Secure and Practical Key Distribution for RFID-Enabled Supply Chains

In this paper, we present a fine-grained view of an RFIDenabled supply chain and tackle the secure key distribution problem on a peer-to-peer base. In our model, we focus on any pair of consecutive parties along a supply chain, who agreed on a transaction and based on which, certain RFID-tagged goods are to be transferred by a third party from one party to the other as in common supply chain practice. Under a strong adversary model, we identify and define the security requirements with those parties during the delivery process. To meet the security goal, we first propose a resilient secret sharing (RSS) scheme for key distribution among the three parties and formally prove its security against privacy and robustness adversaries. In our construction, the shared (and recovered) secrets can further be utilized properly on providing other desirable security properties such as tag authenticity, accessibility and privacy protection. Compared with existing approaches, our work is more resilient, secure and provides richer features in supply chain practice. Moreover, we discuss the parameterization issues and show the flexibility on applying our work in real-world deployments.