Professional Documents
Culture Documents
Abstract Radio Frequency Identification (RFID) is investigate, because it is the most popular and promising
emerging as a popular technology for automatic data collection RFID-enabled supply network standard nowadays. This study
and identification, which can be broadly applied to nearly provides readers with an extensive overview on the security
everywhere, such as library, mass transit, healthcare, issues aiming to gain a better understanding on EPC-enabled
E-passport, and supply chains. However, it also brings many
RFID network security. Hopefully, the subsequent risk
security vulnerabilities and threats. Much of the early research
in RFID security has been predominately focused on studying analysis, risk management and threats counter measurement
the vulnerabilities and threats of RFID tags and the for the EPC-enabled RFID system will be achieved.
communication protocols between tags and readers. This paper The remaining part of the paper is organized as follows.
examines the vulnerabilities and threats of the EPCglobal Section II briefly introduces background and related work.
standard and infrastructure in supply networks and presents Section III characterizes the components and structure of
the possible countermeasures.
EPC-enabled RFID supply chains. Section IV identifies and
analyses the security vulnerabilities and threats of the
I. INTRODUCTION
EPCglobal standard. We also proposed a new taxonomy for
239
Program for the IEEE International Conference on RFID-Technology and Applications, 17 - 19 June 2010 Guangzhou, China
they disclosed nine major security attacks. However, most of Fig. 1 illustrates the activities carried out by end users and
these works described the security issues taxonomy sketchily, the role that components of EPCglobal Architecture
and a clear and appropriate taxonomy model of RFID security Framework play in facilitating those activities [10, 11]. The
threats is absent. Moreover, these taxonomy models cannot EPC-enabled framework consists of RFID sub-systems, EPC
be used to systematically assess the information security of a middleware, Object Naming Service (ONS), the EPC
certain RFID-enabled supply chain network. While our novel Information Services (EPC-IS), and the EPC Discovery
taxonomy maps the vulnerabilities and threats into different Service (DS). Each component plays a unique and important
levels with focus on the security issues related to the role in the EPCglobal network. Where, EPC physical object
EPC-enabled RFID network. exchange means end users exchange physical objects that are
In addition, the previous researches are mostly study the identified with EPC. The end users are different partners in a
RFID sub-system security issues only from the technical supply chain, e.g. the supplier and manufacturer, and physical
point of view, whereas we emphasize on both the technical object exchange represents operations such as shipping,
and the non-technical aspects. Furthermore, the research receiving, etc. EPC Infrastructure for data capture standards
scope of most former studies did not touch the RFID-enabled helps each end user to create EPCs as its identification for
supply chain network, while we studied the RFID security new objects in order to have EPC data to share. Following the
issues and also discussed the issues in the RFID-enabled movements of objects, the RFID sub-system captures the
supply chain network, the EPCglobal system. RFID events and gathers that information into systems, and
transfers them to EPC middleware. The EPC middleware
III. STRUCTURE OF EPCGLOBAL SYSTEM filters the raw data and then routes them to EPC-IS, which
An EPCglobal system can be divided into two components, provides the information query interface and enables users to
the RFID sub-system and the EPCglobal network. The exchange information with other parties within the supply
products information will be captured by the RFID chain.
sub-systems first, and then it will go through the whole
EPCglobal network for processing and storage EPC Network Service
A. RFID Sub-system
ONS DS EPC Data Exchange
A simple RFID sub-system includes hardware and
Standards
software. The hardware is composed of tags, readers and
back-end system; while, the software system contains
user-interface, middleware and database system. End User A Data Exchange End User B
EPC-enabled RFID network is composed many RFID
sub-systems from different stages of supply chains.
EPC IS EPC IS
An RFID tag is a small electronic device that consists of a
small chip and an antenna to carry and transmit object related EPC Infrastructure
EPC middleware Standards For Data
information and identify data. RFID reader can read or even EPC middleware
Capture
write data from or to the tag. The back-end system stores
information that associates with each RFID tag, and connects RFID sub-system RFID sub-system
with RFID reader. The RFID sub-system is connected with
Physical Exchange
other sub-systems through the network. We include objects EPC Physical Object
into the RFID sub-system, because there are certain security Exchange Standards
issues associating with the objects. Fig. 1. EPCglobal architecture framework
B. EPC-enabled RFID Network EPC-IS enables the supply chain partners to understand
An RFID-enabled supply chain system is not only an physical level item exchange. EPC Data Exchange standards
intra-organization but also an inter-organization system that enable end users benefit from the EPCglobal network by
involves a number of relevant companies. It aims to exchanging data with each other and increasing the visibility.
