RFID-based supply chain partner authentication and key agreement

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

RFID-based supply chain partner authentication and key agreement

Full text

Pdf (411 KB)

Source

Conference On Wireless Network Security archive
Proceedings of the second ACM conference on Wireless network security table of contents

Zurich, Switzerland

SESSION: RFID security table of contents

Pages 41-50

Year of Publication: 2009

ISBN:978-1-60558-460-7

Authors

Florian Kerschbaum	SAP Research, Karlsruhe, Germany
Alessandro Sorniotti	SAP Research and Institut Eurecom, Sophia Antipolis, France

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 43, Downloads (12 Months): 241, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1514274.1514281 What is a DOI?

ABSTRACT

The growing use of RFID in supply chains brings along an indisputable added value from the business perspective, but raises a number of new interesting security challenges. One of them is the authentication of two participants of the supply chain that have possessed the same tagged item, but that have otherwise never communicated before. The situation is even more complex if we imagine that participants to the supply chain may be business competitors. We present a novel cryptographic scheme that solves this problem. In our solution, users exchange tags over the cycle of a supply chain and, if two entities have possessed the same tag, they agree on a secret common key they can use to protect their exchange of business sensitive information. No rogue user can be successful in a malicious authentication, because it would either be traceable or it would imply the loss of a secret key, which provides a strong incentive to keep the tag authentication information secret and protects the integrity of the supply chain. We provide game-based security proofs of our claims, without relying on the random oracle model.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	A. Asif and M. Mandviwalla. Integrating the supply chain with rfid: A technical and business analysis. In Communications of the Association for Information Systems, vol. 15, pages 393--427, 2005.
	2	G. Ateniese, M. Blanton, and J. Kirsch. Secret handshakes with dynamic and fuzzy matching. In Network and Distributed System Security Symposuim, pages 159--177. The Internet Society, 02 2007. CERIAS TR 2007--24.
	3	Giuseppe Ateniese , Kevin Fu , Matthew Green , Susan Hohenberger, Improved proxy re-encryption schemes with applications to secure distributed storage, ACM Transactions on Information and System Security (TISSEC), v.9 n.1, p.1-30, February 2006 [doi>10.1145/1127345.1127346]
	4	Giuseppe Ateniese , Susan Hohenberger, Proxy re-signatures: new definitions, algorithms, and applications, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA [doi>10.1145/1102120.1102161]
	5	Dirk Balfanz , Glenn Durfee , Narendar Shankar , Diana Smetters , Jessica Staddon , Hao-Chi Wong, Secret Handshakes from Pairing-Based Key Agreements, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.180, May 11-14, 2003
	6	Mihir Bellare , Phillip Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, Proceedings of the 1st ACM conference on Computer and communications security, p.62-73, November 03-05, 1993, Fairfax, Virginia, United States [doi>10.1145/168588.168596]
	7	Ygal Bendavid , Samuel Fosso Wamba , Louis A. Lefebvre, Proof of concept of an RFID-enabled supply chain in a B2B e-commerce environment, Proceedings of the 8th international conference on Electronic commerce: The new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internet, p.564-568, August 13-16, 2006, Fredericton, New Brunswick, Canada [doi>10.1145/1151454.1151461]
	8	M. Blaze, G. Bleumer, and M. Strauss. Divertible protocols and atomic proxy cryptography. In EUROCRYPT, 1998.
	9	D. Boneh and X. Boyen. Efficient selective-id secure identity-based encryption without random oracles. In EUROCRYPT, pages 223--238, 2004.
	10	Dan Boneh , Matthew Franklin, Identity-Based Encryption from the Weil Pairing, SIAM Journal on Computing, v.32 n.3, p.586-615, 2003 [doi>10.1137/S0097539701398521]
	11	Dan Boneh , Ben Lynn , Hovav Shacham, Short Signatures from the Weil Pairing, Journal of Cryptology, v.17 n.4, p.297-319, September 2004 [doi>10.1007/s00145-004-0314-9]
	12	Ran Canetti , Susan Hohenberger, Chosen-ciphertext secure proxy re-encryption, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA [doi>10.1145/1315245.1315269]
	13	H. Chabanne, D. H. Phan, and D. Pointcheval. Public traceability in traitor tracing schemes. In EUROCRYPT, pages 542--558, 2005.
	14	W. Diffie and M. Hellman. New directions in cryptography. Information Theory, IEEE Transactions on, 22(6):644--654, Nov 1976.
	15	Simson L. Garfinkel , Ari Juels , Ravi Pappu, RFID Privacy: An Overview of Problems and Proposed Solutions, IEEE Security and Privacy, v.3 n.3, p.34-43, May 2005 [doi>10.1109/MSP.2005.78]
	16	Matthew Green , Giuseppe Ateniese, Identity-Based Proxy Re-encryption, Proceedings of the 5th international conference on Applied Cryptography and Network Security, June 05-08, 2007, Zhuhai, China [doi>10.1007/978-3-540-72738-5_19]
	17	Antoine Joux, A One Round Protocol for Tripartite Diffie–Hellman, Journal of Cryptology, v.17 n.4, p.263-276, September 2004 [doi>10.1007/s00145-004-0312-y]
	18	A. Juels. RFID Security and Privacy: A Research Survey. IEEE Journal on Selected Areas in Communications, 24(2):381--394, February 2006.
	19	Ari Juels , Ravikanth Pappu , Bryan Parno, Unidirectional key distribution across time and space with applications to RFID security, Proceedings of the 17th conference on Security symposium, p.75-90, July 28-August 01, 2008, San Jose, CA
	20	Ari Juels , Stephen A. Weis, Defining Strong Privacy for RFID, Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications Workshops, p.342-347, March 19-23, 2007 [doi>10.1109/PERCOMW.2007.37]
	21	S. Lal and P. Kushwah. Multi-pkg id based signcryption. Cryptology ePrint Archive, Report 2008/050, 2008.
	22	Hyangjin Lee , Jeeyeon Kim, Privacy threats and issues in mobile RFID, Proceedings of the First International Conference on Availability, Reliability and Security, p.510-514, April 20-22, 2006 [doi>10.1109/ARES.2006.96]
	23	B. Libert and D. Vergnaud. Multi-use unidirectional proxy re-signatures. CoRR, abs/0802.1113, 2008.
	24	Brian L. Dos Santos , Lars S. Smith, RFID in the supply chain: panacea or Pandora's box?, Communications of the ACM, v.51 n.10, October 2008 [doi>10.1145/1400181.1400209]
	25	Adi Shamir, Identity-based cryptosystems and signature schemes, Proceedings of CRYPTO 84 on Advances in cryptology, p.47-53, August 1985, Santa Barbara, California, United States
	26	Samuel Fosso Wamba , Harold Boeck, Enhancing information flow in a retail supply chain using RFID and the EPC network, Journal of Theoretical and Applied Electronic Commerce Research, v.3 n.1, p.92-105, April 2008
	27	B. Waters. Efficient identity-based encryption without random oracles. In EUROCRYPT, pages 114--127, 2005.
	28	Yawer Yousuf , Vidyasagar Potdar, A Survey of RFID Authentication Protocols, Proceedings of the 22nd International Conference on Advanced Information Networking and Applications - Workshops, p.1346-1350, March 25-28, 2008 [doi>10.1109/WAINA.2008.214]