A Blockchain-Based Secure Radio Frequency Identification Ownership Transfer Protocol

Department of Computer Science and Engineering, iagarajar College of Engineering, India Department of Information and Computer Engineering, Chuan Yuan Christian University, Taiwan Department of Information and Telecommunications Engineering, Ming Chuan University, Taiwan Department of Computer Science and Information Engineering, Chung Cheng Institute of Technology, National Defense University, Taiwan


Introduction
e supply chain is a global network that involves organizations, people, resources, and activities to supply products or services to the end customers. Supply chain management (SCM) governance is the streamline of the product life cycle [1]. Supply chain management refers to the process when products are transferred from manufacturers to retailers, and finally consumers. Supply chain management includes commodity trading, logistics tracking, stock inventory, product traceability, and production line control. Standard SCM process flows such as product flow, information flow, financial flow, risk flow, and value flow are considered the heart of any supply chain scenario. Integration of all these flows is the critical success factor for the result of an effective supply chain [2]. e supply chain incorporates many entities such are manufacturers, distributors, retailers, and customers, who are known as actors of the SCM. Each actor plays a significant role in every phase of the product life cycle.
Even though the supply chain concept is introduced in earlier decades, now only the organizations realize the importance of it. Most of the organizations believe that an effective SCM is the only factor to extend the business relationships of an enterprise for increasing their competence in the global market [3].
is interorganizational supply structure is noticed as a virtual corporation. Globalization, proliferation, outsourcing, and information technology are considered the root causes of this modern interorganizational supply chain culture. e efficiency of the integrated supply chain mainly depends on the information management and product traceability. However, the effective integrated supply chain means a lot of work for the organization. e more it gets globalized, the more it gets complicated as it might lack product traceability and warehouse management. Currently, most of the businesses rely on centralized databases to manage the SCM, and the internal system is monitored by a single administrator [4]. Although the advanced technologies like cloud computing and internet of things are used to access the centralized database from anywhere, it has issues with data's originality and security. ere is also a possibility of cybercrimes happening in the supply chain in the form of counterfeiting to tamper the original product. Many companies advanced their tracking systems from traditional barcode to radio frequency identification (RFID) tags because of the simultaneous multiple sensing capabilities [5]. But the RFID tags are also compromised by security and privacy threats like sniffing, tracking, RFID counterfeiting, repudiation, denial of service, and replay attacks [6][7][8].
erefore, to manage the tracking and warehouse system of the globalized supply chain efficiently and to mitigate the tampering attack on the products, the supply chain network has collaborated with the blockchain technology [9].
Once the product is ready to supply, the tracking system of the respective supply chain begins to trace the product based on the tagged ID (i.e., barcode, RFID, etc.). Even though this approach is well adopted, it has scalability issues and produces various bottlenecks [6]. e blockchain technology is integrated to handle the main challenges of globalized supply chain remaining in the step-by-step traceability process from manufacturers to the end customers and managing the information along with products [9,10].
Radio frequency identification (RFID) is mainly composed of an RFID tag (Tag) and a tag reader (Reader). According to the power source of RFID tags, tags can be divided into two categories: active and passive: passive tags generate electromagnetic induction by electromagnetic waves emitted by the reader, allowing the tag to generate current to transmit data to the reader; the active tag contains a power source and is usually in a hibernation state. When the reader is in the sensing range, the tag will be awakened to communicate with the reader. Because RFID tags have smaller reading restrictions than traditional barcodes, they are now used in many fields, such as medical fields, antitheft systems, transportation field, or supply chain management. You can also see the use of RFID in life, including pet chips, leisure cards, and access control cards, all of which are RFID applications.
