Abstract
We report on the security claims of an RFID authentication protocol by Li and Ding which was specifically designed for use in supply chains. We show how the protocol's vulnerabilities can be used to track products, relate incoming and outgoing products, and extort supply chain partners. Starting from a discussion of the relevant security requirements for RFID protocols in supply chains, we proceed to illustrate several shortcomings in the protocol with respect to mutual authentication, unlinkability, and desynchronization resistance. We investigate the use of the xor operator in the protocol, suggest possible improvements, and point out flaws in the proofs of the security claims.
Original language | English |
---|---|
Title of host publication | Proceedings of the ICEBE 2008 IEEE International Conference on e-Business Engineering; AiR 2008 IEEE International Workshop on Advances in RFID; EM2I 2008 IEEE International Workshop on E-Marketplace Integration and Interoperability; SOAIC 2008 IEEE International Workshop on Service-Oriented Applications, Integration and Collaboration; SOKM 2008 IEEE International Workshop on Service-Oriented Knowledge Management; BIMA 2008 IEEE International Workshop on Business Intelligence Methodologies and Applications; DKEEE 2008 IEEE International Workshop on Data and Knowledge Engineering for E-service and E-business, October 22-24, 2008 Xi’an, China |
Editors | Jen-Yao Chung, Muhammad Younas |
Place of Publication | Piscataway |
Publisher | Institute of Electrical and Electronics Engineers |
Pages | 568-573 |
Number of pages | 6 |
ISBN (Print) | 9780769533957 |
DOIs | |
Publication status | Published - 2008 |
Event | 2008 IEEE International Conference on E-Business Engineering - Nan Yang Hotel located in the south of Xi'an JiaoTong University, Xi'an, China Duration: 22 Oct 2008 → 24 Oct 2008 http://conferences.computer.org/icebe/2008/index.htm (Link to Conference website) |
Conference
Conference | 2008 IEEE International Conference on E-Business Engineering |
---|---|
Abbreviated title | ICEBE 2008 |
Country/Territory | China |
City | Xi'an |
Period | 22/10/08 → 24/10/08 |
Internet address |
|
ASJC Scopus subject areas
- Management of Technology and Innovation
- Computer Networks and Communications
- Software