ENHANCING SECURITY OF RFID-ENABLED IOT SUPPLY CHAIN


Türksönmez H., ÖZCANHAN M. H.

Malaysian Journal of Computer Science, cilt.36, sa.3, 2023 (SCI-Expanded) identifier

  • Yayın Türü: Makale / Tam Makale
  • Cilt numarası: 36 Sayı: 3
  • Basım Tarihi: 2023
  • Doi Numarası: 10.22452/mjcs.vol36no3.5
  • Dergi Adı: Malaysian Journal of Computer Science
  • Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Applied Science & Technology Source, Computer & Applied Sciences, INSPEC
  • Anahtar Kelimeler: Authentication, Hardware Security, Internet of Things, IoT Security, IoT Supply Chain
  • Dokuz Eylül Üniversitesi Adresli: Evet

Özet

In addition to its benefits, the popular Internet of Things (IoT) technology has also opened the way to novel security and privacy issues. The basis of IoT security and privacy starts with trust in the IoT hardware and its supply chain. To ensure reliable IoT industry growth, counterfeiting, cloning, tampering of hardware, theft, and lost issues in the IoT supply chain must be addressed. Radio-frequency identification (RFID)-enabled solutions to bring security to the IoT supply chain have been proposed, by the same authors in four previous works. The works contain a similar RFID-traceable hardware architecture, device authentication, and supply chain tracing procedure. However, the same lightweight RFID authentication protocol variant proposal coupled with the offline supply chain has security vulnerabilities that make the whole supply chain unsafe. Our work proposes an online supply chain hop-tracking procedure supported by a novel RFID mutual authentication protocol based on strong matching of RFID readers, their operators and the central database server. The proposed Strong RFID Authentication Protocol (STRAP) has been verified by two well-accepted formal protocol analyzers Scyther and AVISPA. The verification results demonstrate that STRAP overcomes the previous works’ vulnerabilities. Furthermore, our proposed novel online supply chain tracing solution removes the weaknesses of previous offline supply chain tracking solutions.