Context-aware web services for security control ... - Semantic Scholar

Int. J. Information Technology and Management, Vol. 12, Nos. 1/2, 2013

Context-aware web services for security control and privacy preservation in an RFID supply chain Manmeet Mahinderjit-Singh* and Xue Li* School of Information Technology and Electrical Engineering, University of Queensland, Brisbane 4072, Australia E-mail: [email protected] E-mail: [email protected] *Corresponding authors

Zhanhuai Li School of Computer Science and Technology, Northwestern Polytechnical University, Xi’an 710072, China E-mail: [email protected] Abstract: Automation and optimisation of supply-chain activities are made possible by radio frequency identification (RFID) technology. RFID supply chain performance can be enhanced by integrating RFID functions into the web service paradigm. However, the use of RFID involves growing privacy and security concerns, in part because the lack of RFID tag capacity places the whole supply-chain loop at risk of security such as product counterfeiting. In this paper, we tackle the security and privacy challenges in RFID by using context-aware web service technology. By employing a seven-layer trust framework, we design the functionalities to comply with web service architecture. In order to address the security and privacy problems, we also use the context parameters such as location and time to model the situations of RFID tags. A complete case of RFID-enabled supply chain in an EPCglobal network using context-aware web services is provided to tackle the RFID security and privacy challenges. Keywords: radio frequency identification; RFID; supply chain management; SCM; context-awareness; web services; security and privacy. Reference to this paper should be made as follows: Mahinderjit-Singh, M., Li, X. and Li, Z. (2013) ‘Context-aware web services for security control and privacy preservation in an RFID supply chain’, Int. J. Information Technology and Management, Vol. 12, Nos. 1/2, pp.39–66. Biographical notes: Manmeet Mahinderjit-Singh is currently a PhD research student at the University of Queensland. She received her BSc in Computer Science and MSc in Computer Science both from the University Sains Malaysia. Her current research interest is in the detection and prevention of fraud and cloning in RFID data. Xue Li is an Associate Professor in the School of Information Technology and Electrical Engineering at the University of Queensland. His research interests include data mining, multimedia data security, database systems, and intelligent Copyright © 2013 Inderscience Enterprises Ltd.

39

40

M. Mahinderjit-Singh et al. web information systems. He has a PhD in Information Systems from the Queensland University of Technology. He is a member of the IEEE and the ACM. Zhanhuai Li is a Professor in the School of Computer Science and Technology at the Northwestern Polytechnical University, China. His research interests include database technology, stream data management and mining, XML data management, multimedia data management and storage technology. He is the Vice Chairman of Database Technical Committee and Storage Technical Committee of China Computer Federation. He is also a member of Computer Application Committee of Chinese Society of Astronautics.

1

Introduction

Radio frequency identification (RFID) technology combined and integrated with information and communication technologies offers the advantages of precise identification, automatic tracking and monitoring of objects (Gao et al., 2004). RFID-enabled applications such as vehicle management, access control, security and supply chain management provide advantages over current barcode systems with respect to efficiency and cost savings. RFID systems (tags, readers and the RFID network) have emerged as ubiquitous tools due to their ability to sense events and capture conditional changes. As a result, RFID-enabled events contain a large amount of contextual information such as locations and time points. Based on the contextual information, business logic can be implemented efficiently and in a distributed fashion. Context-awareness implies that the system should be able to recognise both external and internal events and respond to any changes in real-time according to the current situation and the user’s requirements (Jongmyung, 2010). For example, when an RFID tag is read in a context-aware RFID system, the identified items together with the context information (e.g., location and time) can be regarded as an event and associated with the relevant event-processing services. Many intelligent services can be applied to process complex events based on the supply-chain system requirements. An RFID tag can hold limited values that may change with time (Schilit, 1995). According to Jongmyung (2010), an RFID system can be a powerful context-aware system due to many of its features including: 1

the tag reading patterns, such as the multiple concurrent pattern, are transparent and not complex

2

only two components (tags and readers) are needed to capture any event updates

3

a tag value may have a variety of meanings based on its data type

4

the system is easily combined with other sensors

5

the system is event-driven.

An RFID-enabled supply chain is a coordinated system with multiple organisations. Their workflows and protocols aim at moving items in both physical and virtual spaces from supplier to consumer (Gao et al., 2004). However, a lack of trustworthiness between supply chain players has caused problems such as product counterfeiting issues and a low

Context-aware web services for security control and privacy preservation

41

acceptance rate of RFID technology. Trust decrement among business partners using RFID technology happens because of two main reasons. First, RFID tags have very limited electronic features and are cheap to clone (Gao et al., 2004). The security and privacy threats are therefore inherent in RFID technology as in all electronic and data communication technology. This reduces the trust and confidence of business partners, especially when RFID tagging is used in anti-counterfeiting method (Juels, 2005). Second, there is a huge amount of RFID tags in an open system. An RFID tag may appear anywhere and everywhere. As the strongest security risk is always provided by the weakest link in a security chain, the lack of an attack detection model in the RFID network can make the security and privacy threats go unnoticed (Lehtonen et al., 2007). The security and privacy threats attributed by limited hardware storage and memory in the RFID tag impacted in increasing issue of products counterfeiting (Choi and Poon, 2008). Since the cost of tags decrease with only $0.01 cents each, the storage and memory capabilities on a tag are lesser. As a result, no strong and ultimate security mechanism can be installed in tags (Juels, 2005; Peris-Lopez et al., 2006). The vulnerability of the RFID tags and communication channel increases the risk of security threats such as eavesdropping, skimming, and man – in the middle, DOS and physical attack (Burmester and Medeiros, 2007). Single attack or a combination of threats contributes to cloning and frauds attack, which is the highest contributor to counterfeiting issue especially in supply chain application. The weakness of the RFID is also resulting from the physical nature of the RFID tags and the operating environment of the system. At the same time, the RFID data characteristic such as readability impact even from a longer distance breaches the privacy with an increment of forward and reverse traceability problem (Song and Mitchell, 2008). Forward traceability makes it possible for previous owner to track and read the information after the data reached at a new owner site, introducing tag ownership issue and backward traceability means vice versa. Eventually, the link ability scenario of a competitor capable of tracking and tampering the sensitive information on tags linked to the enterprise database resulting in counterfeiting and cloning the drugs labels is likely. In addition, the facts that tags are readable from greater distances and even without owners knowledge causes the link ability threat in supply chain management. One important privacy concern is that, without security measures, a retailer’s inventory data on an RFID tag might be monitored by a competitor’s unauthorised readers (Gao et al., 2004). Subsequently, this data can be cloned on empty tags raising the issue of counterfeiting. The introduction of counterfeit tags into the system in different places at different times may go unnoticed if no detection system is installed at these locations. As discussed by Mahinderjit-Singh and Li (2010), the traditional RFID trust service by EPCgobal (Verisign, 2004) only provides a prevention security mechanism without any means of security detection and human social trust. The potential challenges caused by a lack of trustworthiness within a supply chain are identified as follows: a

delays in detecting an RFID security attack such as a cloning attack, especially without any information sharing mechanisms in place between supply chain partners

b

difficulties in monitoring and enforcing any security policies, since most security attack detection is done in an ad-hoc manner and in a closed system

c

the imposition of extra costs for manually tracking detailed information on the whereabouts of RFID tags and their quantity.

