Scalable Industry Data Access Control in RFID-Enabled Supply Chain

Saiyu Qi, Yuanqing Zheng, Mo Li, Yunhao Liu, Jinli Qiu

Research output: Journal article publicationJournal articleAcademic researchpeer-review

30 Citations (Scopus)


By attaching RFID tags to products, supply chain participants can identify products and create product data to record the product particulars in transit. Participants along the supply chain share their product data to enable information exchange and support critical decisions in production operations. Such an information sharing essentially requires a data access control mechanism when the product data relate to sensitive business issues. However, existing access control solutions are ill-suited to the RFID-enabled supply chain, as they are not scalable in handling a huge number of tags, introduce vulnerability to the product data, and perform poorly to support privilege revocation of product data. We present a new scalable industry data access control system that addresses these limitations. Our system provides an item-level data access control mechanism that defines and enforces access policies based on both the participants' role attributes and the products' RFID tag attributes. Our system further provides an item-level privilege revocation mechanism by allowing the participants to delegate encryption updates in revocation operation without disclosing the underlying data contents. We design a new updatable encryption scheme and integrate it with ciphertext policy-attribute-based encryption to implement the key components of our system.
Original languageEnglish
Article number7442163
Pages (from-to)3551-3564
Number of pages14
JournalIEEE/ACM Transactions on Networking
Issue number6
Publication statusPublished - 1 Dec 2016


  • access control
  • Industry data
  • RFID
  • supply chain

ASJC Scopus subject areas

  • Software
  • Computer Science Applications
  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Cite this