A Secure Supply-Chain RFID System that Respects Your Privacy

Supply-chain RFID systems introduce significant privacy issues to consumers, making it necessary to encrypt communications. Because the resources available on tags are very small, it is generally assumed that only symmetric-key cryptography can be used in such systems. Unfortunately, symmetric-key c...

Full description

Saved in:
Bibliographic Details
Published inIEEE pervasive computing Vol. 13; no. 2; pp. 52 - 60
Main Authors Arbit, Alex, Oren, Yossef, Wool, Avishai
Format Journal Article
LanguageEnglish
Published New York, NY IEEE 01.04.2014
IEEE Computer Society
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Applied sciences
Computer science; control theory; systems
Cryptography
Encryption
Exact sciences and technology
Information, signal and communications theory
Logistics
Memory and file management (including protection and security)
Memory organisation. Data processing
Operational research and scientific management
Operational research. Management science
Payloads
pervasive computing
Protocols
Public key
Radio frequency identification
Radiocommunications
Radiofrequency identification
RFID
security
Signal and communications theory
Software
supply chain
Supply chain management
Telecommunications
Telecommunications and information theory
Private life
Prototype
Confidence
Confidentiality
Public key
Chained form system
Infrastructure
Cryptography
Computer security
Radio frequency identification
Logistics
Online AccessGet full text

Cover

More Information
Summary:Supply-chain RFID systems introduce significant privacy issues to consumers, making it necessary to encrypt communications. Because the resources available on tags are very small, it is generally assumed that only symmetric-key cryptography can be used in such systems. Unfortunately, symmetric-key cryptography imposes negative trust issues between the various stake-holders, and risks compromising the security of the whole system if even a single tag is reverse engineered. This work presents a working prototype implementation of a secure RFID system which uses public-key cryptography to simplify deployment, reduce trust issues between the supply-chain owner and tag manufacturer, and protect user privacy. The authors' prototype system consists of a UHF tag running custom firmware, a standard off-the-shelf reader and custom point-of-sale terminal software. No modifications were made to the reader or the air interface, proving that high-security EPC tags and standard EPC tags can coexist and share the same infrastructure.
ISSN:1536-1268
1558-2590
DOI:10.1109/MPRV.2014.22