42

M. Mahinderjit-Singh et al.

Such challenges highlight the necessity of web-based context-awareness in a supply chain system to improve the overall efficiency of the supply chain. Web service technologies can support and simplify the exchange of context information between various supply chain partners, thus enabling web services systems to utilise various types of context information to adapt their behaviours and operations to dynamic changes (Truong and Dustdar, 2007). Forcing a service to be aware of a user’s intention and request is difficult due to the architecture of web services which are large-scale and distributed. An RFID supply chain system with security control may not be able to guarantee privacy but an RFID supply chain system with privacy protection must always have security control. In order to achieve high security protection and privacy preservation in an RFID application, the following contexts are important: identity (user and object), location, time and behaviour (activity) (Schilit, 1995; Yao et al., 2008). Time and location are the two most important contexts in RFID applications since RFID system features are event-driven and widely used for product tracking and tracing purposes. In a security-based application such as RFID intrusion detection, time and location are needed to illustrate when and where an attack has occurred. The identity context relates to permission and role-limited information accessible by users while dealing with certain tasks. A context-aware system should be able to detect, interpret and respond to the context. Unlike a context-aware system which is tightly coupled in a closed environment, an RFID-enabled supply chain context-aware solution for enhancing sharing in web services-based environments must be open and standard-based. Furthermore, the context information needs to comply with privacy and security rules when sensed and shared across the boundary of a single organisation. In this paper, we demonstrate how the security and privacy of an RFID clone detection system can be maintained by using the context information such as identity, location, time, and activity. We believe that the use of a context-aware RFID system can increase trust in an RFID supply chain without sacrificing security and privacy elements. We have also re-design the proposed seven-layer trust framework (Mahinderjit-Singh and Li, 2010) as a web service and emphasise context awareness to explain how location and time are used as the context in security and privacy management. The proposed architecture is known as RFID supply chain context aware web service (RSC-CAWS). The main idea of RSC-CAWS is to utilise and transform the existing seven-layer trust framework as a context web service which will allows an efficient detection and monitoring of security attacks. RSC-CAWS will be capable of operating in an EPCglobal environment. The motivations for our proposed context-aware RFID-enabled supply chain web service or RSC-CAWS are: 1

to ensure that security control and privacy preservation in an RFID-enabled supply chain are both achievable

2

to enhance supply chain partners’ trust via a secure information sharing mechanism by applying EPCglobal services.

In addition, we also present a case study on how our context-aware web service is relevant and applicable in real life security attack detection. We evaluate the RSC-CAWS effectiveness according to criteria based on supply chain organisations priorities in detecting any security attack. Among the criteria are cost of process and infrastructure, security and privacy policies, efficiency of alerting system and response time in dealing


43

with a security attack. These criteria are justified by three main factors in selection of an intrusion detection system (IDS) which are detection, response and deployment (Amoroso and Kwapniewski, 1998). Finally, we present an event-conditional action model for RSC-CAWS. In summary, the contributions of this paper include the following aspects. 1

We design a context-aware trust framework by transforming the traditional seven-layer trust framework to tackle the security and privacy challenges that occur in the RFID system especially in the supply chain management. The context-aware web service is known as RSC-CAWS.

2

We demonstrate context awareness in tackling cloned and fraud attacks for a RFID clone detection system and justify the important context parameters types when dealing with cloning and fraud attack for a RFID system.

3

Finally, we evaluate RSC-CAWS architecture by providing a detection service case study and evaluate the main effectiveness factors in selection an intrusion detection by using analytical hierarchy priority (AHP) tool (Palcic and Lalic, 2009).

The outline of the paper is as follows: Section 2 presents the security and privacy taxonomy in an RFID supply chain environment. Section 3 discusses RFID-based context-aware parameters in depth. Some scenarios of smart services are also presented. Section 4 discusses the relevance of the seven-layer trust framework in terms of context-awareness. Some information on enhancement of the seven-layer trust framework is shared here. Section 5 provides our proposed RFID context-aware web service architecture in a supply chain context. An illustration of an integrated web service with EPCglobal is also shown. We also present a case study demonstrating a clone detection system and evaluate several factors in handling an attack for different types of detection types. An event processing method that employs the event-condition-action (ECA) algorithm and triggers in the development of security and privacy is also discussed. Finally, Section 6 provides the conclusions.

2

RFID security and privacy taxonomy

In this section, we present a taxonomy of the security and privacy issues of RFID-enabled supply chain management. Firstly, we discuss the challenges and problems related to security in an RFID system. The discussion in this section is essential for understanding why a trust mechanism is important in addressing the security and privacy concerns in RFID. The ubiquitous computing which involves RFID components is seen as the major contributor to the security and privacy challenges. The cause and effect diagram shown in Figure 1 further illustrates the security issues. The physical deployment of the RFID architecture involves the tag and reader characteristics. The tag capabilities in terms of storage and low built-in memory are the main factors for insufficient security on the tags. Based on Peris-Lopez et al. (2006), there are less than 3,000 gates in the RFID tag, which can be used for any security algorithm. Hence, the use of lightweight authentication has been proposed to cater to the hardware limitation. However, the lightweight approach

44


does not provide completeness and makes the chances of attack even higher (Piramuthu, 2008). Figure 1

Cause and effect of RFID challenges

The lack of standardisation among different manufacturers of tags and readers makes it difficult to implement a sharable security mechanism in an open system environment. The network issues include the insecure communication between tags and readers. An attacker is able to remove the tag from the product, and the lack of sufficient pedigree security makes it much easier to forge an authentic product. In addition, the lack of communication bandwidth and management introduces the problem of key management in ubiquitous computing (Juels, 2005). The architecture deployment in a supply chain environment, which includes the position of tags and alignment of readers in a centralised server, could cause erroneous readings such as duplicate records in the system and a resultant reduction in accuracy. The RFID tag scalability issue in the supply chain environment also needs attention. As the size of the tags and readers grows over time according to the supply chain business needs, it is clearly important to design an architecture that is able to cope with future advancement. On the other hand, the simplistic middleware design currently used by the EPCglobal network (http://www.epcglobalinc.org) does not cater for the evolving RFID technology or meet the business owner’s requirements. There is no dedicated middleware component for ensuring security needs such as authentication (Lehtonen et al, 2007). In an open system environment, this affects the security and privacy of the information on the tags linked to the enterprise database. It causes data inconsistency and leakage. With all these issues combined, the impact on human trust in the RFID technology is critical and contributes to the lack of data sharing mechanisms in SCM. The next sub-section examines the RFID security taxonomy in relation to RFID security attacks.


45

2.1 Taxonomy of RFID security attacks in the supply chain Security mechanisms can be grouped into three categories – authentication, authorisation, and RFID trust services. Each of the categories is discussed as follows:

2.1.1 Authentication In enhancing trust in RFID technology, authentication and authorisation are essential in two different aspects: the trust between the tag-reader (RFID system) and authentication between business trading partners. The need for authentication and authorisation is fundamental for an authentic data exchange process (Kutvonen, 2005). Information exposure of the RFID tags and an access control system between businesses partners are identified as the problems holding back users’ confidence. Based on the taxonomy of RFID security illustrated in Table 1, protections against RFID security attacks can be categorised in terms of RFID components such as tags, readers and middleware. According to Peris-Lopez et al. (2006), there are only around 250B–3KB gates, which are available on a 96-bit tag for security purposes. As a result, many lightweight approaches (Dimitriou, 2005; Juels, 2005) are in demand especially those with the capability of catering for low cost operations such as XOR, OR, AND and modulo addition and that have a lower power energy consumption. Table 1

RFID security taxonomy

Category

Tags

Middleware

New EPC and network adoption

EPC design (Juels, 2005)

EPC-PAS (Lehtonen et al., 2007)

Lightweight protocol (Dimitriou, 2005)

EPC-TAS (Staake, 2005)

Product authentication

Lightweight ECC (Kim, 2007)

Lightweight protocol (Dimitriou, 2005)

PKI ECC (Batina et al., 2007)

Mutual authentication (Juels, 2005)

Non-crypto other solution

PUF (Bolotnyy and Robin, 2007)

Trace and track (Verisign, 2008)

Tag-reader

Watermarking (Choi and Poon, 2008) Product specific (Nochta et al., 2006)

Steganography

Watermarking tampering data (Potdar and Chang, 2006)

Source: Mahinderjit-Singh and Li (2010)

The cryptography-based solution offers practical solutions for unconditional security and ensures all the goals of security mechanisms are accomplished. However, the design employing strong cryptography algorithms and protocols only protects the RFID system against the low level attacks in the form of ‘skimming’ and ‘sniffing’ (Dimitriou, 2005; Juels, 2005). Without coping with other types of attack such as active attacks, this design

