Presentation for my PhD defense on June 17th, 2014
It describes the context, motivation and results of my research work: traceability information systems cost models, supply chain data visibility policies
4. Traceability
RFID can collect observations about the
state of physical objects
◦ “Object was seen at time and location”
Answer queries
◦ Track
◦ Trace
◦ Bill-of-Materials
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 4
RFID antennas, reader and tag
5. Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 5
Partner
Application
Trading partner
EPC Tag Data Specification
RFID Tag
RFID Reader
Reader Interface
Filtering and
collection
ALE Interface
Capturing
application
EPC IS Capture Interface
EPC IS
Repository
EPC IS Query Interface
Business
Application
Local
ONS
Company
Tag Air Interface (UHF Gen 1, Gen 2)
Push
Pull /Push
<< interface >>
Pull /Push
Subscriber
authentication
Discovery
Service
ONS Root
Manager number
assignment
Tag Data Translation
Schema
Offline service Offline service
<<implementation>>
Traceability System
◦ Collect, store and share
Identification
Information
Discovery
◦ Supply chain scope
6. Supply chain
Flows of physical goods between trading partners
◦ From producer to consumer
◦ Supported by ERP and SCM systems
◦ Scattered locations
◦ Distributed system
◦ Open system
◦ No single authority
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 6
Manufacturer Distributor Retailer
7. Automobile supply chain
Parts traceability
◦ Track query for recall
Typically short and broad
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 7
Image credits: VW
nodes=700
avg. length=6
avg. width=3
8. Pharmaceutical supply chain
Patient safety
◦ Trace query for pedigree
Typically long and narrow
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 8
nodes=4000
avg. length=12
avg. width=2
9. E.U. BRIDGE Project survey [2007]
Business drivers
◦ Supply chain efficiency
◦ Product authentication and safety
Updates and queries
◦ On each shipping and receiving of goods
◦ Response times: 1 .. 60 seconds
Defensive data sharing
◦ Limited to specific applications and
for predefined purposes
◦ Willingness to share is expected to grow
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 9
10. Eurich et al. survey [2010]
Data sharing risks and rewards
◦ Companies fear giving competitors data that they
currently do not possess
Promote use of traceability:
◦ Fine-grained access control policy enforcement
◦ Data sharing intermediaries
◦ Trusted third parties
◦ Share useful results without revealing data
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 10
11. Research Question
Given a traceability need in a supply chain
what is the best traceability system
considering the cost of storing,
retrieving and
protecting the data
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 11
13. Unstructured Peer-to-Peer (UP2P)
Each trading partner keeps records
Follow the chain
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 13
Retailer Distributor Manufacturer
... 1: Record event...: Record event
14. Data integration (UP2P)
Forward data to central location
◦ Typically, first or last trading partner
Full trust required
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 14
Retailer Distributor Manufacturer
... 1*: Store record
...*: Store record
15. Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 15
Retailer Distributor Manufacturer
... 1: Record event...: Record event
Retailer Distributor Manufacturer
... 1*: Store record
...*: Store record
Classification
[Do et al 2006]
copydatareferdata
centralizeddecentralized
unstructured P2P Metadata integration
structured P2P data integration
16. Structured Peer-to-Peer (SP2P)
Distributed hash table
◦ Scalability
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 16
Retailer Distributor Manufacturer
1: Forward
record
Node R
Node D
Node M
...: Forward
record
...
...: Store record
...: Hop
17. Meta-Data Integration (MDI)
Each trading partner still keeps records
Shares references in central location
◦ Discovery Service provider
Partial trust
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 17
Retailer Distributor Manufacturer
DS
1.2: DS publish
...
...: DS publish
... 1.1: Record event...: Record event
18. Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 18
Retailer Distributor Manufacturer
... 1: Record event...: Record event
Retailer Distributor Manufacturer
... 1*: Store record
...*: Store record
Retailer Distributor Manufacturer
DS
1.2: DS publish
...
...: DS publish
... 1.1: Record event...: Record event
Retailer Distributor Manufacturer
1: Forward
record
Node R
Node D
Node M
...: Forward
record
...
