Tuesday, September 15th, 2009

Object Name Service Objections

The Object Name Service (ONS) [2] proposed by EPCglobal is specified to use DNS (the Domain Name System) for looking up object identities. An object identity in this case is essentially an Electronic Product Code (EPC).

I have strong misgivings about this ONS design. Primarily because it is a fundamental mixing up of concerns. But also because DNS should not be entrusted with sensitive information.

A little more background may be needed. EPCglobal [1] is the organization managing EPC, the Electronic Product Code. EPC is the emerging global standard for RFID tags. RFID is the successor to bar codes. There is a conceptual difference between bar codes and EPC. A bar code identifies a product or model, but EPC is capable of identifying individual items. For example, a bar code may identify a pair of blue jeans as “Brand X, model Y” while EPC could assign a distinct serial number to each single pair. The tag itself can be made invisibly small and may remain in the product after the point of sale.

DNS [3] is a vital part of the Internet infrastructure. It is the telephone directory of the Internet. It is mainly used by computers. Given a name, such as www.sweden.se, a computer looks up an IP number. The IP number is required for finding any Internet service.

Separation of concerns is one of the most fundamental principles of computing architecture. Why should product identities be mixed into the Internet infrastructure?

As a parallel to product codes in DNS, imagine bar codes in a telephone directory. After “Heinz, Jeff A., Main Street 111, 123-4567-8899” you would find “Heinz, Ketchup 1kg bottle, 8715700 016504”. The directory now has two stakeholders with different agendas. Computers would probably not confuse products with people. The problem is that DNS is brittle enough as it is. It has no need for political tension to open new cracks in its foundation.

IP numbers are inherently public (except for certain ranges used in private networks). The purpose of Internet domain names (like www.sweden.se) is to provide public access to services. So, domain names are even more public than IP numbers, if you will.

DNS is not designed to handle anything but public information. DNS communication requires no authentication. The protocol is clear-text. Due to these and other properties DNS is easily attacked. Paul Vixie, one of the world’s foremost experts in this field, says: … the only reason that DNS isn’t attacked more often is that nobody trusts its authenticity. [4]

This is the system EPCglobal intends to handle product codes.

Exactly how public are product codes? Associating a product with a vendor is a matter of course. Associating a product with the person who bought it is highly controversial. The “tag cloud” that surrounds a person wearing RFID-tagged products is close to a digital fingerprint. One of the greatest worries about RFID is that tags may be read by concealed readers from a little distance. Imagine, for instance, somebody that has an unhealthy interest in discovering individuals wearing Armani. Or, imagine ONS returning perverted information about dangerous products.

Product codes in DNS will submit DNS to strains it was not designed to meet.

I’m ready to be educated if I’m mistaken about ONS. But so far, my impression is that EPCglobal has cut too many corners to get something working quick. Other people more knowledgeable than I have also raised grave concerns [5].


  1. http://www.epcglobalinc.org/ The EPCglobal web site. (Retrieved September 2009)
  2. EPCglobal Object Name Service (ONS) 1.0.1. Ratified Standard Specification with Approved, Fixed Errata. EPCglobal May 29, 2008.
  3. http://en.wikipedia.org/wiki/Domain_Name_System Wikipedia introduction to DNS. (Retrieved September 2009)
  4. Vixie, P. 2007. DNS Complexity. Queue Vol. 5, Issue 3 (April 2007). ACM.
  5. Fabian, B., Günther, O. 2009. Security Challenges of the EPCglobal Network. Communications of the ACM, Vol. 52, Issue 7 (July 2009), pp 121-125.

Comments are closed.