SupplyChainSecurity_20081208__ckh2.ppt
-
Upload
thesupplychainniche -
Category
Documents
-
view
102 -
download
0
description
Transcript of SupplyChainSecurity_20081208__ckh2.ppt
SYSTEMS Copyright © 2008 - Q.E.D. Systems
Supply Chain Security
by: Craig K. Harmon, Chair, ISO TC 122/104 JWG2008-12-09
SYSTEMS Copyright © 2008 - Q.E.D. Systems
Craig K. Harmon • President & CEOCraig K. Harmon • President & CEOQ.E.D. Systems Q.E.D. Systems
• Chair, ISO TC 122/104 JWG - Supply Chain Applications of RFID (TC 122/WG 10)• Chair, RFID Experts Group (REG)• Founder, JTC 1/SC 31• Chair, ISO TC 122/WG 4 (Shipping Labels) & ISO TC 122/WG 7 (Product Packaging)• Vice-chair, ASC MH 10 and U.S. TAG to ISO TC 122 (Packaging)• Chair, JTC 1/SC 31/WG 6 - Mobile Item Identification and Management• Senior Project Editor ISO/IEC JTC 1/SC 31/WG 4 (RFID)• Project Editor, ISO 18185-5 (Electronic Container Seal - Physical Layer)• Joint Automotive Industry Forum (JAIF) JAMA/JAPIA/AIAG/ODETTE) – Returnable Transport Items• AIAG Bar Code, Applications, 2D, Tire, Returnables, & RFID Committees• Member, EPCglobal HAG (UHFGen2), FMCG BAG, HLS BAG, SAG, TLS, TDS, AIWG, SBAC• JTC 1 & TC 104 Liaison Officer to the International Telecommunications Union (ITU-R & ITU-T) • ISO TC 104 & 122 (Freight Containers / Packaging) Liaison Officer to JTC 1/SC 31• Past Chair, U.S. TAG to ISO/IEC JTC 1/SC 31/WG 4 (RFID)• Past Chair, ASC INCITS T6 (RFID) - ANS INCITS 256:1999, 2001• Advisor and Member of USPS Strategic Technology Council• Chairman & Project Editor, ANS MH10.8.2 (Data Application Identifiers)• Original Project Editor, NATO STANAG 2233 (RFID for NATO Asset Tracking)• Vocabulary Rapporteur to ISO/IEC JTC 1/SC 31, ISO/IEC 19762 - Harmonized vocabulary• CompTIA RFID Subject Matter Expert and RFID Certified Professional (CRCP) - RFID+• Recipient of the 2004 Richard Dilling Award
This presentation posted at: http://www.autoid.org/presentations/presentations.htm
SYSTEMS Copyright © 2008 - Q.E.D. Systems
ISO TC 104(Freight
Containers)
SYSTEMS Copyright © 2008 - Q.E.D. Systems
Three tags – Three tags – different purposesdifferent purposes
Electronic Seal -ISO 18185
Container ID Tag - ISO 10891 (nee ISO 10374.2)
Supply Chain Tag - ISO
17363
SYSTEMS Copyright © 2008 - Q.E.D. Systems
Freight container standards and Freight container standards and associated frequencies associated frequencies
433 MHz(18000-7)
850–950 MHz*
860–960 MHz
(18000-6C)
2 450 MHz(24730-2)
2 400–2 500MHz*
ISO 10374
ISO 10891
ISO 17363
ISO 18185
*Note: Columns without a parenthetical reference standard have no published or in process air interface standard and may be considered proprietary. ISO/IEC 18000-7 and ISO/IEC 24730-2 are called out in ISO 18185
SYSTEMS Copyright © 2008 - Q.E.D. Systems
Global Freight Container Global Freight Container Band AssignmentBand Assignment
• In May 2003 ISO TC 104 petitioned the ITU for a frequency band that would provide– a frequency hopping spread spectrum (FHSS), passive frequency; and,
– a narrow band, active frequency.
• At that time TC 104 suggested ISO/IEC 18000-6 and ISO/IEC 18000-7, respectively.
• It is unlikely that the currently in-place air interfaces would be selected for a common frequency band for freight containers, because:
– 433 MHz (ISO/IEC 18000-7) is an ISM band in various regions,– 860 – 960 MHz (ISO/IEC 18000-6) is an ISM band in various regions, and– 2450 MHz (ISO/IEC 24730-2) is an ISM band in all regions.
