Abstract
Modern RFID implementations leverage competitive business advantages in processing, tracking, and tracing of fast-moving consumer goods. Current implementations suffer from security threats and privacy issues, because RFID technology was not designed for secured data exchange. In emerging global RFID-aided supply chains the need for open interfaces between business partners can be abused to derive business secrets.
We developed an access control mechanisms based on in-memory technology to protect business secrets in real-time. In contrast to traditional access control mechanisms that support only bivalent access rights, our history-based access control derives concrete access rights by analyzing the complete history as well as enforcing latest possible access rights. In-memory technology is the key-enabler to handle the steady increasing query history while keeping response time latency low.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Barthwell, A. G., Barnes, M. C., Leopold, V. R., & Wichelecki, J. L. (2009). National survey on drug use and health. Arlington: Center for Lawful Access and Abuse Deterrence.
Beck, M., & Tews, E. (2008). Practical attacks against WEP and WPA. http://dl.aircrack-ng.org/breakingwepandwpa.pdf. Accessed 31 Oct 2011.
Bos, J. V. D. (2009). Globalization of the pharmaceutical supply chain: what are the risks?—The FDA’s difficult task. Society of Actur, 61, 24–26.
Bovenschulte, M., Gabriel, P., Gaßner, K., & Seidel, U. (2007). RFID: prospectives for Germany—the state of radio frequency identification-based applications and their outlook in national and international markets.
EPCglobal Inc. (2007). EPCIS standard 1.0.1. http://www.gs1.org/gsmp/kc/epcglobal/epcis/epcis_1_0_1-standard-20070921.pdf. Accessed 31 Oct 2011.
EPCglobal Inc. (2008a). EPCglobal object name service standard 1.0.1. http://www.gs1.org/gsmp/kc/epcglobal/ons/ons_1_0_1-standard-20080529.pdf. Accessed 31 Oct 2011.
EPCglobal Inc. (2008b). EPC radio-frequency identity protocols—class-1 generation-2 UHF RFID protocol for communications at 860 MHz—960 MHz—1.2.0. http://www.gs1.org/docs/uhfc1g2/uhfc1g2_1_2_0-standard-20080511.pdf. Accessed 31 Oct 2011.
EPCglobal Inc. (2010). Tag data standards 1.5. http://www.gs1.org/gsmp/kc/epcglobal/tds/tds_1_5-standard-20100818.pdf. Accessed 31 Oct. 2011.
EPCglobal Inc. (2011). Discovery services standard. http://www.gs1.org/gsmp/kc/epcglobal/discovery. Accessed 31 Oct 2011.
European Commission Taxation and Customs Union (2009). Report on EU Customs En-forcement of IP Rights.
Food and Drug Administration (2004). Counterfeit Drug Task Force Report.
Food and Drug Administration (2005). Counterfeit Drug Task Force Report.
Hossein, B. (2006). Handbook of information security. New York: Wiley.
Hwang, H., Jung, G., Sohn, K., & Park, S. (2008). A study on MITM vulnerability in wireless network using 802.1X and EAP. In Proceedings of international conference on information science and security. Washington: IEEE Computer Society.
International Chamber of Commerce (2004). The fight against piracy and counterfeiting of intellectual property. http://www.iccwbo.org/home/intellectual_property/fight_against_piracy.pdf. Accessed 31 Oct 2011.
International Organization for Standardization (2004–2010). ISO/IEC 18000: information technology—radio frequency identification for item management.
IP Crime Group (2009). IP Crime Report 2008–2009.
James, M. S., Tittel, E., & Chapple, M. (2008). Certified information systems security professional study guide (4th ed.). New York: Wiley.
Jones, E. C., & Chung, C. A. (2007). RFID in logistics: a practical introduction. Boca Raton: CRC Press.
Juels, A., Rivest, R. L., & Szydlo, M. (2003). The blocker tag: selective blocking of RFID tags for consumer privacy. In Proceedings of the conference on computer and communications security (pp. 103–111). New York: ACM Press.
Koscher, K., Juels, A., Brajkovic, V., & Kohno, T. (2009). EPC RFID tag security weaknesses and defenses: passport cards, enhanced drivers licenses, and beyond. In Conference on computer and communication security (pp. 33–42). New York: ACM.
Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G., & Schimmler, M. (2006). Breaking ciphers with COPACOBANA—a cost-optimized parallel code breaker. In Cryptographic hardware and embedded systems (pp. 101–118). Heidelberg: Springer.
Mehuron, W. (1999). Data encryption standard. Technical report, National Institute of Standards and Technology.
Menezes, A. J., Vanstone, S. A., & van Oorschot, P. C. (1996). Handbook of applied cryptography. Boca Raton: CRC Press.
Müller, J., Pöpke, C., Urbat, M., Zeier, A., & Plattner, H. (2009a). A simulation of the pharmaceutical supply chain to provide realistic test data. In Proceedings of the international conference on advances in system simulation (pp. 44–49).
Müller, J., Schapranow, M.-P., Helmich, M., Enderlein, S., & Zeier, A. (2009b). RFID middleware as a service—enabling small and medium-sized enterprises to participate in the EPC network. In International conference on industry engineering and engineering management 2, Beijing: IEEE Computer Society.
Plattner, H., & Zeier, A. (2011). In-memory data management. Berlin: Springer.
Russell, D., & Gangemi, G. T. (1991). Computer security basics. Sebastopol: O’Reilly & Associates Inc.
Schapranow, M.-P., Kühne, R., & Zeier, A. (2010a). Enabling real-time charging for smart grid infrastructures using in-memory databases. In 1st IEEE LCN workshop on smart grid networking infrastructure.
Schapranow, M. P., Zeier, A., & Plattner, H. (2010b). A dynamic mutual RFID authentication model preventing unauthorized third party access. Melbourne: IEEE Press.
Schapranow, M.-P., Zeier, A., & Plattner, H. (2011). A formal model for enabling RFID in pharmaceutical supply chains. In 44th Hawaii international conference on system sciences.
Schlitter, N., Kähne, F., Schilz, S. T., & Mattke, H. (2007). Potentials and problems of RFID-based cooperations in supply chains. In Innovative logistics management: competitive advantages through new processes and services (3rd ed.). Berlin: Erich Schmidt Verlag GmbH & Co.
Shukla, N., & Sangal, T. (2009). Generic drug industry in India: the counterfeit spin. Intellect Property Rights, 14, 236–240.
Staake, T., Thiesse, F., & Fleisch, E. (2005). Extending the EPC network: the potential of RFID in anti-counterfeiting. In Symposium on applied computing, New York: ACM.
Stallings, W. (2005). Cryptography and network security (4th ed.). Upper Saddle River: Prentice Hall.
U.S. Pharmaceuticals Pfizer INC (2006). Anti-counterfeit drug initiative workshop and vendor display. http://www.fda.gov/OHRMS/DOCKETS/dockets/05n0510/05N-0510-EC21-Attach-1.pdf. Accessed 31 Oct 2011.
Wendt, S. (1991). Nichtphysikalische grundlagen der informationstechnik. Interpretierte formalismen. Berlin: Springer.
Werlinger, R., Hawkey, K., Muldner, K., Jaferian, P., & Beznosov, K. (2008). The challenges of using an intrusion detection system: is it worth the effort? In Proceedings of the 4th symposium on usable privacy and security (pp. 107–118). New York: ACM.
White, G., Prabhakar, G., Abdrazak, A., & Gardiner, G. (2007). A comparison of barcoding and RFID technologies in practice. Journal of information, information technology and organizations, 2.
World Health Organization (2009). Warning on purchase of antivirals without a prescription, including via the Internet. http://www.who.int/medicines/publications/drugalerts/Alert_122_Antivirals.pdf. Accessed 31 Oct 2011.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag London
About this chapter
Cite this chapter
Schapranow, MP., Plattner, H. (2013). In-Memory Technology Enables History-Based Access Control for RFID-Aided Supply Chains. In: Krüger, J., Nickolay, B., Gaycken, S. (eds) The Secure Information Society. Springer, London. https://doi.org/10.1007/978-1-4471-4763-3_9
Download citation
DOI: https://doi.org/10.1007/978-1-4471-4763-3_9
Publisher Name: Springer, London
Print ISBN: 978-1-4471-4762-6
Online ISBN: 978-1-4471-4763-3
eBook Packages: Computer ScienceComputer Science (R0)