Because radio frequency identification (RFID) tags are more convenient to read than traditional barcodes, they are widely used in supply chain management. In supply chain management, the process of product transfer from the original owner to the next owner is called ownership transfer. During the transaction, the ownership of the RFID tag will be transferred to the new owner. However, because sellers may forge or modify product information, many scholars have proposed supply chain management using blockchains. Because the blockchain has the nontamperable feature, it can ensure the integrity and correctness of product information.
Blockchain is an open, immutable distributed ledger that enables secure transactions between a network of organizations or individuals who may have trust issues with one another by using consensus algorithms. Distributed computing and cryptography are the two prerequisites of blockchain technology [11]. Distributed technology is used to handle bottleneck issues and single point of failure. Cryptography is used to ensure the immutability of a ledger to tamper proof transactions in an untrusted network. A ledger containing the information about all transactions is distributed across each peer of the network. is distributed ledger technology is adopted in many areas that include healthcare, music, internet of things (IoT), government, passports, sensors, and smart appliances to handle a large set of information.
Each transaction in the distributed ledger is validated and updated in every block using the consensus algorithm. e most famous consensus algorithms of the blockchain are proof of work (PoW), proof of stake (PoS), proof of capacity (PoC), practical byzantine fault tolerance (PBFT), and proof of elapsed time [6]. All peers or nodes in the network must agree to the consensus algorithm. In blockchain, multiple blocks try to validate the new transactions and mine the blocks to add them into it, as shown in Figure 1.
ese blocks are called as miners. Whenever a new block is mined, it gets confirmed and added to the ledger. Cryptography secured hash function is used to connect the blocks in a blockchain in a tamper proof way. Immutability of the blockchain is ensured using this one-way hash function. Every block stores the hash value of the previous block in their header. is chain of hashes forms a tree structure known as hash tree or Merkle tree, as shown in Figure 2. Any change in any transactions will reflect in Merkle root.
Blockchain is split into three major types that are public, private, and consortium based on the parties involved and the node visibility of the network, as shown in Table 1. In a permissionless (public) blockchain, any node can join the network without any limitations, while the permissioned (including both private and consortium) blockchain restricts the access rights to a set of authenticated nodes only.
is paper uses the Ethereum blockchain platform to transfer ownership of supply chain management. Ethereum can run code between distributed systems, and outsiders cannot tamper with the program. ese codes will be added to the blockchain, and the code cannot be altered after programming. In addition, everyone can audit the code before interacting with it. is means that anyone anywhere can launch applications that cannot be obtained offline. We call the programs that make up the application smart contracts. In most cases, they can be set to operate without human intervention.
Supply chain management mainly involves transactions between manufacturers, distributors, retailers, and consumers. Manufacturers are individuals or organizations that produce products. In the Ethereum blockchain platform, the manufacturer is responsible for registering the product, as well as for marking and scanning before delivery; the distributor is the intermediary between the manufacturer and the retailer, responsible for transferring the product, so on this platform you can get rewards from the manufacturer; the retailer is responsible for purchasing products from the manufacturer and then selling the products to consumers for profit. Finally, when consumers purchase products, they have the right to verify the source of the products and can check the logistics at any time.

Security and Communication Networks
We deposit a reverse hash chain on the RFID tag, and each time the ownership is transferred, the RFID tag will announce the hash value of a new reverse hash chain. e nodes on the blockchain will be able to use smart contracts to check whether the hash value of this transaction can generate the hash value of the previous transaction after the hash operation. Only when the calculated hash value is the same can the correctness of this transaction be confirmed.
In the proposed ownership transfer protocol, smart contracts are used on the Ethereum blockchain platform to realize the transfer of ownership of RFID tags. e smart contract can control the content of the contract according to the program logic. Once the smart contract is deployed, the content of the contract cannot be changed, and the content is stored in the blockchain.

Related Work
Numerous researches have been conducted in blockchain integrated supply chain area to enhance the product traceability, security, transparency, and reliability of the supply chain. Some of them focused on the security of the SCM to overcome counterfeiting, fraud, tracking attacks, and tampering.
Toyoda et al. [12] proposed a novel product ownership management (POMS) in 2017 that uses blockchain technology to encounter counterfeit attacks in the post-supply chain scenario using blockchain technology. Forgers cannot prove that they own products in the system, so it is difficult for counterfeiters to copy real RFID tags. e post-supply chain proposed by the author means that after retailers, goods are transferred to buyers through transactions, and buyers then resell through second-hand markets (as shown in Figure 3). Buyers can read product information from the RFID tag, which can avoid buying counterfeit products. And during the transaction, both parties can confirm the transaction through the product management contract. When one of the parties refuses the transaction, the transaction will fail. Furthermore, Chen et al. proposed a hybrid scheme to combine RFID and blockchain technologies to collect patient physiological signals in medical research [13].
Ownership of the product is verified by the novel "proof of possession of products" concept admired by bitcoin's "proof of possession of balance" [14]. e proposed work is implemented on the Ethereum platform [15] and evaluated in TestRPC [16] environment. However, the genuine product without proper ownership information is also considered as counterfeit in this system. Moreover, the fixed electronic product code (EPC) of a product might also lead to tracking attack.
Qijun Lin et al. [17] proposed a food safety traceability system for a food supply chain scenario with the help of blockchain and EPC information. Off-chain and on-chain concept is used to manage information to increase the performance of the system. e proposed system is implemented on Ethereum platform via smart contracts. e designed smart contracts need to get optimized to increase the efficiency of the system. Pinchen Cui et al. [18] designed a blockchain-based supply chain framework to enhance the traceability of electronic parts or devices by providing a unique ID for each product. is framework is implemented on the Hyperledger Fabric platform. Even though this framework is implemented in permissioned blockchain, it could not protect over illegitimate manufacturer registration issues. Federico Matteo Bencic et al. [19] invented a novel distributed ledger-(DL-) tags (smart tag) approach to verify the authenticity of the products while ensuring the privacy of stakeholders and customers. is approach is implemented on Ethereum and evaluated in a real-time use case scenario, tag it wine (TIW). However, this smart tag approach requires high cost and is computationally expensive. Shangping Wang et al. [6] proposed a decentralized product traceability system based on blockchain technology which is implemented using Ethereum.
Smart contracts are designed to process product registration, transferring, and tracking in a supply chain. An event-response mechanism is designed to mitigate the manin-the-middle attack. However, this approach cannot prevent the tracking attack. Michail Sidorov et al. [20] designed an ultra-lightweight mutual authentication RFID protocol that works together with a decentralized database to create a secure blockchain enabled SCM. e protocol mainly involves RFID tags, tag readers, and supply chain nodes. e supply chain nodes are composed of manufacturers, distributors, retailers, and consumers. e proposed protocol is coded using High Level Protocol Specification Language (HLPSL) [21] to be formally verified using a broadly accepted formal verification tool, that is, AVISPA [22]. is protocol mainly protects the communication security between the reader and the tag. When the goods are handed over to the buyer, the buyer can view the record of the traceable product, and the buyer can write its data into the blockchain after being authenticated. However, this protocol is suitable only for the supply chain with permissioned blockchain.
Sidorov et al. [20] proposed an ultra-lightweight mutual authentication RFID protocol in 2019, which is applied to supply chain management and executed on a blockchain platform. e agreement mainly involves RFID tags, tag readers, and supply chain nodes. e supply chain nodes are composed of manufacturers, distributors, retailers, and consumers.
Leonardo Aniello et al. [23] proposed a secure SCM using blockchain and physically unclonable functions (PUF) [24]. PUF are used to generate the unique unclonable tamper proof IDs. is approach is implemented on the consortium blockchain platform. However, the proposed tracking system cannot fully prevent forgery, Byzantine attack, and privacy issues. Counterfeiters use these nooks and holes of the supply chain for their own desires. erefore, a robust and secure supply chain management is a much needed one in the current scenario. D. Islam assumes that the RFID tag is PUF-enabled [25]. e aim of the proposed system is to develop a secure supply chain management to enhance the product traceability, anticounterfeiting, and information management with the help of blockchain technology.
is proof-of-concept experiment is implemented on the Ethereum platform. Smart contracts are designed to enable the transactions between the entities of a supply chain. e deployed transactions are then transferred via MetaMask crypto wallet. e privacy of the supply chain is attained by generating the proof of product code via zk-SNARKs algorithm [26]. is algorithm also enhances the scalability of the supply chain system by creating a trusted setup in offchain mode.

