Title :
A Secure Supply-Chain RFID System that Respects Your Privacy
Author :
Arbit, Alex ; Oren, Yossef ; Wool, Avishai
Author_Institution :
Tel-Aviv Univ., Tel-Aviv, Israel
Abstract :
Supply-chain RFID systems introduce significant privacy issues to consumers, making it necessary to encrypt communications. Because the resources available on tags are very small, it is generally assumed that only symmetric-key cryptography can be used in such systems. Unfortunately, symmetric-key cryptography imposes negative trust issues between the various stake-holders, and risks compromising the security of the whole system if even a single tag is reverse engineered. This work presents a working prototype implementation of a secure RFID system which uses public-key cryptography to simplify deployment, reduce trust issues between the supply-chain owner and tag manufacturer, and protect user privacy. The authors´ prototype system consists of a UHF tag running custom firmware, a standard off-the-shelf reader and custom point-of-sale terminal software. No modifications were made to the reader or the air interface, proving that high-security EPC tags and standard EPC tags can coexist and share the same infrastructure.
Keywords :
data privacy; manufacturing data processing; public key cryptography; radiofrequency identification; supply chain management; UHF tag; custom point-of-sale terminal software; data privacy; high-security EPC tags; off-the-shelf reader; privacy issues; public key cryptography; radiofrequency identification; reverse engineering; secure supply-chain RFID system; supply-chain owner; symmetric-key cryptography; system security; tag manufacturer; trust issues; user privacy; Encryption; Payloads; Protocols; Public key; Radiofrequency identification; Supply chain management; RFID; pervasive computing; security; supply chain;
Journal_Title :
Pervasive Computing, IEEE
DOI :
10.1109/MPRV.2014.22
