APP: An Ultralightweight Scheme to Authenticate ONS and Protect EPC Privacy without Cryptography in EPCglobal Networks

EPCglobal network is used to share product data between trading partners, which was proposed by EPCglobal. Object Name Service (ONS) in EPCglobal framework raises two critical security risks: the authenticity of IP addresses for Physical Markup Language (PML) servers and the privacy of Electronic Product Codes (EPCs). Existing work considers either the IP address authentication or the EPC privacy. In addition, that work mainly relies on cryptographic tools, in which key distribution is not a trivial task and also causes a large amount of computation overhead. In this paper, we make the first attempt to solve those two security risks together without relying cryptography. We propose a scheme, namely, APP (authenticate ONS and protect EPC privacy), to guarantee the authenticity of IP addresses for PML servers as well as EPC privacy and to maintain ultralightweight computation cost. Moreover, we give formal definition of the authenticity and the privacy in ONS context. The security achievements are strictly analyzed and proved. The extensive analysis results justify the applicability of the proposed scheme. © 2013 Wei Ren et al.