System Model
is paper uses the Ethereum blockchain platform to transfer ownership of supply chain management. e blockchain integrated supply chain model manages the transactions between the actors of SCM, including the manufacturers, distributors, retailers, and consumers. Each of these actors plays a significant role in every phase of the SCM: (i) Manufacturers: a manufacturer is an individual or an organization which produces a complete product from the raw materials to make profit by delivering them to the end customers. e manufacturers are those responsible for registering the product and for tagging and scanning before supplying it. In the Ethereum blockchain platform, the manufacturer is responsible for registering the product, as well as for marking and scanning before delivery (ii) Distributors: distributors act as a mediator between the manufacturer and the retailer. ey just simply transfer the products between them. For doing that job, they get incentives from the manufacturers. Finally, when consumers purchase products, they have the right to verify the source of the products and can check the logistics. (iii) Retailers: retailers act as a gatekeeper between the manufacturer and customer, and they play a significant role in production and consumption [27]. Retailers purchase the product from the producers and sell it to the customers with some increment in the product cost to make profit. (iv) Customers: customers are the final entity of the supply chain. A customer is an individual who buys the product and uses it. When consumers purchase products, they have the right to validate the originality of the product and to track the product during the shipment period. Figure 4 depicts the overview of a blockchain enabled supply chain. Ethereum blockchain platform is used to design the smart contracts for managing the transactions of a supply chain scenario [28]. Each smart contract is deployed on the blockchain and is immutable.

Integration of Blockchain and RFID Tags.
We use reverse hash chain technology in the protocol. e manufacturer will randomly create an initial value w n , as a seed of a hash chain, and write it into the RFID tag, and then the tag will be able to sequentially calculate the values w n−1 , w n−2 , w n−3 , . . ., w 2 , w 1 , w 0 of the hash chain.
From the equations, we can calculate w 0 � h n (w n ), where n is the maximum count of transfers for each RFID tag.
When the smart contract is deployed, the manufacturer will write the hash value w 0 and the maximum number of transfers n corresponding to the RFID tag. When the tag is transferred, the tag will calculate the next w (e.g., w i ) and write it into the smart contract. At this point, the nodes of the blockchain will be able to check: If the calculation result is correct, it means that the ownership transfer of the RFID tag is legal, as shown in Figure 5.

Ownership
Transfer. In the system initialization, the tag is owned by the manufacturer. en, the ownership of the tag will be transferred from the original owner to the new owner (the manufacturer, the distributor, the retailer, and the consumer). e procedure of ownership transfer is shown in Figure 6, which contains 11 steps:   (1) e manufacturer creates an RFID tag with an initial seed w n and stores its product information in the smart contract. e product information includes the initial owner, the identifier of a specific RFID tag, and the seed value.
(2) When the smart contract is released to the Ethereum blockchain platform, the product information will be written into the blockchain, and all nodes of the blockchain network can view the content. After that, the smart contract processes the transfer of RFID ownership transfer procedure. (3) When the original owner wants to transfer the ownership of an RFID tag to the new owner, the original owner will send an ownership transfer request to the RFID tag. After the tag receives the request, it will return its information to the original owner, and the original owner can obtain the tag's identity from the server through the tag information. (4) e tag's information obtained by the original owner will be sent to the new owner, and after receiving the tag's information, the new owner can request the transfer of ownership from the trusted third party. (5) When the new owner requests the transfer of the tag's ownership from the TTP, the tag authentication information will be sent to TTP. en, TTP will confirm whether the label requested for ownership transfer is the same as the identifier on the authentication message. (6) After TTP confirms the correctness of the tag, TTP will generate a new tag key and pass the key to the new owner. (7) TTP will update the key information and deliver it to the original owner. e original owner can update the tag's key. (8) e original owner transfers the ownership by updating the management key of the tag. (9) When the RFID tag completes the ownership transfer, its stored hash value w i will be updated to w (i+1) , and it will be published to the Ethereum blockchain network. (10) e original owner will post transaction information to Ethereum. Ethereum will send a broadcast to each node to verify the transaction. (11) e node will verify whether w 0 � h(w 1 ). If it is, it is judged to be a legal transaction.

