Applying RBAC Security Control Model to Manufacturing and ... · logistics information for an efficient logistics processing service in the RFID-based international logistics service

1. Introduction

The RFID (Radio Frequency Identification)system uses wireless telecommunicationtechnology, making it feasible to identify RFIDtag information without direct contact.Therefore, it has more advantages than thepreviously used bar code system. In otherwords, it is possible to read multi-tags at a time,by using frequency, without having to havedirect contact with the tag. Due to such anadvantage of RFID, it is now being generalizedto apply so-called customized services, whichcan manufacture and deliver products based ondiverse requirements from customers, byutilizing RFID. Various business solutionsbased on RFID are appeared and optimized forSCM (Supply Chain Management) [1]. It isnow feasible to acquire visibility of the flow ofproducts, in the course of manufacture, or adistribution system. Using RFID improveswork efficiency, and enables more effectivemanagement of stocks and tracing of productsin overall logistics movement. A furtheradvantage is offered, in that the level ofintegrity can be enhanced, while reducing theloss rate of the product [2, 3]. However, apriority is to solve the issue of security oflogistics information for an efficient logistics

processing service in the RFID-basedinternational logistics service platform.Security policies and privacy issues need to beaddressed, as diverse types of threat occur,based on characteristics of the RFID-basedlogistics environment, including piracy,location tracing, and physical attack, as well asthreats to the security of product information.

These threats serve to impede the developmentand distribution of technology for themanagement of the RFID technology-basedlogistics environment. EPCglobal Networkprovides standards for the structure, meaningand delivery method of RFID tag information[2]. And each company manages all theinformation derived from the EPCglobalNetwork. Here, EPCglobal Network is able toenhance efficiency of the delivery anddispersed management of EPC (ElectronicProduct Code) information, but is not capableof removing all of the threatening factors.

In this paper, we propose an RBAC-basedsecurity control model in order to protect andguarantee the integrity of products andreliability of the international logistics serviceplatform based on RFID.

RBAC based security model can be used in thearchitecture of the EAF(Enterprise Application

Studies in Informatics and Control, Vol. 24, No. 3, September 2015 http://www.sic.ici.ro 339

Applying RBAC Security Control Model to

Manufacturing and Logistics Service Platform

Moon Sun SHIN1, Yong Wan JU2, Hyun Kyu Kang1, Seon Phil JEONG3

1 Dept. of Computer Engineering, Konkuk University,268 Chungwon-daero, Chungju-si, Chungbuk, 380-701, Republic of Korea,[email protected] (Corresponding Author); [email protected].

2 Division of Industry Development, Korea Internet & Security Agency,Songpa-gu, Seoul,138-950, Republic of Korea,[email protected]

3 Division of Technology and Science, BNU-HKBU United International College,China,[email protected]

Abstract: The recent RFID-based logistics environment enables significant improvement of business efficiency. However, tosupport an efficient logistics processing service in the RFID-based international logistics service platform, it is required securityrisk analysis and security control model. In this paper, we have analyzed and figured out requirements of the security for theefficient international RFID-based logistics service. It is possible to construct own security policy for each enterprise usingRBAC. The security policy includes definition of subjects, objects, permissions, roles, role hierarchy and constraints of theenterprise. And we proposed an RBAC-based security control model, reflecting security requirements in an international logisticsprocess and constraints of the access control model have been represented as UML. We presented example scenario andimplemented the prototype system for the verification of the proposed security model for international logistics. The proposedsecurity control model is useful to reduce business risk in international logistics.

Keywords: RFID, International Logistics, RBAC, Security Control, Access Control Constraints.

Framework) for each enterprise to construct itsown security policy such as roles, permissions,sessions and constraints of the organization.Existing RFID-based international logisticsplatforms could become exposed to threats andsecurity risks. Therefore we need flexiblesecurity control model for the protection of notonly RFID threats but also enterprise levelrisks. RBAC is a powerful and flexible securityaccess control model. So it can be applied tosolve these problems.

The rest of the paper is organized as follows.Section 2 describes the security guideline of theRFID system. We explain requirements ofsecurity in the EPC network application servicebased on RFID in section 3 and figure outsecurity analysis in section 4. In section 5, wepropose an RBAC-based security control modelfor the international logistics process andrepresent constraints of access control usingUML. And section 6 contains example scenarioand implementation of the proposed securitymodel. Lastly a brief conclusion is presented insection 7.

2. Related Works

The EPCglobal architecture framework is to beserviced for a mutual goal that intensifies thedistribution/supply network by using EPC.EPCglobal network is a system that grants anidentification number on a product based onRFID technology and EPC code, and conveysinformation related to the product for suppliersand consumers, by connecting a storage spaceof information into the network. In other words,EPCglobal network serves as a standard thatmakes it feasible to collect more than one EPCdata from multiple-data resources, such asRFID reader, and report them in diverse form,by filtering and grouping them according tocustomized order from consumers, and to storedata processed on the EPC IS (InformationServices). EPCglobal network providesindependence between application businesslogics and infrastructure components.

In various fields of application, an RFIDapplication system operating based on theEPCglobal network is applicable on the basis ofan Inter-Enterprise Architecture frame, asshown in Figure 1. Regardless of being a formof open network or closed network, the basicstructure operates as an application service,through connection with an enterprisesubsystem [1, 2].

Figure 1. Inter-Enterprise Architecture of RFID-based EPCIS (from NIST report)

The security control in EPCglobal securityguideline is designed in order to reduce businessrisk related to the RFID system [3]. Systemmanagement for security control indicates apolicy required for RFID system managementand maintenance for security, and this is relatedto risk evaluation, system design, and systemcertification, etc. In other words, important data,such as personal information, should be stored inthe enterprise subsystem, instead of a tag, and besearchable by using the tag ID. Only anauthorized person is eligible to access this.Therefore, in terms of costs, encryption andaccess control are more efficient to beimplemented on the enterprise subsystem, ratherthan on the RF subsystem. However, if using anidentifier of EPC format that has already beenexposed, attackers might be able to interceptimportant information, and the enterprisesubsystem also faces the risk of being exposedto attack on data through a network.

Security control and security policy involvedwith an RFID subsystem, network, anddatabase, must allow only pre-approved rolesof individuals and organizations on a RFIDsystem operation. Protection of peripherals andsubsystem that contain access control, port, andprotocol of RFID, password management,RFID security education, and cipher systemmanagement, are all related to security policy.Therefore, this policy is applicable forrealization of an RFID system that is related tothe enterprise subsystem.

The most general technical parts of securitypolicy for a subsystem of the RFID system arepassword, authorization of key-hash message,and digital signature.

Examples of risk factors of attack areunauthorized reading, writing, tag copying,user spoofing, RFID physical destruction, andunjustified behavior involving the servicing of

http://www.sic.ici.ro Studies in Informatics and Control, Vol. 24, No. 3, September 2015340

unapproved commands. The advantage ofpolicies for physical access control designed inorder to prevent them, is that it enables to limitthe possibilities of attack approaching the RFIDsystem components. However, there existweaknesses of attack from inside or attack offrequency interruption.

In addition, installing tags and readers in aproper location can avoid risk and interruptionof electromagnetic radiation. It should be notedthat users should be properly educated, to befamiliar with knowledge and skills of security,how to identify unauthorized usage, and whereto report, if they detect violation, etc.

Access control has many advantages to managesecurity control related on integrity, availabilityand confidentiality. Traditional access controlincludes MAC (Mandatory Access Control),DAC (Discretionary Access Control) and RBAC(Role based Access Control). RBAC is veryuseful and can be applied various applications.

3. Security Requirements of an

RFID System

An RFID system consists of tag, reader, server(middle-ware and application service platform),and is used by connecting with a wire/wirelesstelecommunication network. A tag is located onthe network with information that enablessubjects to be identified, and a reader collects,processes, sends, and receives information ofsubjects. The server implements an applicationprocess, by utilizing information of thesubjects. In this chapter, it is intended todescribe the security risk of tag, reader, andantenna that are major components of an RFIDsystem, and requirements of security thatspecifically consider them.

3.1 Tag security

A specific password is granted on the tag forauthorization, as a security control measure fora tag that contains basic product codeinformation. A password should be assigned toeach tag, since it might be used for physicallyprotecting an ambient environment to preventwire-tapping. In addition, different passwordsshould be designated between tags, to preventthem from being shared. Encryption of data isrequired, along with assignment of a passwordon the tag prior to storing data on the tag, forsafety issues. In other words, it is required toprepare a measure to prevent authorized users

from reading real data, if the password issomehow revealed allowing them access to thetag, by encryption of data.

