Gaurav Kapoor

Challenges associated with RFID tag implementations in supply chains

Radio-Frequency Identification (RFID) tags are gaining widespread popularity throughout the supply chain from raw material acquisition, manufacturing, transportation, warehousing, retailing to the ultimate consumers. A majority of extant literature in this area explore the beneficial aspects of RFID tags such as their batch readability, resistance to harsh environmental conditions, information storage and processing capability, among others. Given the recent explosion of interest in RFID tag incorporation in supply chains, literature in the area has not yet comprehensively identified nor addressed associated challenges and impediments to successful implementations. We purport to fill this gap and to raise awareness by identifying and discussing critical issues such as ownership transfer, privacy/security, computing bottleneck, read error, and cost-benefit issues such as opportunity cost, risk of obsolescence, information sharing, and inter-operability standards.

Detecting evolutionary financial statement fraud

A fraudulent financial statement involves the intentional furnishing and/or publishing of false information in it and this has become a severe economic and social problem. We consider Data Mining (DM) based financial fraud detection techniques (such as regression, decision tree, neural networks and Bayesian networks) that help identify fraud. The effectiveness of these DM methods (and their limitations) is examined, especially when new schemes of financial statement fraud adapt to the detection techniques. We then explore a self-adaptive framework (based on a response surface model) with domain knowledge to detect financial statement fraud. We conclude by suggesting that, in an era with evolutionary financial frauds, computer assisted automated fraud detection mechanisms will be more effective and efficient with specialized domain knowledge.

Single RFID Tag Ownership Transfer Protocols

Security/privacy issues are of paramount importance for widespread acceptance and use of radio-frequency identification (RFID) tags. Over the last few years, researchers have addressed this issue through lightweight cryptographic means. While a majority of existing RFID security/privacy protocols address authentication issues, the ability to change as well as share ownership of these tagged objects is equally important. We consider a few RFID ownership transfer variations and propose protocols that are lightweight and secure. We consider ownership transfer scenarios for single tag-single owner with and without a trusted third party (TTP). We provide security analysis to evaluate the accuracy, confidentiality, and forward security of the proposed protocols from a cryptography perspective.

Vulnerabilities in Some Recently Proposed RFID Ownership Transfer Protocols

Authentication of RFID tags is commonly achieved through cryptographic means with protocols that encrypt communication between the parties of interest. There is an extensive literature in this area that address various facets associated with authentication. As RFID tags gain more popularity, there is a concomitant increase in frequency with which they (i.e., the tagged object) change ownership. There is, therefore, an urgent need to develop and evaluate protocols that address issues related to ownership transfer of RFID tags. Over the past few years, researchers have proposed several ownership transfer protocols. We consider some of the ownership transfer protocols that were published during the past year and identify present vulnerabilities.

Multi-tag and multi-owner RFID ownership transfer in supply chains

In any supply chain, there is a high likelihood for individual objects to change ownership at least once in their lifetime. As RFID tags enter the supply chain, these RFID-tagged objects should ideally be able to seamlessly accommodate ownership transfer issues while also accomplishing their primary intended purpose. Physical ownership transfer does not translate to strict ownership transfer in the presence of RFID tags given the wireless nature of communication with these tags. Moreover, whereas existing protocols implicitly assume a single tag that is owned by a single entity, it is not uncommon to encounter scenarios where tag ownership is shared among multiple entities. A dual of this is the case of an object with multiple tags. We consider ownership transfer scenarios for shared ownership transfer and single object with multiple RFID tags. In the multiple-tagged object case, we consider the possibility where objects gain and lose tags over time. We also present a protocol for simultaneous transfer of ownership of multiple tags between owners. Since ownership transfer without a trusted third party (TTP) is difficult to achieve, we propose a shared ownership sharing protocol and evaluate its properties.

Input online review data and related bias in recommender systems

A majority of extant literature on recommender systems assume the input data as a given to generate recommendations. Both implicit and/or explicit data are used as input in these systems. The existence of various challenges in using such input data including those associated with strategic source manipulations, sparse matrix, state data, among others, are sometimes acknowledged. While such input data are also known to be rife with various forms of bias, to our knowledge no explicit attempt is made to correct or compensate for them in recommender systems. We consider a specific type of bias that is introduced in online product reviews due to the sequence in which these reviews are written. We model several scenarios in this context and study their properties.

Sequential Bias in Online Product Reviews

Online product reviews are increasingly being used by prospective buyers of related products who are interested in obtaining more information from people who have purchased and used a product of interest. Although not perfect, such reviews generally provide information on characteristics that stand out in either positive or negative ways. Online product reviews are by their very nature biased. While some of the bias in these reviews are hard to remove, the deleterious effects due to others can be alleviated. Bias due to sequential exposure to information has been extensively studied in other domains but has received very little attention in the online product review context. We study the dynamics of bias that is introduced as a result of sequential ordering of online product reviews.

Distance Bounding Protocol for Multiple RFID Tag Authentication

Relay attacks occur when an adversary simply relays signals between honest reader and tag without modifying it in any way. Since the signal content is not modified by the adversary, none of the extant cryptographic protocols are immune to such attacks. There have been several proposed protocols that purport to alleviate this problem for a single tag. We propose a protocol that considers relay attacks when multiple tags are authenticated for their simultaneous presence in the field of the reader.

RFID and Information Security in Supply Chains

Information visibility is of paramount importance for effective and efficient operation of supply chains. Although not the sole enabling technological source for information visibility in supply chains, RFID tags naturally allow for its seamless operationalization. RFID tags are notorious on issues related to security/privacy concerns, and these concerns are magnified in a supply chain context where the ownership of any given tag is passed among disparate organizations throughout its lifetime. We consider this scenario from a cryptographic perspective. We consider the literature in this area, identify vulnerabilities in an existing authentication protocol, and suggest modifications that address these vulnerabilities.

Brief paper: Vulnerabilities in Chen and Deng's RFID mutual authentication and privacy protection protocol

As incorporation of RFID (Radio Frequency IDentification) tags in a wide variety of applications increase, there is a need to ensure the security and privacy of the entity to which these tags are attached. Not surprisingly, this is a very active area as attested by the large number of related published research literature. Recently, the journal engineering applications of artificial intelligence published a paper by Chen and Deng (2009) where the authors propose a mutual authentication protocol for RFID. This protocol has fundamental flaws that can be readily taken advantage by a resourceful adversary. We identify and discuss these vulnerabilities and point out the characteristics of this protocol that exposes it to these vulnerabilities.