ENHANCING SECURITY OF RFID-ENABLED IOT SUPPLY CHAIN

IF 1.1 4区计算机科学 Q4 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Malaysian Journal of Computer Science Pub Date : 2023-07-31 DOI:10.22452/mjcs.vol36no3.5

H. Turksonmez, M. H. Ozcanhan

{"title":"ENHANCING SECURITY OF RFID-ENABLED IOT SUPPLY CHAIN","authors":"H. Turksonmez, M. H. Ozcanhan","doi":"10.22452/mjcs.vol36no3.5","DOIUrl":null,"url":null,"abstract":"In addition to its benefits, the popular Internet of Things (IoT) technology has also opened the way to novel security and privacy issues. The basis of IoT security and privacy starts with trust in the IoT hardware and its supply chain. Counterfeiting, cloning, tampering of hardware, theft, and lost issues in the IoT supply chain have to be addressed, in order to ensure reliable IoT industry growth. In four previous works, radio-frequency identification (RFID)-enabled solutions have been proposed by the same authors, aimed to bring security to the entire IoT supply chain. The works propose a new RFID-traceable hardware architecture, device authentication, and supply chain tracing procedure. In each of these works, a variant of the same is proposed. However, the same variant of lightweight RFID authentication protocol coupled with the offline supply chain proposed in these works has such security vulnerabilities that make the whole supply chain unsafe. In our present work, an online supply chain hop-tracking procedure supported by a novel RFID mutual authentication protocol, based on the strong matching of the RFID readers-their operators-central database present at the transfer hops is proposed. Our proposed Strong RFID Authentication Protocol (STRAP) has been verified by two well-accepted formal protocol analyzers Scyther and AVISPA. The verification results demonstrate that STRAP overcomes the previous works’ vulnerabilities. Furthermore, our proposed novel online supply chain tracing procedure supporting STRAP removes the previous offline supply chain tracing procedure weaknesses.","PeriodicalId":49894,"journal":{"name":"Malaysian Journal of Computer Science","volume":" ","pages":""},"PeriodicalIF":1.1000,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Malaysian Journal of Computer Science","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.22452/mjcs.vol36no3.5","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

In addition to its benefits, the popular Internet of Things (IoT) technology has also opened the way to novel security and privacy issues. The basis of IoT security and privacy starts with trust in the IoT hardware and its supply chain. Counterfeiting, cloning, tampering of hardware, theft, and lost issues in the IoT supply chain have to be addressed, in order to ensure reliable IoT industry growth. In four previous works, radio-frequency identification (RFID)-enabled solutions have been proposed by the same authors, aimed to bring security to the entire IoT supply chain. The works propose a new RFID-traceable hardware architecture, device authentication, and supply chain tracing procedure. In each of these works, a variant of the same is proposed. However, the same variant of lightweight RFID authentication protocol coupled with the offline supply chain proposed in these works has such security vulnerabilities that make the whole supply chain unsafe. In our present work, an online supply chain hop-tracking procedure supported by a novel RFID mutual authentication protocol, based on the strong matching of the RFID readers-their operators-central database present at the transfer hops is proposed. Our proposed Strong RFID Authentication Protocol (STRAP) has been verified by two well-accepted formal protocol analyzers Scyther and AVISPA. The verification results demonstrate that STRAP overcomes the previous works’ vulnerabilities. Furthermore, our proposed novel online supply chain tracing procedure supporting STRAP removes the previous offline supply chain tracing procedure weaknesses.

查看原文本刊更多论文

增强RFID-ENABLED物联网供应链的安全性

除了它的好处之外，流行的物联网(IoT)技术也为新的安全和隐私问题开辟了道路。物联网安全和隐私的基础始于对物联网硬件及其供应链的信任。为了确保物联网行业的可靠增长，必须解决物联网供应链中的假冒、克隆、硬件篡改、盗窃和丢失问题。在之前的四篇文章中，同一作者提出了支持射频识别(RFID)的解决方案，旨在为整个物联网供应链带来安全性。该工作提出了一种新的rfid可追溯硬件架构，设备认证和供应链跟踪程序。在每一部作品中，都提出了相同的变体。然而，这些工作中提出的轻量级RFID认证协议的相同变体与离线供应链相结合，存在使整个供应链不安全的安全漏洞。在我们目前的工作中，提出了一种基于传输跳点上的RFID阅读器-运营商-中心数据库的强匹配的在线供应链跳点跟踪程序，该程序由一种新的RFID相互认证协议支持。我们提出的强RFID认证协议(STRAP)已经被两个公认的正式协议分析仪Scyther和AVISPA验证。验证结果表明，STRAP克服了以往工作的漏洞。此外，我们提出的支持STRAP的新型在线供应链跟踪程序消除了以前离线供应链跟踪程序的弱点。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Malaysian Journal of Computer Science COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE-COMPUTER SCIENCE, THEORY & METHODS

CiteScore

2.20

自引率

33.30%

发文量

审稿时长

7.5 months

期刊介绍： The Malaysian Journal of Computer Science (ISSN 0127-9084) is published four times a year in January, April, July and October by the Faculty of Computer Science and Information Technology, University of Malaya, since 1985. Over the years, the journal has gained popularity and the number of paper submissions has increased steadily. The rigorous reviews from the referees have helped in ensuring that the high standard of the journal is maintained. The objectives are to promote exchange of information and knowledge in research work, new inventions/developments of Computer Science and on the use of Information Technology towards the structuring of an information-rich society and to assist the academic staff from local and foreign universities, business and industrial sectors, government departments and academic institutions on publishing research results and studies in Computer Science and Information Technology through a scholarly publication. The journal is being indexed and abstracted by Clarivate Analytics'' Web of Science and Elsevier''s Scopus