46


would fail to provide completeness in accomplishing all the security requirements. Nevertheless, some authentication techniques such as ECC in key generation are said to be strongly secure and able to protect the RFID against many attacks such as cloning (Batina et al., 2007; Juels, 2005). RFID cloning attack occur when tag identification number (TID) and the form factors is copied to an empty tags (Lehtonen et al., 2009). RFID tag fraud on the contrast makes use of cloning tags and adds the serial numbers of future EPC codes. This result, however, is only based on theory and is yet to be proven in practice. The lightweight protocol proposed by Dimitriou (2005) shows how challenge-response authentication function between the tags and the reader and how the usage of a random number as a nonce is able to provide better protection compared to the usage of a timestamp and counter numbers. Some techniques emphasise high-end algorithms such as MAC and HMAC. These algorithms are more secure and do not require an extensive key management strategy. Unfortunately, the design proposed by Dimitriou (2005) does not mention the requirement for the tags and the length of the algorithm key. Therefore, in addition to concentrating on the tag, we consider other parts of the RFID technology for the authentication process. The need for the RFID reader to be authenticated is also important. Many solutions for cloning attacks require a new tag design and functionality components in the middleware. For example, Lehtonen et al. (2007) advocated the use of a dedicated unit such as EPC-PAS and EPC-TAS in the middleware for authentication and tracing purposes. However, the expense of such infrastructure could cause a setback to some business owners.

2.1.2 Authorisation Exchanging and sharing of data ensure the full advantage of RFID technology is fully materialised. For instance in an application such as supply chain, trading partners should always be confident in sharing the RFID events tracking information and other inventories related information. The integration of ANSI ASC X12 (American National Standard – X12), a set of EDI (electronic exchange interface) for supply chain industry together with XML as an internet medium and RFID guarantee better pipeline management, visibility, forecasting and flexibility (Thiesse et al, 2009). However the main challenge will always be in protecting organisation sensitive and confidential data from others business competitors. The solution to this challenge can be realised by using authorisation concept. Authorisation is the process of determining whether a user can perform a specific operation on resources. By applying access control policies such as designed by Wang et al., (2008), we trust that RFID system attacks within a supply chain can be eliminated when policies are assigned at product level and item level. In addition, a Discovery Service (DS) is another registry where incoming and outgoing products can be registered (Ranasinghe and Cole, 2007) and which can function as an item-level tagging server. Role-based policy fit perfectly for RFID access control applications (Dong Seong et al., 2006). Traditionally, EPCglobal service make use of the Electronic Product Code Information Services (EPC-IS) model (Ranasinghe and Cole, 2007) to share and exchange information in RFID. The method for exchanging EPC-IS events uses a protected communication channel based on HTTPS and SSL. EPC-IS enhances data sharing and visibility and monitors day-to-day RFID applications. Each local company would have its own local database and local EPC-IS.


47

2.1.3 RFID trust service In terms of data exchange, recent RFID technology in supply chains uses public key (PKI) technology for its authentication and authorisation models (Verisign, 2004). In Verisign (2008), the authors argue that an innovative way to minimise the sharing of information is by applying distributed network architecture. This type of networked RFID system ensures that partners only store their serialised information about each product in a database and that this information is only accessible to authenticated and trusted partners. The existing data exchange model associated with the trust service is not sufficient to provide total security against security risks in an RFID system. This is because the current RFID trust model does not provide any detection mechanisms or any soft trust mechanisms. Hence, its inability to detect security attacks provides a loophole even by standards provided by international organisations such as the EPC network. Meanwhile, without any soft trust capabilities, any information on feedback and previous transaction experiences cannot be accumulated for better-trusted future paths and transactions. In addition, Hargraves and Shafer (2004) suggested that identifiability, observe-ability and link-ability of RFID tags with associated data should be always minimised and that the RFID system should be developed with authorisation, authentication, and encryption on a routine basis to ensure the trustworthiness of the system.

2.2 RFID privacy taxonomy In RFID, privacy of RFID events information can be preserved by ensuring the RFID system is capable of keeping the meaning of the information transmitted between the tag and the reader secure from non-intended recipients. In a supply chain enabled-application, the nature of RFID tag operation which allows reading by readers without their owner’s knowledge and the tracking and tracing concepts in EPCglobal services in obtaining information becomes the main contributor to the breach of privacy. Consequently, the breaching of privacy involves tracing and tracking, profiling of products and secret tag reading (Ayoade, 2007). There are two different privacy types when it comes to RFID; 1

data

2

location.

Data privacy occurs when rogue readers sniff a legitimate transaction and trick the tag into disclosing its personal data. In contrast, location privacy is at risk if a tag ID associated with that person is spotted at a particular reader location. Some of the methods in curbing privacy violations use RFID components such as tags and readers. The approaches include: 1

tag killing (Sarma et al., 1999) in which the tags of sold items are disabled or removed at the point-of-sale

2

tag blocking (Juels et al., 2003) in which a blocker tag creates a radio frequency environment that prevents unauthorised scanning of consumer items

3

the application of hash encryption (Juels, 2005) in which the information stored in tags is encrypted in a dynamic manner

48 4

M. Mahinderjit-Singh et al. the rewriteable memory and random number approach (Gao et al., 2004) in which only authorised readers are able to access the tags.

However, these approaches only provide partial or temporary benefits and in fact introduce other liabilities. For example, tag killing causes the loss of all RFID benefits and the blocker approach creates the risk of unreliability. Another approach to preserve privacy is to apply policies (Garfinkel et al., 2005) which emphasise the need for guidelines which require human and technological intervention. In Table 2, we categorise the privacy attacks and show how both privacy and security are the necessary part of any trust management model. The next section explores the RFID system context-awareness in depth. Table 2

Categorisation of RFID security and privacy concerns

Security attacks Eavesdropping/replay attack

RFID components Tags Readers

Security attacks outcome Information leakage

Privacy effects

Privacy types or security

Inventorying

Data

Traceability

Location

Counterfeiting

Security

Solution Trust framework

Local database EPC network Physical/skimming

3

Tags

RFID system context-awareness

In this section, we explain RFID context in depth. RFID context identification is important in designing web services for RFID systems. Context is defined as the information used to demonstrate the situation of an application (Dey and Abowd, 1999; Dey, 2000). Context can be categorised as location, identities and object (Schilit, 1995). In an RFID system, contexts can be extended to four different types: user, object, location and behaviour (Jongmyung, 2010). The definition provided by Jongmyung (2010) relates to the RFID features themselves and fits with the claim by Schilit (1995) that the important aspects of context are: where you are, who you are with, and what resources are nearby. However, another important aspect of context rose by Jongmyung (2010) addresses the ‘why’ question. This relates to the measure of changes in user behaviour. We agree with the definition of RFID context proposed by Jongmyung (2010). However, our focus on RFID context is to accomplish both security and privacy challenges within an RFID supply chain. A context-aware system uses context information and provides relevant services to users (Dey and Abowd, 1999). Some of the context-aware RFID systems proposed in earlier studies are a mobile guide system for exhibition and museums (MyGuide) (Jongmyung, 2010) and a campus-based context-aware notification system (R-CCANS) which aims to deliver notifications to students (Alkhateeb et al., 2010). R-CCANS is a context-triggered actions system which acts autonomously when the context is detected


49

(via tag ID and location ID) and processed. In a supply chain context, context-aware web services have also been included to enhance the construction-logistic supply chain and a context-aware payment for the supply chain (Omar and Ballan, 2009; Zamani et al., 2008). The supply chain web service application increases efficiency and provides optimisation for an RFID-enabled supply chain. The context-aware payment mechanism in a supply chain overcomes the potential bottleneck caused by ad-hoc transactions (Zamani et al., 2008). In addition, the overall processing time for invoice transactions has been improved. A context-based system for a smart hospital (Yao et al., 2008) and RFID-based campus (Haron et al., 2010) used both location and time context to enhance monitoring functionalities in the hospital and for displaying personalised information of students on campus. As discussed above, the four main parameters of RFID contexts are location, time, identity and behaviours. Each is further explained as follows:

3.1 Location In an RFID-based context-aware system, location is essential context information. An example of a system that uses location is the location-based service (LBS) (Lehtonen et al., 2007). The LBS system can be used to search for the nearest service outlet from the user’s location or to distinguish the whereabouts of products in a tracking system. Searching for the whereabouts of products by using sensors such as an RFID tag eliminates several security attacks such as counterfeiting and any other security attacks on the RFID tags as discussed in Section 2.1. In the detection of any security attack, tracking of tagged products can be done by registering authenticated readers and only allowing transactions between tags and readers through two-way mutual authentication. A list of authenticated readers and computer devices should be registered according to the supply chain partner’s location. The local database should be designed to be aware of the full rights of each individual user and should be able to detect when, where and why an RFID tag is being read. To comply with this, organisations could post a sign wherever RFID readers operate. Embedding this policy with a detection system is possible when a tag equipped with memory can count the number of times it has been read. Information shared through EPC-IS should include RFID tag location identification showing which reader has read the tag. All RFID transactions and information transmissions in an RFID supply chain require consent from both parties: business owners and consumer.

