Path authentication thwarts counterfeits in RFID-based supply chains. Its motivation is that tagged products taking invalid paths are likely faked and injected by adversaries at certain supply chain partners/steps. Existing solutions are path-grained in that they simply regard a product as genuine if it takes any valid path. Furthermore, they enforce distributed authentication by offloading the sets of valid paths to some or all steps from a centralized issuer. This not only imposes network and storage overhead but also leaks transaction privacy. We present StepAuth, the first step-grained path authentication protocol that is practically efficient for authenticating products with strict path bindings. We encode a path into a secret with minimum path visibility disclosure between adjacent steps. Carrying the secret, a product has to go through steps in the exact order as in the designated path to pass authentication. StepAuth enforces no tag computation and enables each step to locally verify path secrets without pre-offloaded valid-path sets. Toward an even higher security guarantee, StepAuth can hinder an adversary capable of compromising all steps from forging valid secrets. We make StepAuth practically efficient by taking advantage of nested encryption and hybrid encryption. To achieve a 128-bit security for a practically long path of 100 steps, StepAuth generates a secret around 10 KB, which can be well supported by high-memory EPC Gen2 tags. Such secrets take StepAuth less than 1 s to encode and around 10 ms to verify.
RFID, path authentication, supply chain management
Databases and Information Systems | Information Security
IEEE Transactions on Information Forensics and Security
Institute of Electrical and Electronics Engineers (IEEE)
BU, Kai and LI, Yingjiu.
Every step you take, I’ll be watching you: Practical StepAuth-entication of RFID paths. (2017). IEEE Transactions on Information Forensics and Security. 1-16. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/3859
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.