We illustrate the security and adaptive access control mechanism for secure enhanced .... For these, it is basically required digital signature, data protection or ...
The RFID Middleware System Supporting Context-Aware Access Control Service Jieun Song and Howon Kim Information Security Division, Electronics and Telecommunications Research Institute 161 Gajeong-Dong, Yuseong-Gu, Daejeon, 305-350, Republic of Korea, { happybirds, khw trreikr3 Abstract - Recently, the RFID (Radio Frequency Identification) technology attracts the world market attention as
essential technology for ubiquitous environment realization. The RFID market has been extended focusing on RFID software like as high-valued e-business applications, RFID middleware and related development tools. However, due to the high sensitivity of data and service transaction within the RFID network, security considerations must be addressed. In order to guarantee trusted e-business based on RFID technology, we propose a security enhanced RFID middleware system. That is, we descript architecture and technique of middleware support context-aware access control service. Our proposals are compliant with EPCglobal ALE(Application Level Events), standard interface for middleware and its clients. We illustrate the security enhanced middleware architecture and operation sequence for access control service with
description.
Existing RFID middleware standards of EPC-global don't mention it but describes only fundamental functions and roles as middleware.
We present background material in section 2, summarizing EPCglobal RFID middleware features and network architecture relevant to our work. We describe attacks and
security considerations in EPCglobal RFID network as well.
We consider the problems of service authority via untrusted or middleware clients. In section 4, we propose security architecture and techniques for security enhanced middleware system, i.e., access-control features from the EPCglobal standard. That is, we build more secure and adaptive access control mechanism for secure environment by referring context-aware primitives. Finally, We conclude in section 5 with avenues for further research.
application system
Keywords RFID Middleware, Application Level Event, Access Control Service
2. Related Works 2.1 EPCglobal RFID Middleware
1. Introduction The need for identification of various products and goods increases in our automated world. Every today's business products must be identified during its way from producer to consumer, or in use, a lot of times. Using RFID (Radio Frequency Identification) system is a good approach for automated identification of products. In actuality, RFID technology is already adapted and deployed in a wide area of applications, including supply chain management, retail, anti-counterfeiting, security and healthcare. Moreover, the market requires more various types of middleware software platform to share the RFID tag information with distributed systems and make the high-valued application service. The areas related to RFID middleware platform have dominated the RFID market and research themes in these days in accordance with these demands. Unfortunately, there are no mechanisms defined for identification or access control to secure RFID-related information against illegal attacker or unauthorized client. In some cases, to secure RFID-related data is very important and necessary, when the data is abused by malicious attackers or competitions. So it is necessary to secure RFID tag and related event information, that is, to prevent unauthorized system to take the data illegally. Specially, access control service for RFID middleware system is very important. However,
ISBN 89-5519- 129-4
The EPCglobal NetworkTM is a set of global technical standards aimed at enabling automatic and instant identification of items in the supply chain and sharing the information throughout the supply chain. The set of standards focuses on UHF (Ultra High Frequency) tags and aims to provide a numbering system for unique identification and define how data is stored and transferred. The EPCglobal NetworkTM consists of five fundamental elements: the ID System (EPC Tags and Readers), Electronic Product Code (EPC), EPC Middleware, Object Name Service (ONS) and EPC Information Services (EPCIS). The EPC, which sits on the tags, is basically a number designed to uniquely identify an individual object in the supply chain. The EPC is communicated to readers and then ONS translates the EPC to internet addresses, where further information on the object may be found. To handle the vast amount of exchanged information, RFID middleware manages the data in a way that reduces network traffic and provides a software interface standards - ALE for services enabling data exchange between an EPC reader or network of readers and information systems. EPCIS enables users to exchange EPC-related data with trading partners through the EPCglobal network. In order to protect security asset against threats as the upside, the RFID middleware system need to provide security
- 863 -
Feb..20-22, 2006 ICA0T2006
countermeasure. In special, unauthorized users may try to access the ALE service (e.g., stored tag data, ALE service configuration, reader management, middleware resource management, notification report accepter) and it brings the untrusted and confused e-business application systems.
needed for providing trust services to e-business based on RFID.
identification and Authentication: The ALE service provider must identify the clients and authenticate to prevent illegal clients access the service. 2) Data Transport Protection: In order to protect the data transported between ALE service provider and clients 1)
fNS( Q11rne 11ect
the ALEs.ervice
for the integrity, confidentiality, freshness and so on.
~~~~3)Service Access Control: Unauthorized users may try to access the AL service (e.g., stored tag data ALTE
l ..............B.
er.p.se
providSer buildle the sculrity fulnctions
....pli.cat.i........r
_ l l X l l l l l lservice Slil rE1l 1lilililil-
l l I I I I I II I II I
r
consider the security requirements and do not provide ~~~~~~~~~not
~~~~
W~~~~~~apability,.
R_,,ader
Tag.C Code)
'S '
