Premium
SupAUTH: A new approach to supply chain authentication for the IoT
Author(s) -
Mamun Mohammad Saiful Islam,
Ghorbani Ali A.,
Miyaji Atsuko,
Nguyen Uyen Trang
Publication year - 2018
Publication title -
computational intelligence
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.353
H-Index - 52
eISSN - 1467-8640
pISSN - 0824-7935
DOI - 10.1111/coin.12164
Subject(s) - computer science , authentication (law) , computer security , encryption , homomorphic encryption , radio frequency identification , cryptography , authentication protocol , scalability , computer network , database
Recent advances of the Internet of Things (IoT) technologies have enhanced the use of radio‐frequency identification‐based tracking system to be widely deployed in supply chain management covering every step involved in the flow of merchandise from the supplier to the customer to ensure a trustworthy delivery environment. Such authentication system (also known as path authentication) not only guarantees the merchandise to be available in the right destination with no discrepancies and errors but also ensures the route of the merchandise progress to be valid. This paper outlines the current state‐of‐the‐art cryptographic solutions for path authentication, highlights their properties and weakness, and proposes a novel, privacy‐preserving, and efficient solution. Compared with the existing elliptic curve ElGamal re‐encryption–based solution, our homomorphic message authentication code on arithmetic circuit–based solution offers less memory storage (with limited scalability) and no computational requirement on the reader. Moreover, we allow computational ability inside the tag that articulates a new privacy direction to the state‐of‐the‐art path privacy . This privacy notion helps support the confidentiality of the tag movement in the context of IoT‐enabled cross‐organizational tracking environment where the stakeholders can be from different organizations associated together with the merchandise being delivered. As a potential extension to the path authentication protocol, we further propose a polynomial‐based mutual authentication as a security extension and batch initialization as an efficiency extension. Besides our brief security and privacy analysis, our evaluation shows that the proposed solution can significantly reduce memory requirements on tags with marginal computational overhead to ensure transmission path confidentiality. We observe that SupAUTH requires maximum 513‐bit tag memory and 57.3 ms of processing time during evaluation, which is not only practical but also suitable for any suitable low‐cost radio‐frequency identification deployment in IoT.