standardize and diffuse the use of RFID technology for
logistics, inventory and supply chain management by information from the EPCglobal network. ONS uses the
establishing a global standard for immediate, automatic, and existed Internet Domain Name System (DNS) for looking up
accurate identification of items in the supply chain of any information about an EPC. When the end user inquires to the
company, in any industry, anywhere in the world. It is an supply chain network, it consults the Root ONS service which
Internet-based supply chain model that is aimed at improving is controlled by EPCglobal. The Root ONS service identifies
supply chain end-to-end visibility. Each supply chain partner the Local ONS service which provides the pointer to the
is supported by their own RFID sub-system. They share the EPCIS service in question, and the end user then completes
useful information through EPCglobal network with each the lookup. EPC DS works as a search engine for EPC related
other, and the consumers can use Internet to obtain data. It returns the location of an EPC. According to the latest
information about the products that they need. document from EPCglobal organization, the EPC DS is still
240
Program for the IEEE International Conference on RFID-Technology and Applications, 17 - 19 June 2010 Guangzhou, China
underdeveloped at this moment. within the EPCglobal system, comparing with computer and
machines, people will be more possible to make mistakes
IV. SYSTEM VULNERABILITIES AND THREATS consciously or unconsciously. In addition, the hostile
RFID security is a popular topic for research. In average, employees from the intra-organization may cause huge
there are more than 50 articles published on conferences and damages.
journals every year since 2005. For example, [12] examined Another notable vulnerability is the unclear business rules.
RFID security and identified several general RFID threats Currently, we hardly find any well-defined business rule for
including tracking, spoofing, session hijacking, replay attacks, the EPC-enabled system. EPCglobal standard defines the
man-in-the-middle attacks, and power interruption. Few underlying information system infrastructure that is
researches have been done on EPCglobal security. composed of various hardware and software systems.
However, an explicit business rule that coordinating the daily
A. EPCglobal System Vulnerabilities business activities of the whole supply chain with the
The EPC- EPC-enabled system is still missing at this moment. Business
aspects. We developed a comprehensive taxonomy to rules aim at directing every key EPC-enabled system related
illustrate the vulnerabilities of the EPCglobal systems (See business process within the organization as well as among
Table I). The vulnerabilities are divided into two major different supply chain partners. For example, business rules
categories, the non-technical factors and the technical factors. will solve some critical issues such as data collection,
TABLE I
information sharing, data redundancy and disposal issues,
TAXONOMY OF VULNERABILITIES IN EPC-ENABLED SYSTEM and also handle the exception events. Data collection rule
indicates locations and time interval (where and when) of the
Non-technical factors Technical factors data collection. Normally, the data only needs to be collected
Lack of security & privacy awareness Low cost requirement
e.g. when the product leaves the warehouse or the
Lack of security & privacy education Computation capability
temperature exceeds normal range. When the RFID tag
Lack of technology education Wireless interface works along with sensors, the data collection rule will also
Absence of related laws Tag size regulate what data should be collected, e.g. temperature,
Incomplete standards Read range pressure, humidity, etc. Information sharing policy is
relevant to business security. It allows the supply chain
Human Unprotected software
partners to manage their information in a safe but also
Unclear Business rules EPCglobal infrastructure efficient way, and thus protecting their organizational
privacy. The policy should point out who can access what
Non-Technical Factors information. For instance, a retailer may maintain record of
Non-technical factors mainly relate to human, social and mult
business strategy aspects. First, many people do not know information, so that preventing the suppliers to form price
much about RFID security and privacy, since they hardly alliance. Data redundancy is another severe issue due to
detect that they are in dangers or they are attacked by enemies RFID will generate huge amount data. The business rule will
and they usually their privacy neither. In most regulate the system to dispose the data which is no longer
cases, they do not even clearly know what privacy is. Lacking needed automatically in order to minimize the data volume.
of security and privacy awareness is more dangerous than an While a complete business rule is finalized, it is possible to
intended attacker. The reason that people lack of security and achieve the integration of existed business processes into the
privacy awareness is most likely that they did not receive EPCglobal infrastructure.
security and privacy education, so that people cannot protect Technical Factors
themselves. Moreover, RFID is a new technology; thus, most
From the technical point of view, there are seven
people have no idea how it works and thus bringing in the
vulnerabilities: low cost requirement, wireless interface,
security and privacy troubles.
Besides the awareness and education parts, the absence of weak computational capability, small tag size, the various
related laws/regulations is another critical vulnerability. read ranges, unprotected software system, and EPCglobal
infrastructure.
Currently, it's unclear how restrictive any potential
Because of the commercial value of EPCglobal
regulations would be. The absence of laws may encourage the
applications and its extremely larger scale of deployment, the
attacker s behaviors. Third, the development of RFID and
corporations have to keep the cost as low as possible in order
EPCglobal standards are still in progress. The incomplete
to gain more profits. Thus, the EPCglobal system (especially
standards cannot avoid security and privacy problems from
the EPC tag) was kept at the simplest design, from the
the very beginning of design and deployment.
manufacture materials selection to circuit design. As results,
Furthermore, information systems are always vulnerable to
it is not able to resist many hardware attacks, e.g. physics
some uncertain human factors, because it is hard to predict
human relevant works destructions, electronic destructions by electronic pulse, tag
cloning, etc. In addition, due to the same reason, EPC tag has
241
Program for the IEEE International Conference on RFID-Technology and Applications, 17 - 19 June 2010 Guangzhou, China
242
Program for the IEEE International Conference on RFID-Technology and Applications, 17 - 19 June 2010 Guangzhou, China
243
Program for the IEEE International Conference on RFID-Technology and Applications, 17 - 19 June 2010 Guangzhou, China
244