Supply Chain Information Security: Emerging Challenges in the Telecommunications Industry

  • Tie XuEmail author
  • Shereen Nassar
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


Given the ramifications of widespread RFID implementation in contemporary supply chain management, there is a need for awareness of emerging security threats and effective self-protection mechanisms against system failures and attacks. The aim of this chapter is to identify the emerging information security challenges pertaining to RFID applications in the telecommunications industry. Having policy makers and telecom operators as the target audience, this chapter will present a conceptual framework for approaching risk management activities in regards to auto-ID/RFID applications with comprehensive and contemporary understanding about information assets, ecosystem threats, and vulnerabilities embedded in their extended supply chains.


Risk management RFID Supply chain Vulnerability 


  1. Alcaraz C, Zeadally S (2014) Critical infrastructure protection: requirements and challenges for the 21st century. Int J Crit Infrastruct Prot 8:53–66CrossRefGoogle Scholar
  2. Alcaraz C, Zeadally S (2015) Critical infrastructure protection: requirements and challenges for the 21st century. Int J Crit Infrastruct Prot 8:53–66CrossRefGoogle Scholar
  3. Alfaro J, Rabade L (2009) Traceability as a strategic tool to improve inventory management: a case study in the food industry. Int J Prod Econ 118(1):104–110CrossRefGoogle Scholar
  4. Angeles R (2005) RFID technologies: supply chain applications and implementation issues. Inf Syst Manage 22(1):51–65CrossRefMathSciNetGoogle Scholar
  5. Anonymous (2005) Applications of biometrics: area harnessing the technology. Available at Last access 03 Feb 2012
  6. Asif Z, Mandviwalla M (2005) Integrating the supply chain with RFID: a technical and business analysis. Commun Assoc Inf Syst 15(24):393–427Google Scholar
  7. Avoine G, Oechslin P (2005) RFID traceability: a multilayer problem. In: Proceedings on financial cryptography, pp 125–140Google Scholar
  8. Ayoade J (2007) Privacy and RFID systems: roadmap to solving security and privacy concerns in RFID systems. Comp Law Secur Rev Int J Technol Pract 23:555–561CrossRefGoogle Scholar
  9. Bollen F, Kissling C, Emond J-P, Brecht J, McAneney, Leake J, Compton R, Nunes C, Metz A, Duval K, Laniel M, Ye J (2004) Sea and air container track and trace technologies: analysis and case studies. Available at Last access 08 Jan 2012
  10. Bose I, Pal R (2005) Auto-ID: managing anything, anywhere, anytime in the supply chain. Commun ACM 48(8):100–106CrossRefGoogle Scholar
  11. Campbell D (Ed) (2009) International telecommunication law. Yorkhill Law Publishing, Salzburg, p 2007Google Scholar
  12. Cannon AR, Reyes PM, Frazier GV, Prater E (2008) RFID in the contemporary supply chain: multiple perspectives on its benefits and risks. Int J Oper Prod Manage 28(5):433–454CrossRefGoogle Scholar
  13. Chao CC, Yang JM, Jen WY (2007) Determining technology trends and forecasts of RFID by a historical review and bibliometric analysis from 1991 to 2005. Technovation 27(5):268–279CrossRefGoogle Scholar
  14. Chen H, Daugherty PJ, Landry TD (2009) Supply chain process integration: a theoretical framework. J Bus Logistics 30(2):27–46CrossRefGoogle Scholar
  15. Chicksand D, Waston G, Walker H, Radnor Z, Johnston R (2012) Theoretical perspectives in purchasing & supply chain management: an analysis of the literature. Supply Chain Manage Int J 17(4):454–472CrossRefGoogle Scholar
  16. Childerhouse P, Towill D (2011) Arcs of supply chain integration. Int J Prod Res 49(24):7441–7468CrossRefGoogle Scholar
  17. Christopher M (2011) Logistics and supply chain management: strategies for reducing cost and improving service, 4th edn. Pearson Education Limited/Financial Times Prentice Hall, HarlowGoogle Scholar
  18. Cooper MC, Lambert DM, Pagh JD (1997) Supply chain management: more than a new name for logistics strategy. Int J Logistics Manage 4(2):13–24CrossRefGoogle Scholar
  19. Defee CC, Williams B, Randall WS, Thomas R (2010) An inventory of theory in logistics and supply chain management research. Int J Logistics Manage 21(3):404–489CrossRefGoogle Scholar
  20. Derrouiche R, Neubert G, Bourar A (2008) Supply chain management: a framework to characterize the collaborative strategies. Int J Comput Integr Manuf 21(4):426–439CrossRefGoogle Scholar
  21. EPCglobal Inc (2005) EPC™ radio-frequency identity protocols class-1. EPC Global Inc., New Jersey, USAGoogle Scholar
  22. EPCglobal (2004) The EPCglobal network: overview of design, benefits and security. EPC Global Inc., New Jersey, USAGoogle Scholar
  23. European Telecommunications Standards Institute (ETSI) (2006) Telecommunication and internet converged services and protocols for advanced networking (TISPAN). Overview of Radio Frequency Identification (RFID). Tags in the telecommunications industry. Technical Report: ETSI TR 102(449) V1.1.1, 2006–01Google Scholar
  24. European Parliament and Council Directive (1995) Directive 95/46/EC of the European parliament and of the council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal L 281(23/11):0031–0050Google Scholar
  25. Feng B, Li JT, Guo JB, Ding ZH (2006) ID-binary tree stack anticollision algorithm for RFID. In: 11th IEEE Symposium on Computers and Communication. IEEE Press, pp. 207–212Google Scholar
  26. Fox R (2005) Radio frequency identification (RFID) in the telecommunications industry: Telcordia. Available at Last access 20 Apr 2015
  27. Gao JZ., Prakash L, Jagatesan R (2007) Understanding 2D-barcode technology and applications in m-commerce-design and implementation of a 2D barcode processing solution. In: Proceedings of the 31st Anual international Computer Software and Applications Conference-COMPSAC, July 24–27, Washington, DC. IEEE Computer Society, Vol 2, pp 49–56Google Scholar
  28. Garfinkel SL, Juels A, Pappu R (2005) RFID privacy: an overview of problems and proposed solutions. IEEE Comp Soc IEEE Secur Priv 3:34–43Google Scholar
  29. Gaukler GM, Seifert RW, Hausman WH (2007) Item-level RFID in the retail supply chain. Prod Oper Manage 16(1):65–76CrossRefGoogle Scholar
  30. Gaukler G, Seifert R (2007) Applications of RFID in supply chains. In: Jung H, Chen F, Jeong B (eds) Trends in supply chain design and management: technologies and methodologies. Springer, London, pp 29–48CrossRefGoogle Scholar
  31. Glover B, Bhatt H (2006) RFID essentials, 1st edn. O’Reilly, SebastopolGoogle Scholar
  32. Gudymenko I (2011) Protection of the users’ privacy in ubiquitous RFID systems. Master’s dissertation, Technische Universität DresdenGoogle Scholar
  33. Hammer M (2001) The superefficient company. Harvard Bus Rev 79(8):82–91Google Scholar
  34. Helbing D (2013) Globally networked risks and how to respond. Nature 497:51–59CrossRefADSGoogle Scholar
  35. Heskett JL (1977) Logistics—essential to strategy. Harvard Bus Rev 55(6):85–96Google Scholar
  36. Huang CH (2009) An overview of RFID technology, application, and security/privacy threats and solutions. Available at Last access 19 Apr 2015
  37. Hutter D, Ullmann M (2005) Security in pervasive computing. In: Second international conference, SPC 2005. Boppard, Germany, April 2005. Springer, BerlinGoogle Scholar
