Table of Contents
Fetching ...

A Systematic Security Analysis for Path-based Traceability Systems in RFID-Enabled Supply Chains

Fokke Heikamp, Lei Pan, Robin Doss, Rolando Trujillo-Rasua, Sushmita Ruj

TL;DR

The paper addresses the problem of insecure path-based traceability in RFID-enabled supply chains by introducing a unified security framework that models traceability as reader sequences and events such as $Move(t,r)$ and $Path(t,r_1,\dots,r_n)$. It defines a formal taxonomy of path-based properties (sound, complete, sorted, and authorized) and two adversary models ($Adv_T$ and $Adv_R$) to enable objective, large-scale evaluation. Applying the framework to 17 traceability solutions, the authors identify widespread vulnerabilities including path privacy flaws, out-of-order attacks, and impersonation or authorization weaknesses, highlighting the gap between formal path-centric security and practical traceability designs. The study argues that path completeness and secure distribution of valid paths are critical and often neglected, and it provides a taxonomy and methodology that can guide future traceability system design and verification. Overall, the work offers a rigorous, path-centered lens for assessing RFID traceability security and sets the stage for formal verification and broader technology scopes in future research.

Abstract

Traceability systems have become prevalent in supply chains because of the rapid development of RFID and IoT technologies. These systems facilitate product recall and mitigate problems such as counterfeiting, tampering, and theft by tracking the manufacturing and distribution life-cycle of a product. Therefore, traceability systems are a defense mechanism against supply chain attacks and, consequently, have become a target for attackers to circumvent. For example, a counterfeiter may change the trace of a fake product for the trace of an authentic product, fooling the system into accepting a counterfeit product as legit and thereby giving a false sense of security. This systematic analysis starts with the observation that security requirements in existing traceability solutions are often unstructured or incomplete, leaving critical vulnerabilities unaddressed. We synthesized the properties of current state-of-the-art traceability solutions within a single security framework that allows us to analyze and compare their security claims. Using this framework, we objectively compared the security of $17$ traceability solutions and identified several weaknesses and vulnerabilities. This article reports on these flaws, the methodology we used to identify them, and the first security evaluation of traceability solutions on a large scale.

A Systematic Security Analysis for Path-based Traceability Systems in RFID-Enabled Supply Chains

TL;DR

The paper addresses the problem of insecure path-based traceability in RFID-enabled supply chains by introducing a unified security framework that models traceability as reader sequences and events such as and . It defines a formal taxonomy of path-based properties (sound, complete, sorted, and authorized) and two adversary models ( and ) to enable objective, large-scale evaluation. Applying the framework to 17 traceability solutions, the authors identify widespread vulnerabilities including path privacy flaws, out-of-order attacks, and impersonation or authorization weaknesses, highlighting the gap between formal path-centric security and practical traceability designs. The study argues that path completeness and secure distribution of valid paths are critical and often neglected, and it provides a taxonomy and methodology that can guide future traceability system design and verification. Overall, the work offers a rigorous, path-centered lens for assessing RFID traceability security and sets the stage for formal verification and broader technology scopes in future research.

Abstract

Traceability systems have become prevalent in supply chains because of the rapid development of RFID and IoT technologies. These systems facilitate product recall and mitigate problems such as counterfeiting, tampering, and theft by tracking the manufacturing and distribution life-cycle of a product. Therefore, traceability systems are a defense mechanism against supply chain attacks and, consequently, have become a target for attackers to circumvent. For example, a counterfeiter may change the trace of a fake product for the trace of an authentic product, fooling the system into accepting a counterfeit product as legit and thereby giving a false sense of security. This systematic analysis starts with the observation that security requirements in existing traceability solutions are often unstructured or incomplete, leaving critical vulnerabilities unaddressed. We synthesized the properties of current state-of-the-art traceability solutions within a single security framework that allows us to analyze and compare their security claims. Using this framework, we objectively compared the security of traceability solutions and identified several weaknesses and vulnerabilities. This article reports on these flaws, the methodology we used to identify them, and the first security evaluation of traceability solutions on a large scale.
Paper Structure (13 sections, 6 equations, 6 figures, 4 tables)

This paper contains 13 sections, 6 equations, 6 figures, 4 tables.

Figures (6)

  • Figure 1: Our RFID-enabled Traceability Model
  • Figure 2: Taxonomy for Path-based Attacks
  • Figure 3: A single step of RF-chain
  • Figure 4: ReSC
  • Figure 5: SecTTS
  • ...and 1 more figures

Theorems & Definitions (4)

  • Definition 1: Physical Path
  • Definition 2: Path-based properties
  • Definition 3: Authorization
  • Definition 4: Path Privacy