KEDGEN2: A key establishment and derivation protocol for EPC Gen2 RFID systems

Tounsi, Wiem; Cuppens-Boulahia, Nora; García-Alfaro, Joaquín; Chevalier, Yannick; Cuppens, Frédéric

doi:10.1016/j.jnca.2013.06.002

Cited by 10 publications

(22 citation statements)

References 70 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This allows readers to use efficiently the limited bandwidth, e.g., target only a particular tag population or switch off completely some readers. Finally, as RFID communication protocols support dedicated privacy enhancing features [22], the RFID middleware will also need to support their use.…”

Section: Introductionmentioning

confidence: 99%

Fine-grained privacy control for the RFID middleware of EPCglobal networks

Tounsi

Cuppens-Boulahia

Cuppens

et al. 2013

Proceedings of the Fifth International Conference on Management of Emergent Digital EcoSystems

Self Cite

View full text Add to dashboard Cite

The Electronic Product Code (EPC) is a Radio Frequency IDentification (RFID) that offers a new way of automating identification. However, once RFID tags carry more than just an identifier, privacy may be violated. Treating the privacy in early stages helps to master the data view before interpreting and storing it in databases. An RFID middleware is the entity that sits between tag readers and database applications. It is in charge of collecting, filtering, aggregating and grouping the requested events from heterogeneous RFID environments. Thus, the system, at this point, is likely to suffer from parameter manipulation and eavesdropping, raising privacy concerns. We propose a privacy controller module that enhances the Filtering and Collection middleware of the RFID EPCglobal network. We provide a privacy policy-driven model using some enhanced contextual concepts of the extended Role Based Access Control model. To show the feasibility of our privacy-enhanced model, we provide a proof-of-concept prototype integrated into the middleware of the Fosstrak framework, an opensource implementation of the EPCglobal specifications.

show abstract

Section: Introductionmentioning

confidence: 99%

Fine-grained privacy control for the RFID middleware of EPCglobal networks

Tounsi

Cuppens-Boulahia

Cuppens

et al. 2013

Proceedings of the Fifth International Conference on Management of Emergent Digital EcoSystems

Self Cite

View full text Add to dashboard Cite

show abstract

“…In the first levels of the RFID architecture, three types of data deserve to be considered with security and privacy aspects. We note the reader and tag events [40], the middleware events and the EPCIS data, after events have been captured and stored (cf. Figure 1 shows a summary view of the EPCglobal architecture).…”

Section: Related Workmentioning

confidence: 99%

“…This also allows readers to use efficiently the limited bandwidth, e.g., to target only a particular tag population or switch off completely some readers. Finally, as RFID communication protocols use dedicated privacy enhancing features [40], the RFID middleware will also need to support their use. For instance, the RFID middleware must provide the right kill -password to the right reader to apply it on the tag as specified in EPC standard.…”

Section: Introductionmentioning

confidence: 99%

Access and privacy control enforcement in RFID middleware systems: Proposal and implementation on the fosstrak platform

Tounsi

Cuppens-Boulahia²,

Cuppens³

et al. 2015

World Wide Web

Self Cite

View full text Add to dashboard Cite

Radio Frequency IDentification (RFID) technology offers a new way of automating the identification and storing of information in RFID tags. The emerging opportunities for the use of RFID technology in human centric applications like monitoring and indoor guidance systems indicate how important this topic is in term of privacy. Holding privacy issues from the early stages of RFID data collection helps to master the data view before translating it into business events and storing it in databases. An RFID middleware is the entity that sits between tag readers and database applications. It is in charge of collecting, filtering and aggregating the requested events from heterogeneous RFID environments. Thus, the system, at this point, is likely to suffer from parameter manipulation and eavesdropping, raising privacy concerns. In this paper, we propose an access and privacy controller module that adds a security level to the RFID middleware standardized by the EPCglobal consortium. We provide a privacy policy-driven model using some enhanced contextual concepts of the extended Role Based Access Control model, namely the purpose, the accuracy and the consent principles. We also use the provisional context to model security rules whose activation depends on the history of previously performed actions. To show the feasibility of our privacy enforcement model, we first provide a proof-of-concept prototype integrated into the middleware of the Fosstrak platform, then evaluate the performance of the integrated module in terms of execution time.

show abstract

“…These cases show the lack of formality during the verification phase of new security techniques for low-cost RFID technologies. In [37], we deepened on this problem and illustrated how a sample protocol for the EPC Gen2 RFID technology shall be formally specified with regard to its security requirements. We defined a sample key establishment protocol, and formally verified its conformity to security properties such as authenticity and secrecy.…”

Section: Efforts Conducted Within the Scope Of The Ares Projectmentioning

confidence: 99%

Security and Privacy Concerns About the RFID Layer of EPC Gen2 Networks

García-Alfaro

Herrera-Joancomartí

Melià-Seguí

2014

Studies in Computational Intelligence

Self Cite

View full text Add to dashboard Cite

Abstract. RFID systems are composed by tags (also known as electronic labels) storing an identification sequence which can be wirelessly retrieved by an interrogator, and transmitted to the network through middleware and database information systems. In the case of the EPC Gen2 technology, RFID tags are not provided with on-board batteries. They are passively powered through the radio frequency waves of the interrogators. Tags are also assumed to be of low-cost nature, meaning that they shall be available at a very reduced price (predicted for under 10 US dollar cents in the literature). The passive and low-cost nature of EPC Gen2 tags imposes several challenges in terms of power consumption and integration of defense countermeasures. Like many other pervasive technologies, EPC Gen2 might yield to security and privacy violations if not handled properly. In this chapter, we provide an in-depth presentation of the RFID layer of the EPC Gen2 standard. We also provide security and privacy threats that can affect such a layer, and survey some representative countermeasures that could be used to handle the reported threats. Some of the reported efforts were conducted within the scope of the ARES project.

show abstract

KEDGEN2: A key establishment and derivation protocol for EPC Gen2 RFID systems

Cited by 10 publications

References 70 publications

Fine-grained privacy control for the RFID middleware of EPCglobal networks

Fine-grained privacy control for the RFID middleware of EPCglobal networks

Access and privacy control enforcement in RFID middleware systems: Proposal and implementation on the fosstrak platform

Security and Privacy Concerns About the RFID Layer of EPC Gen2 Networks

Contact Info

Product

Resources

About