Every step you take, I’ll be watching you: Practical StepAuth-entication of RFID paths

Author

Kai BU
Yingjiu LI, Singapore Management UniversityFollow

Publication Type

Journal Article

Version

publishedVersion

Publication Date

10-2017

Abstract

Path authentication thwarts counterfeits in RFID-based supply chains. Its motivation is that tagged products taking invalid paths are likely faked and injected by adversaries at certain supply chain partners/steps. Existing solutions are path-grained in that they simply regard a product as genuine if it takes any valid path. Furthermore, they enforce distributed authentication by offloading the sets of valid paths to some or all steps from a centralized issuer. This not only imposes network and storage overhead but also leaks transaction privacy. We present StepAuth, the first step-grained path authentication protocol that is practically efficient for authenticating products with strict path bindings. We encode a path into a secret with minimum path visibility disclosure between adjacent steps. Carrying the secret, a product has to go through steps in the exact order as in the designated path to pass authentication. StepAuth enforces no tag computation and enables each step to locally verify path secrets without pre-offloaded valid-path sets. Toward an even higher security guarantee, StepAuth can hinder an adversary capable of compromising all steps from forging valid secrets. We make StepAuth practically efficient by taking advantage of nested encryption and hybrid encryption. To achieve a 128-bit security for a practically long path of 100 steps, StepAuth generates a secret around 10 KB, which can be well supported by high-memory EPC Gen2 tags. Such secrets take StepAuth less than 1 s to encode and around 10 ms to verify.

Keywords

RFID, path authentication, supply chain management

Discipline

Databases and Information Systems | Information Security

Research Areas

Cybersecurity

Publication

IEEE Transactions on Information Forensics and Security

Volume

PP

Issue

99

First Page

1

Last Page

16

ISSN

1556-6013

Identifier

10.1109/TIFS.2017.2768022

Publisher

Institute of Electrical and Electronics Engineers (IEEE)

Citation

BU, Kai and LI, Yingjiu. Every step you take, I’ll be watching you: Practical StepAuth-entication of RFID paths. (2017). IEEE Transactions on Information Forensics and Security. PP, (99), 1-16.
Available at: https://ink.library.smu.edu.sg/sis_research/3997

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/TIFS.2017.2768022