Wednesday , December 19 2018

Applying RBAC Security Control Model to
Manufacturing and Logistics Service Platform

Moon Sun SHIN1*, Yong Wan JU2, Hyun Kyu KANG1, Seon Phil JEONG3
1 Dept. of Computer Engineering, Konkuk University,
268 Chungwon-daero, Chungju-si, Chungbuk, 380-701, Republic of Korea
msshin@kku.ac.kr; hkkang@kku.ac.kr
2 Division of Industry Development, Korea Internet & Security Agency,
Songpa-gu, Seoul,138-950, Republic of Korea
ywju@kisa.or.kr
3 Division of Technology and Science, BNU-HKBU United International College,
China
spjeong@uic.edu.hk

Abstract: The recent RFID-based logistics environment enables significant improvement of business efficiency. However, to support an efficient logistics processing service in the RFID-based international logistics service platform, it is required security risk analysis and security control model. In this paper, we have analyzed and figured out requirements of the security for the efficient international RFID-based logistics service. It is possible to construct own security policy for each enterprise using RBAC. The security policy includes definition of subjects, objects, permissions, roles, role hierarchy and constraints of the enterprise. And we proposed an RBAC-based security control model, reflecting security requirements in an international logistics process and constraints of the access control model have been represented as UML. We presented example scenario and implemented the prototype system for the verification of the proposed security model for international logistics. The proposed security control model is useful to reduce business risk in international logistics.

Keywords: RFID, International Logistics, RBAC, Security Control, Access Control Constraints.

>>Full text
CITE THIS PAPER AS:
Moon Sun SHIN, Yong Wan JU, Hyun Kyu KANG, Seon Phil JEONG, Applying RBAC Security Control Model to Manufacturing and Logistics Service Platform, Studies in Informatics and Control, ISSN 1220-1766, vol. 24 (3), pp. 339-350, 2015. https://doi.org/10.24846/v24i3y201511

  1. Introduction

The RFID (Radio Frequency Identification) system uses wireless telecommunication technology, making it feasible to identify RFID tag information without direct contact. Therefore, it has more advantages than the previously used bar code system. In other words, it is possible to read multi-tags at a time, by using frequency, without having to have direct contact with the tag. Due to such an advantage of RFID, it is now being generalized to apply so-called customized services, which can manufacture and deliver products based on diverse requirements from customers, by utilizing RFID. Various business solutions based on RFID are appeared and optimized for SCM (Supply Chain Management) [1]. It is now feasible to acquire visibility of the flow of products, in the course of manufacture, or a distribution system. Using RFID improves work efficiency, and enables more effective management of stocks and tracing of products in overall logistics movement. A further advantage is offered, in that the level of integrity can be enhanced, while reducing the loss rate of the product [2, 3]. However, a priority is to solve the issue of security of logistics information for an efficient logistics processing service in the RFID-based international logistics service platform. Security policies and privacy issues need to be addressed, as diverse types of threat occur, based on characteristics of the RFID-based logistics environment, including piracy, location tracing, and physical attack, as well as threats to the security of product information.

These threats serve to impede the development and distribution of technology for the management of the RFID technology-based logistics environment. EPCglobal Network provides standards for the structure, meaning and delivery method of RFID tag information [2].

And each company manages all the information derived from the EPCglobal Network. Here, EPCglobal Network is able to enhance efficiency of the delivery and dispersed management of EPC (Electronic Product Code) information, but is not capable of removing all of the threatening factors.

In this paper, we propose an RBAC-based security control model in order to protect and guarantee the integrity of products and reliability of the international logistics service platform based on RFID.

RBAC based security model can be used in the architecture of the EAF(Enterprise Application Framework) for each enterprise to construct its own security policy such as roles, permissions, sessions and constraints of the organization. Existing RFID-based international logistics platforms could become exposed to threats and security risks. Therefore we need flexible security control model for the protection of not only RFID threats but also enterprise level risks. RBAC is a powerful and flexible security access control model. So it can be applied to solve these problems.

The rest of the paper is organized as follows. Section 2 describes the security guideline of the RFID system. We explain requirements of security in the EPC network application service based on RFID in section 3 and figure out security analysis in section 4. In section 5, we propose an RBAC-based security control model for the international logistics process and represent constraints of access control using UML. And section 6 contains example scenario and implementation of the proposed security model. Lastly a brief conclusion is presented in section 7.

REFERENCES

  1. EPCglobal. The EPCglobal Architecture Framework Final Version & EPC Information Services (EPCIS) Ver. 1.0 Spec. 2007.
  2. CERNIAN, A., D. CÂRSTOIU, A. OLTEANU, V. SGÂRCIU, An Integrated Cluster Analysis and Validity Test Platform for the Compression based Clustering Approach, Studies in Informatics and Control, ISSN 1220-1766, vol. 24(2), 2015.
  3. WU, M.-Y., W.-L. TZENG, Applying Context-Aware RBAC to RFID Security Management for Application in Retail Business, APSCC ’08. IEEE, 2008.
  4. REKLEITIS, E., P. RIZOMILIOTIS, S. GRITZALIS, A Holistic Approach to RFID Security and Privacy, In Proceeding of: SecIoT ’10, 2010.
  5. ŢIGĂNOAIA, B., Some Aspects Regarding Information Security Management System within Organizations – Adopting the ISO/IEC 27001:2013 Standard, Studies in Informatics and Control, ISSN 1220-1766, Vol. 24(2), 2015.
  6. NIST, Guidelines for Securing Radio Frequency Identification System, 2007.
  7. MAYER, N., A. RIFAUT, E. DUBOIS, Towards Risk-Based Security Requirements Engineering Framework, In Proceedings of REFSQ’05.
  8. RAY, I., D. KIM, Using UML To Visualize Role-Based Access Control Constraints, In Proceedings of the 9th ACM Symposium on ACMT, 2008.
  9. DENG, H.-F., W. DENG, H. LI, H.-J. YANG, Authentication and Access Control in RFID based LogisticsCustoms Clearance Service Platform, International Journal of Automation and Computing, May 2010, Vol. 7.
  10. STOJANOVIC, N., D. STOJANOVIC, A Hybrid MPI+OpenMP Application for Processing Big Trajectory Data, Studies in Informatics and Control, ISSN12201766, Vol. 24(2), 2015.
  11. HE, W., Y. LI, K. CHIEW, T. LI, E. W. LEE, A Solution with Security Concern for RFID-Based Track & Trace Services in EPCglobal-Enabled Supply, InTech ISBN: 978-953-307-265-4, 2011.
  12. SHIN, M. S., H. S. JEON, Y. W. JU, B. J. LEE, S. P. JEONG, Constructing RBAC Based Security Model in u-Healthcare Service Platform, TSWJ vol. 2015, Art. ID 937914, 2015.