Abstract
Given the ramifications of widespread RFID implementation in contemporary supply chain management, there is a need for awareness of emerging security threats and effective self-protection mechanisms against system failures and attacks. The aim of this chapter is to identify the emerging information security challenges pertaining to RFID applications in the telecommunications industry. Having policy makers and telecom operators as the target audience, this chapter will present a conceptual framework for approaching risk management activities in regards to auto-ID/RFID applications with comprehensive and contemporary understanding about information assets, ecosystem threats, and vulnerabilities embedded in their extended supply chains.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alcaraz C, Zeadally S (2014) Critical infrastructure protection: requirements and challenges for the 21st century. Int J Crit Infrastruct Prot 8:53–66
Alcaraz C, Zeadally S (2015) Critical infrastructure protection: requirements and challenges for the 21st century. Int J Crit Infrastruct Prot 8:53–66
Alfaro J, Rabade L (2009) Traceability as a strategic tool to improve inventory management: a case study in the food industry. Int J Prod Econ 118(1):104–110
Angeles R (2005) RFID technologies: supply chain applications and implementation issues. Inf Syst Manage 22(1):51–65
Anonymous (2005) Applications of biometrics: area harnessing the technology. Available at http://www.questbiometrics.com/applications-of-biometrics.html. Last access 03 Feb 2012
Asif Z, Mandviwalla M (2005) Integrating the supply chain with RFID: a technical and business analysis. Commun Assoc Inf Syst 15(24):393–427
Avoine G, Oechslin P (2005) RFID traceability: a multilayer problem. In: Proceedings on financial cryptography, pp 125–140
Ayoade J (2007) Privacy and RFID systems: roadmap to solving security and privacy concerns in RFID systems. Comp Law Secur Rev Int J Technol Pract 23:555–561
Bollen F, Kissling C, Emond J-P, Brecht J, McAneney, Leake J, Compton R, Nunes C, Metz A, Duval K, Laniel M, Ye J (2004) Sea and air container track and trace technologies: analysis and case studies. Available at http://www.apec-tptwg.org.cn/new/Archives/tpt-wg23/Competitive/ITF/Draft-Final-Report2-Jun04.pdf. Last access 08 Jan 2012
Bose I, Pal R (2005) Auto-ID: managing anything, anywhere, anytime in the supply chain. Commun ACM 48(8):100–106
Campbell D (Ed) (2009) International telecommunication law. Yorkhill Law Publishing, Salzburg, p 2007
Cannon AR, Reyes PM, Frazier GV, Prater E (2008) RFID in the contemporary supply chain: multiple perspectives on its benefits and risks. Int J Oper Prod Manage 28(5):433–454
Chao CC, Yang JM, Jen WY (2007) Determining technology trends and forecasts of RFID by a historical review and bibliometric analysis from 1991 to 2005. Technovation 27(5):268–279
Chen H, Daugherty PJ, Landry TD (2009) Supply chain process integration: a theoretical framework. J Bus Logistics 30(2):27–46
Chicksand D, Waston G, Walker H, Radnor Z, Johnston R (2012) Theoretical perspectives in purchasing & supply chain management: an analysis of the literature. Supply Chain Manage Int J 17(4):454–472
Childerhouse P, Towill D (2011) Arcs of supply chain integration. Int J Prod Res 49(24):7441–7468
Christopher M (2011) Logistics and supply chain management: strategies for reducing cost and improving service, 4th edn. Pearson Education Limited/Financial Times Prentice Hall, Harlow
Cooper MC, Lambert DM, Pagh JD (1997) Supply chain management: more than a new name for logistics strategy. Int J Logistics Manage 4(2):13–24
Defee CC, Williams B, Randall WS, Thomas R (2010) An inventory of theory in logistics and supply chain management research. Int J Logistics Manage 21(3):404–489
Derrouiche R, Neubert G, Bourar A (2008) Supply chain management: a framework to characterize the collaborative strategies. Int J Comput Integr Manuf 21(4):426–439
EPCglobal Inc (2005) EPCâ„¢ radio-frequency identity protocols class-1. EPC Global Inc., New Jersey, USA
EPCglobal (2004) The EPCglobal network: overview of design, benefits and security. EPC Global Inc., New Jersey, USA
European Telecommunications Standards Institute (ETSI) (2006) Telecommunication and internet converged services and protocols for advanced networking (TISPAN). Overview of Radio Frequency Identification (RFID). Tags in the telecommunications industry. Technical Report: ETSI TR 102(449) V1.1.1, 2006–01