It should be noted that temporary turn-off isrequired for the tag not suffering from frequentexchange between the reader and RF interface.This can serve as a method for reducing the riskof wire-tapping or attacks. However, such atemporary method can only be applied if it ispossible to predict the number of exchangesbetween the tag and reader. As a particularmethod, it is feasible to deactivate the tag,followed by activating it once the switch turnson, so that the RF and tag can proceed with anexchange with each other. Care should be takenthat the reader should perform monitoring onthe tag that is continuous, and operated toimmediately identify unauthorized access andunexpected data exchange

The radio frequency that transmits and receivessignals related to the tag, along with such a tagsecurity control, is related to the operationrange, speed, and data transmission rate of thetag. Therefore, the movement of tags, followedby the range of operation, feasibility offrequency crash, and frequency changes, shouldbe specifically considered.

3.2 Reader security

Standards should be followed forcommunication between the reader and tag. Ingeneral, a tag and reader from the same venderare generally used. There are two types ofreader, wired readers and wireless readers. Awired reader is installed at a fixed location,reading the tag by accessing the reader. Anexample of this is the unmanned signalviolation camera. The wireless type of reader ismovable. All the readers have RF subsystemsand interface that can communicate with the RFsubsystem and enterprise subsystem,respectively. The enterprise subsystem interfacesupports a transmission of RFID data from thereader to a computer of the enterprisesubsystem for analysis and processing.

Each reader has an acceptable power outputand duty cycle. The duty cycle represents apercentage (50%, if communicating for 30seconds in a minute) of a certain amount oftime that a device emits energy. A readercommunicating with manual tags requiresmuch higher power output, than onecommunicating with automatic tags. A readerhaving a strong duty cycle is eligible to


accurately read a tag from a more remotedistance. However, care has to be taken onoverwhelming power, which might increase therisk of wire-tapping.

In general, a reader is able to communicatewith tags by using various types of antenna. Inparticular, detachable antennas are appropriatefor selective use, depending on therequirements of the reader. Therefore, a specificcommunication method of tags and antennasshould be understood and considered, based onthe characteristics of the antenna. In addition, ifmultiple tags are adjacent to each other, thereader should be able to identify and process aparticular tag. When a reader sends an inquiryto a specific tag, the reader should not receive aresponse from multiple tags at the same time.In other words, a tag should respond only if itconforms to a randomly assigned number,while the reader should make sure that there areno tags causing conflicts, and not communicateto those tags with information.

3.3 Antenna security

The most general method of security control forantennas that receive signals coming from thetag is to use a fragile antenna. This is a methodof RFID tag that an antenna causes amalfunction, to prevent attackers frommodifying, revising, forging or removing a tag,by making it unavailable for them to access atag in the first place.

In addition, a proper radio frequency should beselected, depending on the business applicationfor the use of the antenna. Using fixedfrequency is a way of efficiently reducing a riskof interruption or conflicts of wireless signals.

A RF system operator is able to adjust the RFenergy level transmitted from the reader oractive tag, and to prepare for the security. In

other words, some types of antenna arespecifically designed to adjust the direction ofRF energy that has been transmitted, which is afeasible means of preparing for the security. Inaddition, it is to prepare a measure for installingan electromagnetic shielding device on a rangeof electromagnetic wave regarding an antenna,and to restrict it. It is an important issue toblock movements of antennas from outside, bypreventing RF signals from being transmittedinto a non-protected area.

Considering such security factors of theantenna, it is feasible to minimize interruptionof other electromagnetic waves, and to reducethe risk of wire-tapping, by selecting a specificantenna that meets the requirements of thereader, and entails a wide enough range forcommunication with the tag.

3.4 Security requirements of network

Security requirements should be specificallyconsidered for the RFID enterprise subsystemand enterprise system that constitute theEPCglobal network to deal with a securitythreat, in order to provide a reliable and safeinternational logistics service platform.

