Assessment of visibility restriction mechanisms for RFID data Discovery Services

Pardal, Miguel L.; Harrison, Mark; Marques, Jorge S.

doi:10.1109/rfid.2012.6193045

Cited by 5 publications

(7 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The information stored in DS is commercially sensitive, which can reveal flow patterns, trading relationships or inventory levels, etc. [2][3]. Therefore DS must authenticate the user's identity first before this user is allowed to access DS.…”

Section: Related Workmentioning

confidence: 99%

“…[2][3]. Therefore DS must authenticate the user's identity first before this user is allowed to access DS [4].…”

Section: Introductionmentioning

confidence: 99%

“…The user identity authentication for DS is a crucial problem. By analyzing the application scenarios and relevant literatures [2][3][4][5], we summarize the following important requirements of the user identity authentication scheme for DS:…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

CUIAS - A User Identity Authentication Service for Discovery Service

Liu

Kong

Tian

et al. 2014

2014 IEEE International Conference on Internet of Things(iThings), and IEEE Green Computing and Communications (GreenCom) and I

View full text Add to dashboard Cite

Discovery service (DS) is designed to serve the following lookup function: Given the RFID identifier of an object, it returns a list of Internet addresses of servers about this object across the supply chain, which offer detailed information about it. The information stored in DS is commercially sensitive, which can reveal flow patterns, trading relationships or inventory levels, etc. Therefore DS must authenticate the user's identity first before this user is allowed to access DS. However, no user identity authentication schemes satisfying the actual requirements have been proposed until now. So this paper focuses on this problem and presents Centralized User Identity Authentication Service (CUIAS) based on SAML and PKI for DS, which is deployed as a DHT network, offering excellent performance scalability. Through CUIAS, once a user is authenticated, then it can access DS many times in a certain period, which not only simplifies the user's access process but also reduces the user's resource cost. To ensure the data availability and data confidentiality of CUIAS, the original data is split into multiple smaller blocks using Information Dispersal Algorithm (IDA) and then they are scattered within CUIAS. By analysis and evaluation, CUIAS can satisfy the actual requirements and offer reliable and secure service.

show abstract

Section: Related Workmentioning

confidence: 99%

“…[2][3]. Therefore DS must authenticate the user's identity first before this user is allowed to access DS [4].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

CUIAS - A User Identity Authentication Service for Discovery Service

Liu

Kong

Tian

et al. 2014

2014 IEEE International Conference on Internet of Things(iThings), and IEEE Green Computing and Communications (GreenCom) and I

View full text Add to dashboard Cite

show abstract

“…In subsequent work, Pardal, Harrison and Alves Marques [11] studied visibility restriction mechanisms for MDI and presented effort estimates. This compared the performance of two approaches with a limited semantic expressivity, Enumerated Access Control (EAC) and Chain-of-Communication Tokens (CCT), as well as a third option with extensible semantics, named Chain-of-Trust Assertions (CTA).…”

Section: B Visibility Restriction Approachesmentioning

confidence: 99%

Enforcing RFID data visibility restrictions using XACML security policies

Pardal

Harrison

Marques

2012

2012 IEEE International Conference on RFID-Technologies and Applications (RFID-TA)

Self Cite

View full text Add to dashboard Cite

Abstract-Radio Frequency Identification (RFID) technology allows automatic data capture from tagged objects moving in a supply chain. This data can be very useful if it is used to answer traceability queries, however it is distributed across many different repositories, owned by different companies.Discovery Services (DS) are designed to assist in retrieving the RFID data relevant for traceability queries while enforcing sharing policies that are defined and required by participating companies to prevent sensitive data from being exposed.In this paper we define an interface for Supply Chain Authorization (SC-Az) and describe the implementation of two visibility restriction mechanisms based on Access Control Lists (ACLs) and Capabilities. Both approaches were converted to the standard eXtensible Access Control Markup Language (XACML) and their correctness and performance was evaluated for supply chains with increasing size.

show abstract

“…SUPPLY CHAIN AUTHORIZATIONS Access control for supply chains is different from traditional authorization because there is a lack of prior knowledge about who should be authorized due to the way that each physical object path emerges [26].…”

Section: A Extensible Access Control Markup Languagementioning

confidence: 99%

Performance assessment of XACML authorizations for Supply Chain Traceability Web Services

Pardal

Harrison

Marques

2012

2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN)

Self Cite

View full text Add to dashboard Cite

Abstract-Service-Oriented Architecture (SOA) and Web Services (WS) offer advanced flexibility and interoperability capabilities. However they imply significant performance overheads that need to be carefully considered.Supply Chain Management (SCM) and Traceability systems are an interesting domain for the use of WS technologies that are usually deemed to be too complex and unnecessary in practical applications, especially regarding security.This paper presents an externalized security architecture that uses the eXtensible Access Control Markup Language (XACML) authorization standard to enforce visibility restrictions on traceability data in a supply chain where multiple companies collaborate; the performance overheads are assessed by comparing 'raw' authorization implementations -Access Control Lists, Tokens, and RDF Assertions -with their XACML-equivalents.

show abstract

Assessment of visibility restriction mechanisms for RFID data Discovery Services

Cited by 5 publications

References 16 publications

CUIAS - A User Identity Authentication Service for Discovery Service

CUIAS - A User Identity Authentication Service for Discovery Service

Enforcing RFID data visibility restrictions using XACML security policies

Performance assessment of XACML authorizations for Supply Chain Traceability Web Services

Contact Info

Product

Resources

About