European Parliament and Council Directive (1995) Directive 95/46/EC of the European parliament and of the council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal L 281(23/11):0031–0050
Feng B, Li JT, Guo JB, Ding ZH (2006) ID-binary tree stack anticollision algorithm for RFID. In: 11th IEEE Symposium on Computers and Communication. IEEE Press, pp. 207–212
Fox R (2005) Radio frequency identification (RFID) in the telecommunications industry: Telcordia. Available at http://www.commonlanguage.com/content/resources/commonlang/productshowroom/showroom/equip_id/carriers/eqpt_td_gen_wp_001.pdf. Last access 20 Apr 2015
Gao JZ., Prakash L, Jagatesan R (2007) Understanding 2D-barcode technology and applications in m-commerce-design and implementation of a 2D barcode processing solution. In: Proceedings of the 31st Anual international Computer Software and Applications Conference-COMPSAC, July 24–27, Washington, DC. IEEE Computer Society, Vol 2, pp 49–56
Garfinkel SL, Juels A, Pappu R (2005) RFID privacy: an overview of problems and proposed solutions. IEEE Comp Soc IEEE Secur Priv 3:34–43
Gaukler GM, Seifert RW, Hausman WH (2007) Item-level RFID in the retail supply chain. Prod Oper Manage 16(1):65–76
Gaukler G, Seifert R (2007) Applications of RFID in supply chains. In: Jung H, Chen F, Jeong B (eds) Trends in supply chain design and management: technologies and methodologies. Springer, London, pp 29–48
Glover B, Bhatt H (2006) RFID essentials, 1st edn. O’Reilly, Sebastopol
Gudymenko I (2011) Protection of the users’ privacy in ubiquitous RFID systems. Master’s dissertation, Technische Universität Dresden
Hammer M (2001) The superefficient company. Harvard Bus Rev 79(8):82–91
Helbing D (2013) Globally networked risks and how to respond. Nature 497:51–59
Heskett JL (1977) Logistics—essential to strategy. Harvard Bus Rev 55(6):85–96
Huang CH (2009) An overview of RFID technology, application, and security/privacy threats and solutions. Available at http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.175.9165&rep=rep1&type=pdf. Last access 19 Apr 2015
Hutter D, Ullmann M (2005) Security in pervasive computing. In: Second international conference, SPC 2005. Boppard, Germany, April 2005. Springer, Berlin
Ilie-Zudor E, Kemény Z, van Blommestein F, Monostori L, van der Meulen A (2011) A survey of applications and requirements of unique identification systems and RFID techniques. Comput Ind 62(3):227–252
Jonsson P, Mattsson S (2013) The value of sharing planning information in supply chains. Int J Phys Distrib Logistics Manage 43(4):282–299
Juels A (2005) RFID security and privacy: a research survey. Available at https://www.rsa.com/rsalabs/staff/bios/ajuels/publications/pdfs/rfid_survey_28_09_05.pdf. Last access 21 Jan 2012
Jüttner U, Christopher M, Baker S (2007) Demand chain management—integrating marketing and supply chain management. Ind Mark Manage 36(3):377–392
Karygiannis T, Phillips T, Tsibertzopoulos A (2006) RFID security: a taxonomy of risk. In: Proceedings of the 1st international conference on communications and networking in China (China’Com 2006), October 2006. IEEE Press, pp 1–8
Karygicmnis A, Phillips T, Tsibertzopoulos A (2006) RFID security: a taxonomy of risk. Paper presented at the first international conference on communications and networking in China, 2006. ChinaCom’06
Kay E (2003) What’s the next step for RFID. Frontline Solutions 4(3):21–25
Keen P, Mackintosh R (2001) The freedom economy: gaining the m-commerce edge in the era of wireless Internet. Osborne/McGraw-Hill, New York
Khor J, Ismail W, Younis M, Sulaiman M, Rahman M (2011) Security problems in an RFID system. Wireless Pers Commun 59(1):17–26
Kirk S, Fraser J, Vincenti J (2007) Is big business watching you? RFID tags, data protection, and the retail industry in the European Union. Comp Internet Lawyer 24(2):1–5
Kroger W, Zio E (2011) Vulnerable systems. Springer Publishing, Dordrecht
Kwon O, Im GP, Lee KC (2007) MACE-SCM: a multi-agent and case-based reasoning collaboration mechanism for supply chain management under supply and demand uncertainties. Expert Syst Appl 33(3):690–705
Lambert DM (2004) Supply chain management: process, partnership, performance. Supply Chain Management Institute, Sarasota
Lamming R (1996) Squaring lean supply with supply chain management. Int J Oper Prod Manage 16(2):183–196
Laudon K, Laudon J (2011) Management information systems: managing the digital firm, 13th edn. Pearson Education Limited/Financial Times Prentice Hall
Lee CW, Kwon IG, Severance D (2007) Relationship between supply chain performance and degree of linkage among supplier, internal integration, and customer. Supply Chain Manage Int J 12(6):444–452
Lee HL, Whang S (2000) Information sharing in a supply chain. Int J Technol Manage 20(3/4):373–387
Lee S (2005) Mutual authentication of RFID system using synchronized secret information. Master’s dissertation, School of Engineering, Information and Communications University
Li S, Visich JK, Khumawala BM, Zhang C (2006) Radio frequency identification technology: applications, technical challenges and strategies. Sens Rev 26(3):193–202
Lin CH, Tseng HJ (2006) Identifying the pivotal role of participation strategies and information technology application for supply chain excellence. Ind Manage Data Syst 106(5/6):739–756
Mark L (2005) Personal privacy in ubiquitous computing: tools and system support. PhD
McGinity M (2008) RFID not your father’s Barcode, IEEE distributed systems online. Available at http://dsonline.computer.org/portal/site/dsonline/menuitem.9ed3d9924aeb0dcd82ccc6716bbe36ec/index.jsp?&pName=dso_level1&path=dsonline/2003_Archives/0308/f&file=newsp.xml&xsl=article.xsl&. Last access 13 Apr 2008
Mentzer JT (2001) Supply chain management. Sage Publications, London
Michael K, McCathie L (2005) The pros and cons of RFID in supply chain management (ICMB’05). In: Proceedings of the international conference on mobile business, IEEE
Miles SB, Sarma SE, Williams JR (2010) RFID: technology and applications. Cambridge University Press, Cambridge
Mitrokotsa A, Rieback MR, Tanenbaum AS (2009) Classifying RFID attacks and defenses. Special issue on advances in RFID technology, Information Systems Frontiers. Springer Science & Business Media, LLC 2009. doi:10.1007/s10796-009-9210-z
Oxford dictionary (2012a) Optical character recognition. Available at http://oxforddictionaries.com/definition/optical%2Bcharacter%2Brecognition?q=optical+character+recognition. Last access 23 Feb 2012
Oxford dictionary (2012b) Smart card. Available at http://oxforddictionaries.com/definition/smart+card. Last access 23 Feb 2012
Paul A, Calvin P, Matthias S (2002) From privacy promises to privacy management: a new approach for enforcing privacy throughout an enterprise. In: Proceedings of the 2002 workshop on new security paradigms, NSPW ’02, New York, NY, USA, 2002. ACM, pp 43–50
Peppet SR (2014) Regulating the internet of things: first step toward managing discrimination, privacy, security, and consent. Texas Law Rev 93(85):85–178
Peris-Lopez P, Hernández-Castro JC, Estévez-Tapiador JM, Ribagorda A (2006) RFID systems: a survey on security threats and proposed solutions. PWC, pp 159–170
Persona A, Regattierri A, Pham H, Battini D (2007) Remote control and maintenance outsourcing networks and its applications in supply chain management. J Oper Manage 25(6):1275–1291
Porter ME (1985) Competitive strategy: creating and sustaining superior performance. The Free Press, New York
Porter ME (2001) Strategy and the internet. Harvard Bus Rev 79(3):62
Prasanna KR, Hemalatha M (2012) RFID GPS and GSM based logistics vehicle load balancing and tracking mechanism. In: International conference on communication technology and system design 2011, vol 30, pp 726–729
Ranganathan C, Dhaliwal JS, Teo TSH (2004) Assimilation and diffusion of wed technologies in supply chain management: an examination of key drivers and performance impacts. Int J Electr Commer 9(1):127–161
Rankl W, Effing W (2010) Smart card handbook, 4th edn. Wiley, West Sussex
RFID Journal (2015) RFID in consumer products. RFID J. Available at http://www.rfidjournal.com/faq/29/27. Last access 20 Apr 20 2015
Rhee K, Kwak J, Kim S, Won D (2005) Challenge-response based RFID authentication protocol for distributed database environment. In: International conference on Security in Pervasive Computing. SPC, Vol. 3450, pp 70–48
Richey RG, Roath AS, Whipple JM, Fawcett SE (2010) Exploring a governance theory of supply chain management: barriers and facilitators to integration. J Bus Logistics 31(1):237–256
Rieback MR, Crispo B, Tanenbaum AS (2006) Is your cat infected with a computer virus?. In: Proceedings of the 4th IEEE international conference on Pervasive Computing and Communications. IEEE Press, pp 169–179