System
Initialization. In this proposed system, the smart contract is designed to develop a blockchain integrated secure supply chain scenario. Smart contracts are agreements written in solidity language, which stipulate transactions between entities who agree to interact with one another [29]. ese smart contracts are immutable once they get deployed. e values and rights which are managed by the smart contract are stored in the blockchain. is experimental system is developed based on the "proof of ownership" concept. Notations used in this paper are listed in Table 2.
In Step 1 of the proposed protocol is the system initialization, as shown in Table 3. e manufacture first creates a new smart contract. When the smart contract is initialized, the manufacturer writes a serial number of each RFID tag (TagID) and the seed value of the reverse hash chain w 0 into the contract using the smart contract constructor constructor().
is function EnrollProduct registers the initial owner of the product and the identifier of the RFID tag, as shown in Table 4. e product will have an RFID tag attached. When the contract is released to the Ethereum blockchain platform, the product information will be written into the blockchain. In Step 2, when the manufacturer delivers the product to the distributors, the manufacturer calls the Add_ownership() function to assign the ownership to the distributors that own the product, as shown in Table 5. AddOwnership() contract checks the authenticity of the requester node. If it is valid, then the ownership request is committed and the address of the node is added to the product code, otherwise rejecting the request.

Ownership Transfer.
e transfer of ownership is divided into two parts. e first is the transfer of ownership of RFID tags. e old owner needs to use a reader to verify with the RFID tag before the ownership can be transferred. After the RFID transfer is completed, the ownership transfer on the blockchain is performed.
In Step 3, when the original owner wants to transfer the ownership of the RFID tag to the new owner, the original owner will send an ownership transfer request to the RFID tag. After the tag receives the request message, it will return its information to the original owner, and the original owner can verify the identity of the tag with the server. We use the protocol proposed in [30] to improve the part of RFID ownership transfer. e detailed transmission message is shown in Figure 7.
In Figure 7, when the original owner issues an ownership transfer request to the tag, the tag first generates two messages M 1 and M 2 . M 1 contains a nonce and the tag's ID, which is protected by the shared key between the tag and the trusted third party (the manufacturer), and M 2 contains the tag's ID and the message M 1 , which is protected by the shared key between the tag and the server of the original owner, DID i . e tag transfers the message M 2 back to the original owner. When the original owner receives the message M 2 , it generates a new message M 3 that contains the new owner's server DID j , the new owner's ID RID j 2 , and the message M 2 . e message M 3 will be transferred to the original server.
In Step 4, the original owner's server will first verify the owner when obtaining the RFID tag information. After the server confirms the identity of the owner of the RFID tag (message M 3 ), the server sends the tag information to the new owner and the new owner's server (message M 4 ). Only when the new owner server receives the tag's information and confirms that the new owner belongs to this server, the server can request the transfer of the tag's ownership from the trusted third party. If the verification is failed, a garbage message M 9 containing only a random number r 3 will be sent to the new server. In this way, the attacker has no way of knowing whether the transaction was successful. e process is shown in Figure 8.
In Steps 5-6, the server of the new owner DID j sends the transfer request M 5 to the trusted third party (the manufacturer). e TTP verifies whether the tag requesting the ownership transfer and the tag authentication message are the same tag. After that, the TTP will create a new tag management key Kx j 1 and send it to the new server via message M 6 , as shown in Figure 9.
In Step 7, TTP will update the key (message M 10 ) and encrypt it with message M 7 to send to the original owner's server DID i . e original owner server will first confirm whether the original owner of the RFID tag in the message M 7 is correct. en, the original owner's server will generate a message M 8 to the original owner RID i 1 . If M 7 is incorrect, another garbage message M 8 will be generated by encrypting a random number r 3 , e process is shown in Figure 10.
In Steps 8-9, the original owner sends the key update message M 9 to the RFID tag. e tag updates its management key Kx i 1 for ownership transfer. When the RFID tag completes the ownership transfer process, its stored hash value w i will be updated to w (i+1) and will be sent to the original owner, as shown in Figure 11.
In Step 10, as in Table 6, ChangeOwnership() smart contract verifies both parties authentication. If both the seller and buyer are valid and seller possesses the ownership, then the ownership is assigned to the new owner. And the old ownership is removed from the product code.
e original owner will use the emit Transfer() function to publish transaction messages to Ethereum. Ethereum will send a broadcast to each node to make the node verify the transaction. In Step 11, after each node receives the notification, it will execute OwnershipTransfer (address receiver, uint amount, uint challenge) to verify whether Seed � hash(challenge). If it is, it is judged to be a legal transaction.
Our method can integrate the ownership transfer process of the RFID with the blockchain. e blockchain can record every transaction of the ownership transfer. Because of the characteristics of the blockchain, these transaction records are not easy to be tampered with, and the success of the transaction can be proved through node verification. In addition to the transfer of ownership of the blockchain, RFID tags will also transfer ownership. After the original owner transfers the ownership of the RFID tag to the new owner, the original owner will not be able to read the RFID tag, and this RFID ownership transfer agreement can satisfy the forward and backward security.

