Nothing Special   »   [go: up one dir, main page]

skip to main content
10.1145/1873548.1873559acmconferencesArticle/Chapter ViewAbstractPublication PagesesweekConference Proceedingsconference-collections
research-article

Secure protocols for serverless remote product authentication

Published: 24 October 2010 Publication History

Abstract

Industrial companies lose large sums of money because of counterfeits and they need to efficiently protect their trademarks. Most of them implement their own anti-counterfeiting policy to deal with the menace. A number of technologies, such as holograms, smart cards, biometric markers and inks, can be employed to protect and authenticate genuine products. Instead of using markers and additional identification means, one of the recent methods use a PUF-like authentication method based on image processing. However, in order to authenticate the object (e.g. a trademark product), the method needs direct access to the database system containing the object's "fingerprint". The paper presents a new secure method to remotely authenticate the object without communication with the database server. In this method, an autonomous and secure embedded system called authentication device authenticates the product by extracting its morphometric fingerprint and comparing it with a signed original morphometric fingerprint printed on the object. However, we show that in order to secure the protocol, the authentication hardware needs to be authenticated, too. For this reason, we propose security protocols that allow to authenticate the authentication device and remotely check its integrity. The proposed security protocols are shown to be sure using formal methods of security protocol evaluation.

References

[1]
X. Boyen, Y. Dodis, J. Katz, R. Ostrovsky, and A. Smith, "Secure remote authentication using biometric data," in Advances in Cryptology EUROCRYPT, vol. 3494. Springer, 2005, pp. 147--163.
[2]
G. Suh and S. Devadas, "Physical unclonable functions for device authentication and secret key generation," in Design Automation Conference, 2007. DAC'07. 44th ACM/IEEE, 2007, pp. 9--14.
[3]
J. Bringer and H. Chabanne, "An authentication protocol with encrypted biometric data," Lecture Notes in Computer Science, vol. 5023, pp. 109--124, 2008.
[4]
J. Lancrenon, R. Gillard, and T. Fournel, "Remote Object Authentication: confidence model, cryptosystem and protocol," in Society of Photo-Optical Instrumentation Engineers (SPIE) Conference Series, vol. 7344, 2009.
[5]
B. Zhu, J. Wu, and M. S. Kankanhalli, "Print signatures for document authentication," in CCS '03: Proceedings of the 10th ACM conference on Computer and communications security, 2003, pp. 145--154.
[6]
A. Idrissa, T. Fournel, and A. Aubert, "Secure embedded verification of print signatures," in Journal of Physics: Conference Series, vol. 206, 2010.
[7]
D. Kravitz, "Digital signature algorithm," Jul. 27 1993, US Patent 5,231,668.
[8]
D. Dolev and A. C. Yao, "On the security of public key protocols," Foundations of Computer Science, Annual IEEE Symposium on, vol. 0, pp. 350--357, 1981.
[9]
C. Cremers, "The Scyther Tool: Verification, falsification, and analysis of security protocols," in Computer Aided Verification. Springer, pp. 414--418.
[10]
B. Blanchet, "ProVerif automatic cryptographic protocol verifier user manual," CNRS, Departement dInformatique, Ecole Normale Superieure, Paris, 2005.
  1. Secure protocols for serverless remote product authentication

    Recommendations

    Comments

    Please enable JavaScript to view thecomments powered by Disqus.

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    WESS '10: Proceedings of the 5th Workshop on Embedded Systems Security
    October 2010
    105 pages
    ISBN:9781450300780
    DOI:10.1145/1873548
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 24 October 2010

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. counterfeiting
    2. object authentication
    3. protocols
    4. remote
    5. serverless

    Qualifiers

    • Research-article

    Conference

    ESWeek '10
    ESWeek '10: Sixth Embedded Systems Week
    October 24, 2010
    Arizona, Scottsdale

    Acceptance Rates

    Overall Acceptance Rate 8 of 21 submissions, 38%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 229
      Total Downloads
    • Downloads (Last 12 months)0
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 18 Nov 2024

    Other Metrics

    Citations

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media