  38. Ilie-Zudor E, Kemény Z, van Blommestein F, Monostori L, van der Meulen A (2011) A survey of applications and requirements of unique identification systems and RFID techniques. Comput Ind 62(3):227–252CrossRefGoogle Scholar
  39. Jonsson P, Mattsson S (2013) The value of sharing planning information in supply chains. Int J Phys Distrib Logistics Manage 43(4):282–299CrossRefGoogle Scholar
  40. Juels A (2005) RFID security and privacy: a research survey. Available at Last access 21 Jan 2012
  41. Jüttner U, Christopher M, Baker S (2007) Demand chain management—integrating marketing and supply chain management. Ind Mark Manage 36(3):377–392CrossRefGoogle Scholar
  42. Karygiannis T, Phillips T, Tsibertzopoulos A (2006) RFID security: a taxonomy of risk. In: Proceedings of the 1st international conference on communications and networking in China (China’Com 2006), October 2006. IEEE Press, pp 1–8Google Scholar
  43. Karygicmnis A, Phillips T, Tsibertzopoulos A (2006) RFID security: a taxonomy of risk. Paper presented at the first international conference on communications and networking in China, 2006. ChinaCom’06Google Scholar
  44. Kay E (2003) What’s the next step for RFID. Frontline Solutions 4(3):21–25MathSciNetGoogle Scholar
  45. Keen P, Mackintosh R (2001) The freedom economy: gaining the m-commerce edge in the era of wireless Internet. Osborne/McGraw-Hill, New YorkGoogle Scholar
  46. Khor J, Ismail W, Younis M, Sulaiman M, Rahman M (2011) Security problems in an RFID system. Wireless Pers Commun 59(1):17–26CrossRefGoogle Scholar
  47. Kirk S, Fraser J, Vincenti J (2007) Is big business watching you? RFID tags, data protection, and the retail industry in the European Union. Comp Internet Lawyer 24(2):1–5Google Scholar
  48. Kroger W, Zio E (2011) Vulnerable systems. Springer Publishing, DordrechtCrossRefGoogle Scholar
  49. Kwon O, Im GP, Lee KC (2007) MACE-SCM: a multi-agent and case-based reasoning collaboration mechanism for supply chain management under supply and demand uncertainties. Expert Syst Appl 33(3):690–705CrossRefGoogle Scholar
  50. Lambert DM (2004) Supply chain management: process, partnership, performance. Supply Chain Management Institute, SarasotaGoogle Scholar
  51. Lamming R (1996) Squaring lean supply with supply chain management. Int J Oper Prod Manage 16(2):183–196CrossRefGoogle Scholar
  52. Laudon K, Laudon J (2011) Management information systems: managing the digital firm, 13th edn. Pearson Education Limited/Financial Times Prentice HallGoogle Scholar
  53. Lee CW, Kwon IG, Severance D (2007) Relationship between supply chain performance and degree of linkage among supplier, internal integration, and customer. Supply Chain Manage Int J 12(6):444–452CrossRefGoogle Scholar
  54. Lee HL, Whang S (2000) Information sharing in a supply chain. Int J Technol Manage 20(3/4):373–387CrossRefGoogle Scholar
  55. Lee S (2005) Mutual authentication of RFID system using synchronized secret information. Master’s dissertation, School of Engineering, Information and Communications UniversityGoogle Scholar
  56. Li S, Visich JK, Khumawala BM, Zhang C (2006) Radio frequency identification technology: applications, technical challenges and strategies. Sens Rev 26(3):193–202CrossRefGoogle Scholar
  57. Lin CH, Tseng HJ (2006) Identifying the pivotal role of participation strategies and information technology application for supply chain excellence. Ind Manage Data Syst 106(5/6):739–756CrossRefGoogle Scholar
  58. Mark L (2005) Personal privacy in ubiquitous computing: tools and system support. PhDGoogle Scholar
  59. Mentzer JT (2001) Supply chain management. Sage Publications, LondonGoogle Scholar
