research-article

RFID-based supply chain partner authentication and key agreement

Authors:

Florian Kerschbaum,

Alessandro SorniottiAuthors Info & Claims

WiSec '09: Proceedings of the second ACM conference on Wireless network security

Pages 41 - 50

https://doi.org/10.1145/1514274.1514281

Published: 16 March 2009 Publication History

Abstract

The growing use of RFID in supply chains brings along an indisputable added value from the business perspective, but raises a number of new interesting security challenges. One of them is the authentication of two participants of the supply chain that have possessed the same tagged item, but that have otherwise never communicated before. The situation is even more complex if we imagine that participants to the supply chain may be business competitors. We present a novel cryptographic scheme that solves this problem. In our solution, users exchange tags over the cycle of a supply chain and, if two entities have possessed the same tag, they agree on a secret common key they can use to protect their exchange of business sensitive information. No rogue user can be successful in a malicious authentication, because it would either be traceable or it would imply the loss of a secret key, which provides a strong incentive to keep the tag authentication information secret and protects the integrity of the supply chain. We provide game-based security proofs of our claims, without relying on the random oracle model.

References

[1]

A. Asif and M. Mandviwalla. Integrating the supply chain with rfid: A technical and business analysis. In Communications of the Association for Information Systems, vol. 15, pages 393--427, 2005.

[2]

G. Ateniese, M. Blanton, and J. Kirsch. Secret handshakes with dynamic and fuzzy matching. In Network and Distributed System Security Symposuim, pages 159--177. The Internet Society, 02 2007. CERIAS TR 2007--24.

[3]

G. Ateniese, K. Fu, M. Green, and S. Hohenberger. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Transactions on Information and System Security, 9(1), 2006.

Digital Library

[4]

G. Ateniese and S. Hohenberger. Proxy re-signatures: new definitions, algorithms, and applications. In ACM Conference on Computer and Communications Security, 2005.

Digital Library

[5]

D. Balfanz, G. Durfee, N. Shankar, D. K. Smetters, J. Staddon, and H.-C. Wong. Secret handshakes from pairing--based key agreements. In IEEE Symposium on Security and Privacy, pages 180--196, 2003.

Digital Library

[6]

M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In ACM Conference on Computer and Communications Security, pages 62--73, 1993.

Digital Library

[7]

Y. Bendavid, S. F. Wamba, and L. A. Lefebvre. Proof of concept of an rfid-enabled supply chain in a b2b e-commerce environment. In ICEC '06: Proceedings of the 8th international conference on Electronic commerce, pages 564--568, New York, NY, USA, 2006. ACM.

Digital Library

[8]

M. Blaze, G. Bleumer, and M. Strauss. Divertible protocols and atomic proxy cryptography. In EUROCRYPT, 1998.

[9]

D. Boneh and X. Boyen. Efficient selective-id secure identity-based encryption without random oracles. In EUROCRYPT, pages 223--238, 2004.

[10]

D. Boneh and M. K. Franklin. Identity-based encryption from the weil pairing. SIAM J. Comput., 32(3):586--615, 2003.

Digital Library

[11]

D. Boneh, B. Lynn, and H. Shacham. Short signatures from the weil pairing. Journal of Cryptology, 17(4), 2004.

Digital Library

[12]

R. Canetti and S. Hohenberger. Chosen-ciphertext secure proxy re-encryption. In ACM Conference on Computer and Communications Security, 2007.

Digital Library

[13]

H. Chabanne, D. H. Phan, and D. Pointcheval. Public traceability in traitor tracing schemes. In EUROCRYPT, pages 542--558, 2005.

Digital Library

[14]

W. Diffie and M. Hellman. New directions in cryptography. Information Theory, IEEE Transactions on, 22(6):644--654, Nov 1976.

Digital Library

[15]

S. Garfinkel, A. Juels, and R. Pappu. Rfid privacy: an overview of problems and proposed solutions. Security & Privacy, IEEE, 3(3):34--43, May-June 2005.

