Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

9-2010

Abstract

Unauthorized tracking of RFID tagged assets at the system level, where an adversary tracks movement of RFID tagged assets by eavesdropping network messages or compromising date center servers, has not been well recognized in prior research. Compared to the traditional unauthorized tracking by clandestine scanning at the physical level, unauthorized tracking at the system level could be even more harmful as the adversary is able to obtain tracking information on a global scale and without physical presence. This paper analyzes the threat of unauthorized tracking by a semi-trusted RFID Discovery Service which maintains a database of RFID tag location records in the current industrial standard EPCglobal Network. We propose a pseudonym-based design to mitigate this threat. Our design protects against Discovery Service database reading attack and provides efficient key management and access control. The design is backward compatible with the existing communication protocols and database schemas of RFID Discovery Service.

Discipline

Information Security

Research Areas

Information Security and Trust

Publication

ISDPE '10: Proceedings of the 2010 Second International Symposium on Data, Privacy, and E-Commerce, Buffalo, New York, 13-14 September 2010

First Page

21

Last Page

26

ISBN

9781424483778

Identifier

10.1109/ISDPE.2010.9

Publisher

IEEE Computer Society

City or Country

Los Alamitos, CA

Copyright Owner and License

Publisher

Additional URL

https://doi.org/10.1109/ISDPE.2010.9

Download

Share

COinS