Introduction The "Internet of Things," once reality, will have to rely on a global IT infrastructure that provides information about all those "things" in a secure and reliable manner. The EPCglobal Network is a proposal for a widely distributed information system to offer such services. But it may introduce more challenges concerning security, privacy, and political control than was initially anticipated.

If the vision of many RFID proponents becomes true, more and more common objects will soon acquire a cyber presence. Objects will be equipped with RFID tags containing identification data and possibly some additional information about the object in question (data on tag). To keep tag costs low, one may often just store an identifier and use it as a key to access databases containing the actual object information (data on network). This second approach is typical for "EPC tags"—RFID tags that aim to replace the conventional barcode system. They use an Electronic Product Code (EPC, see Figure 1), which is globally unique, as a key to retrieve information from the EPCglobal Network, envisioned as a large distributed system of databases. The EPC standard represents a numbering framework that is independent of specific hardware features, such as tag generation or specific radio frequency.

The databases compromising the EPCglobal Network are to be run by manufacturers, logistic providers, retailers, or third parties, and can be accessed via special web services called EPC Information Services (EPCIS). The network architecture is designed and administered by the standardization consortium EPCglobal, which is a joint venture of GS1 U.S. (formerly Uniform Code Council) and GS1 (formerly EAN International).

By improving the information flow, as objects pass from suppliers to manufacturers, distributors, retail stores, and customers, the EPCglobal Network aims to facilitate cooperation within supply chains and thus to make them more efficient. Once established, it could also be used to support a wide range of applications in the area of ubiquitous computing. An often-cited example is the "smart home," in which "intelligent" cupboards and fridges could be realized using RFID technology. By scanning the RFID tags on objects and using the EPCglobal Network for information retrieval, such devices can identify their current content and offer new services like food counseling or automated replenishing of goods.

As a result of this broadened use of the EPCglobal Network, its security context would change from closed supply chains to the rather open environments of ubiquitous computing–just like the security context of the Internet was changed by moving from relatively closed groups of fellow researchers to the global environment it represents today.

In this article, we first describe the EPCglobal Network architecture, as currently specified. We then discuss its security and privacy risks, as well as possible countermeasures. We conclude with suggestions on how to improve existing design proposals, once appropriate security and privacy requirements have been established.