Protecting and Restraining the Third Party in RFID-Enabled 3PL Supply Chains

  • Shaoying Cai
  • Chunhua Su
  • Yingjiu Li
  • Robert Deng
  • Tieyan Li
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6503)


“Symmetric secret”-based RFID systems are widely adopted in supply chains. In such RFID systems, a reader’s ability to identify a RFID tag relies on the possession of the tag’s secret which is usually only known by its owner. If a “symmetric secret”-based RFID system is deployed in third party logistics (3PL) supply chains, all the three parties (the sender of the goods, the receiver of the goods and the 3PL provider) should have a copy of those tags’ secrets to access the tags. In case the three parties in 3PL supply chain are not all honest, sharing the secrets among the three parties will cause security and privacy problems. To solve these problems, we firstly formalize the security and privacy requirements of RFID system for 3PL supply considering the existence of the internal adversaries as well as the external adversaries. Then we propose two different protocols which satisfy the requirements, one is based on aggregate massage authentication codes, the other is based on aggregate signature scheme. Based on the comparisons of the two protocols on performance and usability, we get the conclusion that overall the aggregate MAC-based solution is more applicable in 3PL supply chains.


Supply Chain Message Authentication Code Aggregate Signature Ownership Transfer Aggregate Signature Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Boneh, D., Gentry, C.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. J. Cryptology 17(4), 297–319 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Burmester, M., de Medeiros, B., Motta, R.: Provably secure grouping-proofs for rfid tags. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 176–190. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. 4.
    Gamal, T.E.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  5. 5.
    Hein, D., Wolkerstorfer, J., Felber, N.: ECC is Ready for RFID A Proof in Silicon. In: RFIDSec 2008, Budapest, Hungary (July 2008)Google Scholar
  6. 6.
    Juels, A.: “Yoking-Proofs” for RFID Tags. In: Sandhu, R., Thomas, R. (eds.) PerSec 2004, Orlando, Florida, USA, pp. 138–143. IEEE Computer Society, Los Alamitos (March 2004)Google Scholar
  7. 7.
    Katz, J., Lindell, A.Y.: Aggregate message authentication codes. In: Malkin, T.G. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 155–169. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    Lin, C.C., Lai, Y.C., Tygar, J.D., Yang, C.K., Chiang, C.L.: Coexistence proof using chain of timestamps for multiple RFID tags. In: Chang, K.C.-C., Wang, W., Chen, L., Ellis, C.A., Hsu, C.-H., Tsoi, A.C., Wang, H. (eds.) APWeb/WAIM 2007. LNCS, vol. 4537, pp. 634–643. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Molnar, D., Soppera, A., Wagner, D.: A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 276–290. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Molnar, D., Wagner, D.: Privacy and Security in Library RFID: Issues, Practices, and Architectures. In: Pfitzmann, B., Liu, P. (eds.) CCS 2004, Washington, DC, USA, pp. 210–219. ACM Press, New York (October 2004)Google Scholar
  11. 11.
    Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic Approach to “Privacy-Friendly” Tags. In: RFID Privacy Workshop. MIT, Massachusetts (November 2003)Google Scholar
  12. 12.
    Piramuthu: On existence proofs for multiple rfid tags. In: PERSER 2006, Washington, DC, USA, pp. 317–320. IEEE Computer Society, Los Alamitos (2006)Google Scholar
  13. 13.
    Saito, J., Sakurai, K.: Grouping proof for rfid tags. In: AINA 2005, Washington, DC, USA, pp. 621–624. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  14. 14.
    Song, B.: RFID Tag Ownership Transfer. In: RFIDsec 2008, Budaperst, Hungary (July 2008)Google Scholar
  15. 15.
    Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Shaoying Cai
    • 1
  • Chunhua Su
    • 1
  • Yingjiu Li
    • 1
  • Robert Deng
    • 1
  • Tieyan Li
    • 2
  1. 1.Singapore Management UniversitySingapore
  2. 2.Institute for Infocomm Research (I2R)Singapore

Personalised recommendations