3.2 Time Time is context information that we believe should be included in any RFID security system. An RFID-based supply chain system involves the movement and flows of millions of data. The data generated consists of RFID tuples in the form of EPC, location and time, where EPC is the unique identifier read by an RFID reader, location is the place where the RFID reader scanned the item, and time is the time when the reading took place. Tuples are usually stored according to a time sequence. ‘Time to live’ (TTL) indicates the time restriction that target events should satisfy (Mahinderjit-Singh et al., 2011). Since most RFID applications have a restriction time, we believe if carefully defined, we can use the notion of TTL to detect any security attacks in an RFID supply chain.

50


Time is also critical in the preservation of privacy, as privacy can be maintained by deletion of all product data after a certain period of time. After a while, the entire product data linked between the tag ID and the database should be deleted. This requirement reduces any form of tracking violation and curbs fraud. However, this will eliminate the advantages of the RFID system in a supply chain such as providing visibility and traceability.

3.3 Identity Identity context information includes context parameters such as users and objects. In a security-based system, these context parameters must follow both authentication and authorisation process upfront. Authentication is an essential element of a typical security model. It is the process of confirming the identification of a user (or in some cases, a machine) that is trying to log on or access resources. While authentication verifies the user’s identity, authorisation verifies that the user in question has the correct permissions and rights to access the requested resource. The two work together, with authentication occurring first, then authorisation. In an RFID-enabled SCM tracking and tracing system website, authentication and authorisation are essential. Based on organisational role, role-based access control (RBAC) can be employed in which the administrators at each site are responsible for their own site. For instance, an administrator is only able to view other supply chain partner reports and not able to edit or delete them. In IDS, one of the tasks of the system administrator (SA) is to monitor and maintain the availability and execution of the detection (Mahinderjit-Singh et al., 2011). According to Mahinderjit-Singh et al. (2011), biometric authentication methods are the most secure and suitable method for use by supply chain partners in supply chain management, as indicated by analytical hierarchical process (AHP) tool. The Secure Hash Algorithm (SHA) can be used to create a ‘fingerprint’ for the PKI of this biometric application. In addition, RFID tag authentication methods that minimise storage needs and use minimal key bits are preferred, such as lightweight public cryptography (e.g., ECC and lightweight protocol).

3.4 Behaviours Behaviours are another essential context used in handling RFID security attacks. RFID components such as tags and readers can be used to measure the degree of attack vulnerability. For example, in handling a cloning attack, RFID devices such as RFID tags and readers can have the following patterns (Mahinderjit-Singh and Li, 2010): •

High frequency of tag usage – RFID tags that are used more frequently than the rest demonstrate an abnormal activity, indicating that they are being compromised for cloning attack.

•

High frequency of reader traffic – If a reader has a surge in traffic on the database, it may show that an intruder is launching a DOS attack to confuse the reader with an excessive number of tags (both genuine and cloned ones).

Table 3 summarises the descriptions of the context parameters. The descriptions of context parameters are categorised into three different dimensions – users, objects and environment. The devices required to acquire the context information and its services are


51

also distinguished. In the next section, we show how the seven-layer trust framework can be redesigned to allow the integration of a context-aware web service.

Table 3

Classification of RFID contexts

Context dimension Users

Object

Context parameters

Context capture device

Location

RFID tags

Inform and display current location and time

Identity profiles

RFID network

Inform and display current activity

Location

RFID tags

Time

RFID network

Deliver object information details e.g., manufacturing date, delivery date

Behaviour Environment

Time neighbourhood

Context-aware services

(Trace and track service) RFID tag TTL values

Inform and display ERP supply chain information Display time current user or object location Display time arrive/depart

4

Seven-layer trust framework enhancement

In this section, we discuss how the seven-layer trust framework can be transformed to allow the integration of web services with security and privacy functions. RFID security problems such as tag cloning can be dealt with by using the core functions in RFID technology. The main functions are designed as RFID physical core functions, service core functions, and application core functions (as shown in Figure 3). The relevant RFID contextual information is location, time, identity and behaviour. Based on the security taxonomy outlined in Section 2.1, RFID security risks in supply chain management can be tackled with a complete trust solution embedded with attack prevention and detection mechanisms. In the seven-layer trust framework (Mahinderjit-Singh and Li, 2009), trust in an RFID technology system is defined as a ‘comprehensive decision making instrument that joins security elements in detecting security threats with preventing attacks through the use of basic and extended security techniques such as cryptography and human interaction with reputation models’. In addition, a trust model for a technological system should always include human interaction through the use of feedback and ranking. In the seven-layer trust framework (Mahinderjit-Singh and Li, 2009), both security and privacy are integrated in the first five layers. The trust framework could be applied to maintain an RFID system which is able to handle security threats without compromising privacy. Layer 2 – privacy looks into time and locality factors which are related to the privacy of data and location. Mahinderjit-Singh and Li (2009) argue that the privacy component is necessary to support the handling of cloning attacks because tracking tags is an essential step in cloning detection yet may compromise a partner’s privacy. Thus,

52


this layer is designed to ensure the privacy protection while dealing with cloning attacks. We also believe trust management is the key for overall protection of security and privacy in an RFID system. The trust framework provides guidelines for designing trust and solving open system security threats. It is a solution that aims to optimise trustworthiness by employing core functions at three main levels: A

the security and privacy core functions at the RFID system physical level (i.e., tags and readers)

B

the RFID service core functions at the middleware level through utilisation of multiple data integration platforms such as the EPC trust services (http://www.epcglobalinc.org ) and third-party software systems such as an IDS

C

the core functions at application level through use of reputation systems based on user interaction experiences and beliefs.

The trust framework is illustrated in Figure 2. The next sub-section provides an overview of RFID privacy concerns. Figure 2

Seven-layer trust framework

Source: Mahinderjit-Singh and Li (2009)

The trust framework can be redesigned according to the RFID core functions (Mahinderjit-Singh and Li, 2010). Physical core functions are included in Layers 1 and 2 of the trust framework, where authentication and authorisation protocols and policies can be placed. Service functions include detection servers or any application servers intended mainly to maintain the security and privacy of an RFID system. Layers 3–5 of the seven-layer trust framework emphasise RFID service core functions. The service core functions represent the basic functionality of an RFID system. The trust element between


53

an RFID system and its partners consists in the integrity of data and the credibility of information in granting the service accesses. For instance, when a clone detector is compromised, many clones will get through without being detected. The intrusion detection designed in service core functions will be evaluated and used to update the reputation of the system. In handling an RFID cloning attack, a data sharing mechanism is vital. These core functions represent Layers 6–7 in the trust framework. We are able to develop a context-aware web service by considering some additional functions of layers in the seven-layer trust framework. The seven-layer trust framework emphasises authentication; thus it is able to prevent any security attack from occurring in the first place and also to detect attacks in the supply chain application. Beginning from Layer 1 up to Layer 7 (as shown in Table 2), transitions are made from the technology core to social perspectives. In order to embed the trust framework within the web service, the first five layers are relevant and need to be enhanced further. Layers 6 and 7 do not need any further improvement. The first five layers can be enhanced as follows: A

Layer 1 – security – RFID tag, user and object authentication and authorisation are done in this phase. These two vital supply chain security requirements are complied with here. In addition, this ensures that the user and object context are secured and the web service is protected from security attacks such as replay attacks and duplication.