• Ultra Wide Band may be the most viable frequency allocation for marine containers
SYSTEMS Copyright © 2008 - Q.E.D. Systems
ISO TC 122/104Joint Working Group
(JWG)(Supply chain applications
of RFID)
SYSTEMS Copyright © 2008 - Q.E.D. Systems
The Layers of Logistic Units The Layers of Logistic Units (Radio Frequency Identification (Radio Frequency Identification
Item Item Item Item Item Item Item Item Item Item Item Item Item Item Item Item
Pkg Pkg Pkg Pkg Pkg Pkg Pkg Pkg
TransportUnit
TransportUnit
TransportUnit
TransportUnit
Unit Load“Pallet”
Unit Load“Pallet”
Container(e.g., 40 foot Sea Container)
Movement Vehicle(truck, airplane, ship, train)
Layer 5
Layer 4 (433 MHz)ISO 17363(Freight containers)
Layer 3 (860-960 MHz)(Other 18000 with TPA) ISO 17364(Returnable transport items)
Layer 2 (860-960 MHz)(Other 18000 with TPA) ISO 17365(Transport units)
Layer 1 (860-960 MHz with TPA)(13.56 MHz with TPA)ISO 17366(Product packaging)
Layer 0 (860-960 MHz with TPA)(13.56 MHz with TPA)ISO 17367(Product tagging)
“TPA” - Trading Partner Agreement Concept Source: Akira Shibata, DENSO-Wave Corporation
SYSTEMS Copyright © 2008 - Q.E.D. Systems
ISO TC 122/104 JWG ISO TC 122/104 JWG Project Status (2007-07-10)Project Status (2007-07-10)
ISO 17363, Supply chain applications of RFID - Freight containers– International Standard published
• ISO 17364, Supply chain applications of RFID - Returnable transport items– DIS approved registered for FDIS ballot
• ISO 17365, Supply chain applications of RFID - Transport units– DIS approved registered for FDIS ballot
ISO 17366.2, Supply chain applications of RFID - Product packaging– International Standard under publication
ISO 17367.2, Supply chain applications of RFID - Product tagging– International Standard under publication
SYSTEMS Copyright © 2008 - Q.E.D. Systems
Border CrossingBorder Crossing
Transportation Worker ID Card (TWIC)with Fingerprint Biometric
ISO/IEC 14443
Fingerprint Reader
Tractor TagTC 204 Standard
Chassis TagTC 204 Standard
10891 Tag
18185 Tag/Seal
17363 Tag
17364 Tags
17365 Tags
ContainerReader/
CommunicatorOn Board
Unit (OBU)
Road SideUnit (RSU)
On BoardUnit (OBU)
Part of CALMNetwork
Today
Proposed
Tomorrow
Customs
Customs
Would be improved with
a single device
SYSTEMS Copyright © 2008 - Q.E.D. Systems
Border CrossingBorder Crossing
Transportation Worker ID Card (TWIC)with Fingerprint Biometric
ISO/IEC 14443
Fingerprint Reader
Tractor TagTC 204 Standard
Chassis TagTC 204 Standard
17364 Tags
17365 Tags
ContainerReader/
CommunicatorOn Board
Unit (OBU)
Road SideUnit (RSU)
On BoardUnit (OBU)
Part of CALMNetwork
Today
Proposed
Tomorrow
Customs
Customs
10891 Tag
18185 Tag/Seal
17363 Tag
Would be improved with
a single device
SYSTEMS Copyright © 2008 - Q.E.D. Systems
Standards
• The standards of ISO 17363, ISO 17364, ISO 17365, ISO 17366, ISO 17367, ISO 18185, and ISO 10891 are based on the standards of ISO TC 122 and ISO/IEC JTC 1/SC 31– Technology standards (e.g. ISO/IEC 18000-6, 18000-3, 18000-7, and
24730-2 for RF)– Data standards (e.g. ISO/IEC 15434, 15418, 15459, 15963)– Conformance standards (e.g. ISO/IEC 18047-6, 18047-3, 18047-7, and
24769 for RF)
• Sensor standards are the cooperative work of ISO/IEC JTC 1/SC 31 and IEEE 1451
SYSTEMS Copyright © 2008 - Q.E.D. Systems
Standards
• ISO 17365 (transport unit) tags used to build 17364 pallet tags
• ISO 17364 tags used to build 17363 container/manifest tags and to communicate with container reader/ communicator
• ISO 10891 (formerly designated as ISO 10374.2) tag identifies container
• ISO 18185 is eSeal tag
• Chassis is identified by ISO TC 204 tag (ISO 14816) [note that ISO 10891 claims the chassis as well]
• Tractor is identified by ISO TC 204 tag (ISO 14816)
• Driver is identified by ISO/IEC JTC 1/SC 17 Transportation and DHS Worker Identification Card (TWIC)
• On-board Unit (OBU) communicates to Road-side Unit (RSU) via CALM (Communication Air-interface Long and Medium range) Network (OBU-RSU communications protocol provisional)
• On-board Unit (OBU) also provides location information and communications via / satellite/GPS
SYSTEMS Copyright © 2008 - Q.E.D. Systems
Concept of Operations
• As supply chain pallets are being built, transport unit tags are loaded to pallet tags identifying contents, who built the shipment, purchase order number, and when the shipment was built.
• As pallets are loaded into the container, pallet tags are loaded to container supply chain tags identifying contents, who built the shipment, purchase order number, container ID, eSeal ID, and when the container was stuffed.
