RFID Research Project Examining Security and Privacy in the Supply Chain

The Ko-RFID research project, sponsored by the German Federal Ministry of Economics and Technology, addresses RFID and collaboration, and the impact of the former on the latter within the supply chain. The project is divided into nine sub-projects, each approaching the main research questions from a different angle, according to a university statement.

Initiated by Humboldt-Universität zu Berlin, the Ko-RFID project was started in August 2006 and is dedicated to studying the impact that RFID technology might have on the coordination and cooperation processes within an RFID-enabled supply chain. The project is split into nine modules, each having its own objectives and responsibility for certain aspects of the general problem area, according to the university.

The primary focus of the “Privacy and Security” module addresses security aspects of data storage, processing and sharing in the RFID-enabled supply chain. The objective of the research activities is to evaluate and produce solutions for security threats in the supply chain under the specific conditation that it consists of a number of cooperating but to some extent or at a specific point in time also competing companies.

The overall project team comprises researches from universities (Humboldt-Universität zu Berlin, Otto-von-Guericke-University) and industry partners (GERRY WEBER AG, SAP Research) who will cooperatively produce a set of requirements, recommendations and solutions that address security issues in scenarios where certain logistic processes rely on RFID technology.

The distinctive feature of the research is its emphasis on the security problems that are specific to B2B scenarios. So far research was mostly concerned with privacy problems that arise when end-customers interact with RFID-labeled items. Nevertheless, the introduction of RFID technology in the supply chain significantly increases the amount of stored and processed data and provides new possibilities for data sharing and data mining. Therefore our research focusses on the protection of RFID specific data that the companies may see as sensitive or private. That includes protection from unauthorized reading or modification of the data, either by third-parties or by supply chain partners, ensuring the authenticity of the data and managing controlled access to that data in order to provide secure and efficient data sharing mechanism. Additionally, it will be examined how the restrictions, which are inevitable when certain security measures are implemented, may affect the usability of the systems and efficiency of the data access and exchange.

In the first project step, a variety of supply chains will be grouped in a number of general scenarios and evaluated against potential RFID-specific security threats. Then by relying on classical approaches and by utilizing information collected from industry partners, a set of security requirements will be developed for each scenario, according to the statement. The requirements will be compared against existing and proposed solutions, and should discrepancies between requirements and functionality be found, the solutions will be updated or redesigned. The module is to be concluded with the implementation of proposed solutions in a prototype, to demonstrate the results and serve as a proof of concept.