ABSTRACT
The growing use of RFID in supply chains brings along an indisputable added value from the business perspective, but raises a number of new interesting security challenges. One of them is the authentication of two participants of the supply chain that have possessed the same tagged item, but that have otherwise never communicated before. The situation is even more complex if we imagine that participants to the supply chain may be business competitors. We present a novel cryptographic scheme that solves this problem. In our solution, users exchange tags over the cycle of a supply chain and, if two entities have possessed the same tag, they agree on a secret common key they can use to protect their exchange of business sensitive information. No rogue user can be successful in a malicious authentication, because it would either be traceable or it would imply the loss of a secret key, which provides a strong incentive to keep the tag authentication information secret and protects the integrity of the supply chain. We provide game-based security proofs of our claims, without relying on the random oracle model.
- A. Asif and M. Mandviwalla. Integrating the supply chain with rfid: A technical and business analysis. In Communications of the Association for Information Systems, vol. 15, pages 393--427, 2005.Google ScholarCross Ref
- G. Ateniese, M. Blanton, and J. Kirsch. Secret handshakes with dynamic and fuzzy matching. In Network and Distributed System Security Symposuim, pages 159--177. The Internet Society, 02 2007. CERIAS TR 2007--24.Google Scholar
- G. Ateniese, K. Fu, M. Green, and S. Hohenberger. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Transactions on Information and System Security, 9(1), 2006. Google ScholarDigital Library
- G. Ateniese and S. Hohenberger. Proxy re-signatures: new definitions, algorithms, and applications. In ACM Conference on Computer and Communications Security, 2005. Google ScholarDigital Library
- D. Balfanz, G. Durfee, N. Shankar, D. K. Smetters, J. Staddon, and H.-C. Wong. Secret handshakes from pairing--based key agreements. In IEEE Symposium on Security and Privacy, pages 180--196, 2003. Google ScholarDigital Library
- M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In ACM Conference on Computer and Communications Security, pages 62--73, 1993. Google ScholarDigital Library
- Y. Bendavid, S. F. Wamba, and L. A. Lefebvre. Proof of concept of an rfid-enabled supply chain in a b2b e-commerce environment. In ICEC '06: Proceedings of the 8th international conference on Electronic commerce, pages 564--568, New York, NY, USA, 2006. ACM. Google ScholarDigital Library
- M. Blaze, G. Bleumer, and M. Strauss. Divertible protocols and atomic proxy cryptography. In EUROCRYPT, 1998.Google ScholarCross Ref
- D. Boneh and X. Boyen. Efficient selective-id secure identity-based encryption without random oracles. In EUROCRYPT, pages 223--238, 2004.Google ScholarCross Ref
- D. Boneh and M. K. Franklin. Identity-based encryption from the weil pairing. SIAM J. Comput., 32(3):586--615, 2003. Google ScholarDigital Library
- D. Boneh, B. Lynn, and H. Shacham. Short signatures from the weil pairing. Journal of Cryptology, 17(4), 2004. Google ScholarDigital Library
- R. Canetti and S. Hohenberger. Chosen-ciphertext secure proxy re-encryption. In ACM Conference on Computer and Communications Security, 2007. Google ScholarDigital Library
- H. Chabanne, D. H. Phan, and D. Pointcheval. Public traceability in traitor tracing schemes. In EUROCRYPT, pages 542--558, 2005. Google ScholarDigital Library
- W. Diffie and M. Hellman. New directions in cryptography. Information Theory, IEEE Transactions on, 22(6):644--654, Nov 1976.Google ScholarDigital Library
- S. Garfinkel, A. Juels, and R. Pappu. Rfid privacy: an overview of problems and proposed solutions. Security & Privacy, IEEE, 3(3):34--43, May-June 2005. Google ScholarDigital Library
- M. Green and G. Ateniese. Identity-based proxy re-encryption. In Conference on Applied Cryptography and Network Security, 2007. Google ScholarDigital Library
- A. Joux. A one round protocol for tripartite diffie-hellman. Journal of Cryptology, 17(4), 2004. Google ScholarDigital Library
- A. Juels. RFID Security and Privacy: A Research Survey. IEEE Journal on Selected Areas in Communications, 24(2):381--394, February 2006. Google ScholarDigital Library
- A. Juels, R. Pappu, and B. Parno. Unidirectional key distribution across time and space with applications to rfid security. In USENIX Security Symposium, 2008. Google ScholarDigital Library
- A. Juels and S. A. Weis. Defining strong privacy for rfid. Pervasive Computing and Communications Workshops, 2007. PerCom Workshops '07. Fifth Annual IEEE International Conference on, pages 342--347, March 2007. Google ScholarDigital Library
- S. Lal and P. Kushwah. Multi-pkg id based signcryption. Cryptology ePrint Archive, Report 2008/050, 2008.Google Scholar
- H. Lee and J. Kim. Privacy threats and issues in mobile rfid. Availability, Reliability and Security, 2006. ARES 2006. The First International Conference on, pages 5 pp.--, April 2006. Google ScholarDigital Library
- B. Libert and D. Vergnaud. Multi-use unidirectional proxy re-signatures. CoRR, abs/0802.1113, 2008.Google Scholar
- B. D. Santos and L. Smith. Rfid in the supply chain: panacea or pandora's box? Communications of the ACM, 51(10), 2008. Google ScholarDigital Library
- A. Shamir. Identity-based cryptosystems and signature schemes. In CRYPTO, pages 47--53, 1984. Google ScholarDigital Library
- S. F. Wamba and H. Boeck. Enhancing information flow in a retail supply chain using rfid and the epc network. J. Theor. Appl. Electron. Commer. Res., 3(1):92--105, 2008. Google ScholarDigital Library
- B. Waters. Efficient identity-based encryption without random oracles. In EUROCRYPT, pages 114--127, 2005. Google ScholarDigital Library
- Y. Yousuf and V. Potdar. A survey of rfid authentication protocols. Advanced Information Networking and Applications -- Workshops, 2008. AINAW 2008. 22nd International Conference on, pages 1346--1350, March 2008. Google ScholarDigital Library
Index Terms
- RFID-based supply chain partner authentication and key agreement
Recommendations
A new provably secure authentication and key agreement mechanism for SIP using certificateless public-key cryptography
The session initiation protocol (SIP) is considered as the dominant signaling protocol for calls over the Internet. However, SIP authentication typically uses HTTP digest authentication, which is vulnerable to many forms of known attacks. This paper ...
New identity-based three-party authenticated key agreement protocol with provable security
Key agreement allows multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. In the recent years, several identity-based (ID-based) authenticated key agreement protocols ...
On Elliptic Curve Based Untraceable RFID Authentication Protocols
IH&MMSec '15: Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia SecurityAn untraceable RFID authentication scheme allows a legitimate reader to authenticate a tag, and at the same time it assures the privacy of the tag against unauthorized tracing. In this paper, we revisit three elliptic-curve based untraceable RFID ...
Comments