ONS Security Benjamin Fabian, Oliver G¨ unther and Sarah Spiekermann Humboldt University Berlin Institute of Information Systems Spandauer Str. 1, D-10178 Berlin, Germany e-mail: {bfabian, guenther, sspiek}@wiwi.hu-berlin.de web: http://iwi.wiwi.hu-berlin.de fax: +49 30 2093-5741 April 30, 2007 Abstract The EPCglobal Network is an emerging global information storage and retrieval system for objects that carry RFID tags with an Electronic Product Code (EPC). To locate specific information sources for an object, a so-called Object Naming Service (ONS) is used. This chapter discusses privacy and security risks introduced by the current ONS design and investigates possible countermeasures. 1 The EPCglobal Network The influential ”Electronic Product Code” (EPC) numbering system is about to enhance and finally replace traditional bar codes. It aims to assign a globally unique number to nearly every object equipped with an Radio Frequency Identification chip (RFID tag). This EPC is serving as an identifier for the physical object carrying the tag, which can now be recognized, identified and tracked by an IT infrastructure [1]. Though the EPC standard 1