Digital Library

[16]

M. Green and G. Ateniese. Identity-based proxy re-encryption. In Conference on Applied Cryptography and Network Security, 2007.

Digital Library

[17]

A. Joux. A one round protocol for tripartite diffie-hellman. Journal of Cryptology, 17(4), 2004.

Digital Library

[18]

A. Juels. RFID Security and Privacy: A Research Survey. IEEE Journal on Selected Areas in Communications, 24(2):381--394, February 2006.

Digital Library

[19]

A. Juels, R. Pappu, and B. Parno. Unidirectional key distribution across time and space with applications to rfid security. In USENIX Security Symposium, 2008.

Digital Library

[20]

A. Juels and S. A. Weis. Defining strong privacy for rfid. Pervasive Computing and Communications Workshops, 2007. PerCom Workshops '07. Fifth Annual IEEE International Conference on, pages 342--347, March 2007.

Digital Library

[21]

S. Lal and P. Kushwah. Multi-pkg id based signcryption. Cryptology ePrint Archive, Report 2008/050, 2008.

[22]

H. Lee and J. Kim. Privacy threats and issues in mobile rfid. Availability, Reliability and Security, 2006. ARES 2006. The First International Conference on, pages 5 pp.--, April 2006.

Digital Library

[23]

B. Libert and D. Vergnaud. Multi-use unidirectional proxy re-signatures. CoRR, abs/0802.1113, 2008.

[24]

B. D. Santos and L. Smith. Rfid in the supply chain: panacea or pandora's box? Communications of the ACM, 51(10), 2008.

Digital Library

[25]

A. Shamir. Identity-based cryptosystems and signature schemes. In CRYPTO, pages 47--53, 1984.

Digital Library

[26]

S. F. Wamba and H. Boeck. Enhancing information flow in a retail supply chain using rfid and the epc network. J. Theor. Appl. Electron. Commer. Res., 3(1):92--105, 2008.

Digital Library

[27]

B. Waters. Efficient identity-based encryption without random oracles. In EUROCRYPT, pages 114--127, 2005.

Digital Library

[28]

Y. Yousuf and V. Potdar. A survey of rfid authentication protocols. Advanced Information Networking and Applications -- Workshops, 2008. AINAW 2008. 22nd International Conference on, pages 1346--1350, March 2008.

Digital Library

Cited By

Khalil GDoss RChowdhury M(2021)An Extended Reselling Protocol for Existing Anti-Counterfeiting SchemesJournal of Sensor and Actuator Networks10.3390/jsan1001001210:1(12)Online publication date: 1-Feb-2021
https://doi.org/10.3390/jsan10010012
Fischer-Hübner SAlcaraz CFerreira AFernandez-Gago CLopez JMarkatos EIslami LAkil M(2021)Stakeholder perspectives and requirements on cybersecurity in EuropeJournal of Information Security and Applications10.1016/j.jisa.2021.10291661(102916)Online publication date: Sep-2021
https://doi.org/10.1016/j.jisa.2021.102916
Khalil GDoss RChowdhury M(2020)A Novel RFID-Based Anti-Counterfeiting Scheme for Retail EnvironmentsIEEE Access10.1109/ACCESS.2020.29792648(47952-47962)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.2979264
Show More Cited By

Index Terms

RFID-based supply chain partner authentication and key agreement
1. Networks
  1. Network protocols
    1. Application layer protocols
2. Security and privacy
  1. Cryptography
  2. Systems security
    1. Operating systems security

Recommendations

A new provably secure authentication and key agreement mechanism for SIP using certificateless public-key cryptography

The session initiation protocol (SIP) is considered as the dominant signaling protocol for calls over the Internet. However, SIP authentication typically uses HTTP digest authentication, which is vulnerable to many forms of known attacks. This paper ...
New identity-based three-party authenticated key agreement protocol with provable security

Key agreement allows multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. In the recent years, several identity-based (ID-based) authenticated key agreement protocols ...
On Elliptic Curve Based Untraceable RFID Authentication Protocols
IH&MMSec '15: Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security

