DocumentCode :
466011
Title :
Construction of the Enterprise-level RFID Security and Privacy Management Using Role-Based Key Management
Author :
Chen, Chun-Te ; Lee, Kun-Lin ; Wu, Ying-Chieh ; Lin, Kun-De
Author_Institution :
Hua-Fan Univ., Taipei
Volume :
4
fYear :
2006
fDate :
8-11 Oct. 2006
Firstpage :
3310
Lastpage :
3317
Abstract :
The RFID technique is extensively applied in e-Business scope. It mainly supports the quickly and accurately work for the advanced assets management. But it is still lack of privacy protection on the EPC code. For the worse case, some hackers may steal the code content easily during the cooperative business transmissions. It will cause the business secret leaking or even the consumer privacy damage. To encrypt the EPC code, we propose a two phase identification and authentication protocol with RBAC architecture to assure security. The EPC code is separates randomly into two parts by the secret sharing method. Only the one half of the EPC code is encrypted and stored in the RFID tags. The other part of the EPC code was encrypted by the private key and stored at the backend system for later decrypted used. The EPC code is decrypted when these two parts are decrypted and merged. When the owner of the tag is changed, the encrypt EPC code is merged then separated again. In this way, it is impossible has the same encrypt EPC code on the RFID tag when the owner is changed. The reader must be authorized to get the secret key before scanning and extracting the corresponding product information. Hence, it can ensure that RFID tag will not reveal important information even though it is scanned by fake or non-authorization reader. We also proposed a key management based on role-base access control method to distribute the access key and the encryption/decryption key, which aligns well with the role and the business process in a supply chain. The secret keys are managed by the role-based assignment at the enterprise level rather than at the individual level. It not only provides with more efficiency and flexibility on the role´s key management, but also enhances the security of the enterprise-level RFID system. Therefore, the number of the secret key to be managed is also reduced. With the proposed identification and authentication protocol, the RFID content is can encrypted ef- ficiently to avoid the information eavesdropping on the RFID system.
Keywords :
cryptographic protocols; data privacy; electronic commerce; message authentication; private key cryptography; radiofrequency identification; assets management; authentication protocol; backend system; consumer privacy damage; cooperative business transmissions; encryption-decryption key; enterprise-level RFID security; privacy management; private key; role-based assignment; role-based key management; secret sharing method; two phase identification; Asset management; Authentication; Computer hacking; Cryptography; Privacy; Protection; Protocols; RFID tags; Radiofrequency identification; Security;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Systems, Man and Cybernetics, 2006. SMC '06. IEEE International Conference on
Conference_Location :
Taipei
Print_ISBN :
1-4244-0099-6
Electronic_ISBN :
1-4244-0100-3
Type :
conf
DOI :
10.1109/ICSMC.2006.384629
Filename :
4274393
Link To Document :
بازگشت