Publication Type
Journal Article
Version
publishedVersion
Publication Date
4-2018
Abstract
Path authentication thwarts counterfeits in RFID-based supply chains. Its motivation is that tagged products taking invalid paths are likely faked and injected by adversaries at certain supply chain partners/steps. Existing solutions are path-grained in that they simply regard a product as genuine if it takes any valid path. Furthermore, they enforce distributed authentication by offloading the sets of valid paths to some or all steps from a centralized issuer. This not only imposes network and storage overhead but also leaks transaction privacy. We present StepAuth, the first step-grained path authentication protocol that is practically efficient for authenticating products with strict path bindings. We encode a path into a secret with minimum path visibility disclosure between adjacent steps. Carrying the secret, a product has to go through steps in the exact order as in the designated path to pass authentication. StepAuth enforces no tag computation and enables each step to locally verify path secrets without pre-offloaded valid-path sets. Toward an even higher security guarantee, StepAuth can hinder an adversary capable of compromising all steps from forging valid secrets. We make StepAuth practically efficient by taking advantage of nested encryption and hybrid encryption. To achieve a 128-bit security for a practically long path of 100 steps, StepAuth generates a secret around 10 KB, which can be well supported by high-memory EPC Gen2 tags. Such secrets take StepAuth less than 1 s to encode and around 10 ms to verify.
Keywords
RFID, path authentication, supply chain management
Discipline
Databases and Information Systems | Information Security
Research Areas
Cybersecurity
Publication
IEEE Transactions on Information Forensics and Security
Volume
13
Issue
4
First Page
834
Last Page
849
ISSN
1556-6013
Identifier
10.1109/TIFS.2017.2768022
Publisher
Institute of Electrical and Electronics Engineers (IEEE)
Citation
BU, Kai and LI, Yingjiu.
Every step you take, I’ll be watching you: Practical StepAuth-entication of RFID paths. (2018). IEEE Transactions on Information Forensics and Security. 13, (4), 834-849.
Available at: https://ink.library.smu.edu.sg/sis_research/3859
Copyright Owner and License
Authors
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1109/TIFS.2017.2768022