Secure protocols for serverless remote product authentication
Article No.: 11, Pages 1 - 7
Abstract
Industrial companies lose large sums of money because of counterfeits and they need to efficiently protect their trademarks. Most of them implement their own anti-counterfeiting policy to deal with the menace. A number of technologies, such as holograms, smart cards, biometric markers and inks, can be employed to protect and authenticate genuine products. Instead of using markers and additional identification means, one of the recent methods use a PUF-like authentication method based on image processing. However, in order to authenticate the object (e.g. a trademark product), the method needs direct access to the database system containing the object's "fingerprint". The paper presents a new secure method to remotely authenticate the object without communication with the database server. In this method, an autonomous and secure embedded system called authentication device authenticates the product by extracting its morphometric fingerprint and comparing it with a signed original morphometric fingerprint printed on the object. However, we show that in order to secure the protocol, the authentication hardware needs to be authenticated, too. For this reason, we propose security protocols that allow to authenticate the authentication device and remotely check its integrity. The proposed security protocols are shown to be sure using formal methods of security protocol evaluation.
References
[1]
X. Boyen, Y. Dodis, J. Katz, R. Ostrovsky, and A. Smith, "Secure remote authentication using biometric data," in Advances in Cryptology EUROCRYPT, vol. 3494. Springer, 2005, pp. 147--163.
[2]
G. Suh and S. Devadas, "Physical unclonable functions for device authentication and secret key generation," in Design Automation Conference, 2007. DAC'07. 44th ACM/IEEE, 2007, pp. 9--14.
[3]
J. Bringer and H. Chabanne, "An authentication protocol with encrypted biometric data," Lecture Notes in Computer Science, vol. 5023, pp. 109--124, 2008.
[4]
J. Lancrenon, R. Gillard, and T. Fournel, "Remote Object Authentication: confidence model, cryptosystem and protocol," in Society of Photo-Optical Instrumentation Engineers (SPIE) Conference Series, vol. 7344, 2009.
[5]
B. Zhu, J. Wu, and M. S. Kankanhalli, "Print signatures for document authentication," in CCS '03: Proceedings of the 10th ACM conference on Computer and communications security, 2003, pp. 145--154.
[6]
A. Idrissa, T. Fournel, and A. Aubert, "Secure embedded verification of print signatures," in Journal of Physics: Conference Series, vol. 206, 2010.
[7]
D. Kravitz, "Digital signature algorithm," Jul. 27 1993, US Patent 5,231,668.
[8]
D. Dolev and A. C. Yao, "On the security of public key protocols," Foundations of Computer Science, Annual IEEE Symposium on, vol. 0, pp. 350--357, 1981.
[9]
C. Cremers, "The Scyther Tool: Verification, falsification, and analysis of security protocols," in Computer Aided Verification. Springer, pp. 414--418.
[10]
B. Blanchet, "ProVerif automatic cryptographic protocol verifier user manual," CNRS, Departement dInformatique, Ecole Normale Superieure, Paris, 2005.
- Secure protocols for serverless remote product authentication
Recommendations
Secure remote user authentication scheme using bilinear pairings
WISTP'07: Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systemsIn 2006, Das et al. proposed a remote user authentication scheme using the properties of bilinear pairings. The current paper, however, demonstrates that Das et al.'s scheme is still vulnerable to an impersonation attack and an off-line password ...
Secure hierarchical authentication protocol in VANET
The 5G technology will promote the development of vehicle ad hoc networks (VANET). However, almost all the existing authentication protocols rely on a completely trusted authority (TA), which undoubtedly raises a heavy burden on the TA. On the other hand, ...
Unconditionally secure ring authentication
ASIACCS '07: Proceedings of the 2nd ACM symposium on Information, computer and communications securityWe propose ring authentication in unconditionally secure setting. In a ring authentication system a sender can choose a set of users and construct an authenticated message for a receiver such that the receiver can verify authenticity of the message with ...
Comments
Information & Contributors
Information
Published In
October 2010
105 pages
ISBN:9781450300780
DOI:10.1145/1873548
Copyright © 2010 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
- CEDA: Council on Electronic Design Automation
- SIGBED: ACM Special Interest Group on Embedded Systems
- SIGDA: ACM Special Interest Group on Design Automation
- IEEE CAS
- SIGMICRO: ACM Special Interest Group on Microarchitectural Research and Processing
- IEEE CS
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 24 October 2010
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
Acceptance Rates
Overall Acceptance Rate 8 of 21 submissions, 38%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 229Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 13 Nov 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in