Protecting and Restraining the Third Party in RFID-Enabled 3PL Supply Chains

  • Shaoying Cai
  • Chunhua Su
  • Yingjiu Li
  • Robert Deng
  • Tieyan Li
Conference paper

DOI: 10.1007/978-3-642-17714-9_18

Volume 6503 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Cai S., Su C., Li Y., Deng R., Li T. (2010) Protecting and Restraining the Third Party in RFID-Enabled 3PL Supply Chains. In: Jha S., Mathuria A. (eds) Information Systems Security. ICISS 2010. Lecture Notes in Computer Science, vol 6503. Springer, Berlin, Heidelberg

Abstract

“Symmetric secret”-based RFID systems are widely adopted in supply chains. In such RFID systems, a reader’s ability to identify a RFID tag relies on the possession of the tag’s secret which is usually only known by its owner. If a “symmetric secret”-based RFID system is deployed in third party logistics (3PL) supply chains, all the three parties (the sender of the goods, the receiver of the goods and the 3PL provider) should have a copy of those tags’ secrets to access the tags. In case the three parties in 3PL supply chain are not all honest, sharing the secrets among the three parties will cause security and privacy problems. To solve these problems, we firstly formalize the security and privacy requirements of RFID system for 3PL supply considering the existence of the internal adversaries as well as the external adversaries. Then we propose two different protocols which satisfy the requirements, one is based on aggregate massage authentication codes, the other is based on aggregate signature scheme. Based on the comparisons of the two protocols on performance and usability, we get the conclusion that overall the aggregate MAC-based solution is more applicable in 3PL supply chains.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Shaoying Cai
    • 1
  • Chunhua Su
    • 1
  • Yingjiu Li
    • 1
  • Robert Deng
    • 1
  • Tieyan Li
    • 2
  1. 1.Singapore Management UniversitySingapore
  2. 2.Institute for Infocomm Research (I2R)Singapore