...: Store record
...: Hop
Classification
[Do et al 2006]
copydatareferdata
centralizeddecentralized
unstructured P2P Metadata integration
structured P2P data integration
19. Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 19
Survey
copydatareferdata
centralizeddecentralized
unstructured P2P Metadata integration
structured P2P data integration
ID @URI
ADS
GS1 PoC
Theseos
Verisign
DS
EPCIS
caching
PTSP
BRIDGE
Directory
BRIDGE
Query Relay
IOTA
Afilias ESDS
UniSalento
DS
ePedigree
LoTR
WWAI
OIDAUniKoeln DS
InnoSem
UniPR DS
TraceSphere
EPCDS
IBM PoC
SLS
21. Cost model
Analytic model
◦ Compute cost estimates
without implementation details that are not available
◦ Supply chain parameters
◦ Target system parameters
Improved work by IBM [Murthy and Robson 2008]
◦ Original model compared:
◦ UP2P (Theseos)
◦ MDI (Tracesphere)
◦ Extended to SP2P and DI approaches
◦ Additional parameters
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 21
IEEE RFID TA 2011
22. Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 22
Trace query
cost estimates
nodes=4000
avg. length=12
avg. width=2
nodes=700
avg. length=6
avg. width=3
24. Security
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 24
ResourceAction
Subject
Environment
Policy and mechanisms
◦ Technologies
Authentication
Authorization
Non repudiation
Integrity
Confidentiality
Availability
AuditingUser
management
25. Supply chain leaks
Even some of the most secretive companies
cannot guarantee confidentiality
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 25
26. Supply Chain paths emerge over time…
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 26
Image credits: M. Harrison
27. Who should see the data?
Emergent object paths
◦ Identify assets
◦ State existence of records
◦ State access conditions
Solution requirements
◦ Correct and auditable
◦ Performant
◦ Extensible
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 27
28. XACML policy enforcement
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 28
ResourceAction
Subject Environment
Policy
Enforcement
Point
Policy
Decision
Point
Policy
Admin.
Point
XACML
Policies
permit/deny
29. Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 29
Policy Admin. Point
XACML
Policies
Access
Control
Lists
Capability
Tokens
RDF
assertions
Supply chain concepts
Data
XACML conversion
Messages
Docu-
ments
Applications
Business
30. Visibility policies
Enforced in standard security infrastructure
◦ XACML authorization policy format
◦ Certified implementations
Authored in expressive/extensible language
◦ Linked Data in RDF format
◦ Triple: subject, predict, object
◦ Distributed data model
◦ SPARQL endpoint
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 30
IEEE RFID TA 2012
31. Performance assessment
XACML overhead is significant but acceptable
◦ Policy engine can be improved
◦ Turkmen and Crispo [2008]
◦ Liu et al. [2010]
Chain-of-Trust Assertions (CTA)
performance is similar to other approaches
◦ Extensible
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 31
NWeSP 2012
32. Choice of architecture:
Meta-Data integration (MDI)
Second-best performance
Allows trusted third party role
◦ Favored by industry to
fulfill legal obligations
◦ Contracts
◦ Service-Level Agreements
Built a detailed cost model for MDI
◦ With actual message payloads from Fosstrak, BRIDGE DS
◦ Can add/remove overheads
◦ Can compare visibility approaches
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 32
Retailer Distributor Manufacturer
DS
1.2: DS publish
...
