Program for the IEEE International Conference on RFID-Technology and Applications, 17 - 19 June 2010 Guangzhou, China

Security Analysis of EPC-Enabled RFID Network

Bing Liu, and Chao-Hsien Chu

Abstract Radio Frequency Identification (RFID) is
emerging as a popular technology for automatic data collection
and identification, which can be broadly applied to nearly
everywhere, such as library, mass transit, healthcare,
E-passport, and supply chains. However, it also brings many
security vulnerabilities and threats. Much of the early research
in RFID security has been predominately focused on studying
the vulnerabilities and threats of RFID tags and the
communication protocols between tags and readers. This paper
examines the vulnerabilities and threats of the EPCglobal
standard and infrastructure in supply networks and presents
the possible countermeasures.
I. INTRODUCTION
investigate, because it is the most popular and promising
RFID-enabled supply network standard nowadays. This study
provides readers with an extensive overview on the security
issues aiming to gain a better understanding on EPC-enabled
RFID network security. Hopefully, the subsequent risk
analysis, risk management and threats counter measurement
for the EPC-enabled RFID system will be achieved.
The remaining part of the paper is organized as follows.
Section II briefly introduces background and related work.
Section III characterizes the components and structure of
EPC-enabled RFID supply chains. Section IV identifies and
analyses the security vulnerabilities and threats of the
EPCglobal standard. We also proposed a new taxonomy for

R ADIO Frequency Identification (RFID) is emerging as

a popular new technology which can be broadly applied
to nearly everywhere, such as library, mass transit, healthcare
those attacks. Section V concludes the study.

II. BACKGROUND AND RELATED WORK

systems, E-passport, access control systems, and supply
RFID tags are remotely powered computer chips that
chains. Briefly, RFID tags contain identity information about
augment objects with computing capabilities. Corporate
a product/object. These tags enable businesses to identify and
executives publicize RFID technology as a technological
track assets wirelessly. In EPCglobal standard, an electronic
means to achieve cost savings, efficiency gains, and
product code (EPC) tag is defined as a passive RFID tag,
unprecedented visibility into the supply chain. It is the key
which consists of a very small silicon chip encoded with
technology to achieve low-cost ubiquitous computing [3],
numbers known as an EPC that uniquely identifies the
and RFID tags will blur the boundaries between the digital
product and potentially even the individual item. This chip is
and physical worlds. RFID automation will bring an
attached to a small antenna to communicate with the RFID
unfathomable barrage of new applications. RFID proponents
reader.
extol its professional uses for real-time asset management and
Although the advantages of RFID have been well known, it
supply chain management.
is also constrained by several limitations. Because of these
However, similar to other new technologies, RFID also has
limitations, most companies have not jumped into this market,
its dark side. It brings significant security concerns. For
and thus the adoption and diffusion of RFID system behind
example, without the appropriate controls, attackers can
the optimistic expectation of the early years. The main
perform unauthorized tag reading and clandestine tracking of
limitations include, the cost of the technology is relatively
objects, and eavesdropping on tag and reader
expensive, the security and privacy issues, the information
communications is also possible. Moreover, criminals can
sharing issues, technology maturity, the voluminous data
clone RFID tags, modify existing tag data, or by block RFID
issues, the deployment issues, and the bad performance in
tags from being read in the first place to manipulate
harsh environments [1, 2]. Among these limitations, security
RFID-based systems. In order to enhance the security of
issues have become the very important ones, which is the
RFID technology, we need to analyze its potential threats and
focus of this study.
challenges.
However, much of the early research in RFID security has
References [2] and [4]-[6] surveyed the security issues of
been predominately focused on studying the vulnerabilities
the RFID sub-system and enumerated or listed the potential
and threats of RFID tags and the communication protocols
threats for RFID systems. As far as what kind of security
between tags and readers. We choose EPCglobal standard to
properties the threat violates, how the adversary conducts the
attack, etc. are not dealt with in these works. Other studies
Manuscript received February 27, 2010. This work was supported in part gave some taxonomy models. For example, [7] categorized
by the U.S. National Security Agency under Grant H98230-09-1-0397. the RFID threats into two major groups, four for the corporate
B. Liu is with the RFID Lab, College of Information Sciences and data security threats and seven for personal privacy threats.
Technology, The Pennsylvania State University, University Park, PA 16802,
USA (e-mail: bzl124@psu.edu). Reference [8] classified the risks into network risks, business
C. H. Chu is the founding director of the RFID Lab, College of process risks, and business intelligence risks. Reference [9]
Information Sciences and Technology, The Pennsylvania State University, mapped the security attacks to three different layers,
University Park, PA 16802, USA (corresponding author, phone:
814-865-4446; fax: 814-865-6426; e-mail: chc4@psu.edu). application, communication, and physical layers, in which
978-1-4244-6700-6/10/$26.00 © 2010 IEEE

