Abstract
EPCglobal network is used to share product data between trading partners, which was proposed by EPCglobal. Object Name Service (ONS) in EPCglobal framework raises two critical security risks: the authenticity of IP addresses for Physical Markup Language (PML) servers and the privacy of Electronic Product Codes (EPCs). Existing work considers either the IP address authentication or the EPC privacy. In addition, that work mainly relies on cryptographic tools, in which key distribution is not a trivial task and also causes a large amount of computation overhead. In this paper, we make the first attempt to solve those two security risks together without relying cryptography. We propose a scheme, namely, APP (authenticate ONS and protect EPC privacy), to guarantee the authenticity of IP addresses for PML servers as well as EPC privacy and to maintain ultralightweight computation cost. Moreover, we give formal definition of the authenticity and the privacy in ONS context. The security achievements are strictly analyzed and proved. The extensive analysis results justify the applicability of the proposed scheme.
Highlights
EPCglobal is a typical network framework for the Internet of Things (IoT), machine to Machine (M2M), and RFID networks
EPCglobal relies on Object Name Service (ONS) to map Electronic Product Code (EPC) to an IP address of a server
Fabian [3] and Fabian and Gunther [5] proposed to use structured P2P systems with distributed hash tables (DHT) to replace ONS architecture. They found that the strength of privacy protection slightly increased by using DHT compared to DNS, but strong protection still relied on secure key distribution mechanisms
Summary
EPCglobal is a typical network framework for the Internet of Things (IoT), machine to Machine (M2M), and RFID networks. A few works use some similar methods for DNS security [1], rely on Public Key Infrastructure (PKI) [2], or depend on P2P architecture [3]. Those solutions experience many difficulties: The schemes relying on cryptography usually induce extensive computation overhead. We propose an ultralightweight solution to authenticate the ONS record and protect the user’s privacy without cryptography. (2) We make the first attempt to strictly define authenticity and privacy in EPCglobal and provide formal proofs for the achievement of security goals.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Distributed Sensor Networks
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