Basically, the RFID system should protectprivacy and network security. A securitymechanism that guarantees non-disclosure,integrity, fusibility, undeniable issue, andcertification is required, and is inevitable in eachsession of information flow. Figure 2 presentsthe data flow of an RFID enterprise subsystem,and indicates the requirements of security thatare to be followed. Security technologies,including certification skills between RFID tagand reader, symmetry-key for transmitting orreceiving data in a safe manner between tag andreader, and key management, such as the use ofa public key, is required for network security forprivacy protection entailing prevent wire-


Figure 2. Data flow and security controls in an RFID system

tapping, forged tag, illegally copied tag, fakereader and guarantee for confidentialness ofinformation leaked due to hacking. This isbecause there are security issues in the RFIDsystem tag itself, in the section connecting tagand reader, between the reader and the localserver, and in the server itself.

4. Analysis of Security Control in

International Logistics Process

It is intended to analyze hazardous factors inthe international logistics process, based on thelogistics process of export/import betweenHong Kong and Japan, which was started bythe TLS (Transport and Logistics Services)business action group owned by EPCglobal.This business has been performed to investigateshipment information that was used forexport/import based on RFID technology, andto require visibility as to how export/importlogistics have been managed between HongKong and Japan by utilizing EPC/RFID [6].

The items produced by forwarding agents arepacked, and moved to a warehouse, afterloading them on a truck. Here, tags are appliedfor printing first, and then proceed to taggingonto each box. In addition, tagging informationis forwarded to EPCIS in Hong Kong. Boxesare placed on a palette, loaded on a truck, andpassed through the gate of the warehouse.Products grouped in a palette are loaded on acontainer, followed by closing the containerdoor, and application of e-Seal on the door. Atthis time, data in the box should be forwardedto EPCIS in Hong Kong.

The tag information of a box, e-Sealinformation, and load information are allcombined together, being forwarded to EPCISin Hong Kong. Container vehicles pass throughthe gate of the warehouse on arrival at the port

terminal, and containers are loaded onto a shipto be delivered. Ships sail to Japan from HongKong. Containers are unloaded from a shiparriving to the port terminal, and, at this time,the e-Seal information of the container iscaptured on the EPCIS.

The container e-Seal on the vehicle is read atthe container yard gate, capturing it on EPCIS.Container vehicles are moved through aforwarder, and e-Seal is read at the gateentrance, and the door of the warehouse. Allthese items of information are stored in EPCISin Japan. Freight in the container is unloaded ata warehouse, and a tag of box and palette areread, to confirm and determine real freight andthe shipping advice.

Vehicles coming out of a warehouse areconfirmed through e-Seal at the gate. E-seal isread at a gate by the receiver of freight, andvehicles are confirmed via e-Seal, when theyarrive at the gate. Whether freight is damagedor not is checked through e-Seal, attached onthe door of vehicles.

Figure 3 shows the potential vulnerabilities forEPCglobal Network that can occur in theprocess flow of international logistics export.Security control of hazardous factors that canoccur in each process phase is as follows.

4.1 Box and Palette: Tag Printing

It should be noted not to store, or to minimizethe information that can cause invasion ofprivacy, such as personal information on thetag, in order to protect data stored in the tag, forconvenient identification of information thathas been leaked. In addition, a unique methodshould be created to not expose the type ofidentifier to be used on a tag, in order to makeit impossible for attackers to predict identifiers.Prior to saving data on a tag, a password should


Figure 3. Security weakness in the process of international Logistics based on EPCIS

be encrypted, to prevent direct access ofinformation. In addition, a back-up systemshould be prepared, to store data against loss.As a method of protecting tag data, it isplausible to prevent hazardous factors ofsecurity, by restricting the use of tagcommands, or applying a kill feature for tagsthat are not used anymore, and this can reducethe risk of information being leaked.

4.2 Container (Truck): e-Seal

Logistics has a weakness on security in themiddle of delivery. Therefore, care has to betaken. Specifically, a security control that canprevent hazardous factors, including an accessof unauthorized users, DOS attack, or locationtracing, is needed. For this, monitoring thesteady existence of tags and operational statusis required on a regular basis, so that locationtracing does not become feasible withoutrequiring additional security devices, byexpecting a distance to be attacked.

4.3 Forwarder

An agreement of stipulation on MOA(Memorandum of Agreement) or MOU(Memorandum of Understanding) is requiredfor a forwarder, a third party for export andimport in the field of logistics, to maintainconfidential security of a range of access forinformation or delivery control. In addition, itshould be inspected if employees at a thirdparty company are well informed of securitycontrol policies on a regular basis, in order toprevent information leakage.

4.4 Warehouse: Gate

It is required to prepare electromagnetic shieldingdevices, and a particular measure for accesscontrol, in a range of electromagnetic wave, inorder to minimize physical access control at awarehouse, where products are stored.

