demonstration

Encryption-enforced access control for an RFID discovery service

Authors:

Florian Kerschbaum,

Leonardo Weiss Ferreira ChavesAuthors Info & Claims

SACMAT '12: Proceedings of the 17th ACM symposium on Access Control Models and Technologies

Pages 127 - 130

https://doi.org/10.1145/2295136.2295161

Published: 20 June 2012 Publication History

Abstract

In this demonstration we present a novel encryption scheme for enforcing access control in a Discovery Service. A Discovery Service is a piece of software that allows one to "discover" item-level data which is stored in data repositories of different companies. Such data can be gathered with the help of Radio Frequency Identification or 2D bar codes. Our software allows the data owner to enforce access control on an item-level by managing the corresponding keys. Data remains confidential even against the provider of the Discovery Service. We present three ways of querying data and evaluate them with databases containing up to 50 million tuples.

References

[1]

S. Beier, T. Grandison, K. Kailing, and R. Rantzau. Discovery Services - Enabling RFID Traceability in EPCglobal Networks. In Proceedings of the 13th International Conference on Management of Data COMAD'06, 2006.

[2]

M. Eurich, N. Oertel, and R. Boutellier. The impact of perceived privacy risks on organization's willingness to share item-level event data across the supply chain. Electronic Commerce Research, 10:3--4, 2010.

Digital Library

[3]

B. Fabian, O. Günther, and S. Spiekermann. Security Analysis of the Object Name Service. In Proceedings of the International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing SECPERU'05, 2005.

[4]

K. Finkenzeller. RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification. John Wiley & Sons, Inc., 2003.

Digital Library

[5]

F. Kerschbaum. Simple Cross-Site Attack Prevention. In Proceedings of the 3rd International Conference on Security and Privacy in Communication Networks SecureComm'07, 2007.

[6]

F. Kerschbaum. An Access Control Model for Mobile Physical Objects. In Proceedings the 15th ACM Symposium on Access Control Models and Technologies SACMAT'10, 2010.

Digital Library

[7]

F. Kerschbaum and N. Oertel. Privacy-Preserving Pattern Matching for Anomaly Detection in RFID Anti-Counterfeiting. In Proceedings of the Workshop on RFID Security RFIDsec'10, 2010.

Digital Library

[8]

F. Kerschbaum and A. Sorniotti. RFID-Based Supply Chain Partner Authentication and Key Agreement. In Proceedings of the 2nd ACM Conference on Wireless Network Security WISEC'09, 2009.

Digital Library

[9]

F. Kerschbaum and O. Terzidis. Filtering for Private Collaborative Benchmarking. In Proceedings of the International Conference on Emerging Trends in Information and Communication Security ETRICS'06, 2006.

Digital Library

[10]

F. Kerschbaum and L. Weiss Ferreira Chaves. Secure Sharing of Item-level Data in the Cloud. In Proceedings of the 4th IEEE Conference on Cloud Computing CLOUD'11, 2011.

Digital Library

[11]

F. Kerschbaum and L. Weiss Ferreira Chaves. Encrypted Searchable Storage of RFID Tracking Data. In Proceedings of the 13th IEEE International Conference on Mobile Data Management MDM'12, 2012.

Digital Library

[12]

A. Melski, L. Thoroe, and M. Schumann. Managing RFID data in supply chains. International Journal of Internet Protocol Technology (IJIPT), 2(3/4):176--189, 2007.

Digital Library

[13]

B. Santos and L. Smith. RFID in the Supply Chain: Panacea or Pandora's Box? Communications of the ACM, 51(10):127--131, 2008.

Digital Library

[14]

S. Sarma, D. Brock, and D. Engels. Radio frequency identification and the electronic product code. IEEE Micro, 21(6):50--54, 2001.

Digital Library

[15]

L. Weiss Ferreira Chaves and F. Kerschbaum. Industrial Privacy in RFID-based Batch Recalls. In Proceedings of the International Workshop on Security and Privacy in Enterprise Computing In SPEC'08, 2008.

Digital Library

Cited By

Liu BChu C(2015)Relationship-based federated access control model for EPC Discovery ServiceComputers and Security10.1016/j.cose.2015.06.00355:C(251-270)Online publication date: 1-Nov-2015
https://dl.acm.org/doi/10.1016/j.cose.2015.06.003
Pardal MHarrison MSarma SMarques J(2012)Performance assessment of XACML authorizations for Supply Chain Traceability Web Services2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN)10.1109/CASoN.2012.6412432(378-383)Online publication date: Nov-2012
https://doi.org/10.1109/CASoN.2012.6412432

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '12: Proceedings of the 17th ACM symposium on Access Control Models and Technologies

June 2012

242 pages

ISBN:9781450312950

DOI:10.1145/2295136

General Chairs:
Vijay Atluri
Rutgers University, USA
,
Jaideep Vaidya
Rutgers University, USA
,
Program Chairs:
Axel Kern
Beta Systems Software AG, Germany
,
Murat Kantarcioglu
University of Texas at Dallas, USA

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 June 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Demonstration

Conference

SACMAT '12

Sponsor:

SIGSAC

SACMAT '12: 17th ACM Symposium on Access Control Models and Technologies

June 20 - 22, 2012

New Jersey, Newark, USA

Acceptance Rates

SACMAT '12 Paper Acceptance Rate 19 of 73 submissions, 26%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
151
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Liu BChu C(2015)Relationship-based federated access control model for EPC Discovery ServiceComputers and Security10.1016/j.cose.2015.06.00355:C(251-270)Online publication date: 1-Nov-2015
https://dl.acm.org/doi/10.1016/j.cose.2015.06.003
Pardal MHarrison MSarma SMarques J(2012)Performance assessment of XACML authorizations for Supply Chain Traceability Web Services2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN)10.1109/CASoN.2012.6412432(378-383)Online publication date: Nov-2012
https://doi.org/10.1109/CASoN.2012.6412432

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten