The document summarizes a presentation given at the 44th Hawai’i International Conference on System Sciences about enabling RFID technology in pharmaceutical supply chains. It describes a formal model for representing supply chain entities and roles, presents a quantitative analysis of network traffic for a sample US supply chain, and evaluates security considerations for different roles. The model accounts for relationships between business entities and handling units from individual items to transport vehicles. Network traffic is estimated at 234.92TB annually for a supply chain with 15 billion goods and 7 links. Security is addressed through authentication, on-tag mechanisms, and a proposed "service provider for anti-counterfeiting" role.

1. A Formal Model for Enabling RFIDin Pharmaceutical Supply Chains44th Hawai’i Int’l Conference on System Sciences4-7 Jan, 2011 – Koloa, Kauai, HawaiiMatthieu-P. SchapranowHasso Plattner Institute

2. AgendaKey Facts about the Hasso Plattner InstituteEuropean Pharmaceutical Supply ChainFormal ModelQuantitative Analysis of Service ProviderContributionsHICSS11, Enabling RFID in Pharmaceutical Supply Chains, Schapranow, Jan 6, 20112

3. Key Facts about the Hasso Plattner InstituteInternalsFounded as a public-private partnershipin 1998 in Potsdam near Berlin, GermanyInstitute belongs to theUniversity of PotsdamRanked 1st in CHE 2009 and 2010500 B.Sc. and M.Sc. students10 professors, 92 PhD studentsCourse of study: IT Systems Engineering HICSS11, Enabling RFID in Pharmaceutical Supply Chains, Schapranow, Jan 6, 20113

4. Key Facts about the Hasso Plattner Institute Research Group Hasso Plattner / Alexander ZeierResearch focus: real customer data for enterprisesoftware and design of complex applicationsIn-Memory Data Management for Enterprise Applications Human-Centered Software Design and Engineering Maintenance and Evolution of SOA Systems Integration of RFID Technology in Enterprise Platforms CooperationsAcademic: Stanford, MIT, etc.Industry: SAP, Siemens, Audi, etc.HICSS11, Enabling RFID in Pharmaceutical Supply Chains, Schapranow, Jan 6, 20114

5. Key Facts about the Hasso Plattner InstituteWhat can we do for you?Network between industry and academia,e.g. European section of the CurriculumRFID seminars for graduate / undergraduate studentsTrends & concepts lecture (Prof. Hasso Plattner)Enterprise Application Architecture LaboratoryEnterprise software, e.g. SAP, Microsoft, etc.Equipped RFID Lab, e.g. deister electronic, noFilis, etc.Concrete sizing and simulation of customer supply chainsHICSS11, Enabling RFID in Pharmaceutical Supply Chains, Schapranow, Jan 6, 20115

6. European Pharma Supply ChainManufacturingHICSS11, Enabling RFID in Pharmaceutical Supply Chains, Schapranow, Jan 6, 20116

7. European Pharma Supply ChainCounterfeitsHICSS11, Enabling RFID in Pharmaceutical Supply Chains, Schapranow, Jan 6, 20117

8. Formal ModelBusiness EntitiesBelongs-To Relationship: soft relationship between business entities b for identification purposes, e.g. biCoupling/Decoupling: tight relationship,e.g. epci +authi= tagiDegree: Number of boxing operations kHandling Unit: possible degreesk=0: atomic business entity bik=1: product package holding bik=2: transport package, e.g. paper boxk=3: re-usable transport package, e.g. pallet or skeletonk=4: transport container, e.g. for transportation on shipsk=5: freight vehicle, e.g. shipHICSS11, Enabling RFID in Pharmaceutical Supply Chains, Schapranow, Jan 6, 20118

9. Formal ModelBusiness Entities (cont’d)Boxing/Unboxing: merge/splitset of itemsEvents: virtual product history stored in EPCIS repositoriesHICSS11, Enabling RFID in Pharmaceutical Supply Chains, Schapranow, Jan 6, 20119

10. Formal ModelRoles (Europe)Main Roles [1]A: Manufacturer: ~2.2kB: Center of Distribution: ~50kE: Licensed Dealer: ~140kD: Service Provider forAnti-CounterfeitingOther RolesC: Logistics ProviderF: End ConsumerHICSS11, Enabling RFID in Pharmaceutical Supply Chains, Schapranow, Jan 6, 201110

11. Formal ModelRoles (Europe)Main Roles [1]A: Manufacturer: ~2.2kB: Center of Distribution: ~50kE: Licensed Dealer: ~140kD: Service Provider forAnti-CounterfeitingOther RolesC: Logistics ProviderF: End ConsumerHICSS11, Enabling RFID in Pharmaceutical Supply Chains, Schapranow, Jan 6, 201111

12. Quantitative Analysis of Service ProviderSupply Chain Configuration for U.S.1 Pharmaceutical Manufacturer1 Center of Distribution3 Logistics Provider2 Wholesale DistributorsHICSS11, Enabling RFID in Pharmaceutical Supply Chains, Schapranow, Jan 6, 201112

13. Quantitative Analysis of Service ProviderData Flow for U.S. Pharma Supply ChainRetailer sends product check request to service provider(12 Byte EPC)Service provider contacts involved EPCIS repositories(12 Byte EPC)EPCIS repositories return event sets to service provider(728 Byte / 4 events in avg., i.e. 1x in, 2x observe, 1x out)Service provider(12 Byte EPC + 4 Byte authentication details)Protocol overheadIP: 20 ByteUDP: 8 ByteHICSS11, Enabling RFID in Pharmaceutical Supply Chains, Schapranow, Jan 6, 201113

14. Quantitative Analysis of Service ProviderNetwork TrafficNetwork traffic c, p pharmaceutical goods, supply chain length lFor p=15 billion and l=7: c=234.92TB / 32,475USD per year[2]Costs are adequate and can be handled by supply chain roles [3]HICSS11, Enabling RFID in Pharmaceutical Supply Chains, Schapranow, Jan 6, 201114

15. Quantitative Analysis of Service ProviderSecurity EvaluationManufacturer: prevent unrecognized EPC reading, e.g. by mutual authentication schemes [4]Center of distribution: on-tag security implementations, e.g. physically unclonable functions [5] or predefined passwords [6]Logistics provider: kill command [7], service providers for anti-counterfeitingWholesale Distributors: tracking and tracing via reader gatesEnd consumers: digital advice letter, service provider [8]HICSS11, Enabling RFID in Pharmaceutical Supply Chains, Schapranow, Jan 6, 201115

16. Our ContributionsDeveloped a formal model for RFID-aided supply chainsValidated in context of the pharmaceutical supply chain rolesIntroduced separate role “service provider for anti-counterfeiting”Performed a quantitative analysis for the service providerMonetary impact for concrete supply chain sizing evaluatedSecurity evaluation per supply chain roleHICSS11, Enabling RFID in Pharmaceutical Supply Chains, Schapranow, Jan 6, 201116

17. References[1] J. Müller, C. Pöpke, M. Urbat, A. Zeier, and H. Plattner, “A Simulation of the Pharmaceutical Supply Chain to Provide Realistic Test Data,” in Proceedings of the International Conference on Advances in System Simulation, 2009[2] Assuming Amazon EC2 mean network traffic costs per GB approx. 0.135 USD[3] M.-P. Schapranow, M. Nagora, and A. Zeier, “CoMoSeR: Cost Model for Security-Enhanced RFID-Aided Supply Chains,” in Proceedings of the 18th International Conference on Software, Telecommunication and Computer Networks, 2010[4] M.-P. Schapranow, A. Zeier, and H. Plattner, “A Dynamic Mutual RFID Authentication Model Preventing Unauthorized Third Party Access,” in Proceedings of the 4th International Conference on Network and System Security, 2010.[5] P. Tuyls and L. Batina, “RFID-Tags for Anti-Counterfeiting,” in Proceedings of the RSA Conference, 2006, pp. 115–131.[6] M.-P. Schapranow, J. Müller, S. Enderlein, M. Helmich, and A. Zeier, “Low-Cost Mutual RFID Authentication Model Using Predefined Password Lists,” in Proceedings of the 16th International Conference on Industrial Engineering and Engineering Management, 2009.[7] A. Mitrokotsa, M. R. Rieback, and A. S. Tanenbaum, “Classifi- cation of RFID Attacks,” in Proceedings of the 2nd International Workshop on RFID Technology, 2008, pp. 73–86.[8] M.-P. Schapranow, J. Müller, A. Zeier, and H. Plattner, “RFID Event Data Processing – An Architecture for Storing and Searching,” in Proceedings of the 4th International Workshop on RFID Technology - Concepts, Applications, Challenges, 2010.HICSS11, Enabling RFID in Pharmaceutical Supply Chains, Schapranow, Jan 6, 201117

18. Thank you for your interest!Keep in contact with us.Responsible: Deputy Prof. of Prof. Hasso PlattnerDr. Alexander Zeierzeier@hpi.uni-potsdam.deMatthieu-P. Schapranow, M.Sc.matthieu.schapranow@hpi.uni-potsdam.deHasso Plattner InstituteEnterprise Platform & Integration ConceptsMatthieu-P. SchapranowAugust-Bebel-Str. 8814482 Potsdam, GermanyHICSS11, Enabling RFID in Pharmaceutical Supply Chains, Schapranow, Jan 6, 201118