In other words, a specific policy consideringthe feasibility of application of methods such aselectronic shielding that can prevent movementof tag from the outside is required, to preventRF signals from being transmitted to theoutside. In addition, an additional securitycontrol is also needed, as a proper precautionfor product information not to be attackedthrough electronic communication with tags.Deactivating tags is an example of this.

4.5 Port terminal and ship: container loading

A port terminal that loads products on a shipentails a procedure of product movement.Therefore, only authorized personnel areeligible to participate in the course of deliveryof products, and should monitor whether theyabide by rules of security control. In addition, ifany violation of security control in a behavioror a method of loading products occurs, theyshould immediately report it, followed byassignment of duties for employees in charge ofthe system and delivery. Here, thorougheducation is needed, for mutual monitoringbetween employees for such an emergency.

In order to prepare for a case of hazardousfactors and security threat that can occur in theinternational logistics process, a thorough


Figure 4. Sequence diagram of the RFID-based international logistics process

measure covering all possible situations isspecifically required, which considers types oftag in each phase, frequency, systemcertification in a network, requirement ofsecurity for user authorization, system analysis,and network.

5. Security Control Model for

International Logistics Service

The basic concepts of role-based access controlconsist of user (U), role (R), and permission (P)[7,8]. In this chapter, we present an RBAC-based security control model for theinternational logistics service. The constraintsof user and roles are represented in UML.

The RFID-based international logistics processsequence diagram has a flow, as shown inFigure 5, representing a connection ofauthorization of users, roles, and permission,for the information delivered from EPCIS. Inorder to apply it to the international logisticsservice platform, a specific RBAC model hasbeen designed that is intensified, in terms of the

management of role and authority safelyaccepting business partners.

Similar to the security management in the previousrole of manager, functions of the securitymanagement, including creation of permission,roles, users, and role management, are subdivided.Figure 6 shows an RBAC based security controlmodel for the international logistics serviceplatform, on the basis of role engineering.


Figure 5. Process of request and response for authentication through the EPC global network

Figure 6. RBAC based security control model

Table 1. Definitions of the components of theRBAC based security control model

U(User) : User groupR(Role) : Role groupT(Task) : Task group, however, role can be constituted

by tasksP(Permission) : Set of permission (read, write,

execute, append, delete, update)S(Session) : Session groupC(Constraints) : Set of constraintsSP(Security Policy) : Security policy setsMR(Manager Role) : Management roleRH(Role Hierarchy) : Role hierarchyUA : User assignmentPA : Permission assignmentSA : Session assignmentRA : Role assignmentTA : Task assignment

Aarious constraints and security controls couldbe reflected in RBAC security model alongwith the intensified role of manager, derivingflexibility from changes in the logisticsenvironment. In particular, the logisticsenvironment determines whether access controlof business partners is to be allowed orprohibited, aiming to rapidly reflect modifiedsecurity control on the security model, followedby changes. Here, conditions of authorizationand constraints as to users and roles in eachphase should be modeled based on theauthorization relations.

RBAC security control model simplifies thecomplicated procedures of granting authority inan extensive network environment such asRFID-based logistics service.[12]

The management of users, the management ofroles, and management of permissions are allcomponents of the purpose of management forsecurity control. The proposed model can beutilized to protect users and logisticsinformation of an organization in the logisticsenvironment, after being realized for accesscontrol in the enterprise subsystem that servesas the role of EPCIS. In addition, they are alsogeneralized descriptions of a security model toaccount for various types of security control,and to perform them.

They should be performed with a properauthority by security tools, and it has to beguaranteed to independently establish particularhardware and software and regenerationmechanism of the control according to thechange of an organization. In addition, a properprocedure of implementing security control,such as performance in an externalenvironment other than the pre-establishedsecurity control in the information processingsystem, is required, to guarantee the certaintyof the security.

Using UML, a type of modeling language thatcan conveniently specify RBAC control, isbeneficial for expression of RBAC control inan organized and systematic manner in theapplication program design model [6, 7].

Figure 7 is an object diagram of security controlbased on an RBAC model, which representsbasic components such as users, roles,permission, session, and role hierarchy, SSD(Static Separation of Duty), constraints, andDSD (Dynamic Separation of Duty). It alsoindicates the relationship of the role of customs,delivery, and shipment to be requested bycompanies in the international logistics process.

