Open Access
Liu, Bing
Graduate Program:
Information Sciences and Technology
Doctor of Philosophy
Document Type:
Date of Defense:
May 07, 2015
Committee Members:
  • Chao Hsien Chu, Dissertation Advisor
  • Chao Hsien Chu, Committee Chair
  • Dinghao Wu, Committee Member
  • Jens Grossklags, Committee Member
  • Akhil Kumar, Committee Member
  • EPCglobal network
  • EPC Discovery Services (EPCDS)
  • Security
  • Relational Access Control
  • Federation Access Control
Internet of Things (IoT) is an emerging, global scale, Internet-based information service architecture enabled by the Radio Frequency Identification (RFID) and sensors technologies for information sharing and corresponding service discoveries. The EPCglobal network is considered as a sub-project under the IoT umbrella, which was created to develop a universal identification system and an open architecture to provide interoperability in a complex multi-vendor scenario. This universal identification system is based on the allocation of a unique ID—Electronic Product Code (EPC)—to every item. The EPC key is a globally unique identifier that is carried by the RFID tag. As a result, the EPCglobal network is an architecture proposed for enabling the sharing of information about the individually identifiable objects among organizations. As such, the life history of each individual object is shared and linked to an object through the unique EPC key. Since a huge volume of data is involved, a suitable service oriented architecture (SOA), which is called EPCglobal Discovery Service (EPCDS), is needed for locating both the key and additional information associated with it. Although several EPCDS models have been introduced by existing studies, most of them are in the very early development stages and cannot fulfill the design requirements, especially in advanced services, network performance, and security aspects. This dissertation introduces an advanced EPCDS model, which centers around three main tasks. First, we discuss the architecture of EPCglobal network and the needs for advanced discovery services. We examine the detailed EPCDS design requirements that are classified into three categories, functionality and service, network performance, and security and privacy. We select several typical EPCDS models that are proposed in other studies for detailed discussion, and then summarize and analyze current EPCDS models against the design requirements. The conclusion points out how to take advantage of current EPCDS designs to eliminate the gaps for further exploration. Next, according to the design requirements and the assessment, we propose an advanced EPCDS design. The enhanced EPCDS network is based on a peer-to-peer infrastructure and a consistent hashing method, adopted for the EPC key assignment function. It enhances the functionalities and services of the system, especially core functions such as publishing and lookup services. Our model can fulfill all the design requirements. In particular, compared to other models, the design is a highly distributed network, which is able to provide both basic and advanced services, as well as superior networking capability, such as reliability, scalability, extensibility, etc. It could mitigate some of the aforementioned shortcomings without completely abandoning the established standard. Finally, we investigate security threats and vulnerabilities for the RFID-enabled EPCglobal network in detail. We categorize the security issues into several categories, and discuss how to resolve them. To address the challenges posed by complex and dynamic EPC objects and events, we propose a relationship-based federated access control model for EPC Discovery Service, which can be tightly integrated with the proposed EPCDS infrastructure, to fulfill all the security and privacy design requirements. To the best of our knowledge, this is the first study that identifies and examines in detail the causes and impacts of key publishing security threats and interdependent security issues in an EPCDS context.