B

Layer 2 – privacy (locality, timeline) – The context of privacy such as time and locality is utilised based on different applications that the framework will handle. In the framework, we can use time tools such as TTL to enforce the time restrictions that target events should satisfy and use a LBS to handle any risk of security attacks. Both these tools provide ultimate security in an RFID-enabled supply chain and preserve the privacy component as well.

Figure 3

RFID technology core functions

RFID Technology Core Function

Application - Data Sharing RFID Tag

Services - Security attack detection server

Physical - Authentication/Authorisation

RFID Contextual Data RFID Tag

RFID Tag

RFID Tag

54


C

Layer 3 – data (network, semantic, integration) – This layer allows the use of open RFID architectures in which heterogeneous standards and networks from different partners are able to work together with relevant mapping functions. Semantic attributes in this layer can be categorised as semantics for contextual data. In addition, the semantic attribute can be extended to store web semantic. The network attributes, which include both the wired and wireless network type, could be upgraded to include a context server which contains the representation of both contextual information and their content. All the RFID contexts can be stored in this layer.

D

Layer 4 – detection (EPCglobal, third-party certificate authority, rule-based engine) – EPCglobal services should be regulated upfront to help reduce errors in any application implementation. The certificate authority will be placed in the EPC core network to permit transitive relationships between partners and to handle the key management. A rule-based engine here could be extended to comply with the requirement of any security attack detection algorithm and also event processing algorithms such as complex event processing (CEP) and ECA. CEP and ECA are used in a context-aware web service in triggering actions according to the context used by user and tasks.

E

Layer 5 – Monitoring – The tools at this layer will monitor the whole RFID operations based on the policy enforcement and auditing processes. If any risk is encountered, the monitoring function will eventually record and alarm business owners and react to attacks. In an RFID-enabled supply chain web service environment, the monitoring service helps in tracking products and generating reports on detected counterfeit products and other security problems in the supply chain.

There will be no transformation and changes applicable for Layer 6 and Layer 7 of the trust framework. The main reason for this is because Layer 6 and Layer 7 are a part of social or soft trust and can be applied automatically to any context aware web service model. Below are the explanations of both of the layers. Layer 6 (category – culture, attitudes, beliefs) which are the social aspect of one’s culture, beliefs and attitudes will impact tremendously to the positively shared experiences in the next layer of business decisions. An example will be if a partner’s RFID experiences are positive, then the impact on his beliefs and attitudes will be demonstrated in (next) Layer 7 when interactions among business partners are established (Yang and Jarveenpaa, 2005). Layer 7 (experiences - interaction, shared values, knowledge, conveniences) is applicable when two partners begin to share their added value of past experiences and knowledge especially those positive ones by means of communications and interactions, the confidence level of RFID products will increase. Next, we present our proposed context-aware website.

5

RFID supply chain context aware web service

In this section, we discuss our proposed context-aware web service system. Our intelligent web service, known as the RSC-CAWS, is also able to function in an EPCglobal network. We will also demonstrate a case study on RFID-enabled security


55

attack such as cloned and fraud detection services and evaluate the RSC-CAWS against other detection service by using certain criteria. We will apply AHP tool in demonstrating the impact of these criteria. We also discuss how ECA can be used to generate rules for this system in this section.

5.1 RFID-enabled supply chain context-aware web service Web services and context awareness can be integrated to enhance RFID-enabled supply chain activities such as payment, delivery and security-related tasks including attack prevention and detection. In addition, this combined function can provide automatic response and detection for the tracking and tracing monitoring process and for any counterfeit RFID tags within a supply chain plant. RFID contexts such as time, location, identity and behaviour can be captured. According to Aziz et al. (2003), the key building blocks of an intelligent website are semantic intelligence, web services, agents and context. Semantic intelligence deals with knowledge access and description. The web service ensures the sharing of data in a heterogeneous environment. The agent layer addresses issues of security and negotiation, and context is used to represent intelligent information (Aziz et al., 2003). In this paper, we propose an RSC-CAWS. The proposed web service uses RFID context information in performing users’ requests. As the seven-layer trust framework is placed in an EPC Discovery Service (EPC-DS), detection services and access control services (ACS), which include both authentication and authorisation, are also placed here. EPC-DS provides efficient track-and-trace capabilities within EPC network and present a list of the EPC-IS instances that contain information of items queried (Verisign, 2004). The function of EPC-DS can be extended further such as including the seven-layer trust framework here. The ACS employ RBAC policy and authentication algorithms such as SHA and PKI technologies that are used for both users and objects tagged with an RFID tag. The RSC-CAWS provides collaboration with third-party suppliers’ web services as well. This intelligent web service can function in an EPCglobal network. Context can be triggered by using the CEP model. We use ECA to show how rules can be triggered and used with this web service. RSC-CAWS functions as a bundle of services. The RSC-CAWS design is based on service-oriented architecture (SOA). The advantage of SOA is that only invoked services require resources to process. Services can be awakened by service invocations based on requests. The services within the RSC-CAWS include: •

Access control service – this service stores both authentication and authorisation policies.

•

Attack detection service – this service detects, interprets and responds to an attack that occurs within a supply chain plant.

•

Logging and monitoring service – this service monitors the privacy and authorisation policy configuration. It also responds to any alarm triggers sent by the security attack detection service or any other service alert within the context-aware web service.

Within EPCglobal architecture, services include EPC-IS, EPC-DS and Object Name Service (ONS) together with the other services provided by the RSC-CAWS. The orchestration and integration of the services increases the ability of RFID to flexibly

56


support multiple supply chain processes. This flexibility is also supported by an intelligent system such as the RSC-CAWS. Figure 4 demonstrates how RSC-CAWS would function in an EPCglobal environment with supply chain partners. Figure 4

RSC-CAWS within EPCglobal network (see online version for colours) Context Parameters TTL profiles Identity profiles (authentication) RBAC profiles Object profiles Alarm profiles Audit data profiles

H RSCCAWS

Root ONS

D EPC Discovery Service

Clone Detection Service

EPCglobal Services C, E

Supply chain

Access Control Service

F Third-Party Suppliers WS

C Manufacturer local EPC-IS (WS)

Manufacturer (A, B)

Distributor Local EPC-IS (WS)

Distributor (G)

WS: Web service

The RSC-CAWS operates in an EPCglobal network environment in the following ways: A

An EPC lifecycle begins when a manufacturer tags a product. At the manufacturer’s site, EPC tags are fixed to products. These EPC tags are furnished with codes and kill/access passwords, upfront.

B

A manufacturer records product information into the local EPC-IS web service.

C

The EPC-IS registers EPC knowledge with the EPC-DS as well. Each supply chain partner only stores information that they want to share with other partners in the local EPC-IS web service. Local-EPCIS information is also accessible through the RSC-CAWS.

D

Before the product leaves the manufacturer’s site, the product is fed into the cloning detector service. This service is placed in the EPC-DS as a component of the seven-layer trust framework. All these services are linked to the RSC-CAWS. The manufacturer’s agent also informs the preparation for attack detection (context parameters such as TTL profile, user and object profiles, site profiles and audit data profile) to the SA agent. All context parameters are stored on RFID tags. The ACS is used to identify and authenticate supply chain personnel. The RBAC policy, identity profiles (authentication logs) and related privileges are also stored in the DS.

E

The result is sent to the manufacturer’s local EPC-IS. If a cloned tag is detected, a trigger (alarm profile) is sent to the manufacturer’s SA.


57

F

If a cloned tag is not detected, the supplier is requested to move the product to the distributor’s front door. The manufacturer’s agent also informs the preparation for product delivery (context parameters – TTL profile, user and object profiles, site profiles, audit data profile) to the transporter agent.

G

At the front door, the distributor records the product into their local EPC-IS.

