A new framework for privacy of RFID path authentication

Abstract

RFID-based path authentication enables supply chain managers to verify the exact path that a tag has taken. In this paper, we introduce a new oracle Move that models a tag's movement along a designed or an arbitrary path in a supply chain. With this oracle, we refine the existing security and privacy notions for RFID-based path authentication. In addition, we propose a new privacy notion, called path privacy, for RFID-based path authentication. Our privacy notion captures the privacy of both tag identity and path information in a single game. Compared to existing two-game based privacy notions, it is more rigorous, powerful, and concise. We also construct a new path authentication scheme. Our scheme does not require the entities in a supply chain to have any connection with each other except in the initial stage. It requires only 480 bits storage and no computational ability on each tag; thus it can be deployed on the standard EPCglobal Class 1 Generation 2 tags in the market. © 2012 Springer-Verlag.