Attack and Defense Mechanisms of Malicious EPC Event Injection in EPC Discovery Service
A supply chain usually involves collaboration among multi-national companies and it is well-known that information sharing is a critical success factor in supply chain management. Electronic Product Code Discovery Service (EPCDS) is a newly proposed concept which allows supply chain companies to sea...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2013
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/2039 http://dx.doi.org/10.1109/RFID-TA.2013.6694532 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-3038 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-30382014-02-04T11:54:04Z Attack and Defense Mechanisms of Malicious EPC Event Injection in EPC Discovery Service SU, Mon Kywe LI, Yingjiu SHI, Jie A supply chain usually involves collaboration among multi-national companies and it is well-known that information sharing is a critical success factor in supply chain management. Electronic Product Code Discovery Service (EPCDS) is a newly proposed concept which allows supply chain companies to search for their unknown partners globally and share information efficiently. As EPCDS contains critical business information about partnership relationship and product movement, access control systems are integrated into EPCDS for privacy protection. Although currently proposed access control systems include authentication and authorization of supply chain companies, they do not consider authentication of business information published by the companies. This vulnerability enables malicious EPC event injection attack, where forged business information are registered to EPCDS by malicious parties. With such exploitation, adversaries can impersonate as legitimate supply chain partners, bypass the access control systems of EPCDS and get access to previously unauthorized information. To the best of our knowledge, our paper is the first to discover the possibility of such attack in EPCDS. Our paper discusses threat model and different types of adversaries for the attack. We then present general defense mechanisms and define the security requirements of preventive measures. We also propose a new prevention mechanism, where pseudo-random numbers are generated by EPC tags and serves as authentication tokens for registering EPC events. Moreover, our paper analyzes how existing solutions, such as tailing, can be modified to detect malicious EPC event injection in EPCDS. 2013-09-04T07:00:00Z text https://ink.library.smu.edu.sg/sis_research/2039 info:doi/10.1109/RFID-TA.2013.6694532 http://dx.doi.org/10.1109/RFID-TA.2013.6694532 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University authorisation business data processing message authentication random number generation supply chains Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
authorisation business data processing message authentication random number generation supply chains Information Security |
| spellingShingle |
authorisation business data processing message authentication random number generation supply chains Information Security SU, Mon Kywe LI, Yingjiu SHI, Jie Attack and Defense Mechanisms of Malicious EPC Event Injection in EPC Discovery Service |
| description |
A supply chain usually involves collaboration among multi-national companies and it is well-known that information sharing is a critical success factor in supply chain management. Electronic Product Code Discovery Service (EPCDS) is a newly proposed concept which allows supply chain companies to search for their unknown partners globally and share information efficiently. As EPCDS contains critical business information about partnership relationship and product movement, access control systems are integrated into EPCDS for privacy protection. Although currently proposed access control systems include authentication and authorization of supply chain companies, they do not consider authentication of business information published by the companies. This vulnerability enables malicious EPC event injection attack, where forged business information are registered to EPCDS by malicious parties. With such exploitation, adversaries can impersonate as legitimate supply chain partners, bypass the access control systems of EPCDS and get access to previously unauthorized information. To the best of our knowledge, our paper is the first to discover the possibility of such attack in EPCDS. Our paper discusses threat model and different types of adversaries for the attack. We then present general defense mechanisms and define the security requirements of preventive measures. We also propose a new prevention mechanism, where pseudo-random numbers are generated by EPC tags and serves as authentication tokens for registering EPC events. Moreover, our paper analyzes how existing solutions, such as tailing, can be modified to detect malicious EPC event injection in EPCDS. |
| format |
text |
| author |
SU, Mon Kywe LI, Yingjiu SHI, Jie |
| author_facet |
SU, Mon Kywe LI, Yingjiu SHI, Jie |
| author_sort |
SU, Mon Kywe |
| title |
Attack and Defense Mechanisms of Malicious EPC Event Injection in EPC Discovery Service |
| title_short |
Attack and Defense Mechanisms of Malicious EPC Event Injection in EPC Discovery Service |
| title_full |
Attack and Defense Mechanisms of Malicious EPC Event Injection in EPC Discovery Service |
| title_fullStr |
Attack and Defense Mechanisms of Malicious EPC Event Injection in EPC Discovery Service |
| title_full_unstemmed |
Attack and Defense Mechanisms of Malicious EPC Event Injection in EPC Discovery Service |
| title_sort |
attack and defense mechanisms of malicious epc event injection in epc discovery service |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2013 |
| url |
https://ink.library.smu.edu.sg/sis_research/2039 http://dx.doi.org/10.1109/RFID-TA.2013.6694532 |
| _version_ |
1770571778660237312 |