Publication Type

Journal Article

Version

publishedVersion

Publication Date

4-2018

Abstract

Path authentication thwarts counterfeits in RFID-based supply chains. Its motivation is that tagged products taking invalid paths are likely faked and injected by adversaries at certain supply chain partners/steps. Existing solutions are path-grained in that they simply regard a product as genuine if it takes any valid path. Furthermore, they enforce distributed authentication by offloading the sets of valid paths to some or all steps from a centralized issuer. This not only imposes network and storage overhead but also leaks transaction privacy. We present StepAuth, the first step-grained path authentication protocol that is practically efficient for authenticating products with strict path bindings. We encode a path into a secret with minimum path visibility disclosure between adjacent steps. Carrying the secret, a product has to go through steps in the exact order as in the designated path to pass authentication. StepAuth enforces no tag computation and enables each step to locally verify path secrets without pre-offloaded valid-path sets. Toward an even higher security guarantee, StepAuth can hinder an adversary capable of compromising all steps from forging valid secrets. We make StepAuth practically efficient by taking advantage of nested encryption and hybrid encryption. To achieve a 128-bit security for a practically long path of 100 steps, StepAuth generates a secret around 10 KB, which can be well supported by high-memory EPC Gen2 tags. Such secrets take StepAuth less than 1 s to encode and around 10 ms to verify.

Keywords

RFID, path authentication, supply chain management

Discipline

Databases and Information Systems | Information Security

Research Areas

Cybersecurity

Publication

IEEE Transactions on Information Forensics and Security

Volume

13

Issue

4

First Page

834

Last Page

849

ISSN

1556-6013

Identifier

10.1109/TIFS.2017.2768022

Publisher

Institute of Electrical and Electronics Engineers (IEEE)

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1109/TIFS.2017.2768022

Share

COinS