practice
AUTHENTICATION OF PHYSICAL items is an age-old
problem.
3 Common approaches include the use
of bar codes, QR codes, holograms, and RFID tags.
Traditional RFID tags and bar codes use a public
identifier as a means of authenticating. A public
identifier, however, is static: it is the same each time
when queried and can be easily copied by an adversary.
Holograms can also be viewed as public identifiers:
a knowledgable verifier knows all the attributes to
inspect visually. It is difficult to make hologram-based authentication pervasive; a casual verifier
does not know all the attributes to look for. Further,
to achieve pervasive authentication, it is useful for
the authentication modality to be easy to integrate
with modern electronic devices (for example, mobile
smartphones) and to be easy for non-experts to use.
Identification is not the same as authentication.
A public identifier alone cannot distinguish a genuine
product from a counterfeit copy, since a public identifier
is static and can be openly queried. An
adversary can “get ahead” of a legiti-
mate authentication event by querying
a genuine product ahead of time, and
subsequently replaying the response or
making a copy of the identifier.
Attack vectors associated with the
inability to distinguish the genuine
from a copy are numerous. Consider
these two cases:
Physical item counterfeiting.
Imagine an authentication system where
an authentication server detects the
presence of a counterfeit item based
on scans associated with its public
identifier; any available geolocation
and timestamp information is associated with the public identifier upon a
scan, and then stored on the authentication server. A counterfeiter can
produce products with bar codes or
RFID tags that are programmed with a
previously seen identifier of a genuine
product. If the server is presented with
a scan of both a genuine and a counterfeit product, it cannot distinguish
one from the other, and can do no better than marking both as suspected
counterfeits.
False scan injection. It may be possible, depending on the system design,
for an adversary to disrupt the authentication decision ability of the server without ever building a physical counterfeit
product. Continuing from the previous
example, let’s suppose that an adversary is able to electronically submit a
scan to the authentication server, with
a geolocation that has been spoofed;
the scan is purely electronic and does
not come from a physical product. The
scan contains a public identifier obtained from a genuine product that was
sitting in a store; alternatively, a list of
product identifiers might have been
pilfered from a distribution center. If
a genuine product is scanned later, the
server may regard the genuine product
as a suspected counterfeit since that
product identifier has apparently (from
the perspective of the server) been in a
different geolocation.
Indeed, the ability to distinguish
a genuine from a copy is very useful,
Pervasive,
Dynamic
Authentication of
Physical Items
DOI: 10.1145/3024922
Article development led by
queue.acm.org
The use of silicon PUF circuits.
BY MENG-DAY (MANDEL) YU AND SRINIVAS DEVADAS
