM Conference on Security and Privacy in Wireless and Mobile Networks

May 27 - 30, 2024

Seoul , Republic of Korea
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 23
  Total Citations
  View Citations
- 586
  Total Downloads
- Downloads (Last 12 months)4
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

RFID-based supply chain partner authentication and key agreement

WiSec '09: Proceedings of the second ACM conference on Wireless network security

ABSTRACT

References

Cited By

Index Terms

Recommendations

A new provably secure authentication and key agreement mechanism for SIP using certificateless public-key cryptography

New identity-based three-party authenticated key agreement protocol with provable security

On Elliptic Curve Based Untraceable RFID Authentication Protocols