The UML diagram is represented by use-case,class diagram, sequence diagram, and objectdiagram, and can be also used to derive therequirements of access control, constraints, andsecurity control on these diagrams.

In order to maximize the efficiency of theRBAC, we presented the constraints of RBACusing UML. Role engineering is what designscomponents of RBAC model, and properlyconstitutes policies in a particular organization.

Constraints of the duty separation are used toprevent conflicts with policies. Constraints ofthe SSD are intended to prevent conflicts thatcan occur when acquiring permission regardingthe role against the user.

Constraint of DSD restricted the role to bepromoted in the same user session. It means,the user could not activate other roles thatconflict in the same session when a part of therole in DSD constraints is activated.

It is feasible to obviously represent an RBACmodel in UML, but there are weaknesses. Firstof all, a clear classification of terms is needed,and there is no abstract package, even thoughan abstract package might exist in UML. Anarrow used in the application key hierarchy,and the one for generalization of UML, have


Figure 7. Object Diagram of RBAC based Security Control Model

different meanings. In addition, a technology ofconstraints that needs an additional extension isstill insufficient.

Here we introduced an example scenario tofigure out how to apply the proposed securityspecification in the real world and worked well.We implemented a prototype system based onthis scenario. The three companies wereconnected to EPC IS(EPC Information Server).Figure 8 showed the example architecture ofinternational logistics.

An ‘Enterprise A’ company located in HongKong has provided wines and they have soldthem abroad. A bonded warehouse ‘WH co.’stocked goods from international enterprise andshipping company ‘Sailor Moon’ shipped

goods. The assumption was that EAF(Enterprise Application Framework) wasadopted to develop the international logisticsservice for the three companies. Therefore theEAF had three managers: Data Manager,Security Manager, Business Event Manager.Data Manager of EAF incorporates to accessexternal EPC IS using network sockets, andweb services. Security Manager supportsappropriate access control and authentication inthe distributed environment. Business EventManager provides various business processfunctions with related companies andcustomers. Figure 9 shows an example of theRH(Role Hierarchy) of the enterprise, thebonded warehouse and the shipper.


Figure 8. Example Business Process Model

(a) RH of Bonded Warehouse

(b) RH of Bonded Warehouse

(c) RH of Shipper

Figure 9. Role Hierarchies for prototype system

Four roles are needed in Enterprise A. There arethree roles in bonded warehouse and shipper.Each role has tasks that have been carried out bythe user who granted with role. The constraintsof SoD should be essential to avoid the conflictof roles. In this scenario we need DSD(DynamicSeparation of Duty) as follows:

Staff.Session→ excludesAll(Manager.Session)

Manager.Session→ excludesAll(Director.Session)

Staff.Session→ excludesAll(Director.Session)

The Process of security mechanisms usingRBAC based security model is as follows:

(1) [Authentication] A User with Representative

Role selected his Role and could log in the

enterprise (bonded warehousing company /

shipping company) application system by

entering password of each role. The enterprise

application system requests information on

login and authority from databases.

(2) A User belong to enterprise ((bonded

warehousing company / shipping company)

carried out his job to register EPC of products

on EPC IS.

(2-1) [Access Control] If there is no

permission to use EPCIS, sending product

information to EPCIS would be denied.

(2-2) [Access Control] If permission is

granted, the enterprise (bonded

warehousing company / shipping

company) application system can find the

session key which was made between the

enterprise application system and EPCIS

(3) [Encryption] The enterprise (bonded

warehousing company / shipping company)

application system made encryption of data

using the session key.

(3-1) [Key Agreement] If there is no session

key, the enterprise (bonded warehousing

company / shipping company) application

will make a session key by

communicating with EPCIS.

(4) The enterprise (bonded warehousing company /

shipping company) application sends the

encrypted form of data to EPCIS.

(5) EPC IS decrypts the received data that was

encrypted by the enterprise (bonded warehousing

company / shipping company) application.

6. Implementation

In order to verify the proposed security modelfor RFID-based logistics service weimplemented the prototype of an examplescenario. We defined the specification of theproposed model: roles, subjects, objects,

constraints and so on. Figures belowdemonstrated the implementation of RBACsecurity model introduced in the previoussection. Figure 10 showed the implementedprototype system for enterprise connected toEPC IS.

