Credential Management for Automatic Identification Solutions in Supply Chain Management

Current systems for automatic identification of goods presume a single administrative domain. However, in supply chain management systems temporary cooperations of multiple companies exist, and the usage of one identification device, such as a radio-frequency identification (RFID) tag, per company is infeasible for reasons of costs, space requirements, traceability, and higher collision rate. This paper analyzes the security requirements resulting from the usage of a single tag for multiple companies and proposes a novel system architecture and accompanying cryptographic protocols that address the security objectives entity authentication, controlled access, data confidentiality and integrity, as well as untraceability of RFID tags. The architecture is designed to provide high availability and graceful degradation in case of compromise of system parts. The results of an implementation and simulation study give insights on appropriate data structures for realizing key functionality, and demonstrate the feasibility with off-the-shelf hardware.