Anti-Tracking in RFID Discovery Service for Dynamic Supply Chain Systems

Abstract

Unauthorized tracking of RFID tagged assets is one of the most important privacy concerns in RFIDenabled supply chain systems. Prior research has mainly focused on the prevention of unauthorized tracking by clandestine scanning at the physical level. However, the higher system level of unauthorized tracking has not been well recognized, where an adversary tracks movement of RFID tagged assets by eavesdropping network messages or compromising data center servers. Compared to unauthorized tracking at the physical level, unauthorized tracking at the system level could be even more harmful as the adversary is able to obtain tracking information on a global scale and without physical presence. This paper analyzes the threat of unauthorized tracking by a semi-trusted RFID Discovery Service which maintains a database of RFID tag location records in the current industrial standard EPCglobal Network. We propose an anti-tracking design to mitigate this threat. Our design protects against reading attack to Discovery Service database and provides efficient key management and access control for dynamic supply chain systems. The design is backward compatible with the existing communication protocols as well as the database schemas of standard RFID Discovery Service, which makes it feasible to deploy in real world applications.