Experimental Evaluation
e proof-of-concept experimental system is implemented on the Ethereum remix platform. Ethereum is a public blockchain integrated development environment (IDE) used to develop various decentralized applications [29]. e cryptocurrency needed to run the application is called ether in Ethereum. Smart contracts written in solidity language are run on the Ethereum virtual machine (EVM). Every transaction in the Ethereum has a gas limit. When the gas limit expires, the transaction will be automatically aborted. e developed approach is evaluated using MetaMask's Rinkeby test network [31]. MetaMask is a crypto wallet that provides ether to blockchain apps. Table 7 shows the utilized amount of gas and ethers by both smart contracts.
Initial ownership contract requires 0.00027 ethers, and the used gas limit is 27239. e gas price offered for this transaction is 1 Gwei. Similarly, change ownership requires         0.000579 ethers, and the used gas limit is 57919. e gas price offered for this transaction is 2 Gwei. When comparing both contracts, change ownership has more computational time than the initial ownership contract. Figure 12 represents the amount of gas used per transaction. e efficiency of the transaction is determined by the amount of gas used and the transaction fees (ether value).

Attack Analysis
Privacy and security are clearly needed for enterprise-level blockchains. e most impactful evaluation matrices, which differentiate the performance of both permissioned and permissionless blockchains, are scalability and privacy. While the public blockchain has issues with privacy, private blockchains outperform those issues by applying their distinctive characteristics such as permissioned mode of operation and fine-grained access control. e previous researches conducted in the area of supply chain management using public blockchain are failed to discover this issue. e aim of the proposed work revolves around the development of open access supply chain management with guaranteed privacy and security.
is approach attempts to cover the privacy issues by generating the proof of information with the help of zk-SNARKs algorithm while verifying the ownership of the entity. Table 8 shows the major supply chain attacks, such as counterfeiting attack, tampering attack, tracking attack, and man-in-the-middle attack, which are handled by the proposed approach. e analysis of these attacks against the existing approaches is represented in the table. Our proposed system covers the tracking attack while the existing approaches [6,12,17,19] using Ethereum failed to prevent that attack. And this permissionless system's performance matches the permissioned system [17] when handling the verification and tracking.

Conclusion
An effective supply chain implementation is an essential one for every organization. e complications of traditional supply chain management systems such as tracking and information management can be mitigated with the inclusion of blockchains. In this paper, we propose an RFID ownership transfer protocol that can integrate the ownership transfer process of the RFID on the blockchain. In this proposed system, a secure supply chain management is developed in order to enhance the product privacy, anticounterfeiting, traceability, and information management with the help of zk-SNARKs using Ethereum blockchain by means of smart contracts. e proposed approach is implemented on Ethereum blockchain and evaluated using MetaMask's Rinkeby test network.

Data Availability
e simulation results used to support the findings of this study are included within the article.

Conflicts of Interest
e authors declare that they have no conflicts of interest.  [12] Yes No Yes Yes [17] No No Yes No [18] Yes No Yes Yes [19] Yes No Yes Yes [6] Yes