an approach to security and privacy of rfid system for supply chain

ReaderID stored in the memory of this tag has to be updated.
In response, the database finds out the NewReaderID and
transmits it to the reader. When the reader receives the
NewReaderID, it XOR it with the OldReaderID and sends
the XOR value to the tag. The tag can obtain the
NewReaderID from the XOR value and the OldReaderID.
Finally the ReaderID is updated.
In this process, even if the XOR value between
NewReaderID and OldReaderID is leaked out, the adversary
will not get the NewReaderID, because it has no knowledge
of the OldReaderID. In this way, spoofing is prevented.
C. Analysis for typical cases
1) Invulnerable to eavesdropping
In the process of authentication, even if an adversary
eavesdrops the reader’s output a(k), it can not pretend to be
an authorized reader in the following authentication rounds.
The reason is that the required a(k) value changes for every
authentication processes. The a(k) value of the former
authentication round is useless for the later authentication.
After authentication, the tag will output the hash value of its
TagID instead of the TagID itself. Since hash function is
hardly to inverse, the TagID is protected even if the output
is captured by an adversary.
When a tag wants to update a new ReaderID in its memory,
the new ReaderID is encrypted with the old ReaderID. It is
invulnerable to eavesdropping.
In one word, the proposed approach is secure when any
communications between readers and tags are eavesdropped.
2) Prevent being tracked by adversary
Tags keep silent to adversaries. They only respond to
authenticated readers. Furthermore, as explained above, it is
impossible for adversaries to pretend to be a “good reader” .
Since there is no tag output, adversaries are unable to track
the customers by the tags tagged to what they just bought
after they check out. The privacy of location and the objects
the customers carry is protected.
3) Low computation load
This scheme is fast and low-cost. When identifying a tag
from N known tags, the reader performs only one hash
operation and a search of N known IDs, while other
approaches of randomized access control (section II. C.)
need at least N hash operations and N searches . Obviously,
the computation load of this proposed scheme is
dramatically low, compared with the schemes at the similar
security level. Moreover, as the authentication process
relies on searching N known IDs and a hash, the
computation load increases gradually as the number of tags
increases.
4) Suitable for a large number of tags
Since the computation load is low and increase slowly with
the number of tags, the proposed approach is suitable for
protecting RFID systems with a large number of tags. This
feature is very important for a supply chain. Each part along
a supply chain deploys of numerous tags. In warehouses or
retail stores, thousands of products need to be tagged to
accelerate supply chain process. Therefore, a secure RFID
scheme suitable for a lot of tags is the prerequisite for the
popularization of RFID supply chain system.
5) Scalable for further services for consumers
The approach proposed in this paper is scalable for further
services for consumers. For example, a consumer can store
the ReaderID of his home in the tag’s memory, which is
tagged to a box of milk he bought from a supermarket. The
reader in the refrigerator will detect milk and let the owner
know whether there is enough milk.
IV. CONCLUSION
This paper proposed an approach to security and privacy
protection in RFID systems, especially for supply chain. It
requires the tag to have a rewritable memory and a simple
logic circuit. These requirements are practical and easy to
implement.
An advantage of the proposed approach is the high security.
It prevents spoofing, man-in-the-middle attack. Adversary
can not get the tag ID even if the tag’s outputs are
eavesdropped.
REFERENCES
[1] Vince Stanford, “ Pervasive computing goes the last
hundred feet with RFID systems”, IEEE pervasive
computing, Volume: 2 , Issue: 2 , Pages:9 – 14,April-
June 2003
[2] Auto-ID Center, “860MHz-960MHz Class I Radio
Frequency Identification Tag Radio Frequency &
Logical communication Interface Specification Proposed
Recommendation Version 1.0.0” , Technical Report
MIT-AUTOID-TR-007, Nov. 2002
[3] Sozo Inoue, Hiroto Yasuura, “ RFID privacy using usercontrollable
uniqueness” , RFID Privacy Workshop @
MIT,2003
[4] Sozo Inoue, S. Konomi, Hiroto Yasuura., “Privacy in the
digitally named world with RFID tags” , Workshop on
socially-informed design of privacy-enhancing solutions
in ubiquitous computing, 2002
[5] Shingo Kinosita, Fumitaka Hoshino, Tomoyuki Komuro,
Akiko Fujimura and Miyako Ohkubo, “ Non-identifiable
Anonymous-ID Scheme for RFID Privacy Protection” ,
to appear in CSS 2003 in Japanese.
[6] Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and
Daniel W. Engels , “Security and Privacy Aspects of
Proceedings of the IEEE International Conference on E-Commerce Technology for Dynamic E-Business (CEC-East’04)
0-7695-2206-8/04 $ 20.00 IEEE