239
 Program for the IEEE International Conference on RFID-Technology and Applications, 17 - 19 June 2010
they disclosed nine major security attacks. However, most of
these works described the security issues taxonomy sketchily,
and a clear and appropriate taxonomy model of RFID security
threats is absent. Moreover, these taxonomy models cannot
be used to systematically assess the information security of a
certain RFID-enabled supply chain network. While our novel
taxonomy maps the vulnerabilities and threats into different
levels with focus on the security issues related to the
EPC-enabled RFID network.
In addition, the previous researches are mostly study the
RFID sub-system security issues only from the technical
point of view, whereas we emphasize on both the technical
and the non-technical aspects. Furthermore, the research
scope of most former studies did not touch the RFID-enabled
supply chain network, while we studied the RFID security
issues and also discussed the issues in the RFID-enabled
supply chain network, the EPCglobal system.
III. STRUCTURE OF EPCGLOBAL SYSTEM
An EPCglobal system can be divided into two components,
the RFID sub-system and the EPCglobal network. The
products information will be captured by the RFID
sub-systems first, and then it will go through the whole
EPCglobal network for processing and storage
A. RFID Sub-system
A simple RFID sub-system includes hardware and
software. The hardware is composed of tags, readers and
back-end system; while, the software system contains
user-interface, middleware and database system.
EPC-enabled RFID network is composed many RFID
sub-systems from different stages of supply chains.
An RFID tag is a small electronic device that consists of a
small chip and an antenna to carry and transmit object related
information and identify data. RFID reader can read or even
write data from or to the tag. The back-end system stores
information that associates with each RFID tag, and connects
with RFID reader. The RFID sub-system is connected with
other sub-systems through the network. We include objects
into the RFID sub-system, because there are certain security
issues associating with the objects.
B. EPC-enabled RFID Network
An RFID-enabled supply chain system is not only an
intra-organization but also an inter-organization system that
involves a number of relevant companies. It aims to
standardize and diffuse the use of RFID technology for
logistics, inventory and supply chain management by
establishing a global standard for immediate, automatic, and
accurate identification of items in the supply chain of any
company, in any industry, anywhere in the world. It is an
Internet-based supply chain model that is aimed at improving
supply chain end-to-end visibility. Each supply chain partner
is supported by their own RFID sub-system. They share the
useful information through EPCglobal network with each
other, and the consumers can use Internet to obtain
information about the products that they need.
240
Guangzhou, China
Fig. 1 illustrates the activities carried out by end users and
the role that components of EPCglobal Architecture
Framework play in facilitating those activities [10, 11]. The
EPC-enabled framework consists of RFID sub-systems, EPC
middleware, Object Naming Service (ONS), the EPC
Information Services (EPC-IS), and the EPC Discovery
Service (DS). Each component plays a unique and important
role in the EPCglobal network. Where, EPC physical object
exchange means end users exchange physical objects that are
identified with EPC. The end users are different partners in a
supply chain, e.g. the supplier and manufacturer, and physical
object exchange represents operations such as shipping,
receiving, etc. EPC Infrastructure for data capture standards
helps each end user to create EPCs as its identification for
new objects in order to have EPC data to share. Following the
movements of objects, the RFID sub-system captures the
RFID events and gathers that information into systems, and
transfers them to EPC middleware. The EPC middleware
filters the raw data and then routes them to EPC-IS, which
provides the information query interface and enables users to
exchange information with other parties within the supply
chain.
EPC Network Service
ONS DS EPC Data Exchange
Standards
End User A Data Exchange End User B
EPC IS EPC IS
EPC Infrastructure
EPC middleware Standards For Data
EPC middleware
Capture
RFID sub-system RFID sub-system
Physical Exchange
EPC Physical Object
Exchange Standards
Fig. 1. EPCglobal architecture framework
EPC-IS enables the supply chain partners to understand
physical level item exchange. EPC Data Exchange standards
enable end users benefit from the EPCglobal network by
exchanging data with each other and increasing the visibility.
information from the EPCglobal network. ONS uses the
existed Internet Domain Name System (DNS) for looking up
information about an EPC. When the end user inquires to the
supply chain network, it consults the Root ONS service which
is controlled by EPCglobal. The Root ONS service identifies
the Local ONS service which provides the pointer to the
EPCIS service in question, and the end user then completes
the lookup. EPC DS works as a search engine for EPC related
data. It returns the location of an EPC. According to the latest
document from EPCglobal organization, the EPC DS is still
 Program for the IEEE International Conference on RFID-Technology and Applications, 17 - 19 June 2010
underdeveloped at this moment.
IV. SYSTEM VULNERABILITIES AND THREATS
RFID security is a popular topic for research. In average,
there are more than 50 articles published on conferences and
journals every year since 2005. For example, [12] examined
RFID security and identified several general RFID threats
including tracking, spoofing, session hijacking, replay attacks,
man-in-the-middle attacks, and power interruption. Few
researches have been done on EPCglobal security.
A. EPCglobal System Vulnerabilities
The EPC-
aspects. We developed a comprehensive taxonomy to
illustrate the vulnerabilities of the EPCglobal systems (See
Table I). The vulnerabilities are divided into two major
categories, the non-technical factors and the technical factors.
TABLE I
TAXONOMY OF VULNERABILITIES IN EPC-ENABLED SYSTEM
Non-technical factors Technical factors
Lack of security & privacy awareness Low cost requirement
Lack of security & privacy education Computation capability
Lack of technology education Wireless interface
Absence of related laws Tag size
Incomplete standards Read range
Human Unprotected software
Unclear Business rules EPCglobal infrastructure
Non-Technical Factors
Non-technical factors mainly relate to human, social and
business strategy aspects. First, many people do not know
much about RFID security and privacy, since they hardly
detect that they are in dangers or they are attacked by enemies
and they usually their privacy neither. In most
cases, they do not even clearly know what privacy is. Lacking
of security and privacy awareness is more dangerous than an
intended attacker. The reason that people lack of security and
privacy awareness is most likely that they did not receive
security and privacy education, so that people cannot protect
themselves. Moreover, RFID is a new technology; thus, most
people have no idea how it works and thus bringing in the
security and privacy troubles.
Besides the awareness and education parts, the absence of
related laws/regulations is another critical vulnerability.
Currently, it's unclear how restrictive any potential
regulations would be. The absence of laws may encourage the
attacker s behaviors. Third, the development of RFID and
EPCglobal standards are still in progress. The incomplete
standards cannot avoid security and privacy problems from
the very beginning of design and deployment.
Furthermore, information systems are always vulnerable to
some uncertain human factors, because it is hard to predict
human relevant works
241
Guangzhou, China
within the EPCglobal system, comparing with computer and
machines, people will be more possible to make mistakes
consciously or unconsciously. In addition, the hostile
employees from the intra-organization may cause huge
damages.
Another notable vulnerability is the unclear business rules.
Currently, we hardly find any well-defined business rule for
the EPC-enabled system. EPCglobal standard defines the
underlying information system infrastructure that is
composed of various hardware and software systems.
However, an explicit business rule that coordinating the daily
business activities of the whole supply chain with the
EPC-enabled system is still missing at this moment. Business
rules aim at directing every key EPC-enabled system related
business process within the organization as well as among
different supply chain partners. For example, business rules
will solve some critical issues such as data collection,
information sharing, data redundancy and disposal issues,
and also handle the exception events. Data collection rule
indicates locations and time interval (where and when) of the
data collection. Normally, the data only needs to be collected
e.g. when the product leaves the warehouse or the
temperature exceeds normal range. When the RFID tag
works along with sensors, the data collection rule will also
regulate what data should be collected, e.g. temperature,
pressure, humidity, etc. Information sharing policy is
relevant to business security. It allows the supply chain
partners to manage their information in a safe but also
efficient way, and thus protecting their organizational
privacy. The policy should point out who can access what
information. For instance, a retailer may maintain record of
mult
information, so that preventing the suppliers to form price
alliance. Data redundancy is another severe issue due to
RFID will generate huge amount data. The business rule will
regulate the system to dispose the data which is no longer
needed automatically in order to minimize the data volume.
While a complete business rule is finalized, it is possible to
achieve the integration of existed business processes into the
EPCglobal infrastructure.
Technical Factors
From the technical point of view, there are seven
vulnerabilities: low cost requirement, wireless interface,
weak computational capability, small tag size, the various
read ranges, unprotected software system, and EPCglobal
infrastructure.
Because of the commercial value of EPCglobal
applications and its extremely larger scale of deployment, the
corporations have to keep the cost as low as possible in order
to gain more profits. Thus, the EPCglobal system (especially
the EPC tag) was kept at the simplest design, from the
manufacture materials selection to circuit design. As results,
it is not able to resist many hardware attacks, e.g. physics
destructions, electronic destructions by electronic pulse, tag
cloning, etc. In addition, due to the same reason, EPC tag has
 Program for the IEEE International Conference on RFID-Technology and Applications, 17 - 19 June 2010 Guangzhou, China

very limited computational capability. It hardly performs TABLE II

THREATS T AXONOMY OF EPCGLOBAL SYSTEM
sophisticated cryptographies and other high computational
- Competitive espionage
demand implementations, such as complex authentication - Information sharing
protocols. It is, therefore, vulnerable to many threats, such as BUSINESS/ - Targeted security threats
eavesdropping. Wireless transmission interface between the STRATEGY LEVEL - Privacy threats
- Social engineering attacks
reader and tag is another notable vulnerability. Attackers can - Insider attack
easily perform many attacks that aiming at this nearly - Man-in-the-middle
unprotected wireless interface, while the tag cannot execute Interface/Cha - Eavesdropping
nnel - Spoofing
advanced programs to protect the communications. - Replay attack
Besides, the small tag size is another vulnerability of the - Cache Poisoning
system. Because the tag is too small to notice, sometimes the - DoS
EPC ONS - Betrayal by trusted server
- IP Address Spoofing
has been removed from the item. It will vulnerable to some NETWORK
- Packet Interception
LEVEL
attacks, such as clandestine tracking or tags remove / replace. - Unauthorized access
Moreover, many problems are caused by various read ranges - Data injection
EPC IS
- DoS
of the reader. The read range is one of the most important - Malware
factors in RFID security due to the wireless transmission. - Unauthorized access
Reference [2] identified four types of read ranges that the Middleware
- Data Injection
- DoS
distances are various from centimeters to kilometers. As an
- Malware
example, [13] illustrated a case that some customers at - Man-in-the-middle
s checkout point may find themselves paying for - Eavesdropping
the groceries of the people behind them in line. Since the - Spoofing
Interface/Cha
- Replay attack
nnel
- Correlated Keys
people will not know the tags have been scanned by - Side-channel attack
adversaries. Additionally, some software are not well - RF data modification
RFID - Man-in-the-middle
protected that could be attacked by the sophisticated SUB-SYSTEM
Back-end
- Elevation of privilege
adversaries. For instance, the hacker may use malware or system
LEVEL - Back-end breakdown
hack the database or the back-end system, and etc. Reader - DoS/Jamming
Currently, the underdeveloped EPCglobal infrastructure is - Unauthorized tag reading
- Tracking
one of the most significant technical related vulnerabilities - Tag cloning
EPC tag
for EPCglobal system. The EPCglobal architecture - Tag tamper
framework document states that because of the level of - Tag misuse/replace
- Tag remove/destroy
acceptable risk differs widely from application to application,
there is no standard security solution that can apply to all From the table we can see there are six threats target on the
systems, and thus the EPCglobal architecture framework business/strategy level, competitive espionage, social
cannot be pronounced secure or insecure [10]. It has been engineering, privacy threats and targeted security threats are
recognized that EPCglobal standards do not concern the indicated in [14], plus the information sharing threats that we
security and privacy issues much, so that the security discussed above, and the insider attacks.
mechanisms is absent from the infrastructure. Attackers can The business competitors can easily obtain confidential
compromise the EPCglobal system easily through Internet. information due to the lack of security mechanism in the
EPCglobal system. And attackers may simply use some social
B. EPCglobal System Threats
engineering method to perform attacks, e.g. taking advantage
We divided whole system into three levels. According to of human nature such as kindness, fear, trust, desire to help,
the ascending order, from the low to the high level are RFID and obey to authority. In addition, attackers can track and
sub-system level, network level, and business/strategy level profile individuals based on the information they steal from
respectively. We identified four entities in the RFID the RFID tags. Thus, the adversaries are able to locate the
sub-system level: EPC tag, reader, back-end system, and
interface/communication channel. For the network level, preference, or other kinds of private information. Moreover,
there are four entities, Middleware, EPC-IS, EPC ONS, and the adversaries can perform attack when certain target
interface/communication channel. We summarized all the appears, e.g. RFID-bomb that is active when people are
threats, as well as mapping them each levels and entities, holding passports from certain countries. Information sharing
illustrates in Table II. threats occur when unauthorized access to the confidential
information, as we analyzed above. The insider attack from
disgruntled employees is very hard to prevent, and may cause
huge loses.
As we mentioned in the former sections, EPCglobal