  60. Michael K, McCathie L (2005) The pros and cons of RFID in supply chain management (ICMB’05). In: Proceedings of the international conference on mobile business, IEEEGoogle Scholar
  61. Miles SB, Sarma SE, Williams JR (2010) RFID: technology and applications. Cambridge University Press, CambridgeGoogle Scholar
  62. Mitrokotsa A, Rieback MR, Tanenbaum AS (2009) Classifying RFID attacks and defenses. Special issue on advances in RFID technology, Information Systems Frontiers. Springer Science & Business Media, LLC 2009. doi: 10.1007/s10796-009-9210-z Google Scholar
  63. Oxford dictionary (2012a) Optical character recognition. Available at Last access 23 Feb 2012
  64. Oxford dictionary (2012b) Smart card. Available at Last access 23 Feb 2012
  65. Paul A, Calvin P, Matthias S (2002) From privacy promises to privacy management: a new approach for enforcing privacy throughout an enterprise. In: Proceedings of the 2002 workshop on new security paradigms, NSPW ’02, New York, NY, USA, 2002. ACM, pp 43–50Google Scholar
  66. Peppet SR (2014) Regulating the internet of things: first step toward managing discrimination, privacy, security, and consent. Texas Law Rev 93(85):85–178Google Scholar
  67. Peris-Lopez P, Hernández-Castro JC, Estévez-Tapiador JM, Ribagorda A (2006) RFID systems: a survey on security threats and proposed solutions. PWC, pp 159–170Google Scholar
  68. Persona A, Regattierri A, Pham H, Battini D (2007) Remote control and maintenance outsourcing networks and its applications in supply chain management. J Oper Manage 25(6):1275–1291CrossRefGoogle Scholar
  69. Porter ME (1985) Competitive strategy: creating and sustaining superior performance. The Free Press, New YorkGoogle Scholar
  70. Porter ME (2001) Strategy and the internet. Harvard Bus Rev 79(3):62Google Scholar
  71. Prasanna KR, Hemalatha M (2012) RFID GPS and GSM based logistics vehicle load balancing and tracking mechanism. In: International conference on communication technology and system design 2011, vol 30, pp 726–729Google Scholar
  72. Ranganathan C, Dhaliwal JS, Teo TSH (2004) Assimilation and diffusion of wed technologies in supply chain management: an examination of key drivers and performance impacts. Int J Electr Commer 9(1):127–161Google Scholar
  73. Rankl W, Effing W (2010) Smart card handbook, 4th edn. Wiley, West SussexCrossRefGoogle Scholar
  74. RFID Journal (2015) RFID in consumer products. RFID J. Available at Last access 20 Apr 20 2015
  75. Rhee K, Kwak J, Kim S, Won D (2005) Challenge-response based RFID authentication protocol for distributed database environment. In: International conference on Security in Pervasive Computing. SPC, Vol. 3450, pp 70–48Google Scholar
  76. Richey RG, Roath AS, Whipple JM, Fawcett SE (2010) Exploring a governance theory of supply chain management: barriers and facilitators to integration. J Bus Logistics 31(1):237–256CrossRefGoogle Scholar
  77. Rieback MR, Crispo B, Tanenbaum AS (2006) Is your cat infected with a computer virus?. In: Proceedings of the 4th IEEE international conference on Pervasive Computing and Communications. IEEE Press, pp 169–179Google Scholar
  78. Roman R, Zhou J, Lopez J (2013) On the features and challenges of security and privacy in distributed internet of things. Towards Sci Cyber Secur Identity Archit Future Internet 57(10):2266–2279Google Scholar
  79. Sabbaghi A, Vaidyanathan G (2008) Effectiveness and efficiency of RFID technology in supply chain management: strategic values and challenges. J Theor Appl Electr Commer Res 3(2):71–71Google Scholar
  80. Sellitto C, Burgess S, Hawking P (2007) Information quality attributes associated with RFID-derived benefits in the retail supply chain. Int J Retail Distrib Manage 35(1):69–87CrossRefGoogle Scholar