An untraceable RFID authentication scheme allows a legitimate reader to authenticate a tag, and at the same time it assures the privacy of the tag against unauthorized tracing. In this paper, we revisit three elliptic-curve based untraceable RFID ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '09: Proceedings of the second ACM conference on Wireless network security

March 2009

280 pages

ISBN:9781605584607

DOI:10.1145/1514274

General Chair:
David Basin
ETH Zurich, Switzerland
,
Program Chairs:
Srdjan Capkun
ETH Zurich, Switzerland
,
Wenke Lee
Georgia Tech, USA

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 March 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WISEC '09

Sponsor:

WISEC '09: Second ACM Conference on Wireless Network Security

March 16 - 19, 2009

Zurich, Switzerland

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

24
Total Citations
View Citations
587
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Khalil GDoss RChowdhury M(2021)An Extended Reselling Protocol for Existing Anti-Counterfeiting SchemesJournal of Sensor and Actuator Networks10.3390/jsan1001001210:1(12)Online publication date: 1-Feb-2021
https://doi.org/10.3390/jsan10010012
Fischer-Hübner SAlcaraz CFerreira AFernandez-Gago CLopez JMarkatos EIslami LAkil M(2021)Stakeholder perspectives and requirements on cybersecurity in EuropeJournal of Information Security and Applications10.1016/j.jisa.2021.10291661(102916)Online publication date: Sep-2021
https://doi.org/10.1016/j.jisa.2021.102916
Khalil GDoss RChowdhury M(2020)A Novel RFID-Based Anti-Counterfeiting Scheme for Retail EnvironmentsIEEE Access10.1109/ACCESS.2020.29792648(47952-47962)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.2979264
Nuez DAgudo ILopez J(2017)Proxy Re-EncryptionJournal of Network and Computer Applications10.1016/j.jnca.2017.03.00587:C(193-209)Online publication date: 1-Jun-2017
https://dl.acm.org/doi/10.1016/j.jnca.2017.03.005
Kerschbaum FHärterich M(2017)Searchable Encryption to Reduce Encryption Degradation in Adjustably Encrypted DatabasesData and Applications Security and Privacy XXXI10.1007/978-3-319-61176-1_18(325-336)Online publication date: 22-Jun-2017
https://doi.org/10.1007/978-3-319-61176-1_18
Qi SZheng YLi MLiu YQiu J(2016)Scalable Industry Data Access Control in RFID-Enabled Supply ChainIEEE/ACM Transactions on Networking10.1109/TNET.2016.253662624:6(3551-3564)Online publication date: 1-Dec-2016
https://dl.acm.org/doi/10.1109/TNET.2016.2536626
Chen SWang TAi J(2015)A fair exchange and track system for RFID-tagged logistic chains2015 8th International Conference on Biomedical Engineering and Informatics (BMEI)10.1109/BMEI.2015.7401586(661-666)Online publication date: Oct-2015
https://doi.org/10.1109/BMEI.2015.7401586
Qi SZheng YLi MLiu YQiu J(2014)Scalable Data Access Control in RFID-Enabled Supply ChainProceedings of the 2014 IEEE 22nd International Conference on Network Protocols10.1109/ICNP.2014.28(71-82)Online publication date: 21-Oct-2014
https://dl.acm.org/doi/10.1109/ICNP.2014.28
Bu KLiu XXiao B(2014)Approaching the time lower bound on cloned-tag identification for large RFID systemsAd Hoc Networks10.1016/j.adhoc.2013.08.01113(271-281)Online publication date: 1-Feb-2014
https://dl.acm.org/doi/10.1016/j.adhoc.2013.08.011
Grofig PHang IHärterich MKerschbaum FKohler MSchaad ASchröpfer ATighzert W(2014)Privacy by Encrypted DatabasesPrivacy Technologies and Policy10.1007/978-3-319-06749-0_4(56-69)Online publication date: 2014
https://doi.org/10.1007/978-3-319-06749-0_4
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten