a cloud-based authentication protocol for rfid supply chain systems
TRANSCRIPT
A Cloud-Based Authentication Protocol for RFIDSupply Chain Systems
Iuon-Chang Lin • Hung-Huei Hsu • Chen-Yang Cheng
Received: 3 July 2013 / Revised: 29 August 2014 / Accepted: 1 September 2014
� Springer Science+Business Media New York 2014
Abstract RFID technology is the popular technology in recent years and applies
to many automatic identification applications such as supply chain management,
thief-prevention and so on. Supply chain system with the help of RFID system
reduces the cost in business operation. Different members in the supply chain
connect to the same RFID tag for acquiring their own data. Members can protect
their secret information not being revealed by internal attacker, and unauthorized
member and cloud service provider cannot decrypt the secret information. However,
the traditional architecture lacks of data search and scalability. It causes the diffi-
culty in searching a specific object. When one of supply chain member wants to
search data of specific tag in database, it will be difficult to locate and search the
object. In this paper we proposed a novel cloud-architecture for RFID supply chain
system and we also proposed the detail schemes such as authentication, ownership
transfer, authority recovery and data sharing. The proposed method comfort to
supply chain environment and data sharing phase enhances the efficiency of supply
chain. We analyze our method with security and performance.
Keywords Cloud computing � Supply chain management � RFID � Security
I.-C. Lin
Department of Management Information Systems, National Chung Hsing University,
250 Kuo Kuang Road, 402 Taichung, Taiwan
e-mail: [email protected]
I.-C. Lin � H.-H. Hsu
Department of Photonics and Communication Engineering, Asia University, Taichung, Taiwan,
R.O.C.
e-mail: [email protected]
C.-Y. Cheng (&)
Department of Industrial Engineering and Enterprise Information, Tunghai University,
Box 985, Taichung, Taiwan, R.O.C
e-mail: [email protected]
123
J Netw Syst Manage
DOI 10.1007/s10922-014-9329-1
1 Introduction
RFID is the critical technology in recent years and the technology can identify lots
of tagged objects at the same time. The critical technology is applied to supply chain
management and may replace barcode systems. Supply chain system consists of
several members which are related to the product. After a product is manufactured,
the product is transferred to the next participant of supply chain incessantly until
selling to a final customer. An efficient supply chain can enhance visibility in
lifetime of product and reduce operating cost.
Because the tag which used in supply chain must be low-cost RFID tag, it limited
the capacities of the RFID tag. The RFID system suffers from privacy problem like
location privacy or user privacy and also suffers from common wireless attack such
as eavesdropping, replay attack and man-in-middle attack.
Many research promote to solve privacy problems and against wireless attacks.
The authentication schemes were presented recently including hash-based authen-
tication schemes [1–3], C1G2 compliant protocols [4, 5] and ultralightweight
protocols [5, 6]. Cho et al. [1] proposed a hash-based mutual authentication protocol
between RFID tags and back-end server. RFID tag use secret value in the response
message to avoid privacy and forgery problems. But, the single back-end server may
not be appropriate for the supply chain environment. Eschenauer and Gligor
developed a random key pre-distribution scheme [4]. Each RFID tag receives a
random subset of keys from key pool before RFID deployment. In order to
communicate with other tags, tags need to find one common key within their subsets
and use that keys as the shared secret key. Du et al. [6] proposed a priori deployment
knowledge to improve the Eschenauer-Gligor scheme. These scheme focuses on
saving communication costs and more memory-efficient. Perrig et al. [7] proposed
SPINS, a security architecture specifically optimized for resources constrained
environments and wireless communication. In SPINS, each sensor node uses the
base station as a trusted third party to set up the secret key. This provides the
advantages of limited local exchange and data processing. There are several public
key cryptography approaches, but most of them are not convenient for low-cost tags
and appropriate for supply chain environment. In addition to authentication and
ownership transfer, this paper considers RFID authority recovery and data sharing in
the supply chain environment.
Some researches discuss cloud architecture for solving RFID security and
privacy problems. Chen et al. [8] proposed a privacy preserving RFID authenti-
cation protocol and use cloud database for reducing search complexity and data
inconsistency. Kardas et al. [9] proposed a symmetric-key based cryptography
protocol using cloud computing. Wei et al. [10] proposed a cloud-based RFID
authentication protocol preserving tag/reader privacy to database keepers. The cloud
database is built as an encrypted hash table and could provide anonymous access
from readers. Kiraz et al. [11] concerned trustworthiness to cloud providers and
proposed mutual authentication protocols using RFID technology. The protocol
prevent server side corruption, and these tags cannot be traced from the past
authentication actions even if an adversary corrupts readers. However, the
ownership transfer has not been considered in the literature.
J Netw Syst Manage
123
Owner of a tagged object are changed several times in its lifetime [12]. For
example, the product which attached a RFID tag is transferred to other owner like
manufacturer or retailer. The ownership transfer protocols are presented to change
the ownership without revealing the privacy of participate owners [12–20].
Traditional RFID applications in supply chain system contain two different
architectures:
1. All supply chain members connect to a single server: The readers of different
companies connecting to the common data center for acquiring their own data.
There are some weaknesses. If the members cannot be trusted, internal attacker
may incur privacy of the legal entities. With the growing of business, the whole
system would be limited by scalability.
2. Supply chain members use their own servers separately: Supply chain members
store their own data in its data center. Members can protect their secret key
information not being revealed by internal attacker but it causes the difficulty in
searching a specific object. When one of supply chain member wants to search
data of specific tag in database, it will be difficult to locate and search the
object.
Considering only the performance of data access, a single data center is the
optimal solution [21]. Cloud computing provides an on-demand IT architecture
which can be easily perform nowadays and the technology can be used to solve the
scalability problem and item search problem. All data are stored in cloud data center
and the companies need not to worry about purchasing new equipment when the
system becomes large. Cloud can be considered as a data center with scalability and
it is not necessary to locate the object and the performance is improved.
There are some security issues in cloud computing technology:
1. Data secrecy: We consider that cloud service provider cannot be trusted, the
secret key information may be revealed by service provider.
2. Data integrity: The data storing in cloud should prevent data tampering by cloud
service provider.
In this paper, we address the detail protocol of RFID supply-chain architecture in
cloud environment and the proposed method can handle the possible conditions in
real environments.
The contributions of this paper are presented as follows:
1. We proposed cloud RFID architecture in supply chain management. Different
members connect to the same cloud data center for acquiring their own data.
The data is encrypted by secret key of its owner, unauthorized member and
cloud service provider cannot decrypt the secret key information.
2. The method contains a series of protocols such as authentication, ownership
transfer. The authentication protocol is secure against common wireless attacks
J Netw Syst Manage
123
and internal attacks. With helping of trust party, ownership transfer protocol
prevent tracking attack from malicious cloud provider and internal attacker.
3. We also proposed data sharing between internal members and the mechanism
makes the entire process smoothly and visible. By implementing access control
and authority management, it is more elasticity and secure for data sharing
between different members.
The organization of this paper is presented as follows: In Sect. 2, we describe the
background, threats and requirements of the RFID system. We introduce our cloud
architecture and detail process of protocols in Sect. 3. In Sect. 4, we analyze our
method for security and performance. We make some conclusions in Sect. 5.
2 Background
In this section we introduce the background of RFID system including the lifecycle
of a tagged product, common wireless attacks, privacy problems and requirements.
2.1 Product Lifecycle
The same tagged object was transferred to other owner many times in its lifecycle.
The phases in product lifecycle have been clearly defined [22–24]. The processes of
product lifecycle are presented as follows:
1. Supply chain: This phase begins when the product is manufactured and attaches
a RFID tag with unique identity. Then the product is transferred to warehouse,
retailers and finally customers. The supply chain member uses the tag to check
the inventory and the RFID system helps to support the decision.
2. Product usage: The customer acquires the product with attached RFID tag and
the product may be used in novel RFID applications.
3. After sales service/Product recall: The product needs to be repaired and the
after-care services provider may record the history for the product which
attached a RFID tag.
4. Recycling: The product may be throwing away and the waste management
companies use RFID system to classify the garbage and recyclable object for
handling lots of garbage (Fig. 1).
2.2 Common Attacks and Privacy Problems
The communication channel between reader and tag assumes as an unsecure
channel. The RFID system may suffer from wireless attacks and privacy problems.
The common wireless attacks and privacy problems are defined as follows [18, 25,
26]:
J Netw Syst Manage
123
1. Tracking: Attacker impersonates a legal reader and sends request to the tag
ceaselessly. Attacker can trace the specific tag by recording and analyzing the
response messages with the constant values of the specific tag.
2. Replay attack: Attacker eavesdrop the messages which were transmitted
between the legal reader and tag and then attacker resends the messages to
impersonate a legal party for passing authentication.
3. Man-in-middle attack: Attacker records, modifies and sends the forge message
to impersonate a legal party for passing authentication.
4. Internal attack: Attacker which belongs to a legal party impersonates as another
legal party (reader or tag) to exceed its authority right.
5. DoS attack: Attacker breaks down the service by sending the request incessantly
and thus the communication channel will be filled with lots of RF energy. The
attack spoils the normal communication of entities and interdicts the service.
6. Desynchronization attack: Attacker interference the updating of the secret key
values which shared between database and legal tag. It makes the shared secret
keys exist a desynchronization state and the legal tag may be failure in
authentication phase of next session.
An unsecure and faultiness RFID system may cause the privacy problems of
personal and enterprise. The malicious user traces the specific tag and causes the
leakage of personal privacy such as personal information and location privacy. The
privacy problems of enterprise may be incurred by tracing the tagged products with
specific identity and the enterprise may be endangered by the internal or external
attacker who exploits leakage of enterprise privacy in the competitive market.
2.3 Requirements
The requirements of RFID system were clear defined in previous research [18, 25, 26]:
1. Untraceability: Malicious user trace the specific tag by sends the request to
specific tag. The adversary can trace the specific tag if the response message
consists of real identity or constant values. Once a secure RFID system cannot
achieve untraceability, it may incur user privacy and location privacy.
2. Mutual authentication: A malicious user may impersonate a legal tag and reader
to pass the authentication. To prevent impersonation attack, reader and tag must
Production Warehouse Retail Store
Customer
Product Usage
After Sales services
Product recall
Recycling
Fig. 1 Product lifecycle
J Netw Syst Manage
123
authenticate each others. A secure authentication scheme should have capacities
to against most of possible attacks.
3. Confidentiality: Malicious user may eavesdrop the transmitted message for
acquiring the secret key information. In order to protect leakage of secret key
information, the message must be encrypted before transmitting. We should
make sure that he encrypt key or secret key value cannot be revealed by the
attacker. If the message is obtain by attacker, the attacker cannot acquire the
secret key information without knowing the secret key values.
4. Forward secrecy: The secret key values stored in tag memory will be revealed
when the tag was compromised by the attacker. If the keys which uses in
previous sessions can be computed by attacker, the transmitted message in
previous session may be revealed by attacker. To achieve forward secrecy, the
RFID system should make sure that the updated key must be irrelative to
previous key.
5. Backward secrecy: The secret key values stored in tag memory will be revealed
when the tag was compromised by the attacker. If the keys which uses in future
sessions can be computed by attacker, the transmitted message in future session
may be revealed by attacker. To achieve backward secrecy, the RFID system
should make sure that the original key must be irrelative to future key.
6. Ownership transfer: The tagged products transfer to other owner and the secret
key values of the tag need to be updated for preventing the illegal access of the
past owner. We must protect the privacy of new and old owner during the
updating phase.
7. Authority recovery: The tag object may be transferred to previous owner
temporarily (or permanently) because of fixing or product returning. The
authority recovery mechanism provides the previous owner the rights to access
the data of the tag.
3 Proposed Method
A supply chain system with helping of RFID applications can be used in product
management, material supply and decision system. In the traditional architecture,
different companies of supply chain member implement several independent
databases. It causes some problems like difficulty of data searching, data sharing
and scalability. We proposed a novel architecture to solve the traditional problems
(Fig. 2).
3.1 RFID Supply Chain Architecture in Cloud Environment
We proposed cloud architecture and for RFID supply chain and developed protocol
for data sharing to enhance the efficiency of supply chain. The passive RFID was
used in the proposed architecture, and we only apply low computational operation
such as hash and EXOR. Thus, the passive RIFD is suitable for our proposed
scheme. The data of different companies are encrypted by the secret key of tag
owner and store in cloud data center. Only the data owner can decrypt the secret key
J Netw Syst Manage
123
information. The mechanism can protect privacy information not to be revealed by
cloud provider and other internal members. The proposed architecture prevents
common wireless attacks and internal attacks and the architecture is presented as
Fig. 2. The architecture contains four main components: (1) A cloud data center (2)
A trust party (3) Readers belong to different companies (4) Tagged objects.
A. Cloud data center: Cloud data center provides an on-demand infrastructure for
computation and storage space. We store all data of tagged object in cloud
server, the tag data is encrypted by secret key of its owner. Different companies
can use its corresponding secret key to encrypt their data. For each tuple store in
cloud server, it stores another key KR which shares with the specific tag to
authenticate legality and integrity.
B. Trust Party: During ownership transfer phase, companies must update the
encrypted data store in cloud. In order to prevent the attack from cloud server
and internal entities, trust party help to re-encrypt and update the data during
data sharing. The trust party can prevent the tag being traced. When the
companies share the data with others, trust party is responsible for access
control and authority management. Upon the user pass the authentication, it
decides the access right for the user.
C. Reader: There are some readers for each department of companies and the
companies use their reader to make an inventory. The readers of the company
stores a secret key which sharing with its owned tag. When the reader queries
the tag, the reader sends the response message of the tag to cloud server. After
cloud server identifies and authenticates the tag, it sends reader the data which
is previous encrypted. Reader uses its own secret key to decrypt it. The
mechanism protects internal attacks and solves privacy problems.
D. Tag: Each tag is attached to specific object for rapid identifying. The tag stores
a real identity (TID) and the identity must be well protected. To prevent tracing
attack by external attacker and cloud server, we use a pseudonym identity (IDS)
Data sharing
Trust Party
Company A Company B Company C
Mutual Authentication
Cloud Data Center
Authority RecoveryOwnership Transfer
Fig. 2 RFID supply chain architecture in cloud environment
J Netw Syst Manage
123
for communication and authentication. The IDS companies with a secret key
KT which is shared with cloud server for identifying and mutual authentication.
The secret key keeps the communication message being secrecy and protects
external attack. It also uses to verify the integrity of message.
Every supply chain member uses its reader which connecting to cloud server for
acquiring their data. To against all possible attacks in the communication process,
cloud server, reader, and tag authenticate each others. Furthermore, trust party takes
charge of secret key updating and data sharing.
3.2 Preliminary
The notations used in this paper are presented as follows:
TID: a unique identity of the tag.
RID: a unique identity of the reader.
CID: an identity of the company.
IDS: pseudonym identity of the tag.
KR: a secret key share with reader and tag.
KT: a secret key share with cloud data center and tag.
RT/RR: random number generate by tag/reader.
Data: the detail data of the tag.
{m}k: the message m is encrypted by secret key k.
h(m): a hash function for message m.
Authority List: a list stores history record of authority for the tag including
(CID,KR).
The following presents the requirements of our method:
1. Cloud server is not a trust party and it may be a malicious party which attempt
to reveal secret key information or track the specific tag. The data must be
encrypted before uploading to cloud data center. Cloud data center should not
trace the specific tag during communication.
2. The communication channel between reader and cloud server is a secure
channel and the messages transmitted cannot be retrieved. Internal member may
use the reader with the same specification to perform internal attack.
We proposed a series of detail protocols which are compliant to cloud
environment. The protocols involve five phases: (1) Initial phase (2) authentication
phase (3) ownership transfer (4) authority recovery (5) data sharing.
3.3 Initial Phase
The initial phase consists of four entities: (1) Cloud data center (2) Trust party (3)
Reader (4) Tag. The detail process is presented as Fig. 3.
J Netw Syst Manage
123
Trust party generates a secret key KT and pseudonym IDS for the tag. Trust
party deploys the corresponding secret key KR for the tag according the owner
(one of company in supply chain) of the tag. The secret key KR is shared between
the tag and the reader. The tag stores the tuple {TID,KT,KR,IDS,Data} in its
memory.
Trust party computes {TID}KR by encrypting real identity (TID). Trust party
stores {IDSold, IDSnew,KTold,KTnew,CID,{TID}KR} in cloud data center. Initially, old/
new values are set to the same value.
Trust party maintains an authority list to store the authority history record for
each tag in the system. The authority list includes the tag identity (TID) and transfer
history which contains company identity (CID) and corresponding KR.
Reader storing {RID,CID,KR} in its memory.
3.4 Authentication Phase
In traditional RFID system it assume the server is trusted party so that the stored
data need not to be encrypted. Because the cloud server is not a trusted party, we
must prevent revealing of secret key information by cloud service provider. The
data needs to be encrypted before uploading to cloud. Only the legal entity has able
to decrypt the secret key information. To against tracing attack from external
attacker and cloud provider, we use the pseudonym IDS instead of real identity
(TID). We make the tag be untraceability during communication and identification.
Reader, tag and cloud server authenticate each others to prevent various attacks
(Fig. 3).
The steps of authentication are presented as follows:
Step 1: When the reader wants to query a tag, it randomly generates RR and sends
the request message which contains h(RR) and RR � KR to tag.
Fig. 3 Initial phase
J Netw Syst Manage
123
Step 2: Upon receiving the request message, the tag first extracts RR from
RR � KR. The tag computes h(RR) and compares with the receive
h(RR). If the verification is success, the reader is a legal entity and the tag
continues to following steps.
The tag randomly generates RT1, RT2 and computes message (X,M1) as
follows:
X ¼ hðRR � RT � IDS� KTÞ
M1 ¼ X � KR
The tag responses M1,RT1(RT2 � KT) to reader
Step 3: After receiving the message, the reader extracts X from M1 by using
corresponding KR. The reader sends CID,X,RT1,(RT2 � KT),RR to cloud
data center.
Cloud data center identifies and verifies the tag by following step:
1. Search for the data belong to the company (CID)
2. Check h(RR � RT � IDSi � KTi) = X for corresponding tuple data
3. Repeat the second step to find a match data
If a match tuple is found, the tag is identified and authenticated by the
data center.
It extracts RT2 from (RT2�KT) by corresponding KT and compute M2
as follows:
M2 ¼ hðRT1 � KTÞ
Cloud data center sends M2,{TID}KR and updates the data as follows:
IDSold ¼ IDS; IDSnew ¼ hðRT1 � KTÞ
KTold ¼ KT ;KTnew ¼ h RT2ð Þ � KT
Step 4: Upon receiving the message, Reader decrypt {TID}KR by KR and
compute M3 = KR � M2. Reader sends M3 to the tag.
Step 5: Tag computes M2 and M3 for verifying the integrity of message which
sent from cloud data center. If verification is succeed, the tag updates
IDS = h(IDS � RT2), KT = h(RT2) � KT (Fig. 4).
J Netw Syst Manage
123
3.5 Ownership Transfer
We must avoid privacy revealing problem and tracking problem during ownership
transfer phase. Thus, we perform ownership transfer with helping of trust party. In
ownership transfer phase, new owner updates the secret key data by connecting to
trust party. Trust party identifies the tag according the authority list and updates the
ownership data in cloud server for the tag. The steps of ownership transfer phase
shows as follows (Fig. 5).
Fig. 4 Authentication phase
Fig. 5 Ownership transfer phase
J Netw Syst Manage
123
Step 1: It randomly generates RR and sends the request message and RR to tag
Step 2: Upon receiving the request message for ownership transfer, the tag
randomly generates RT1 and computes message (X,M1) as follows:
X ¼ hðRR � RT � IDS� KTÞ
M1 ¼ hðTID� KR� RR� RTÞ
The tag responses M1,X and RT1 to reader
Step 3: After receiving the message, the reader sends CIDnew, X, M1, RT1, RR
to trust party for ownership transfer.
Trust party identifies and verifies the tag by following step:
1. Search for the authority history belonging to the tag
2. Check h(RR � RT � TID � KR) = M1 for corresponding tuple data
3. Repeat the second step to find a match data
Upon finding the corresponding data, trust party encrypts TID as
{TID}KR’ and sends {CIDold,CIDnew,RR,X,RT,{TID}KR’} to cloud
data center.
Cloud data center identifies and verifies the tag by following step:
1. Search for the data belong to the old owner (CIDold)
2. Check h(RR �RT�IDSi�KTi)=X for corresponding tuple data
3. Repeat the second step to find a match data
If a match tuple is found, the tag is identified and authenticated by the
data center
It sends corresponding KT to trust party and updates the corresponding
data in cloud data center as follows:
CID ¼ CIDnew; TIDf gKR ¼ TIDf gKR;
Cloud data center sends M2,{TID}KR and updates the data as follows:
IDSold ¼ IDS; IDSnew ¼ hðRT1 � KTÞ
KTold ¼ KT ;KTnew ¼ h RT2ð Þ � KT
J Netw Syst Manage
123
Step 4: Upon receiving KT, trust party computes h(KR’),KR’ � KT and sends
h(KR’),KR’ � KT to Readernew. Readernew sends the message to the
tag
Step 5: Tag extracts KR’ from KR’ � KT and verifies the correctness of KR’. If
verification success, tag updates KR = KR’. It completed ownership
transfer phase, old owner cannot query the tag unless it perform
authority recovery
3.6 Authority Recovery
In lifetime of the product, the product will be sold and transferred to other owner. It
may be transferred to old owner when the product needs to fix or send back. An
authority recovery mechanism is necessary for temporary (or permanent) delegation to
old owner (like upstream industry). In authority recover phase, the privacy information
of owner should not be revealed or tracked. The trust party employs all the authority
management and store the history information of authority alterations. Upon an
authority recovery being performed, trust party verifies the request and checks the
authority list. The old owner can acquire the access right for the tagged object.
3.7 Data Sharing
In order to increase the efficiency and visibility in supply chain, the mechanism
allow supply chain member to share data with each other. Data owner set the access
right and share degree for the secret key information to different member. The
member must login to cloud server and pass the authentication and cloud server
perform access control according to access right of the login user. We perform fine-
gained access right by following way:
1. Secure sharing mechanism:
Assume that the companies can share their item-level data, it makes the supply
chain more visibly and efficient. We should make sure that the item data cannot
be traced and revealed during sharing the data. The secret key information
stored in cloud server was encrypted. When the company wants to share their
own data to other user, the company set the access right for the user. Trust party
checks the access right for the user and the user can acquire the data with the
help of trust party.
2. Access control:
Access rights considered here are reading, modifying, delegation and deletion.
There are three roles in this phase:
1. Data owner: The data owner has all of access rights for their own data.
2. Coagent: If company A cooperates with company B, data owner (Company
A) delegates some access rights to the user (Company B). For the shared
data, attorney has the access rights that the owner delegates to the user.
3. Unauthorized user: The user has no access right for the data.
J Netw Syst Manage
123
When the user wants to access the data stored in cloud server, the user needs to
login to the cloud server. The cloud server provides data access service according
the access right of the user. The data sharing mechanism makes the supply chain
members operate their business more efficient.
4 Analysis
In this section, we analyze our method involving authentication protocol and
ownership transfer protocol with security and performance.
4.1 Security Analysis
We analyzed the security of our method in following aspects: the security
requirements of RFID system and resistance to common wireless attacks. The
security requirements include confidentiality, untraceability, mutual authentication
and forward secrecy. The common wireless attacks include internal and external
attacks. The internal attack includes internal tag impersonation attack and internal
reader impersonation attack. The external attack includes tracking, replay attack,
desynchronization attack and denial of service attack.
1. Confidentiality: The message RR � KR,M1 and M3 are related to secret key KR
shared between the reader and the tag. Without knowing KT and KR, it is
difficult for attacker to extract RT2,RR and compute the correct messages. The
message X is computed by IDS and KT which is shared between the tag and
cloud server. To keep the secret key KT being fresh, KT is updated by
h(RT2) � KT every successful session. The RT2 is protected by Xoring secret
key KT, only the legal entities can extract the correct information. Attacker
cannot acquire random number and impersonate a legal entity without knowing
secret keys. However, the message is computed by random number and shared
secret key.
2. Untraceability: The encrypted TID is stored in cloud data center and the
{TID}KR only transmitted to legal reader via secure channel. To against
tracking from cloud provider and external attacker, IDS and KT are sent for
identifying and authenticating the tag. The pseudonym IDS and secret key KT
will be updated after successful session and the random number RT2 used for
updating is well protected. The messages transmitted include random number so
that the tag seems anonymous for the attackers. Thus the tag cannot be traced by
malicious attackers.
3. Mutual authentication: The reader, the tag, and cloud server can authenticate
each others. The message RR � KR,M1,M3 are protected by shared secret key
KR. The tag extracts correct RR by shared KR and then verifies the reader by
extracted RR. Only legal reader and tag can extract and compute correct
messages. The tag and cloud server authenticate each other by the message
(X,M2). Only legal server and tag can compute the same random number and
authentication messages. The transmitted messages is based on shared secret
J Netw Syst Manage
123
key IDS,KT,KR and random number (RR,RT). Thus the legal parties can generate
correct message and authenticate other parties.
4. Forward secrecy: If the tag is compromised, the secret keys storing in memory
may be revealed. Attacker may acquire the information transmitted in previous
session. In our method, the pseudonym IDS and shared secret key KT are
updated each successful session and the random number RT2 which is used for
updating IDS,KT are well protected. Attacker cannot compute the secret keys in
previous sessions. Since the secret keys are updated randomly, the attacker
cannot acquire the information from previous sessions.
5. Internal attack: Internal member may cheat other entities by impersonating
other legal entities. There are two kinds of internal attack: (1) Tag
impersonation attack (2) Reader impersonation attack.
1. Tag impersonation attack: An internal legal tag of Company1 (owning the
shared secret key CID1,KR1) impersonates as the other tag which is
belonged to Company2 (owning the shared secret key CID2,KR2). When the
legal reader (belongs to Company1) queries the impersonate tag (belongs to
Company2), the legal reader sends RR � KR1, h(RR) to the impersonate tag.
The impersonate tag cannot extract the corresponding RR without knowing
the secret key KR1. So the forge tag cannot computing the correct message
without knowing IDS,KT and the correct RR.
2. Reader impersonation attack: An internal legal reader of company1
(owning the shared secret key CID1,KR1) impersonates the other reader
which is belonged to Company2 (owning the shared secret key CID2,KR2).
When the forge reader queries the tag, the forge reader sends RR � KR1,
h(RR) to the legal tag which belongs to Company2. The message RR � KR1,
h(RR) cannot be authenticated by the legal tag because the tag cannot
extract correct RR and compute correct message h(RR) without KR1.
6. External attack.
1. Tracking: Attacker forges a legal reader to query the tag incessantly. If the
response message of the tag is a constant value or the real identity is
revealed during communication, the tag will be traced by malicious
attacker. In our method, the tag will verify the reader before sending
respond message. The respond message involves random number RR, RT,
shared secret key KT and pseudonym IDS. The real identity TID cannot be
revealed by attacker because the TID is well protected during
communication.
2. Replay attack: Attacker performs replay attack by following two ways: (1)
Replay tag’s message (2) Replay reader’s message. The replay of tag’s
message M1 will not be authenticated by reader because the message
involves random number RR. The replay of reader’s message M3 will not be
authenticated by tag because the message involves random number RT2.
Both reader and tag generates random number and the random number
J Netw Syst Manage
123
keeps the response message being fresh every session. Attacker cannot
resend the message for passing authentication.
3. Desynchronization attack: After a successful session, cloud server and the
tag updates pseudonym IDS and secret key KT. If attacker intercepts the last
message, the tag will not update IDS and KT. For preventing the
desynchronize state of the shared secret keys, cloud server stores both
new and old shared values. The tag stores current values (IDS, KT). During
authentication phase, the tag sends the message involving current IDS and
KT. The cloud server uses both current and former values to compute
authentication message for identifying and authenticating the tag. Thus the
desynchronization state of the secret keys will be recovered once the
desynchronization attack is happened.
4. Denial of Service attack: Attacker performs DoS attack by jamming of
channels or sending the request incessantly. The attacker forges as a legal
reader to send an amount of queries to legal tags. Upon the legal tags
receiving the request, lots of tags respond simultaneously, the system will
be depleted. Instead of revealing secret key information, DoS attack makes
the legal reader cannot query the tag normally.
In our method, the tag first checks and verify the reader by following steps:
R! T : RR� KR; h RRð Þ
T extracts RR from RR � KR and verify the reader by computing h(R–R)If h(RR) is correct, the reader is a legal reader. It continues authentication
phase
Otherwise, the reader is a malicious entity. Thus, the tag will stop this
session.
4.2 Performance Analysis
We analyze the performance of our method in term of computation cost, storage
spaces and communication message for the tags. Computation cost presents all the
operations of the tag during communication. Storage spaces means the amount of
memory spaces are used to store real identity TID and shared secret keys.
Communication message presents the length of message sent by the tag in one run
of protocol. We only focus on performance of the tag because the computation
capacities of the cloud server and reader are not limited. Both authentication and
ownership transfer protocol are analyzed as follows (Table 1).
The computation operation in our authentication protocol only involves � and
h(.). It is clear to know that all the operations can be implemented on passive tags.
For authenticating the reader and updating the secret keys, the computation of the
tag involves five times of hash function. The tag in our methods stores its real
identity TID, pseudonym IDS, and shared secret key KT and KR. Assumes that
J Netw Syst Manage
123
identities and shared secret key are L bits, the requirement of storage spaces for the
tag is 4L. The message transmitted by tag involves: M1,RT1 and (RT2 � KT) and thus
communication cost of our authentication protocol is 3L (Table 2).
We also analyzed the performance of our ownership transfer protocol. In order to
verify the reader and compute authentication message, the computation of the tag
involves 3 times of hash function in our ownership transfer protocol. The tag in our
methods stores its real identity TID, pseudonym IDS, and shared secret key (KT,KR).
The message transmitted by tag involves M1, X and RT1 and thus communication
cost of ownership transfer protocol is 3L.
5 Scenarios
Let us consider a practical example of how our cloud architecture works in a typical
supply chain system with the tagged item being transferred in its lifetime. The
example scenario involves material supplier, manufacturer, distributor, retailer and
customer. All the information of these companies is stored in cloud data center.
Trust party is responsible for deploying the data of all companies. The job of trust
party includes: (1) Encrypt/decrypt the information (2) Access control (3)
Ownership transfer (4) Authority recovery (5) Data sharing. When a product is
manufactured, it attaches a RFID tag with a unique identity TID. Trust party chooses
IDS,KT randomly for the tag. And then trust party encrypts the tag identity by the
secret key company KR. The secret key KT and IDS are used for identify the tag and
it is shared between cloud server and the tag. The cloud server stores information of
the tag involving IDS,KT, {TID}KR and its owner’s identity CID. The tag stores the
secret key of the company KR, pseudonym IDS and KT in its memory. There are
several readers with the secret key KR in the company. We give the example of our
Table 1 Performance analysis of authentication protocol
Computation cost Storage spaces Communication message
Cho et al. [1] 2 h(.) 2L 2L
Dimiriou [1] 4 h(.) 2L 3L
Lim et al. [2] 4 h(.) 3L 3L
Our method 5 h(.) 4L 3L
Table 2 Performance analysis of ownership transfer protocol
Computation cost Storage spaces Communication message
Lei et al. [17] 3 h(.) 2L 3L
Song et al. [18] 6 h(.) 2L 3L
Dimitriou et al. [19]. 3 h(.) 2L 2L
Our method 3 h(.) 4L 3L
J Netw Syst Manage
123
protocols involving: (1) Authentication (2) Ownership transfer (3) Authority
recovery (4) Data sharing.
When the staff of the company wants to make an inventory for the product, the
staff uses the reader to query the tagged objects in warehouse. In order to against the
possible attacks, reader, tag and cloud server will authenticate each others. Upon
receiving request message involves KR and RR, the tag first verifies the reader. If the
reader is valid, the tag computes the authentication message M1 involves IDS, KT,
RR and RT1. To against internal attack, the authentication message M1 is XORed
with KR. Upon receiving the response, the reader extracts M1 by its secret key KR
and forwards the messages to cloud server. Cloud server identifies and authenticates
the tag by the response messages including IDS and KT. The cloud server updates
the secret key for the tag and sends authentication message to the tag. The tag
verifies the message and updates the secret key IDS and KT. It completed
authentication phase.
When the tagged objects are sold or transferred to other owner, the secret keys
which stores in the tag and cloud server must be updated. During ownership transfer
phase, the reader needs connect to trust party for updating the secret key in cloud
server. The cloud server identifies the tag and updates owner identity CID to
CIDnew. The tag also updates the secret key KR to KR’. It completed ownership
transfer phase.
When the tagged object needs to fix or be turn back, authority recovery
mechanism makes the previous owner have able to acquire the information of the
object. The previous owner connects to trust party for identify the tag. The
mechanism provides an efficient way to handle the possible conditions.
The companies may share their data for reducing the operation cost. When the
company wants to share its data, it changes the access right of the shared data for the
coagent. The coagent retrieves the sharing data in secure channel from trust party.
The cooperation of the companies can promote the business benefit.
6 Conclusion
RFID technology applies to supply chain helps business reducing the cost of the
products. The RFID system may be limited by scalability and capacities of the tag.
The cloud service provides on-demand architecture and solves scalability problem.
In this paper, we propose supply chain architecture in cloud environment. Our
method is maturity that it involves the detail protocols and additional mechanisms
for possible conditions. We also analyze our authentication protocol and ownership
transfer protocol with recently approaches. Our method achieves an acceptable
secure level and the performance fits in with requirements of passive tags. The trust
party helps to handle the secret key information protection during some special
phases such as ownership transfer, authority recovery and data sharing. The
mechanism of authority recovery provides an efficient way for acquire data of the
tag in some conditions like product fixing, good returning and other possible
conditions. Data sharing mechanism makes the supply chain be more visibility and
help the company to make the decisions for gaining more benefits. However, there is
J Netw Syst Manage
123
a limitation of this research. The proposed scheme cannot withstand the denial of
service attack if the attacker re-sends the h(Rr), Rr � Kr to the tag over and over
again. However, the privacy still cannot be leaked out by this attack. How to
withstand the denial of service will be our future works.
Acknowledgments We are grateful for all the comments of reviewer.