  81. Smart Border Alliance (2014) RFID security and privacy. RFID feasibility study final reportGoogle Scholar
  82. Spruit M, Wester W (2013) RFID security and privacy: threats and countermeasures, technical report UU-CS- 2013-001. Utrecht, Netherlands: Department of Information and Computing Sciences, Utrecht UniversityGoogle Scholar
  83. Srivastava B (2004) Radio frequency ID technology: the next revolution in SCM. Bus Horiz 47(6):60–68CrossRefGoogle Scholar
  84. Steinauer DD, Radack SM, Katzke SW (1997) U.S. government activities to protect the information infrastructure. Germany: Presented at the 5th Annual BSI IT Security Congress in Bonn, Germany (April 1997). Available at Last access 21 Apr 2015
  85. Stonebraker PW, Liao J (2004) Environmental turbulence, strategic orientation: modeling supply chain integration. Int J Oper Prod Manage 24(10):1037–1054CrossRefGoogle Scholar
  86. Stuart GK, John JL (2006) Security RFID applications: issues, methods and control. Inform Syst Secur 15(4):43–50Google Scholar
  87. Swartz J (2000) Changing retail trends, new technologies, and the supply chain. Technol Soc 22(1):123–132CrossRefGoogle Scholar
  88. Taylor JIM (2014) Enhance granularity of visibility in the food supply chain: use track and trace technologies. Food Logistics (Special report, 154), pp 30–32Google Scholar
  89. US Telecom Association (2014) Experience with the framework for improving critical infrastructure cybersecurity: comments of the US Telecom association. Available at Last access 21 Apr 2015
  90. van Deursen T, Radomirovic S (2009) Security of RFID protocols: a case study. Electr Notes Theor Comp Sci 244:41–52CrossRefGoogle Scholar
  91. van Dorp KJ (2002) Tracking and tracing: a structure for development and contemporary practices. Logistics Inf Manage 15(1):24–33CrossRefGoogle Scholar
  92. Want R (2006) An introduction to RFID technology. IEEE Pervasive Comput 5(1):25–33CrossRefGoogle Scholar
  93. Wasserman E (2007) Telcos’ dual vision for RFID. RFID J, December 1st 2007, Accessed 20 Aug 2015
  94. Weber RH (2010) Internet of things—new security and privacy challenges. Comp Law Secur Rev 26(1):23–30CrossRefGoogle Scholar
  95. Weis SA (2012) RFID (radio frequency identification): principles and applications. Available at Last access 22 Jan 2012
  96. Whitaker J, Mithas S, Krishnan MS (2007) A field Study of RFID deployment and return expectations. Prod Oper Manage 16(5):599–612CrossRefGoogle Scholar
  97. White GRT, Gardiner G, Prabhakar G, Abd Razak A (2007) A comparison of barcoding and RFID technologies in practice. J Inf Inf Technol Organ 2:119–131Google Scholar
  98. Wu NC, Nystrom MA, Lin TR, Yu HC (2006) Challenges to global RFID adoption. Technovation 26(12):13–17CrossRefGoogle Scholar
  99. Wyld DC (2006) RFID 101: the next big thing for management. Manage Res News 29(4):154–173CrossRefGoogle Scholar
  100. Xiao Q, Boulet C, Gibbons T (2007) RFID security issues in military supply chains. In: Proceedings of the 2nd international conference on Availability, Reliability and Security, pp 599–605Google Scholar
  101. Yu P, Schaumont P, Ha D (2006) Securing RFID with ultra-wideband modulation. In: RFID Sec 2006, Graz, AustriaGoogle Scholar
  102. Zhen-hua D, Li JT, Feng B (2008) A taxonomy model of RFID security threats. ICCT, pp 765–776Google Scholar
  103. Zhu X, Mukhopadhyay SK, Kurata H (2012) A review of RFID technology and its managerial applications in different industries. J Eng Tech Manage 29(1):152–167CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.University of Modern SciencesDubaiUnited Arab Emirates

Personalised recommendations