skip to main content
research-article
Free access

Security challenges of the EPCglobal network

Published: 01 July 2009 Publication History

Abstract

Introduction The "Internet of Things," once reality, will have to rely on a global IT infrastructure that provides information about all those "things" in a secure and reliable manner. The EPCglobal Network is a proposal for a widely distributed information system to offer such services. But it may introduce more challenges concerning security, privacy, and political control than was initially anticipated.
If the vision of many RFID proponents becomes true, more and more common objects will soon acquire a cyber presence. Objects will be equipped with RFID tags containing identification data and possibly some additional information about the object in question (data on tag). To keep tag costs low, one may often just store an identifier and use it as a key to access databases containing the actual object information (data on network). This second approach is typical for "EPC tags"—RFID tags that aim to replace the conventional barcode system. They use an Electronic Product Code (EPC, see Figure 1), which is globally unique, as a key to retrieve information from the EPCglobal Network, envisioned as a large distributed system of databases. The EPC standard represents a numbering framework that is independent of specific hardware features, such as tag generation or specific radio frequency.
The databases compromising the EPCglobal Network are to be run by manufacturers, logistic providers, retailers, or third parties, and can be accessed via special web services called EPC Information Services (EPCIS). The network architecture is designed and administered by the standardization consortium EPCglobal, which is a joint venture of GS1 U.S. (formerly Uniform Code Council) and GS1 (formerly EAN International).
By improving the information flow, as objects pass from suppliers to manufacturers, distributors, retail stores, and customers, the EPCglobal Network aims to facilitate cooperation within supply chains and thus to make them more efficient. Once established, it could also be used to support a wide range of applications in the area of ubiquitous computing. An often-cited example is the "smart home," in which "intelligent" cupboards and fridges could be realized using RFID technology. By scanning the RFID tags on objects and using the EPCglobal Network for information retrieval, such devices can identify their current content and offer new services like food counseling or automated replenishing of goods.
As a result of this broadened use of the EPCglobal Network, its security context would change from closed supply chains to the rather open environments of ubiquitous computing–just like the security context of the Internet was changed by moving from relatively closed groups of fellow researchers to the global environment it represents today.
In this article, we first describe the EPCglobal Network architecture, as currently specified. We then discuss its security and privacy risks, as well as possible countermeasures. We conclude with suggestions on how to improve existing design proposals, once appropriate security and privacy requirements have been established.

References

[1]
Arends, R., Austein, R., Larson, M., Massey, D., and Rose, S. DNS Security Introduction and Requirements, RFC 4033, 2005.
[2]
Balakrishnan, H., Kaashoek, M. F., Karger, D., Morris, R., and Stoica, I. Looking up data in P2P systems. Comm. of the ACM 46, 2, (2003), 43--48.
[3]
Dingledine, R., Mathewson, N., and Syverson, P. Tor: The second generation onion router. Proceedings of the 13th USENIX Security Symposium, Aug. 2004.
[4]
EPCglobal. EPC Information Services (EPCIS) Version 1.01 Specification. September 2007; www.epcglobalinc.org/standards/epcis/.
[5]
Evdokimov, S., Fabian, B., Günther, O. Multipolarity for the Object Naming Service. Proceedings IOT 2008. LNCS 4952, Springer, Zürich, (2008), 1--18.
[6]
Fabian, B. and Günther, O. Distributed ONS and its Impact on Privacy. Proceedings IEEE ICC 2007, Glasgow, U.K., (2007), 1223--1228.
[7]
Günther, O. and Spiekermann, S. RFID and the perception of control: The consumer's view. Comm. of the ACM 48, 9, (Sept. 2005), 73--76.
[8]
Juels, A. RFID security and privacy--A research survey. IEEE Journal on Selected Areas in Communications 24, 2, (Feb. 2006), 381--394.
[9]
EPCglobal. EPCglobal Object Naming Service (ONS). Ratified Standard Specification with Approved, Fixed Errata, Version 1.01, 2008; www.epcglobalinc.org/standards/ons/.
[10]
Ramasubramanian, V. and Sirer, E. G. The design and implementation of a next generation name service for the internet. Proceedings ACM SIGCOMM '04. ACM Press, 2004, 331--342.
[11]
Shih, D.-H., Sun, P.-L., and Lin, B. Securing Industry-wide EPCglobal network with WS-Security. Industrial Management&Data Systems, July 2005, 105 (7), 972--996.
[12]
Traub, K. (ed.). The EPCglobal Architecture Framework, Version 1.3, (March 2009), www.epcglobalinc.org/standards/architecture/.

Cited By

View all
  • (2021)The Role of RFID in Green IoT: A Survey on Technologies, Challenges and a Way ForwardAdvances in Science, Technology and Engineering Systems Journal10.25046/aj0601036:1(17-35)Online publication date: Jan-2021
  • (2021)Potential Identity Resolution Systems for the Industrial Internet of Things: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2020.304513623:1(391-430)Online publication date: Sep-2022
  • (2020)Integration of Blockchain and Internet of ThingsHandbook of Research on Blockchain Technology10.1016/B978-0-12-819816-2.00003-4(61-94)Online publication date: 2020
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image Communications of the ACM
Communications of the ACM  Volume 52, Issue 7
Barbara Liskov: ACM's A.M. Turing Award Winner
July 2009
141 pages
ISSN:0001-0782
EISSN:1557-7317
DOI:10.1145/1538788
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 July 2009
Published in CACM Volume 52, Issue 7

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article
  • Popular
  • Refereed

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)336
  • Downloads (Last 6 weeks)68
Reflects downloads up to 28 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2021)The Role of RFID in Green IoT: A Survey on Technologies, Challenges and a Way ForwardAdvances in Science, Technology and Engineering Systems Journal10.25046/aj0601036:1(17-35)Online publication date: Jan-2021
  • (2021)Potential Identity Resolution Systems for the Industrial Internet of Things: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2020.304513623:1(391-430)Online publication date: Sep-2022
  • (2020)Integration of Blockchain and Internet of ThingsHandbook of Research on Blockchain Technology10.1016/B978-0-12-819816-2.00003-4(61-94)Online publication date: 2020
  • (2020)Decentralised Internet of ThingsDecentralised Internet of Things10.1007/978-3-030-38677-1_1(3-20)Online publication date: 13-Feb-2020
  • (2020) A survey on subjecting electronic product code and non‐ID objects to IP identification Engineering Reports10.1002/eng2.121712:6Online publication date: 10-May-2020
  • (2019)A Secured and Authenticated Internet of Things Model using Blockchain Architecture2019 TEQIP III Sponsored International Conference on Microwave Integrated Circuits, Photonics and Wireless Networks (IMICPW)10.1109/IMICPW.2019.8933275(19-23)Online publication date: May-2019
  • (2019)Revenue Model of Supply Chain by Internet of Things TechnologyIEEE Access10.1109/ACCESS.2018.28889527(4091-4100)Online publication date: 2019
  • (2019)Survey on blockchain for Internet of ThingsComputer Communications10.1016/j.comcom.2019.01.006136(10-29)Online publication date: Feb-2019
  • (2016)Smart Cart: When Food Enters the IoT ScenarioInternet of Things. IoT Infrastructures10.1007/978-3-319-47063-4_29(284-289)Online publication date: 18-Nov-2016
  • (2015)Waldo: Data Producers Registry and Discovery Service for Smart Cities MiddlewareProceedings of the annual conference on Brazilian Symposium on Information Systems: Information Systems: A Computer Socio-Technical Perspective - Volume 110.5555/2814058.2814071(71-78)Online publication date: 26-May-2015
  • Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Full Access

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media