References
1. Cho, J.-S., Yeo, S.-S., Kim, S.K.: Securing against brute-force attack: a hash-based RFID mutual
authentication protocol using a secret value. Comput. Commun. 34(3), 391–397 (2011)
2. Blom, R.: An optimal class of symmetric key generation systems. In: Advances in cryptology,
pp. 335–338. Springer (1985)
3. Diffie, W., Hellman, M.: New directions in cryptography. Inf. Theory IEEE Trans. On 22(6),
644–654 (1976)
4. Eschenauer, L., Gligor, V.D.: A key-management scheme for distributed sensor networks. In: Pro-
ceedings of the 9th ACM conference on Computer and communications security, pp. 41–47. ACM
(2002)
5. Du, W., Deng, J., Han, Y. S., Varshney, P. K.: A pairwise key pre-distribution scheme for wireless
sensor networks. In: Proceedings of the 10th ACM conference on Computer and communications
security, pp. 42–51. ACM (2003)
6. Du, W., Deng, J., Han, Y.S., Varshney, P.K., Katz, J., Khalili, A.: A pairwise key predistribution
scheme for wireless sensor networks. ACM Trans. Inf. Syst. Secur. 8(2), 228–258 (2005)
7. Perrig, A., Szewczyk, R., Tygar, J.D., Wen, V., Culler, D.E.: SPINS: security protocols for sensor
networks. Wireless Netw. 8(5), 521–534 (2002)
8. Chen, S.M., Wu, M.E., Sun, H.M., Wang, K.H.: CRFID: an RFID system with a cloud database as a
back-end server. Future Gener. Compt. Syst. 30, 155–161 (2014). doi:10.1016/j.future.2013.05.004
9. Kardas, S., Celik, S., Bingol, M. A., Levi, A.: A new security and privacy framework for RFID in
cloud computing. Paper presented at the 5th IEEE International Conference on Cloud Computing
Technology and Science (CloudCom 2013), Bristol, UK
10. Wei, X., Lei, X., Chen, Z., Quan, Z., Chaojing, T.: Cloud-based RFID authentication. Paper pre-
sented at the RFID, 2013 IEEE International Conference on, Penang, 30 April 2013–2 May 2013
11. Kiraz, M.S., Bingol, M.A., Kardas, S., Birinci, F.: Anonymous RFID authentication for cloud ser-
vices. Int. J. Inf. Secur. Sci. 1(2), 32–42 (2012)
12. Molnar, D., Soppera, A., Wagner, D.: A scalable, delegatable pseudonym protocol enabling own-
ership transfer of RFID tags. In: Selected Areas in Cryptography, pp. 276–290. Springer (2006)
13. Osaka, K., Takagi, T., Yamazaki, K., Takahashi, O.: An efficient and secure RFID security method
with ownership transfer. In: RFID Security. pp. 147–176. Springer (2009)
14. Xiao, Y., Rayi, V.K., Sun, B., Du, X., Hu, F., Galloway, M.: A survey of key management schemes in
wireless sensor networks. Comput. Commun. 30(11), 2314–2341 (2007)
15. Chan, H., Perrig, A., Song, D.: Random key predistribution schemes for sensor networks. In: Security
and Privacy. Proceedings. 2003 Symposium on 2003, pp. 197–213. IEEE (2003)
16. Mohaisen, A., Nyang, D., Maeng, Y., Lee, K., Hong, D.: Grid-based key pre-distribution in wireless
sensor networks. KSII Trans. Internet Inf. Syst. 3(2), 195–208 (2009)
17. Mohaisen, A., Maeng, Y., Nyang, D.: On grid-based key pre-distribution: toward a better connec-
tivity in wireless sensor network. In: Emerging Technologies in Knowledge Discovery and Data
Mining. pp. 527–537. Springer (2007)
18. Tasci, S.E., Bayramoglu, E., Levi, A.: Simple and flexible random key predistribution schemes for
wireless sensor networks using deployment knowledge. In: Information Security and Assurance. ISA
2008. International Conference on 2008, pp. 488–494. IEEE (2008)
19. Simplıcio Jr, M.A., Barreto, P.S., Margi, C.B., Carvalho, T.C.: A survey on key management
mechanisms for distributed wireless sensor networks. Comput. Netw. 54(15), 2591–2612 (2010)
20. Liu, D., Ning, P.: Establishing pairwise keys in distributed sensor networks. In: Proceedings of the
10th ACM conference on Computer and communications security, pp. 52–61. ACM (2003)
J Netw Syst Manage
123
21. Sadi, M.G., Kim, D.S., Park, J.S.: GBR: Grid based random key predistribution for wireless sensor
network. In: Parallel and Distributed Systems. Proceedings. 11th International Conference on 2005,
pp. 310–315. IEEE (2005)
22. Zhang, J., Varadharajan, V.: Wireless sensor network key management survey and taxonomy.
J. Netw. Compt. Appl. 33(2), 63–75 (2010)
23. Levi, A., Tascı, S.E., Lee, Y.J., Lee, Y.J., Bayramoglu, E., Ergun, M.: Simple, extensible and flexible
random key predistribution schemes for wireless sensor networks using reusable key pools. J. Intell.
Manuf. 21(5), 635–645 (2010)
24. Huang, D., Mehta, M., van de Liefvoort, A., Medhi, D.: Modeling pairwise key establishment for
random key predistribution in large-scale sensor networks. Netw. IEEE ACM Trans. On 15(5),
1204–1215 (2007)
25. Blundo, C., De Santis, A., Herzberg, A., Kutten, S., Vaccaro, U., Yung, M.: Perfectly-secure key
distribution for dynamic conferences. In: Advances in cryptology—CRYPTO092, pp. 471–486.
Springer (1993)
26. Zhang, X., King, B.: Security requirements for RFID computing systems. Int. J. Netw. Secur 6(2),
214–226 (2008)
Iuon-Chang Lin received his Ph.D. in Computer Science and Information Engineering in March 2004
from National Chung Cheng University, Chiayi, Taiwan. He is currently a professor of the Department of
Management Information Systems, National Chung Hsing University, Taichung, Taiwan. His current
research interests include electronic commerce, information security, cryptography, and mobile
communications.
Hung-Huei Hsu received his Master degree from Department of Management Information Systems at
National Chung Hsing University in Taiwan. His research interests are RFID, information security, and
cryptography.
Chen-Yang Cheng received his Ph.D. in Industrial and Manufacturing Engineering at Penn State
University. He is currently an Associate Professor in Department of Industrial Engineering and Enterprise
Information at Tunghai University. His research interests include RFID in supply chain, Distributed
Systems, and Intelligent Systems.
J Netw Syst Manage
123