Roman R, Zhou J, Lopez J (2013) On the features and challenges of security and privacy in distributed internet of things. Towards Sci Cyber Secur Identity Archit Future Internet 57(10):2266–2279
Sabbaghi A, Vaidyanathan G (2008) Effectiveness and efficiency of RFID technology in supply chain management: strategic values and challenges. J Theor Appl Electr Commer Res 3(2):71–71
Sellitto C, Burgess S, Hawking P (2007) Information quality attributes associated with RFID-derived benefits in the retail supply chain. Int J Retail Distrib Manage 35(1):69–87
Smart Border Alliance (2014) RFID security and privacy. RFID feasibility study final report
Spruit M, Wester W (2013) RFID security and privacy: threats and countermeasures, technical report UU-CS- 2013-001. Utrecht, Netherlands: Department of Information and Computing Sciences, Utrecht University
Srivastava B (2004) Radio frequency ID technology: the next revolution in SCM. Bus Horiz 47(6):60–68
Steinauer DD, Radack SM, Katzke SW (1997) U.S. government activities to protect the information infrastructure. Germany: Presented at the 5th Annual BSI IT Security Congress in Bonn, Germany (April 1997). Available at http://csrc.nist.gov/publications/secpubs/otherpubs/usgovII.pdf. Last access 21 Apr 2015
Stonebraker PW, Liao J (2004) Environmental turbulence, strategic orientation: modeling supply chain integration. Int J Oper Prod Manage 24(10):1037–1054
Stuart GK, John JL (2006) Security RFID applications: issues, methods and control. Inform Syst Secur 15(4):43–50
Swartz J (2000) Changing retail trends, new technologies, and the supply chain. Technol Soc 22(1):123–132
Taylor JIM (2014) Enhance granularity of visibility in the food supply chain: use track and trace technologies. Food Logistics (Special report, 154), pp 30–32
US Telecom Association (2014) Experience with the framework for improving critical infrastructure cybersecurity: comments of the US Telecom association. Available at http://csrc.nist.gov/cyberframework/rfi_comment_october_2014/20141010_ustelecom_scott.pdf. Last access 21 Apr 2015
van Deursen T, Radomirovic S (2009) Security of RFID protocols: a case study. Electr Notes Theor Comp Sci 244:41–52
van Dorp KJ (2002) Tracking and tracing: a structure for development and contemporary practices. Logistics Inf Manage 15(1):24–33
Want R (2006) An introduction to RFID technology. IEEE Pervasive Comput 5(1):25–33
Wasserman E (2007) Telcos’ dual vision for RFID. RFID J, December 1st 2007, https://www.rfidjournal.com/purchaseaccess?type=Article&id=3806&r=%2Farticles%2Fview%3F3806. Accessed 20 Aug 2015
Weber RH (2010) Internet of things—new security and privacy challenges. Comp Law Secur Rev 26(1):23–30
Weis SA (2012) RFID (radio frequency identification): principles and applications. Available at http://www.eecs.harvard.edu/cs199r/readings/rfid-article.pdf. Last access 22 Jan 2012
Whitaker J, Mithas S, Krishnan MS (2007) A field Study of RFID deployment and return expectations. Prod Oper Manage 16(5):599–612
White GRT, Gardiner G, Prabhakar G, Abd Razak A (2007) A comparison of barcoding and RFID technologies in practice. J Inf Inf Technol Organ 2:119–131
Wu NC, Nystrom MA, Lin TR, Yu HC (2006) Challenges to global RFID adoption. Technovation 26(12):13–17
Wyld DC (2006) RFID 101: the next big thing for management. Manage Res News 29(4):154–173
Xiao Q, Boulet C, Gibbons T (2007) RFID security issues in military supply chains. In: Proceedings of the 2nd international conference on Availability, Reliability and Security, pp 599–605
Yu P, Schaumont P, Ha D (2006) Securing RFID with ultra-wideband modulation. In: RFID Sec 2006, Graz, Austria
Zhen-hua D, Li JT, Feng B (2008) A taxonomy model of RFID security threats. ICCT, pp 765–776
Zhu X, Mukhopadhyay SK, Kurata H (2012) A review of RFID technology and its managerial applications in different industries. J Eng Tech Manage 29(1):152–167
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Xu, T., Nassar, S. (2016). Supply Chain Information Security: Emerging Challenges in the Telecommunications Industry. In: Masys, A. (eds) Exploring the Security Landscape: Non-Traditional Security Challenges. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-319-27914-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-27914-5_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27913-8
Online ISBN: 978-3-319-27914-5
eBook Packages: Physics and AstronomyPhysics and Astronomy (R0)