P2_20: Connectionless RFID based Secure Supply Chain Management
Topic Areas: Secure Supply Chain Management
Principal investigator: Dr. Marten van Dijk, University of Connecticut
Co-Principal investigator(s): Dr. Ulrich Ruhrmair, University of Connecticut
Co-Principal investigator(s): Dr. J. M. Emmert, Dr. Carla Purdy University of Cincinnati
Given the value of imported counterfeit and pirated goods, the need for secure supply chain management is pertinent. Radio-Frequency Identification (RFID) tags have been widely used as a low-cost wireless method for detection of counterfeit product injection in supply chains. In order to adequately perform authentication, current RFID monitoring schemes need to either have a persistent online connection between supply chain partners and the back-end database or have a local database at each partner site. However, often a persistent online connection cannot be guaranteed and local databases at each partner site impose extra cost and additional security issues. At HOST 2017 , we solved this problem by introducing a new ‘connectionless’ scheme in which a small 2-3K bit Non-Volatile Memory (NVM) embedded in each RFID tag is used to function as a tiny ‘encoded local database.’ In addition, our scheme resists ‘tag tracing’ so that each partner's operation remains private. Most notably, our scheme satisfies the strict RFID requirements with respect to the available number of gates that can be programmed for security purposes and the available amount of NVM. This makes our scheme highly competitive based on several performance and security metrics. In brief, the main idea behind our scheme is to have each RFID tag store its reader events in its own NVM while moving through the supply chain. In order to bind a tag's identity to each event such that an adversary – who is restricted by black-box access to an RFID tag’s interface – is not able to impersonate the tag's identity on another duplicate tag, a function with a weak form of unforgeability is needed. At Financial Crypto 2018  we formally defined this security property and presented three suitable constructions (MULTIPLY-ADD, ADD-XOR, and S-Box-CBC) with bounds on the probability of successful impersonation in concrete parameter settings. Estimates show that our constructions can be implemented using circuits of approximately 370-760 GE (Gate Equivalence) for various security levels. We propose to build a proof-of-concept of the above ideas and to investigate how our scheme can be hardened against even more powerful physical adversaries.