Trust in radio-frequency identification (RFID) is important. This is because cheap tags can be cloned easily, unauthorised readers can steal information, and ownership transition between business players and customers is automatic in the open system architecture that exists within RFID network. These reasons make it difficult to maintain the trustworthiness of RFID technology. Current research demonstrates that the trust decrement among business partners in the adoption of RFID-enabled technology happens because of two main issues. First, the security and privacy threats in RFID reduce the levels of trust and confidence especially when RFID tagging is used for anti-counterfeiting purposes. Second, the lack of an attack detection model in the RFID network makes the security and privacy threats go unnoticed. Other reasons contributing to a decrement in trust are the open network environment, and the non-authentication, authorisation and tracking model within the current EPC Trust Service.
The aim of this thesis is to develop a trust framework which will be able to identify, detect and respond to counterfeiting issues such as the presence of RFID cloned and fraudulent tags within a supply chain environment. These objectives are to be achieved by pursuing significant deviations of the RFID EPC tag pattern by the means of data-mining techniques. A seven-layer trust framework for RFID is developed as the main outcome of this research and will have significant benefits for supply chain owners. Other outcomes include: i) the detection of both cloned and fraudulent RFID tags using cost-based classification algorithms; ii) introduction of an RFID cost model for supply chain management; iii) and the improvement of a cost-sensitive algorithm for tackling misclassification errors. The motivation of our research is to present guidelines to tackle security threats such as counterfeiting by modelling prevention, detection and monitoring functions in a seven-layer control mechanism.
A cost-sensitive approach is essential to reduce the risk of counterfeiting in supply chains. The second objective of this research focuses on closing a gap in RFID tag cloning detection systems that has not been dealt with in previous studies, namely the analyses of system costs in false negative and false positive errors. A cost model should consider the trade-offs among all relevant cost factors and provide a basis for making appropriate cost-sensitive prediction decisions. Hence,the third objective of this research is to construct and quantify a cost-sensitive model for RFID-enabled supply chain management.
Our research focuses on cost-sensitive learning which is a type of machine learning that takes the misclassification costs into consideration. We employ decision tree classification algorithms from Weka software such as J48, J48 graft, NB tree and several others to predict Electronic Product Code tag patterns and assign the algorithms to genuine, fraudulent and cloned classes. All these tree algorithms were then used with meta-classifier cost-sensitive algorithms covering categories such as optimal cost-sensitive, smoothing technique, relabelling, weighting and resampling. The comprehensive analyses and comparison of the results are expressed as the receiver operating curve (true positive rate vs. false positive rate), precision-recall, error-rate and training time for evaluation of the models. The research reveals that the J48 classifier outperforms other tree algorithms. Overall, the four fastest algorithms are the J48, J48 graft, Random Tree and Rep Tree. When both time and performance need to be evaluated together, bagging both J48 and MetaCost is the best cost-based tree algorithm in terms of both time and accuracy for counterfeit detection in the supply chain.
The pertinent conclusion is that by employing the RFID trust framework, Electronic Product Code tag activity can be identified, detected and predicted in a cost-sensitive approach by using data-mining techniques. The main contribution of this research is the development of an analytical trust framework suitable for use in any supply chain organisations as a means of acquiring knowledge of RFID tag transactions and patterns to monitor any deviations and detect attacks. In addition, RFID trust management provides a management tool for business owners to use to enhance their decision-making when targeting attackers and dealing with counterfeiting attacks in an open supply chain.