Illegal interrogation detectable EPC distribution scheme in RFID-enabled supply chains

An EPC (Electronic Product Code) contains sensitive information such as the product code, company code, or serial number and thus protecting the contents of EPCs is necessary to avoid counterfeits. Although many protecting schemes have been proposed, no scheme can limit the number of illegal attempts for revealing EPCs or notice whether an attacker exists. In this paper, we propose an illegal interrogation detection scheme with an EPCIS (EPC Information Service) server. The idea is to make an attacker access an EPCIS server and detect him/her. Our scheme divides an EPC into two parts with XOR operation. The first part is written into genuine tags on products while the other part is placed on an EPCIS server with an access code. An access code is divided into shares with a secret sharing scheme and they are written into genuine tags. We also write bogus shares into extra off-the-shelf tags that are not attached to any products. Since an attacker who wants to know genuine EPCs may obtain a large number of access code candidates and must try each on the EPCIS server, the server can detect and limit such illegal attempts.