...: DS publish
... 1.1: Record event...: Record event
IEEE RFID 2012
34. US Pharma Supply Chain
case study
Goal: improve supply chain safety
against counterfeit drugs
Compare cost of protection alternatives:
◦ Point-of-Dispensing (PoD) authentication
◦ Document Pedigree (DeP)
◦ Network Pedigree (NeP)
Parameter values from HDMA Factbook
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 34
IEEE RFID 2013
35. Visibility requirements
Elicited for industry prototype
◦ GHX, Abbott, McKesson, Veterans Administration Hospital
◦ Service provider, manufacturer, distributor, dispenser
Rich sharing conditions
Expressed with
assertion extensions
◦ Delegated
◦ Transitive
◦ Conditional
◦ Bulk
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 35
Image credits: GHX, via rxtrace.com
36. Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 36
querycapturestorage
Point-of-Dispensing (PoD)
Network Pedigree (NeP)
Document Pedigree (DeP)
Case study
assessment results CA
FL
38. Practical traceability systems
provide access to relevant data about goods
collected at relevant points in the supply chain,
taking into account the cost of
storing and retrieving that data,
with access control defined by the data owners
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 38
IJCISIM, 2014
39. Internet of Things
defined by Uckelmann et al., 2011
“The future Internet of Things links uniquely
identifiable things to their virtual representations in
the Internet containing or linking to additional
information on their identity, status, location or any
other business, social or privately relevant
information at a financial or non-financial pay-off
that exceeds the efforts of information provisioning
and offers information access to non-predefined
participants”
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 39
40. Internet of Things
defined by Uckelmann et al., 2011
“The future Internet of Things links uniquely
identifiable things to their virtual representations in
the Internet containing or linking to additional
information on their identity, status, location or any
other business, social or privately relevant
information at a financial or non-financial pay-off
that exceeds the efforts of information provisioning
and offers information access to non-predefined
participants”
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 40
Cost models
contribution
41. Internet of Things
defined by Uckelmann et al., 2011
“The future Internet of Things links uniquely
identifiable things to their virtual representations in
the Internet containing or linking to additional
information on their identity, status, location or any
other business, social or privately relevant
information at a financial or non-financial pay-off
that exceeds the efforts of information provisioning
and offers information access to non-predefined
participants”
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 41
Cost models
contribution
Visibility
contribution
42. Cost models future work
Assist in the development of traceability standards
◦ Take inputs from industry surveys and domain experts
Produce performance estimates
◦ Plots
Further empirical validation
◦ More case studies
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 42
Active participant in
GS1 standards workgroups
“Discovery Services” 2011, 2012
“Event-based Traceability” since 2012
43. Visibility future work
Connect authorization with
business systems
◦ Integrate with ERP and SCM to
derive data sharing assertions
◦ Reduce administrative burden
XACML
◦ Improve performance
◦ Find best formulations for
the proposed assertion extensions
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 43
Policy
Admin.
Point
XACML
Policies
Business
44. Traceability future work
Increase data sharing
◦ Alternative architectures, same policies and enforcement
◦ e.g. UP2P allows greater control by the data owners
◦ Share derived data instead of raw data
◦ e.g. Pedigree Checking Service (GS1 standard in progress)
Provide more access to the physical world
◦ Temperature, Humidity
◦ Pollution, Radiation
Data can be made accessible with desired visibility
Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 44
45. Miguel L. Pardal SCALABLE AND SECURE RFID DATA DISCOVERY 45
ObrigadoThank you
Miguel L. Pardal and José Alves Marques “Towards the Internet of Things: An Introduction to
RFID Technology”, 4th International Workshop on RFID Technology - Concepts, Applications,
Challenges – IWRT 2010
Miguel L. Pardal and José Alves Marques “Cost Model for RFID-based Traceability Information
Systems”, IEEE International Conference on RFID Technology and Applications –
IEEE RFID TA 2011
Miguel L. Pardal, Mark Harrison and José Alves Marques, “Assessment of Visibility Restriction
Mechanisms for Discovery Services”, IEEE International Conference on RFID – IEEE RFID 2012
Miguel L. Pardal, Mark Harrison, Sanjay Sarma and José Alves Marques, “Enforcing RFID Data
Visibility Restrictions Using XACML Security Policies”, IEEE International Conference on RFID
Technology and Applications – IEEE RFID TA 2012
Miguel L. Pardal, Mark Harrison, Sanjay Sarma and José Alves Marques, “Performance
Assessment of XACML Authorizations for Supply Chain Traceability Web Services”, 8th
International Conference on Next Generation Web Services Practices – NWeSP 2012
Miguel L. Pardal, Mark Harrison, Sanjay Sarma and José Alves Marques, “Expressive RFID data
access policies for the Pharmaceuticals supply chain”, IEEE International Conference on RFID –
IEEE RFID 2013
Miguel L. Pardal, Mark Harrison, Sanjay Sarma and José Alves Marques, “Access Control
Policies for Traceability Information System”, International Journal of Computer Information
Systems and Industrial Management Applications – IJCISIM, Volume 6, 2014
Publication summary