Skip to Main Content
The EPCglobal Network is an emerging global information architecture for supporting Radio-Frequency Identification (RFID) in supply chains. Discovery services for the EPCglobal Network are distributed services that serve the following pivotal lookup function: Given an identifier for a real-world object, e.g., an Electronic Product Code (EPC) stored on an RFID tag, they return a list of Internet addresses of services that offer additional information about the object. Since a client's information interests in the EPCglobal Network can be used to create inventory lists and profiles of his physical surroundings, as well as be used for business intelligence on the flow of goods in corporate applications, protecting client privacy becomes crucial. In particular, privacy mechanisms should by design be integrated into discovery services where the client's information interests could be analyzed by many potential adversaries. This paper introduces SHARDIS, a privacy-enhanced discovery service for RFID information based on the peer-to-peer paradigm. The idea is to enhance confidentiality of the client's query against profiling by cryptographically hashing the search EPC and by splitting and distributing the service addresses of interest. Furthermore, a probabilistic analysis of the privacy benefits of SHARDIS is presented. SHARDIS was implemented using the global research platform PlanetLab. Several performance experiments show its practical feasibility for many application areas.