research-article

Free access

Security challenges of the EPCglobal network

Authors:

Benjamin Fabian,

Oliver GüntherAuthors Info & Claims

Communications of the ACM, Volume 52, Issue 7

Pages 121 - 125

https://doi.org/10.1145/1538788.1538816

Published: 01 July 2009 Publication History

All formats PDF

Abstract

Introduction The "Internet of Things," once reality, will have to rely on a global IT infrastructure that provides information about all those "things" in a secure and reliable manner. The EPCglobal Network is a proposal for a widely distributed information system to offer such services. But it may introduce more challenges concerning security, privacy, and political control than was initially anticipated.

If the vision of many RFID proponents becomes true, more and more common objects will soon acquire a cyber presence. Objects will be equipped with RFID tags containing identification data and possibly some additional information about the object in question (data on tag). To keep tag costs low, one may often just store an identifier and use it as a key to access databases containing the actual object information (data on network). This second approach is typical for "EPC tags"—RFID tags that aim to replace the conventional barcode system. They use an Electronic Product Code (EPC, see Figure 1), which is globally unique, as a key to retrieve information from the EPCglobal Network, envisioned as a large distributed system of databases. The EPC standard represents a numbering framework that is independent of specific hardware features, such as tag generation or specific radio frequency.

The databases compromising the EPCglobal Network are to be run by manufacturers, logistic providers, retailers, or third parties, and can be accessed via special web services called EPC Information Services (EPCIS). The network architecture is designed and administered by the standardization consortium EPCglobal, which is a joint venture of GS1 U.S. (formerly Uniform Code Council) and GS1 (formerly EAN International).

By improving the information flow, as objects pass from suppliers to manufacturers, distributors, retail stores, and customers, the EPCglobal Network aims to facilitate cooperation within supply chains and thus to make them more efficient. Once established, it could also be used to support a wide range of applications in the area of ubiquitous computing. An often-cited example is the "smart home," in which "intelligent" cupboards and fridges could be realized using RFID technology. By scanning the RFID tags on objects and using the EPCglobal Network for information retrieval, such devices can identify their current content and offer new services like food counseling or automated replenishing of goods.

As a result of this broadened use of the EPCglobal Network, its security context would change from closed supply chains to the rather open environments of ubiquitous computing–just like the security context of the Internet was changed by moving from relatively closed groups of fellow researchers to the global environment it represents today.

In this article, we first describe the EPCglobal Network architecture, as currently specified. We then discuss its security and privacy risks, as well as possible countermeasures. We conclude with suggestions on how to improve existing design proposals, once appropriate security and privacy requirements have been established.

References

[1]

Arends, R., Austein, R., Larson, M., Massey, D., and Rose, S. DNS Security Introduction and Requirements, RFC 4033, 2005.

Google Scholar

[2]

Balakrishnan, H., Kaashoek, M. F., Karger, D., Morris, R., and Stoica, I. Looking up data in P2P systems. Comm. of the ACM 46, 2, (2003), 43--48.

Digital Library

Google Scholar

[3]

Dingledine, R., Mathewson, N., and Syverson, P. Tor: The second generation onion router. Proceedings of the 13th USENIX Security Symposium, Aug. 2004.

Digital Library

Google Scholar

[4]

EPCglobal. EPC Information Services (EPCIS) Version 1.01 Specification. September 2007; www.epcglobalinc.org/standards/epcis/.

Google Scholar

[5]

Evdokimov, S., Fabian, B., Günther, O. Multipolarity for the Object Naming Service. Proceedings IOT 2008. LNCS 4952, Springer, Zürich, (2008), 1--18.

Digital Library

Google Scholar

[6]

Fabian, B. and Günther, O. Distributed ONS and its Impact on Privacy. Proceedings IEEE ICC 2007, Glasgow, U.K., (2007), 1223--1228.

Crossref

Google Scholar

[7]

Günther, O. and Spiekermann, S. RFID and the perception of control: The consumer's view. Comm. of the ACM 48, 9, (Sept. 2005), 73--76.

Digital Library

Google Scholar

[8]

Juels, A. RFID security and privacy--A research survey. IEEE Journal on Selected Areas in Communications 24, 2, (Feb. 2006), 381--394.

Digital Library

Google Scholar

[9]

EPCglobal. EPCglobal Object Naming Service (ONS). Ratified Standard Specification with Approved, Fixed Errata, Version 1.01, 2008; www.epcglobalinc.org/standards/ons/.

Google Scholar

[10]

Ramasubramanian, V. and Sirer, E. G. The design and implementation of a next generation name service for the internet. Proceedings ACM SIGCOMM '04. ACM Press, 2004, 331--342.

Digital Library

Google Scholar

[11]

Shih, D.-H., Sun, P.-L., and Lin, B. Securing Industry-wide EPCglobal network with WS-Security. Industrial Management&Data Systems, July 2005, 105 (7), 972--996.

Google Scholar

[12]

Traub, K. (ed.). The EPCglobal Architecture Framework, Version 1.3, (March 2009), www.epcglobalinc.org/standards/architecture/.

Google Scholar

Cited By

View all

Yusoff ZIshak MAlezabi K(2021)The Role of RFID in Green IoT: A Survey on Technologies, Challenges and a Way ForwardAdvances in Science, Technology and Engineering Systems Journal10.25046/aj0601036:1(17-35)Online publication date: Jan-2021
https://doi.org/10.25046/aj060103
Ren YXie RYu FHuang TLiu Y(2021)Potential Identity Resolution Systems for the Industrial Internet of Things: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2020.304513623:1(391-430)Online publication date: Sep-2022
https://doi.org/10.1109/COMST.2020.3045136
Porkodi SKesavaraja D(2020)Integration of Blockchain and Internet of ThingsHandbook of Research on Blockchain Technology10.1016/B978-0-12-819816-2.00003-4(61-94)Online publication date: 2020
https://doi.org/10.1016/B978-0-12-819816-2.00003-4
Show More Cited By

Index Terms

Security challenges of the EPCglobal network

Recommendations

Secure EPCglobal class-1 gen-2 RFID system against security and privacy problems
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I

Radio Frequency Identification (RFID) system is an important technology in ubiquitous computing environment RFID system should be compatible with most RFID system applications to support the ubiquitous computing environment Recently, researchers had ...
Anti-cloning protocol suitable to EPCglobal Class-1 Generation-2 RFID systems

Radio frequency Identification (RFID) systems are used to identify remote objects equipped with RFID tags by wireless scanning without manual intervention. Recently, EPCglobal proposed the Electronic Product Code (EPC) that is a coding scheme considered ...
A Practical Approach for Enhancing Security of EPCglobal RFID Gen2 Tag
FGCN '07: Proceedings of the Future Generation Communication and Networking - Volume 01

Radio Frequency Identification(RFID) has been consid- ered as an key infrastructure for the ubiquitous society. However, due to the inherent drawbacks, RFID causes var- ious security threats like privacy problems, tag cloning, etc. To address these ...

Comments

Information & Contributors

Information

Published In

Communications of the ACM Volume 52, Issue 7

Barbara Liskov: ACM's A.M. Turing Award Winner

July 2009

141 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/1538788

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 July 2009

Published in CACM Volume 52, Issue 7

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Popular
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

39
Total Citations
View Citations
1,953
Total Downloads

Downloads (Last 12 months)336
Downloads (Last 6 weeks)66

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Yusoff ZIshak MAlezabi K(2021)The Role of RFID in Green IoT: A Survey on Technologies, Challenges and a Way ForwardAdvances in Science, Technology and Engineering Systems Journal10.25046/aj0601036:1(17-35)Online publication date: Jan-2021
https://doi.org/10.25046/aj060103
Ren YXie RYu FHuang TLiu Y(2021)Potential Identity Resolution Systems for the Industrial Internet of Things: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2020.304513623:1(391-430)Online publication date: Sep-2022
https://doi.org/10.1109/COMST.2020.3045136
Porkodi SKesavaraja D(2020)Integration of Blockchain and Internet of ThingsHandbook of Research on Blockchain Technology10.1016/B978-0-12-819816-2.00003-4(61-94)Online publication date: 2020
https://doi.org/10.1016/B978-0-12-819816-2.00003-4
Khan MAlgarni FQuasim M(2020)Decentralised Internet of ThingsDecentralised Internet of Things10.1007/978-3-030-38677-1_1(3-20)Online publication date: 13-Feb-2020
https://doi.org/10.1007/978-3-030-38677-1_1
Imani MQiyasi AZarif NAli MNoshiri OFaramarzi KArabnia HJoudaki M(2020) A survey on subjecting electronic product code and non‐ID objects to IP identification Engineering Reports10.1002/eng2.121712:6Online publication date: 10-May-2020
https://doi.org/10.1002/eng2.12171
Satamraju KMalarkodi D(2019)A Secured and Authenticated Internet of Things Model using Blockchain Architecture2019 TEQIP III Sponsored International Conference on Microwave Integrated Circuits, Photonics and Wireless Networks (IMICPW)10.1109/IMICPW.2019.8933275(19-23)Online publication date: May-2019
https://doi.org/10.1109/IMICPW.2019.8933275
Shousong CXiaoguang WYuanjun Z(2019)Revenue Model of Supply Chain by Internet of Things TechnologyIEEE Access10.1109/ACCESS.2018.28889527(4091-4100)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2018.2888952
Wang XZha XNi WLiu RGuo YNiu XZheng K(2019)Survey on blockchain for Internet of ThingsComputer Communications10.1016/j.comcom.2019.01.006136(10-29)Online publication date: Feb-2019
https://doi.org/10.1016/j.comcom.2019.01.006
Furini MPitzalis C(2016)Smart Cart: When Food Enters the IoT ScenarioInternet of Things. IoT Infrastructures10.1007/978-3-319-47063-4_29(284-289)Online publication date: 18-Nov-2016
https://doi.org/10.1007/978-3-319-47063-4_29
Oliveira Mda Gama KLoscio BSiqueira SCarvalho S(2015)Waldo: Data Producers Registry and Discovery Service for Smart Cities MiddlewareProceedings of the annual conference on Brazilian Symposium on Information Systems: Information Systems: A Computer Socio-Technical Perspective - Volume 110.5555/2814058.2814071(71-78)Online publication date: 26-May-2015
https://dl.acm.org/doi/10.5555/2814058.2814071
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

Secure EPCglobal class-1 gen-2 RFID system against security and privacy problems

Anti-cloning protocol suitable to EPCglobal Class-1 Generation-2 RFID systems

A Practical Approach for Enhancing Security of EPCglobal RFID Gen2 Tag

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Magazine Site

Login options

Full Access

Share

Share this Publication link

Share on social media

Affiliations