Abstract
We report on the security claims of an RFID authentication protocol by Li and Ding which was specifically designed for use in supply chains. We show how the protocol's vulnerabilities can be used to track products, relate incoming and outgoing products, and extort supply chain partners. Starting from a discussion of the relevant security requirements for RFID protocols in supply chains, we proceed to illustrate several shortcomings in the protocol with respect to mutual authentication, unlinkability, and desynchronization resistance. We investigate the use of the xor operator in the protocol, suggest possible improvements, and point out flaws in the proofs of the security claims.
Original language | English |
---|---|
Title of host publication | 2008 IEEE International Conference on e-Business Engineering |
Publisher | IEEE |
Pages | 568-573 |
Number of pages | 6 |
ISBN (Print) | 9780769533957 |
DOIs | |
Publication status | Published - 2 Dec 2008 |
Event | 2008 IEEE International Conference on e-Business Engineering - Xi'an, China Duration: 22 Oct 2008 → 24 Oct 2008 |
Conference
Conference | 2008 IEEE International Conference on e-Business Engineering |
---|---|
Abbreviated title | ICEBE'08 |
Country/Territory | China |
City | Xi'an |
Period | 22/10/08 → 24/10/08 |
ASJC Scopus subject areas
- Management of Technology and Innovation
- Computer Networks and Communications
- Software