1. Publications
  2. RFID-based supply chain partner authentication and key agreement
print

RFID-based supply chain partner authentication and key agreement

Kerschbaum, Florian;Sorniotti, Alessandro
WISEC 2009, 2nd ACM Conference on Wireless Network Security, March 16-18, 2009, Zurich, Switzerland

The growing use of RFID in supply chains brings along an indisputable added value from the business perspective, but raises a number of new interesting security challenges. One of them is the authentication of two participants of the supply chain that have possessed the same tagged item, but that have otherwise never communicated before. The situation is even more complex if we imagine that participants to the supply chain may be business competitors. We present a novel cryptographic scheme that solves this problem. In our solution, users exchange tags over the cycle of a supply chain and, if two entities have possessed the same tag, they agree on a secret common key they can use to protect their exchange of business sensitive information. No rogue user can be successful in a malicious authentication, because it would either be traceable or it would imply the loss of a secret key, which provides a strong incentive to keep the tag authentication information secret and protects the integrity of the supply chain. We provide game-based security proofs of our claims, without relying on the random oracle model.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The growing use of RFID in supply chains brings along an indisputable added value from the business perspective, but raises a number of new interesting security challenges. One of them is the authentication of two participants of the supply chain that have possessed the same tagged item, but that have otherwise never communicated before. The situation is even more complex if we imagine that participants to the supply chain may be business competitors. We present a novel cryptographic scheme that solves this problem. In our solution, users exchange tags over the cycle of a supply chain and, if two entities have possessed the same tag, they agree on a secret common key they can use to protect their exchange of business sensitive information. No rogue user can be successful in a malicious authentication, because it would either be traceable or it would imply the loss of a secret key, which provides a strong incentive to keep the tag authentication information secret and protects the integrity of the supply chain. We provide game-based security proofs of our claims, without relying on the random oracle model.


Detail
Document
DOI
BIBTEX
Type:
Conference
City:
Zurich
Date:
2009-03-16
Department:
Digital Security
Eurecom Ref:
2665
Copyright:
© ACM, 2009. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in WISEC 2009, 2nd ACM Conference on Wireless Network Security, March 16-18, 2009, Zurich, Switzerland http://dx.doi.org/10.1145/1514274.1514281
See also:
SORNIOTTI Alessandro
PERMALINK : https://www.eurecom.fr/publication/2665