H

The same process takes place at the retailer’s site using the context parameters linked to the centralised web service. Any supply chain partner can access any other partner’s EPC-IS for tracking and tracing purposes. This is achievable by using the track and trace viewer with the help of the ONS server.

5.2 Case study: cloned and fraud RFID tags detection service using RSC-CAWS In our case study, we make use of all four context parameter discussed earlier which are time, location, behaviour and identity. We have generated simulated supply chain dataset using Monte Carlo simulation. Our dataset make uses of the time and location context in which we use the fundamental of TTL (Li et al., 2011). The simulated data is projected across supply chain partners such as manufacturer, distributor and retailer particularly which means the readers are spread across different locations. As a result, location is an important context. The dataset is then pre-processed in calculating both mean and standard deviation and next the result is stored in audit log. We also employ identity context via both process of authenticating and identifying the employee such as SA and service support employees. We have generated 1,000 EPC tags events and injected 3% of fraud and cloned tags dataset randomly. We assume that the injected cloned and fraud attack can happen anywhere in the supply chain sites and could be any of the attacks we have closely identified which are skimming, eavesdropping, man-in the middle (MIM) and physical attack (Mahinderjit-Singh and Li, 2009). The scenario of a typical supply chain involves several processes such as tagging, shipping, receiving and shelving. In the tagging process, RFID tags are attached to products for instances Chivas Regal wine-bottles. After wine bottles are fed to the clone detector service, they are then delivered to the distributor by Supplier A. Assume that when the manufacturer SA needs information on the location of Chivas Regal bottles and needs to distinguish how many bottles were counterfeited along the way. The SA connects to the RSC-CAWS server to request the information. In order to access the server, the SA will be authenticated first by using authenticity log. Once authenticated, SA will be able to access the audit data log based on stored policies in the ACS function. RSC-CAWS also act as a web service, an XML-based standard such as Universal Description, Discovery and Integration (UDDI) (Aziz et al., 2003). The RSC-CAWS server then queries the context manager for object context information such as location, TTL and audit profiles. It then sends an inquiry to the EPC DS service server. EPC DS is used to get the addresses of the ONS web services which store the particulars for the requested RFID EPC numbers and product types based on the manufacturer’s particulars. This request is then sent to RSC-CAWS. The RSC-CAWS server then sends a request to all the ONS web services along with the products’ locations and the number of fraud and cloned products. The ONS web services return an XML list to the RSC-CAWS server which is then filtered according to

58


the SA’s preferences before presenting it to the SA. Assume that, somewhere in the evening, the cloned and fraud detector server at the distributor site has detected some suspicious set of EPC tags attached to the wine bottles. Next, the cloned detectors server will contact the RSC-CAWS to send an alert via sms to the SA and some support employees. A service request to troubleshoot the fraud incident will be presented as well. If the fraud is detected at the rear door of the distributor site, the halt process alert will be sent to the supplier as well. This halt process alert will eventually stop any ongoing work at the moment. Next we will present some evaluation on RSC-CAWS against some traditional IDS.

5.3 Evaluation of security detection service based on RSC-CAWS The goal of this evaluation is to show the relevance of using a context-aware service based detection service against other traditional detection services. We evaluate the efficiency of RFID detection service with context aware via RSC-CAWS against some other type of security detection server. Among them are host based, network-based and RFID-enabled application detection service (Bai and Kobayashi, 2003). According to Amoroso and Kwapniewski (1998), among the criteria of intrusion detection are detection, response and deployment. Based on these criteria, we have select some factors such as authentication and access control policies and security as a part of detection criteria, efficiency of alerting service and efficiency of support time as part of response criteria and cost of infrastructure and halting process, a part of deployment. In this section, we apply analytical hierarchy process (AHP) and MCDM approaches (Saaty, 1990) to select the optimal criteria for IDS. AHP is a structured technique for dealing with complex decision making. AHP is a decision making tool that can describe a general decision making process by decomposing a complex problem into a multi-level hierarchical structure of objectives, criteria, sub criteria and alternatives, and is a well-known decision theory model developed by Saaty (1990). Its primary attribute is quantifying relative priorities for a given set of alternatives on a ratio scale, based on the judgment of the decision-maker. It provides an easy way to incorporate multiple experts’ opinions and control of consistency in judgments. In addition, the AHP method ensures high repeatability and scalability controls. AHP determines the criteria weightings indirectly based on scores of relative importance for each in pair-wise comparisons. The comparison ratings are on a scale of 1 to 9, resulting in a ratio of importance for each pair with the maximum difference that one criterion is 9 times more important than another. A matrix of pair-wise comparisons is determined in this way (where Ci/Cj is just shorthand for the relative importance of Ci to Cj). In AHP, the final weightings for the criteria are the normalised values of the eigenvector that is associated with the maximum eigenvalue for this matrix. Saaty (1990) suggests that this procedure is the best way to minimise the impact of inconsistencies in the ratios. Consistency ratio is a comparison between consistency index and random consistency index, or, in formula:

CR = CI / RI

(1)

Table 4 demonstrates the AHP tool used to calculate the optimal selection criteria for IDS.

Context-aware web services for security control and privacy preservation Table 4

59

AHP tool: calculation for optimal selection criteria of Detection service

Criteria

Cost

Security

Alerting

Service time

Cost

1.00

3.00

1.00

1.00

Security

0.33

1.00

1.00

1.00

Alerting

1.00

1.00

1.00

3.00

Service time

1.00

1.00

0.33

1.00

Sum

3.33

6.00

3.33

6.00

Normalised matrix

Sum

Priority vector

Cost

0.300

0.500

0.300

0.167

1.267

31.67%

Security

0.100

0.167

0.300

0.167

0.733

18.33%

Alerting -

0.300

0.167

0.300

0.500

1.267

31.67%

Service time

0.300

0.167

0.100

0.167

0.733

18.33%

Sum

1.000

1.000

1.000

1.000

4.000

100.0%

n=

4

Table 5

Lambda max

4.31

Consistency index (CI)

10.37%

Consistency ratio (CR)

11.52%

Detection services ratings

Detection Services (DS)

Cost

Security

Host DS

Excellent

Network DS

Very good

RFID DS CAWS Table 6

Alerts

Service time

Good

Fair

Fair

Good

Good

Fair

Good

Very good

Very good

Very good

Good

Excellent

Excellent

Excellent

Criteria percentage for optimal Detection services selection

Detection Services (DS)

Percentage

Total grade

Cost

Security

Alerts

Service time

3,167

1,833

3,167

1,833

Host DS

23.03%

5,291.75

1

0.75

0.15

0.15

Network DS

18.46%

4,241.85

0.7

0.35

0.35

0.15

RFID DS

23.94%

5500

0.35

0.75

0.75

0.35

CAWS

34.57%

7,941.45

0.35

1

1

1

Sum

100.00%

22,975.05

Based on the calculation done with AHP tool in Tables 4 to 6, we can conclude that, cost criteria seem to be the most important criteria in choosing the detection service. This is followed by an efficient alerting system in responding to an attack. In term of security and service support time, both are equivalently important. Figure 5 shows the distribution of each criterion.

60


Figure 5

Detection service criteria priorities (see online version for colours)

Figure 6

Detection services effectiveness rate (see online version for colours)

Figure 6 shows how AHP tool is used to calculate the benefit of RSC-CAWS against other types of detection services. This evaluation is derived from detection services criteria listed as alerting, cost, security and service support time. The total grade is transformed to percentages in which we can conclude that detection service which combines with context aware is the most preferred with almost 35% (as shown in Figure 6). A typical RFID detection service without any context awareness has similar efficiency with a host-based detection service. However, since the host-based detection service is only relevant to a single organisation, only network and RFID detection service fits a typical supply chain environment. The reason of why a context-aware detection service is more preferred and efficient is due to the faster service level of responding to an attack, high security of access control policies and an effective method of alerting service. This user-friendly context-aware web service is projected to enhance applications efficiencies and service quality.

Profile: users’ authenticity data Location: each supply chain organisation and EPCglobal

Local servers: sales, production Attack detection server

Local employee searching for information of their organisation-sensitive information – sales, forecasting, detection and authentication.

