{"title":"Password Management for EPC Class 1 Generation 2 Transponders","authors":"Claus Wonnemann, Jens Strüker","doi":"10.1109/CECandEEE.2008.98","DOIUrl":null,"url":null,"abstract":"RFID systems compliant to the widely-used standard EPC class 1 generation 2 lack effective security mechanisms. We show that passwords used to protect critical functionality can be obtained by attackers with only moderate effort. Since more capable systems are not likely to replace the current standard in the medium term, it is crucial to embed the deployment of RFID technology into IT-ecosystems that ensure a minimization of the potential damage caused by an attack. This objective can be achieved by using transponder-individual passwords. The associated challenge of an efficient and scalable password management remains one of most pressing problems of an enterprise-spanning RFID deployment, however. In this paper, we present two approaches for a password management infrastructure and describe their integration into a retailer's processes.","PeriodicalId":58336,"journal":{"name":"电子商务评论","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2008-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"电子商务评论","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1109/CECandEEE.2008.98","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
RFID systems compliant to the widely-used standard EPC class 1 generation 2 lack effective security mechanisms. We show that passwords used to protect critical functionality can be obtained by attackers with only moderate effort. Since more capable systems are not likely to replace the current standard in the medium term, it is crucial to embed the deployment of RFID technology into IT-ecosystems that ensure a minimization of the potential damage caused by an attack. This objective can be achieved by using transponder-individual passwords. The associated challenge of an efficient and scalable password management remains one of most pressing problems of an enterprise-spanning RFID deployment, however. In this paper, we present two approaches for a password management infrastructure and describe their integration into a retailer's processes.