This study addresses the absence of a unified security specification in existing RFID-based supply chain path-tracking systems, which renders them vulnerable to forgery, tampering, and other adversarial attacks. To bridge this gap, the paper presents the first comprehensive security evaluation framework tailored for path-tracking systems. By integrating formal modeling of security properties, systematic vulnerability analysis, and cross-scheme comparative assessment, the framework enables large-scale security evaluation of 17 state-of-the-art tracking protocols. The analysis uncovers previously unrecognized security flaws and rigorously quantifies the practical resilience of each scheme against supply chain threats. These findings provide both theoretical foundations and actionable guidance for designing high-assurance, trustworthy supply chain traceability systems.

Traceability systems have become prevalent in supply chains because of the rapid development of RFID and IoT technologies. These systems facilitate product recall and mitigate problems such as counterfeiting, tampering, and theft by tracking the manufacturing and distribution life-cycle of a product. Therefore, traceability systems are a defense mechanism against supply chain attacks and, consequently, have become a target for attackers to circumvent. For example, a counterfeiter may change the trace of a fake product for the trace of an authentic product, fooling the system into accepting a counterfeit product as legit and thereby giving a false sense of security. This systematic analysis starts with the observation that security requirements in existing traceability solutions are often unstructured or incomplete, leaving critical vulnerabilities unaddressed. We synthesized the properties of current state-of-the-art traceability solutions within a single security framework that allows us to analyze and compare their security claims. Using this framework, we objectively compared the security of $17$ traceability solutions and identified several weaknesses and vulnerabilities. This article reports on these flaws, the methodology we used to identify them, and the first security evaluation of traceability solutions on a large scale.