Administrator not wanting to receive any alerts (security attack detected) while busy in meeting: all alerts handled by answering machine.

Administrator detecting security attacks between organisations. Time: timestamp (attack occurs)

Location: meeting room

EPCglobal services

Attack detection server

Time: timestamp when attack happens

Location: each supply chain partner’s site

Time: timestamp (attack occurs)

Location: each supply chain partner’s site

• •

• •

•

Location: each supply chain partner’s site Time: TTL on tags

• •

Profile: users’ authenticity data

Time: timestamp of arrival and departure of RFID products



RFID system (tags, readers and database)

Administrator detecting security attacks within an organisation. •

RFID system (tags, readers and database)

Administrator checking on who is accessing RFID tags and information.

Access control server (authentication and authorisation)

Location: each supply chain organisation and EPCglobal

RFID network

Administrator in SCM tracking and observing the activity of RFID tags.

Smart alerting service

Authenticity log Access control policy log

Audit data log

Authenticity log Audit data log

Authenticity log Access control policy log Audit data log

Access control policy log

Authenticity log

Trace and track viewers

Inventorying – data

SA authentication


Counterfeiting – Tags security : Lightweight public cryptography

SA authentication



SA authentication



SA authentication

Inventorying – data Traceability – location

Sales viewer

Traceability – location

Security and privacy requirements

Production viewer (only manufacturer)

Trace and track viewer/ e-pedigree viewer

Active contexts

Table 7

Behaviour: observe tags patterns

Context indicators

Devices

Scenarios

Context-aware web services for security control and privacy preservation 61

RSC-CAWS preservation of security and privacy requirements in an RFID supply chain

62


Table 7 presents a list of scenarios and context-awareness indicators showing how security and privacy can be preserved in the RSC-CAWS for an RFID-enabled supply chain. We categorise the scenario according to the security and privacy requirements. Next we explain how ECA rules are used to trigger events in the RSC-CAWS. We include the categorisation of privacy and security solutions based on our literature from Figure 2. Overall, we have evaluated different types of security solutions (Mahinderjit-Singh et al., 2011) and we have proved that tag authentication methods that minimise storage needs and use minimal key bits are preferred, such as lightweight public cryptography (e.g., ECC and lightweight protocol). We have included both security and privacy requirements in the Table 7. Next we explain how ECA rules are used to trigger events in the RSC-CAWS.

5.4 Event-conditional-action model for RSC-CAWS RFID-enabled supply chain data are high-speed data streams and are in a large volume (Gao et al., 2004). RFID data management requires continuous analysis of distributed data sources in real-time. CEP provides an effective solution for large volume data and can be used to extract meaningful events for context-aware application as well (Yao et al., 2008; Beer and Christian, 2003). Based on the formalisation of events and event constructors described, CEP rules are defined to specify domain syntax and semantics (Yao et al., 2008). We use ECA-like rules for expression language to describe event patterns since it is easy to use and understand. The generic syntax for ECA is as follows: Rule rule _ id , rule _ name, rule _ group, priority ON event IF condition THEN action1, action 2, ….action n END

where rule_id and rule_name are unique in each rule, it is suggested id and name for a rule; rule_group is a group of semantically related rules; priority defines the priority of the rule; event specifies the event of interest; condition is a Boolean value, action defines a user-defined procedure (e.g., to send an alarm). If a reader mounted at a distributor door detects a tagged wine bottle which has an unauthorised time (TTL) value with genuine read and write value, then an alarm is triggered to inform this mismatch. The rule can be represented as follows: Rule R1, object _ identification

(

ON within e (oe pc, r , t ) ∧ type (oe pc =′ wine′, 10s)

)

IF NOT (SELECT * from DIST _ FRONTDOOR WHERE object _ epc = o _ epc AND location _ epc = r AND TTL ≤ threshold TTL ≤ TTL ± 34 min) Then trigger _ alarm END


63

The value o_epc is the object’s EPC value. The r and t represent reader and timestamp values. 10s is used to show the delay in reading two different tags. The action taken is to trigger the SA to take action such as to remove the wine bottle from the plant. ECA rules can be stored in Layer 4 of the seven-layer trust framework. Benefits of the ECA include easy and secure representation of rules especially with the use of SQL.

6

Conclusions

Our work is motivated by the question of how RFID system context information can be used to control security and preserve privacy in a supply chain environment. This paper presents a novel context-awareness RFID-enabled supply chain framework of web services – referred to by its acronym RSC-CAWS – which aims to tackle security and privacy challenges such as counterfeiting and cloning problems. By using contextual information of RFID events, RFID security and privacy can be controlled and maintained with respect to users’ requirements. The idea of integrating an intelligent web service with security and privacy capabilities can be realised with the trust framework. This new capability enhances the trust framework benefits and increases business owners’ interest and confidence in using RFID technology. Future work should be directed to constructing executable ECA rules for triggers to deal with security attacks in a supply chain environment. Our proposed web services are capable of being used as an integrated solution to RFID security and privacy problems within a supply chain environment. A prototype system that demonstrates the effectiveness of the context-aware web service in an RFID-enabled supply chain needs to be designed and evaluated. The work of obtaining context information for events in the RFID supply chain, the query of services required for the identified contexts and the social and technical requirements for context-aware service provision are completed by employing the seven-layer trust framework. The integrated context-aware service is designed as a web service. The seven-layer trust framework has also been enhanced to comply with the context-aware web service. Introduction of a new technology such as a context-aware system involves evaluation of cost-effectiveness. One limitation of the combination of context awareness and traditional web services is the increased processing cost.

Acknowledgements This work is partially sponsored by Universiti Sains Malaysia.

References Alkhateeb, F., Al Maghayreh, E. and Aljawarneh, S. (2010) ‘A multi agent-based system for securing university campus: design and architecture’, 2010 International Conference on Intelligent Systems, Modelling and Simulation, pp.75–79. Amoroso, E. and Kwapniewski, R. (1998) ‘A selection criteria for intrusion detection systems’, Computer Security Applications Conference, Proceedings, 14th Annual, 7–11 Dec 1998, pp.280–288. Ayoade, J. (2007) ‘Privacy and RFID systems: roadmap to solving security and privacy concerns in RFID systems’, Computer Law and Security Report, Vol. 23, No. 6, pp.555–561.

64


Aziz, Z., Anumba, C.J., Ruikar, D., Carrillo, P.M. and Bouchlaghem, D.N. (2003) ‘Semantic web based services for intelligent mobile construction collaboration’, ITcon, Vol. 9, Special Issue Mobile Computing in Construction, pp.367–379. Bai, Y. and Kobayashi, H. (2003) ‘Intrusion detection systems: technology and development’, presented at Advanced Information Networking and Applications, AINA 2003, 17th International Conference, pp.710–715. Batina, J.G., Kerins, T., Mentens, N., Tuyls, P. and Verbauwhede, I. (2007) ‘Public-key cryptography for RFID-tags’, Proceedings of the Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW’07), pp.217–222. Beer, W and Christian, V. (2003) ‘Modeling context-aware behavior by interpreted ECA rules’, Proceedings of the International Conference on Parallel and Distributed Computing (EUROPAR’03), pp.26–29. Bolotnyy, L. and Robins, G. (2007) ‘Physically unclonable function-based security and privacy in RFID systems’, 2007 Fifth Annual IEEE International Conference on Pervasive Computing and Communications, pp.211–220. Burmester, M. and Medeiros, B. (2007) ‘RFID security: attacks, countermeasures and challenges’, The 5th RFID Academic Convocation, The RFID Journal Conference. Choi, S.H. and Poon, C.H. (2008) ‘An RFID-based anti-counterfeiting system’, IAENG International Journal of Computer Science, Vol. 35, No. 1, pp.1–12. Dey, A.K. (2000) ‘Providing architectural support for building context-aware applications’, PhD Thesis, November 2000, Georgia Institute of Technology. Dey, A.K. and Abowd, G. (1999) ‘Towards a better understanding of context and context-awareness’, HUC ‘99: Proceedings of the 1st International Symposium on Handheld and Ubiquitous Computing, pp.304–307. Dimitriou, T. (2005) ‘A lightweight RFID protocol to protect against traceability and cloning attacks’, Security and Privacy for Emerging Areas in Communications Networks, SecureComm 2005, pp.59–66. Dong Seong, K., Taek-Hyun, S., Byungil, L. and Jong Sou, P. (2006) ‘Access control and authorization for security of RFID multi-domain using SAML and XACML’, presented at International Conference on Computational Intelligence and Security, pp.1587–1590. Gao, X., Wang, H., Shen, J., Huang, J., Song, S. (2004) ‘An approach to security and privacy of RFID system for supply chain’, Proceedings of the IEEE International Conference on ECommerce Technology for Dynamic E-Business (CEC-East’04), pp.164–168. Garfinkel, S., Juels, A., and Pappu, R. (2005) ‘RFID privacy: an overview of problems and proposed solutions’, IEEE Security and Privacy, May–June, Vol. 3, No. 3, pp.34–43. Hargraves, K. and Shafer, S. (2004) Radio Frequency Identification (RFID) Privacy: The Microsoft Perspective, available at http://www.microsoft.com/twc (accessed on 25 August 2008). Haron, N., Saleem, N. and Hasan, M. (2010) ‘An RFID-based campus context-aware notification system’, Journal of Computing, March, Vol. 2, No. 3, pp.122–129. Jongmyung, C. (2010) ‘RFID context-aware systems’, Sustainable Radio Frequency Identification Solutions, INTECH ISBN 978-953-7619-74-0, pp.356–380. Juels, A. (2005) ‘Strengthening EPC tags against cloning’, Proc. of the 4th ACM Workshop on Wireless Security, Cologne, Germany, pp.67–76. Juels, A., Rivest, R. and Szydlo, M. (2003) ‘The blocker tag: selective blocking of RFID tag for consumer privacy’, Conference on Computer and Communications Security – ACM CCS’03, pp.103–111, Washington, DC, USA, October 2003, ACM, ACM Press. Kim, S. (2007) ‘RFID security protocol by lightweight ECC algorithm in advanced language processing and web information technology’, ALPIT 2007, Sixth International Conference on Advanced Language Processing and Web Information Technology, pp.323–328. Kutvonen, S. (2005) ‘Trust management survey’, Proceedings of iTrust 2005, No. 3477 in LNCS, pp.77–92, Springer-Verlag.


65

Lehtonen, M., Michahelles, F. and Fleisch, E. (2007) ‘Probabilistic approach for location-based authentication’, Auto-ID Labs White Paper WP-SWNET-020, Auto-ID Labs ETH Zurich, pp.3–17. Lehtonen, M., Michahelles, F. and Fleisch, E. (2009) ‘How to detect cloned tags in a reliable way from incomplete RFID traces’, in 2009 IEEE International Conference on RFID, Orlando, Florida, 27–28 April 2009, pp.257–264. Li, X, Liu, J., Sheng, Q.Z.S., Zeadally, S. and Zhong, W. (2011) ‘TMS-RFID: temporal management of large-scale RFID applications’, International Journal of Information Systems Frontiers, July, Vol. 13, No. 4, pp.481–500, Springer. Mahinderjit-Singh, M, Li, X. and Li, Z. (2011) ‘A cost-based model for risk management in RFID-enabled supply chain applications’, Supply Chain Management, INTECH ISBN: 978-953-307-184-8, pp.201–236. Mahinderjit-Singh, M., and Li, X. (2009) ‘Trust framework for RFID tracking in supply chain management’, Proc. of The 3rd International Workshop on RFID Technology – Concepts, Applications, Challenges (IWRT 2009), Milan, Italy, 6–7 May 2009, pp.17–26. Mahinderjit-Singh, M., and Li, X. (2010) ‘Trust in RFID-enabled supply-chain management’, International Journal of Security and Networks (IJSN), March, Vol. 5, Nos. 2–3, pp.96–105. Nochta, Z., Staake, T. and Fleish, E. (2006) ‘Product specific security features based on RFID technology’, SAINT Workshops 2006, International Symposium on Applications and the Internet Workshops, pp.72–75. Omar, B. and Ballan, T. (2009) ‘Intelligent wireless web services: context-aware computing in construction-logistics supply chain’, ITcon, Special Issue Next Generation Construction IT: Technology Foresight, Future Studies, Roadmapping, and Scenario Planning, Vol. 14, pp.289–308. Palcic, I. and Lalic, B. (2009) ‘Analytical hierarchy process as a tool for selecting and evaluating projects’, International Journal of Simulation Modelling, Vol. 8, No. 1, pp.16–26. Peris-Lopez, P. and Castro, J.C.H., Estévez-Tapiador, J.M. and Ribagorda, A. (2006) ‘RFID systems: a survey on security threats and proposed solutions’, Proceedings of PWC, pp.159–170. Piramuthu, S. (2008) ‘Lightweight cryptographic authentication in passive RFID-tagged systems’, Proceedings of the first ACM Conference on Wireless Network Security RFID: Applications, Security, and Privacy, Systems, Man, and Cybernetics, Vol. 38, pp.360–376. Potdar, V. and Chang, E. (2006) ‘Tamper detection in RFID tags using fragile watermarking’, IEEE International Conference on Industrial Technology, pp.2846–2852. Ranasinghe, D.C. and Cole, P.H. (2007) ‘EPC network architecture’, in Cole, P.H. and Ranasinghe, D.C. (Eds.): Networked RFID Systems and Lightweight Cryptography: Raising Barriers to Product Counterfeiting, Springer, 1 edition, pp.59–78. Saaty, T.L. (1990) ‘An exposition of the AHP in reply to the paper: remarks on the analytic hierarchy process’, Management Sci., Vol. 36, No. 3, pp.259–268. Sarma, S., Ashton, K. and Brock, D. (1999) ‘The networked physical world’, Technical Report MIT-AUTOID-WH-00, pp.75–286. Schilit, W.N. (1995) ‘A system architecture for context-aware mobile computing’, PhD Thesis, Columbia University. Song, B. and Mitchell, C.J. (2008) ‘RFID authentication protocol for low-cost tags’, Conference On Wireless Network Security Archive, pp.140–147. Staake, T. (2005) ‘Extending the EPC network: the potential of RFID in anti-counterfeiting’, in Proceedings of the 2005 ACM Symposium on Applied Computing, ACM: Santa Fe, New Mexico, pp.1607–1612. Thiesse, F., Floerkemier, C., Harrison, M., Michahellas, F. and Roduner, C. (2009) ‘Technology, standards, and real-world deployments of the EPC network’, Internet Computing, IEEE 13.2, pp.36–43.

66


Truong, H.L. and Dustdar, S. (2007) ‘A survey on context-aware systems’, Journal Of Ad-Hoc and Ubiquitous Computing, Vol. 5, No. 1, pp.5–31. Verisign – Expanding value of Supply Chain (2008) available at http://www.verisign.com/static /DEV044098.pdf (accessed on 20 May 2009). Verisign Inc. (2004) EPC Network Architecture available at http://www.verisign.com/static/ DEV044097.pdf (accessed on 20 June 2008). Wang, C.H., Li, T. and Feng, T. (2008) ‘Context-aware environment-role-based access control model for web services’, International Conference on Multimedia and Ubiquitous Engineering, pp.288–293. Yang, G. and Jarvenpaa, S.L. (2005) ‘Trust and radio frequency identification (RFID) adoption within an alliance’, Proc. of the 38th Hawaii International Conference on System Sciences, p.208a. Yao, W., Chu, C.H., Li, Z. and Mullen, T. (2008) ‘Leveraging complex event processing for RFID applications: a case study in hospitals’, 39th National Conference of Decision Sciences Institute, November 2008, Baltimore, MD, pp.4341–4346. Zamani, Z., Bayat, M., Moeini, A. and Motevalian, A. (2008) ‘Context-aware payment for supply chain: software architecture and formal verification’, Proceedings of the World Congress on Engineering 2008, pp.211–216.