242
 Program for the IEEE International Conference on RFID-Technology and Applications, 17 - 19 June 2010
network level consists of four fundamental elements: EPC
middleware, EPC-IS, EPC ONS, and the EPC DS. The
security issues of EPCglobal network are very similar as the
traditional issues from the Internet and cyber security.
Middleware is essentially an application server, while
EPC-IS consists of EPC-IS repository which can be
considered as database server, and EPC-IS accessing
application which can be considered as application server
[15]. Thus, the threats toward Middleware and EPC-IS are
similar as the threats aim at traditional servers. So that,
unauthorized access, data injection, DoS, and Malware are
the most well known threats [16]. Since EPC ONS was built
using the same technology as the DNS, the security threats
related to DNS server are also applicable to ONS, such as
cache poisoning, DoS, betrayal by trusted server, IP address
spoofing, packet interception [17]. The interface security
refers to the Internet communication channel security, where
eavesdropping, replay attack, spoofing and man-in-the-
middle attacks are the most notorious attacks.
There have been plenty of paper discussed the threats in
RFID sub-system level, we summarized and combined the
similar threats, and mapped them into each entities. Among
those, tracking, eavesdropping, and denial of service/
jamming are the most obvious threats to RFID sub-system as
well. On the other hand, threats like tag misuse, elevation of
privilege, and correlated keys have earned least attentions.
But it does not mean those threats are not important, for
example, we believe the tag misuse is a very special threat
specific to the RFID sub-system. The RFID tag is generally
working as the identification of person/item. Thus it is very
important to establish a certain link between the tag and the
tag owner to secure the ownership and prevent the tag misuse
threat. However, neither low-cost EPC tag nor people/
products can efficiently perform cryptographic operations,
even the very simple ones. Resultantly, the tag misuse or
identification theft can occur in a walk. Thus, researchers
should pay more attentions to those less popular threats in the
future also. Among those three levels, the RFID sub-system
level threats are specific to the RFID technology, while the
threats toward other two levels are common to other computer
or information systems.
V. POSSIBLE COUNTERMEASURES
The countermeasures can be deployed in all the three levels
of EPCglobal system, the RFID sub-system, the EPCglobal
network and the business/strategy level.
In the sub-system level, the solutions can be divided into
two categories, non-protocol and protocol approaches. Most
studies are focused on the protocols, especially the on-tag
protocols. Table III summarizes the potential sub-system
threats countermeasures. The on-tag protocols are the most
important research areas nowadays.
243
Guangzhou, China
TABLE III
COUNTERMEASURES FOR RFID SUB -SYSTEM LEVEL
Categories Approach
Kill
Physical disable
Blocker tag
Non-protocol
User control
Logical disable
Sleeping
Watch dog
Security Agent Guardian
RFID Enhancer Proxy
Protocol Hash lock
Hash chain
On-tag Protocol
Scalable protocols
Non-cryptographic
The non-protocol approach mainly refers to disable the tag
completely or partially. However, these approaches have
certain limitations that they eliminate the entire after sale
benefits. Security agent, a personal device that works
between the tag and reader, can specify a number of policies
that readers must comply with. Early versions for such
mediating
suggested in [18]. In [19], the authors proposed the RFID
Guardian which can enforce various policies when interacting
with readers. The weakness of this approach is that the
Guardian must always be alert in protecting tag responses
from unauthorized read attempts. It has to either allow reader
queries or actively block tag answers which may not always
be feasible. RFID Enhancer Proxy, which assumes the
identities of tags and simulates them in the presence of
reading devices by continuously relabeling the identifiers
transmitted by tags, is an improvement over the RFID
Guardian [20] The disadvantages are that the tag identities
need to be partially generated by the tag and match portions of
its true ID. The common shortcoming of security agent is the
performance highly relies on the security policy.
The protection between tags and readers is mainly
implemented by on-tag security protocols. The two
fundamental protocols used are hash-lock scheme [21] and
hash chain scheme [22]. But they share the same shortcoming
that they are not suitable for large-scale environment. The
scalability problem was addressed successfully in [23]. It
used a correlated key method to manage the huge amount of
keys. However, this improvement does not enhance the
security features of the RFID sub-system, but the efficiency.
Instead, it compromised the RFID security and privacy due to
it may be suffered by the correlated key threat. Reference [24]
proposed a set of challenge response authentication protocols
without using cryptographic operations that can be supported
by low cost RFID tags. However, [25] demonstrated that
these protocols can be easily broken, and moreover they
cannot prevent tracking. Worth noting that both the
non-protocol and the protocol approaches cannot completely
solve the security problems. The low cost requirement
dramatically limits the security performance. And most
current protocols do not suit for large scale usage. Thus, the
 Program for the IEEE International Conference on RFID-Technology and Applications, 17 - 19 June 2010 Guangzhou, China

study of upper layer solutions would be necessary. [7]

IEEE Security and Privacy, 2005,
In the network level, the interface/communication channel Vol. 3, No. 3, pp. 34 43.
can be secured by using existing security protocols, such as [8]
the Internet Protocol Security (IPSEC), Transport Layer In First International Conference on
Communications and Networking in China, ChinaCom '06, pp. 1-8.
Security (TLS), and Secure Sockets Layer (SSL). The
[9]
traditional countermeasures for the middleware and EPC-IS 11th IEEE International Conference on Communication
include implementing system authentication, authorization, Technology, ICCT 2008 , pp. 765 768.
and access control mechanisms. Malware can be mitigated by [10] F. Armenio, H. Barthel, P. Dietrich, J. Duker, C. Floerkemeier, J.
Garrett, M. Harrison, B. Hogan, J. Mitsugi, P. J. Pfluegl, O. Ryaboy, S.
installing anti-virus software and firewall or intrusion Sarma, K. K. Suen, K. Traub, and J. Williams, The EPCglobal
detection system, and performing security audit, and backup Architecture Framework, EPCglobal Final Version 1.3, Mar. 2009.
important data. Code review, input validation and [11]
Multi- In The Second International Conference on
input/output encoding can effectively reduce the affects of Availability, Reliability and Security, ARES 2007, pp. 1227-1234
packet injection. Additionally, the X.509 architecture can be [12] FID Systems and
used for reference to prevent unauthorized access threats. In Workshop on Cryptographic
Hardware and Embedded Systems, Vol. 2523, 2002, pp. 454-470.
EPC ONS can be protected by similar security mechanisms [13] D. White, RFID: Applications, Security, and Privacy, Addison-Wesley,
that used for DNS, such as VPN, DNS security extensions pp. 381 395.
(DNSSEC), and TLS. [14] A. Mitrokotsa, M. R. Rieback, an
Information Systems Frontiers Special
At this moment, the business/strategy level threats can Issue on RFID, 2009, forthcoming.
hardly be solved by technical solutions only. Thus, as we [15]
have discussed before, in order to prevent the threats in this epcglobal ar . report, Auto-ID Labs, 2007.
[16] E. Bertino, D. Bruschi, S. Franzoni, I. Nai-Fovino, and S. Valtolina,
level, we should consider the high level solutions, e.g.
, 8th IFIP TC-6 and TC-11 Conf.
perfecting the EPCglobal standards, enforcing the relevant Comm. and Multimedia Security (CMS 2004), Sep. 2004, pp. 189-201.
legislations, and educating people, and so on. [17] D. Atkins, and D. Austein, Threat Analysis of the Domain Name System
(DNS), RFC 3833, Aug. 2004.
[18]
VI. CONCLUSION purpose -
In this paper, we investigate in details the security issues In Second International Symposium on Ubiquitous Computing Systems,
Lecture Notes in Computer Science, Vol. 3598, Springer-Verlag,
and possible countermeasures for RFID sub-system and Berlin, Germany, June 2005, pp. 214-231.
EPC-enabled RFID network. This study is different from [19]
previous works in several aspects. First, we analyze, Battery-
Australasian Conference on Information Security and Privacy, Vol.
summarize, and categorize the vulnerabilities and threats. Our 3574, Lecture Notes in Computer Science, 2005, pp. 184 194.
threats taxonomy maps the threats into three levels and their [20] A. Juels, rivacy: A technical primer for the non-technical
corresponding components. Furthermore, we analyze the reader, Chapter 4 from Privacy and Technologies of Identity, A
Cross-Disciplinary Conversation, Springer-Verlag, 2005, pp. 57-73.
possible solutions in depth. This study gives reader a holistic [21]
view of the EPCglobal network security. In addition, we aspects of low- In
studied the security issues from both the technical and International Conference on Security in Pervasive Computing SPC
2003, Vol. 2802 , Lecture Notes in Computer Science, Boppard,
non-technical perspectives. This paper can help subsequent Germany, Springer-Verlag, pp. 454 469.
research with the EPCglobal system risk analysis and [22] M. Ohkubo, K. Suzuki, and S.
management, and the better countermeasures development Privacy- RFID Privacy Workshop, MIT, MA, 2003.
[23] D. Molnar, A. Soppera, and D. Wagner scalable, delegatable,
for those threats.
Handout of the Encrypt Workshop on RFID and Lightweight Crypto,
REFERENCES Vol. 3897, Lecture Notes in Computer Science, Springer, 2005, pp.
[1] K. Michael and L. McCathie, 276 290.
In International Conference on Mobile Business, [24] htweight Authentication Protocols for
ICMB 2005, pp. 623- 629. Low- In Second Workshop on Security in Ubiquitous
[2] IEEE Computing, Seattle, WA, 2003, pp.
Journal on Selected Areas in Communications, Vol. 24, No. 2. 2006, pp. [25]
381-394. In Fourth IEEE International
[3] - Scientific Workshop on Pervasive Computing and Communication Security
American, 1991, pp. 94-100. (PerSec), 2007, pp. 211-216.
[4]
In The Second International Conference on
Availability, Reliability and Security, ARES 2007, pp. 599-605.
[5]
IEEE Pervasive Computing, Vol. 5, No. 1, 2006, pp.
62 69.
[6] L. P. Peris., C. C. J. Hernandez, T. J. Estevez, and Ribagorda A
11th
IFIP International Conference on Personal Wireless Communications
PWC2006, Vol. 4217, Lecture Notes in Computer Science,
Springer-Verlag, pp. 159 170.

244