Skip to Main Content
Unauthorized tracking of RFID tagged assets at the system level, where an adversary tracks movement of RFID tagged assets by eavesdropping network messages or compromising date center servers, has not been well recognized in prior research. Compared to the traditional unauthorized tracking by clandestine scanning at the physical level, unauthorized tracking at the system level could be even more harmful as the adversary is able to obtain tracking information on a global scale and without physical presence. This paper analyzes the threat of unauthorized tracking by a semi-trusted RFID Discovery Service which maintains a database of RFID tag location records in the current industrial standard EPCglobal Network. We propose a pseudonym-based design to mitigate this threat. Our design protects against Discovery Service database reading attack and provides efficient key management and access control. The design is backward compatible with the existing communication protocols and database schemas of RFID Discovery Service.