密码管理的EPC类1代2转发器

电子商务评论 Pub Date : 2008-07-21 DOI:10.1109/CECandEEE.2008.98

Claus Wonnemann, Jens Strüker

{"title":"密码管理的EPC类1代2转发器","authors":"Claus Wonnemann, Jens Strüker","doi":"10.1109/CECandEEE.2008.98","DOIUrl":null,"url":null,"abstract":"RFID systems compliant to the widely-used standard EPC class 1 generation 2 lack effective security mechanisms. We show that passwords used to protect critical functionality can be obtained by attackers with only moderate effort. Since more capable systems are not likely to replace the current standard in the medium term, it is crucial to embed the deployment of RFID technology into IT-ecosystems that ensure a minimization of the potential damage caused by an attack. This objective can be achieved by using transponder-individual passwords. The associated challenge of an efficient and scalable password management remains one of most pressing problems of an enterprise-spanning RFID deployment, however. In this paper, we present two approaches for a password management infrastructure and describe their integration into a retailer's processes.","PeriodicalId":58336,"journal":{"name":"电子商务评论","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2008-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Password Management for EPC Class 1 Generation 2 Transponders\",\"authors\":\"Claus Wonnemann, Jens Strüker\",\"doi\":\"10.1109/CECandEEE.2008.98\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"RFID systems compliant to the widely-used standard EPC class 1 generation 2 lack effective security mechanisms. We show that passwords used to protect critical functionality can be obtained by attackers with only moderate effort. Since more capable systems are not likely to replace the current standard in the medium term, it is crucial to embed the deployment of RFID technology into IT-ecosystems that ensure a minimization of the potential damage caused by an attack. This objective can be achieved by using transponder-individual passwords. The associated challenge of an efficient and scalable password management remains one of most pressing problems of an enterprise-spanning RFID deployment, however. In this paper, we present two approaches for a password management infrastructure and describe their integration into a retailer's processes.\",\"PeriodicalId\":58336,\"journal\":{\"name\":\"电子商务评论\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-07-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"电子商务评论\",\"FirstCategoryId\":\"91\",\"ListUrlMain\":\"https://doi.org/10.1109/CECandEEE.2008.98\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"电子商务评论","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1109/CECandEEE.2008.98","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

RFID系统符合广泛使用的标准EPC第1类第2代缺乏有效的安全机制。我们表明，用于保护关键功能的密码可以由攻击者获得，只需适度的努力。由于更强大的系统不太可能在中期取代目前的标准，因此将RFID技术的部署嵌入到it生态系统中，以确保将攻击造成的潜在损害降到最低，这一点至关重要。这一目标可以通过使用应答器独立密码来实现。然而，有效和可扩展密码管理的相关挑战仍然是跨企业RFID部署中最紧迫的问题之一。在本文中，我们提出了密码管理基础设施的两种方法，并描述了它们与零售商流程的集成。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Password Management for EPC Class 1 Generation 2 Transponders

RFID systems compliant to the widely-used standard EPC class 1 generation 2 lack effective security mechanisms. We show that passwords used to protect critical functionality can be obtained by attackers with only moderate effort. Since more capable systems are not likely to replace the current standard in the medium term, it is crucial to embed the deployment of RFID technology into IT-ecosystems that ensure a minimization of the potential damage caused by an attack. This objective can be achieved by using transponder-individual passwords. The associated challenge of an efficient and scalable password management remains one of most pressing problems of an enterprise-spanning RFID deployment, however. In this paper, we present two approaches for a password management infrastructure and describe their integration into a retailer's processes.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

电子商务评论

自引率

0.00%

发文量