RFID Product Authentication in EPCglobal Network

Estimated by the International Chamber of Commerce (ICC) in 2006, nearly 5-7% of the global world trade is in counterfeit goods, with the counterfeit market being worth approximately US$600 billion annually. Existing technical countermeasures, such as holograms, smart cards, biometric markers and inks, represent a flexible portfolio of solutions against some counterfeiting behaviors. Recently, RFID was reportedly used in product authentication solutions to achieve a higher degree of automation when checking the authenticity of a product. For example, Euro banknotes are attached with RFID chips to combat counterfeiting by European Central Bank. The United States Food and Drug Administration (US FDA) has issued a report that endorses RFID as a tool to combat counterfeiting of pharmaceuticals. So far, these RFID-based solutions seem pretty promising [28]. With wide adoption of RFID technology witnessed in various industries, the future of RFID for product authentication purpose looks optimistic. The main objective of a product authentication solution is to distinguish a genuine product from a fake one. The basic concept of applying RFID to product authentication lies in its original function of identification. Imagine a scenario in the future, in which every object will be attached with an RFID tag that contains a unique number belonging to the object. Once the tag is interrogated, the unique object number is emitted and interpreted by the back-end system to identify the object. If, for instance, all the unique object numbers are stored in a database, we can then check the database to verify the identity of an object. Unfortunately, identification alone is insufficient for solving the anti-counterfeiting problem. Problems exist in such a straightforward solution. For example, the unique object number can be eavesdropped and copied onto blank tags to produce clones, and the database would not be able to distinguish a legitimate tag from a cloned tag containing the same object number. There are many other ways to attack such a simplified identification system. For example, in a “tag removal and reapply” attack, counterfeiter can remove a tag from an authentic product, perform reverse engineering on the tag to extract out key attributes, and replicate these attributes onto blank tags. In fact, product authentication has stronger requirements on security and needs a more complex system to implement. RFID-based product authentication solutions leverage on the benefits provided by the RFID tags and the back-end information system within the RFIDO pe n A cc es s D at ab as e w w w .in te ch w eb .o rg