• Container loaded onto chassis.• When the tractor connects to the chassis, container information, chassis ID, and tractor ID is loaded
to the On-board Unit (OBU) through CANbus-like communications• Driver inserts TWIC to ID card/fingerprint print reader• Immediately prior to border crossing event, driver records in vitro fingerprint to the OBU and a time
stamp of fingerprint read.• At the border crossing point the contents of the OBU are transferred to the Road-side Unit (RSU).
The Road-side Unit (RSU) might also capture information from the Container ID, eSeal, and Supply Chain/Manifest tag.
• Process records the matching of the driver to the tractor, chassis, container, contents, eSeal, and time of the event.
• OBU also able to drive GPS system
SYSTEMS Copyright © 2008 - Q.E.D. Systems
???
SYSTEMS Copyright © 2008 - Q.E.D. Systems
Thank you!!!Craig K. Harmon, President & CEOQ.E.D. Systems3963 Highlands Lane, SECedar Rapids, IA 52403-2140 USA(V): +1 319/364-0212(M): +1 319/533-8092(E): [email protected](U): http://www.autoid.org
SYSTEMS Copyright © 2008 - Q.E.D. Systems
SYSTEMS Copyright © 2008 - Q.E.D. Systems
DISCUSSIONSLIDES
SYSTEMS Copyright © 2008 - Q.E.D. Systems
Social issue - PrivacySocial issue - Privacy
• Privacy & Convenience are much akin to Freedom & Safety, where each are at polar ends of a continuum. One cannot have both complete freedom and maximized safety, just as one cannot have complete privacy and maximized convenience.
• The issue of privacy must become an issue of Personally Identifiable Information (PII), not of the technology
• Credit cards and mobile telephones are far easier to inappropriately accessPersonally Identifiable Information (PII).
SYSTEMS Copyright © 2008 - Q.E.D. Systems
Social issue – PrivacySocial issue – PrivacyWhat Can We Do?What Can We Do?
• Provide packaging that reflects its content; if there is an embedded RFID tag, signal its presence with the RFID Emblem.
• Follow government and industry discussions regarding disclosure
Generic Emblem 18000-6C - 17366
SYSTEMS Copyright © 2008 - Q.E.D. Systems
Social issue - SecuritySocial issue - Security
• Security has been explained in ISO/IEC TR 24729-4 (DTR ballot closes 2008-10-19) and standardization is being proposed in a New Work Item Proposal (as yet an unnumbered work item) submitted by the National Body of Austria
SYSTEMS Copyright © 2008 - Q.E.D. Systems
Social issue - SecuritySocial issue - Security
• Risks include:– Confidentiality
• “Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information…” [FISMA, 44 U.S.C., Sec. 3542]
• A loss of confidentiality is the unauthorized disclosure of information.
— Integrity• Guarding against improper information modification or
destruction, and includes ensuring informationnon-repudiation and authenticity…” [44 U.S.C., Sec. 3542]
• A loss of integrity is the unauthorized modification or destruction of information.
SYSTEMS Copyright © 2008 - Q.E.D. Systems
Social issue - SecuritySocial issue - Security
• Risks include:– Availability
• “Ensuring timely and reliable access to and use of information…” [44 U.S.C., SEC. 3542]
• A loss of availability is the disruption of access to or use of information or an information system.
– Authentication• Ensuring that a tag’s data can only be accessed by authorized
individuals/systems.
SYSTEMS Copyright © 2008 - Q.E.D. Systems
Social issue - SecuritySocial issue - Security
• Threats include:– Skimming data– Eavesdropping– Spoofing– Cloning– Data tampering– Insertion of executable code or virus– Denial of access or service– Unauthorized killing of tag– Jamming or shielding
SYSTEMS Copyright © 2008 - Q.E.D. Systems
Social issue - SecuritySocial issue - Security
• Countermeasures include:– Wafer programming (true WORM)– ISO Tag ID verification– License plate– Memory lock– Password protection– Authentication– Cloaking– Encryption– Limitation of read distance
SYSTEMS Copyright © 2008 - Q.E.D. Systems
A Scenario for Password Distribution
AuthoritiesServer(Departure)
Digital SignatureServer(Arrival)⑦Key Transmission (Push)
Reader B
⑬Verification Req
⑭Verification Res
RF tag
RF tag
④Signature Res
③Signature Req
⑨Tag ID Req
⑩Tag ID Res⑧Shipping
IPsecXML/EDI
IPSecXML/EDIDB
IPsec
⑪Tag Req
⑫Tag Res
Reader A
①Tag ID Req
②Tag ID Res
⑤ePP Req
⑥ePP Res
IPsec
SYSTEMS Copyright © 2008 - Q.E.D. Systems
Social issue - SecuritySocial issue - SecurityWhat Can We Do?What Can We Do?
• Remain aware of which technologies provide which levels of security.
• Prior to implementing RFID security for any customer, ensure that they know what they are doing with security.
• At this moment, a simple method of security is not available.• Follow legal and technical developments