ABSTRACT
The International Chamber of Commerce estimates that seven percent of the world trade is in counterfeit goods, with the counterfeit market being worth 500 billion USD in 2004. Many companies already use overt anti-counterfeiting measures like holograms to confine counterfeiting and product piracy. However, current techniques are not suited for automated tests of product authenticity as required in warehouses, or do not provide the required level of security. In this context, Radio Frequency Identification (RFID) is a promising approach, providing an extensible, flexible and secure measure against counterfeiting. Unique product identification numbers together with an infrastructure to seamlessly share RFID-related data over the Internet are a basis of efficient Track & Trace applications. An emerging infrastructure is the EPC Network, which can be used to provide pedigree information of products and makes plausibility checks possible. In this paper, we propose a solution for products requiring authentication mechanisms that go beyond track & trace. Therefore, the evolving EPC Network should comprehend the functionality to handle tags which support strong cryptography. We suggest extending the upcoming EPC Network infrastructure with an EPC Product Authentication Service. Moreover, the development of cost-effective, dedicated authentication devices as well as the belonging standardization is motivated.
- ICC Policy Statement (2003) The fight against piracy and counterfeiting of intellectual property. Submitted to the 35th World Congress, Marrakech, Document no 450/986 www.iccwbo.org/home/intellectual_property/fight_against_piracy.pdfGoogle Scholar
- Robin Koh, Edmund W. Schuster, Indy Chackrabarti, Attilio Bellman (2003) Securing the Pharmaceutical Supply Chain. White Paper, Auto-ID Labs, Massachusetts Institute of Technology, www.autoidlabs.com/whitepapers/mitautoid-wh021.pdfGoogle Scholar
- David L. Brock (2001) The Electronic Product Code (EPC) - A Naming Scheme for Physical Objects. White Paper, Auto-ID Labs, Massachusetts Institute of Technology, www.autoidlabs.com/whitepapers/MIT-AUTOID-WH-002.pdfGoogle Scholar
- Organization for Economic Co-operation and Development (OECD) (1998) The Economic Impact of Counterfeiting. www.oecd.org/dataoecd/11/11/2090589.pdfGoogle Scholar
- Kommission der Europäischen Gemeinschaft (1998, 2000) Grünbuch zur Bekämpfung von Nachahmungen und Produkt- und Dienstleistungspiraterie im Binnenmarkt. europa.eu.int/comm/internal_market/en/indprop/piracy/com789de.htmGoogle Scholar
- World Health Organization (2003) Counterfeit medicines, Frequently Asked Questions. www.who.int/medicines/organization/qsm/activities/qualityassurance/cft/counterfeir_faq.htmGoogle Scholar
- U. S. Department of Health and Human Services, Food and Drug Administration (2004) Combating Counterfeit Drugs, A Report of the Food and Drug Administration. http://www.fda.gov/oc/initiatives/counterfeit/report02_04.pdfGoogle Scholar
- ICC Counterfeiting Intelligence Bureau (2003) The International Anti-Counterfeiting Directory 2003. www.iccwbo.org/ccs/cib_bureau/CIBDirectory.pdfGoogle Scholar
- RFID Journal (2004) Frequently Asked Questions, http://www.rfidjournal.com/article/articleview/207Google Scholar
- Sanjay E. Sarma, Stephen A. Weis, Daniel W. Engels (2002) RFID Systems, Security & Privacy Implications. White Paper, Auto-ID Labs, Massachusetts Institute of Technology, www.autoidlabs.org/whitepapers/MIT-AUTOID-WH-014.pdfGoogle Scholar
- Dirk Henrici, Paul Mülller (2004) Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifier. Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops (PERCOMW'04) Google ScholarDigital Library
- Istvan Vajda, Levente Buttyan (2003) Lightweight authentication protocols for low-cost RFID tags. Second Workshop on Security in Ubiquitous Computing - Ubicomp 2003, Seattle, WA, USA.Google Scholar
- Jeffrey Hoffstein, Jill Pipher, Joseph H. Silverman (1998) NTRU: A Ring-Based Public Key Cryptosystem. Lecture Notes in Computer Science 1423, 267--288, Springer-Verlag, Berlin Google ScholarCross Ref
- Federal Information Processing Standards Publication 197 (2003) Specification for the Advanced Encryption Standard (AES)Google Scholar
- Martin Feldhofer (2004) A Proposal for an Authentication Protocol in a Security Layer for RFID Smart Tags. IEEE Proceedings of MELECON 2004, Vol. 2, pp. 759--762Google Scholar
- David J. Wheeler, Robert M. Needham (1995) TEA, a Tiny Encryption Algorithm. Technical report, Computer Laboratory, University of Cambridge, www.ftp.cl.cam.ac.uk/ftp/papers/djw-rmn/djw-rmn-tea.htmlGoogle Scholar
- Federal Information Processing Standards Publication 180-1 (1995) Secure Hash StandardGoogle Scholar
- Infineon Technologies (2001) Security and Chip Card ICs, SLE 55R01 Short Product Information, www.infineon.com/cgi/ecrm.dll/ecrm/scripts/public_download.jsp?oid=29991& parent_oid=14537Google Scholar
- Infineon Technologies (2004) Secure Mobile Solutions - Security, SLE 66CL80P Short Product Information. www.infineon.com/cmc_upload/documents/036/428/SPI_SLE66 CL80P_0102.pdfGoogle Scholar
- Press Release from the World Customs Organization (2003) www.wcoomd.org/ie/en/ press/ Counterfeiting_E.htmGoogle Scholar
- World Trade Organization (1986-1994) Agreement Establishing the World Trade Organization, Annex 1C, Agreement on Trade-Related Aspects of Intellectual Property Rights. www.wto.org/english/docs_e/legal_e/27-trips.pdfGoogle Scholar
Index Terms
- Extending the EPC network: the potential of RFID in anti-counterfeiting
Recommendations
Strengthening EPC tags against cloning
WiSe '05: Proceedings of the 4th ACM workshop on Wireless securityThe EPC (Electronic Product Code) tag is a form of RFID (Radio-Frequency IDentification) device that is emerging as a successor to the printed barcode. Like barcodes, EPC tags emit static codes that serve to identify and track shipping containers and ...
EPC RFID tag security weaknesses and defenses: passport cards, enhanced drivers licenses, and beyond
CCS '09: Proceedings of the 16th ACM conference on Computer and communications securityEPC (Electronic Product Code) tags are industry-standard RFID devices poised to supplant optical barcodes in many applications. We explore the systemic risks and challenges created by the increasingly common use of EPC for security applications. As a ...
Shoehorning security into the EPC tag standard
SCN'06: Proceedings of the 5th international conference on Security and Cryptography for NetworksThe EPCglobal Class-1 Generation-2 UHF tag standard is certain to become the de facto worldwide specification for inexpensive RFID tags. Because of its sharp focus on simple “license plate” tags, it supports only the most rudimentary of security and ...
Comments