Representative Role carried out to registergoods on EPC IS. The user who has a role ofrepresentative makes acquisition of permissionfrom EPC IS. If permission is granted, it ispossible to make registration EPC for the traceof their product during logistics service.

After registering goods on EPC IS by theenterprise, bonded warehouse and shippingcompany can access goods information on EPCIS for the logistic service. The roles of thebonded warehouse company are shown inFigure 11. And Figure 12 shows the prototypesystem for shipping company. The constraintsof the RBAC security model can be specifiedaccording to the company’s policy. In ourprototype system we implemented constraintsof SSD (Static Separation of Duty) using tabcontrol for selecting only one role per onesession. The constraints of DSD (DynamicSeparation of Duty) also had been appliedusing option controls.

7. Conclusion

RFID-based international logistics environmentcan bring a significant efficiency for improvingcost and delivery issues. In this paper, weapplied an RBAC-based security control modelto cover the security requirements in aninternational logistics process and constraintsof the access control. RBAC based securitycontrol model for international logistics can beflexible used to each phase for each enterprise.For the verification of the proposed securitymodel, we made example scenario andimplemented the prototype system. We hadapplied the proposed security control model toeach parts of the logistics service such asshipper, bonded transportation and enterprise.In the future works, we are going to extend theprototype system applying GRBAC basedsecurity model to specify the security policiesneeded to enterprise in EPC IS. We also extendthe Security Manager in order to provide thestronger authentication between RFID tag andreader in EPC IS.



Figure 10. Prototype system for Enterprise A

Figure 11. Prototype system for Bonded Ware House

Figure12. Prototype system for Shipping Company

Acknowledgements

This paper was supported by KonkukUniversity 2015.

REFERENCES

1. EPCglobal. The EPCglobal Architecture

Framework Final Version & EPC

Information Services (EPCIS) Ver. 1.0

Spec. 2007.

2. CERNIAN, A., D. CÂRSTOIU, A.OLTEANU, V. SGÂRCIU, An Integrated

Cluster Analysis and Validity Test

Platform for the Compression based

Clustering Approach, Studies inInformatics and Control, ISSN 1220-1766,vol. 24(2), 2015.

3. WU, M.-Y., W.-L. TZENG, Applying

Context-Aware RBAC to RFID Security

Management for Application in Retail

Business, APSCC '08. IEEE, 2008.

4. REKLEITIS, E., P. RIZOMILIOTIS, S.GRITZALIS, A Holistic Approach to

RFID Security and Privacy, InProceeding of: SecIoT '10, 2010.

5. ŢIGĂNOAIA, B., Some Aspects Regarding

Information Security Management

System within Organizations – Adopting

the ISO/IEC 27001:2013 Standard,Studies in Informatics and Control, ISSN1220-1766, Vol. 24(2), 2015.

6. NIST, Guidelines for Securing Radio

Frequency Identification System, 2007.

7. MAYER, N., A. RIFAUT, E. DUBOIS,Towards Risk-Based Security

Requirements Engineering Framework,In Proceedings of REFSQ’05.

8. RAY, I., D. KIM, Using UML To Visualize

Role-Based Access Control Constraints,In Proceedings of the 9th ACM Symposiumon ACMT, 2008.

9. DENG, H.-F., W. DENG, H. LI, H.-J.YANG, Authentication and Access

Control in RFID based Logistics-

Customs Clearance Service Platform,International Journal of Automation andComputing, May 2010, Vol. 7.

10. STOJANOVIC, N., D. STOJANOVIC, AHybrid MPI+OpenMP Application for

Processing Big Trajectory Data, Studiesin Informatics and Control, ISSN1220-1766, Vol. 24(2), 2015.

11. HE, W., Y. LI, K. CHIEW, T. LI, E. W.LEE, A Solution with Security Concern

for RFID-Based Track & Trace Services

in EPCglobal-Enabled Supply, InTechISBN: 978-953-307-265-4, 2011.

12. SHIN, M. S., H. S. JEON, Y. W. JU, B. J.LEE, S. P. JEONG, Constructing RBAC

Based Security Model in u-Healthcare

Service Platform, TSWJ vol. 2015, Art. ID937914, 2015.


Documents

Applying RBAC Security Control Model to Manufacturing and ... · logistics information for an efficient logistics processing service in the RFID-based international logistics service