Authentication; Authenticity Verification Protocol; Formal Methods; Integrity; Provenance; Robustness; Computer Networks and Communications; Information Systems; Software
Abstract :
[en] We study the challenge of authenticating objects. This problem is relevant when buyers need proof that a purchase is authentic and not fake. Typically, manufacturers watermark their goods, give them IDs, and provide a certificate of authenticity. Buyers, for their part, check the IDs and verify the certificate. However, even if manufacturers are honest online registration and verification are vulnerable to hacking; servers can leak private data; goods out-for-delivery can have the ID cloned and can be replaced with imitations. We propose a cyber-physical solution that combines physical properties and cryptographic protocols and that is robust against a curious registry server and attempts to physical manipulation. Security depends on two elements: (I) a material inseparably joined with an object from which we can generate digital identities and other cryptographic tokens; (ii) two novel cryptographic protocols that ensure data and object integrity and authentication of agents and objects. Besides, we show that a material with all the desired security properties exists. We can use it to coat objects, and it has optical properties, such as unclonability, from which we can build secure cryptographic protocols. We formally prove our security claims with Proverif.
Disciplines :
Computer science
Author, co-author :
Arenas, Mónica P. ; SnT, University of Luxembourg, Esch-sur-Alzette, Luxembourg
LENZINI, Gabriele ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > IRiSC
RAKEEI, Mohammadamin ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > IRiSC
RYAN, Peter Y A ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)
SKROBOT, Marjan ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > APSIA
ZHEKOVA, Maria ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust > Automation > Team Jose Luis SANCHEZ LOPEZ
External co-authors :
no
Language :
English
Title :
Verifying Artifact Authenticity with Unclonable Optical Tags
Publication date :
2024
Event name :
Proceedings of the 21st International Conference on Security and Cryptography
Event place :
Dijon, France
Event date :
08-07-2024 => 10-07-2024
Main work title :
Proceedings of the 21st International Conference on Security and Cryptography, SECRYPT 2024
Editor :
Di Vimercati, Sabrina De Capitani
Publisher :
Science and Technology Publications, Lda
ISBN/EAN :
9789897587092
Peer reviewed :
Peer reviewed
Funders :
Institute for Systems and Technologies of Information, Control and Communication (INSTICC)
Funding text :
The authors acknowledge the financial support from the Luxembourg National Research Fund (FNR) on the Secure and Verifiable Electronic Testing and Assessment Systems \u2013SEVERITAS (INTER/ANR/20/14926102 ANR-20-CE39009-03). Marjan \u0160krobot received support from the FNR under the CORE Junior project (C21/IS/16236053/FuturePass). Peter Y.A. Ryan received support from FNR under the CORE project (C21/IS/16221219/ ImPAKT). The authors also acknowledge Prof. Dr. J. Lagerwall and the ESMP group for providing the CSR images.
Abadi, M., Blanchet, B., and Fournet, C. (2017). The applied pi calculus: Mobile values, new names, and secure communication. Journal of the ACM (JACM), 65(1):1–41.
Anandhi, S., Anitha, R., and Sureshkumar, V. (2020). An Authentication Protocol to Track an Object with Multiple RFID Tags Using Cloud Computing Environment. Wireless Personal Communications, 113(4):2339–2361.
Arenas, M., Demirci, H., and Lenzini, G. (2021). Cholesteric Spherical Reflectors as Physical Unclonable Identifiers in Anti-counterfeiting. In 16th International Conference on ARES, pages 1–11. ACM.
Arenas, M., Demirci, H., and Lenzini, G. (2022a). An Analysis of Cholesteric Spherical Reflector Identifiers for Object Authenticity Verification. Machine Learning and Knowledge Extraction, 4(1):222–239.
Arenas, M. P., Bingol, M. A., Demirci, H., Fotiadis, G., and Lenzini, G. (2022b). A Secure Authentication Protocol for Cholesteric Spherical Reflectors using Homomorphic Encryption. In AFRICACRYPT.
Armknecht, F., Maes, R., Sadeghi, A. R., Sunar, B., and Tuyls, P. (2009). Memory leakage-resilient encryption based on physically unclonable functions. In International Association for Cryptologic Research, volume 5912 LNCS, pages 685–702.
Blanchet, B. (2001). An efficient cryptographic protocol verifier based on prolog rules. In Proc. 14th IEEE Computer Security Foundations Workshop, volume 1, pages 82–96, Nova Scotia. Citeseer, IEEE.
Boyen, X. (2004). Reusable cryptographic fuzzy extractors. In Atluri, V., Pfitzmann, B., and McDaniel, P. D., edi tors, Proceedings of the 11th CCS, 2004, pages 82–91. ACM.
Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., and Smith, A. D. (2005). Secure remote authentication using biometric data. In Cramer, R., editor, Advances in Cryptology-EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings, volume 3494 of Lecture Notes in Computer Science, pages 147–163. Springer.
Canetti, R., Fuller, B., Paneth, O., Reyzin, L., and Smith, A. (2021). Reusable Fuzzy Extractors for Low-Entropy Distributions. Journal of Cryptology, 34(1):2.
Choi, S., Yang, B., Cheung, H., and Yang, Y. (2013). Data management of RFID-based track-and-trace anti-counterfeiting in apparel supply chain. In 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013), pages 265–269.
Dodis, Y., Katz, J., Reyzin, L., and Smith, A. (2006). Robust fuzzy extractors and authenticated key agreement from close secrets. In Dwork, C., editor, Advances in Cryptology-CRYPTO 2006, pages 232–250, Berlin, Heidelberg. Springer Berlin Heidelberg.
Dodis, Y., Reyzin, L., and Smith, A. (2004). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In International conference on the theory and applications of cryptographic techniques, pages 523–540. Springer.
Dolev, D. and Yao, A. (1983). On the security of public key protocols. IEEE Transactions on information theory, 29(2):198–208.
Gao, Y., Su, Y., Xu, L., and Ranasinghe, D. C. (2018). Lightweight (Reverse) Fuzzy Extractor with Multiple Referenced PUF Responses. arXiv:1805.07487 [cs].
Gassend, B., Clarke, D., van Dijk, M., and Devadas, S. (2002). Controlled physical random functions. In 18th Annual Computer Security Applications Conference, 2002. Proceedings., pages 149–160. ISSN: 1063-9527.
Geng, Y., Noh, J., Drevensek-Olenik, I., Rupp, R., and Lagerwall, J. (2017). Elucidating the fine details of cholesteric liquid crystal shell reflection patterns. Liquid Crystals, 44(12-13):1948–1959.
Geng, Y., Noh, J., Drevensek-Olenik, I., Rupp, R., Lenzini, G., and Lagerwall, J. P. (2016). High-fidelity spherical cholesteric liquid crystal Bragg reflectors generating unclonable patterns for secure authentication. Scientific Reports, 6:1–9.
Goldreich, O. (2009). Foundations of cryptography. 2: Basic applications. Cambridge Univ. Press, Cambridge.
Grossi, R. and Vitter, J. S. (2000). Compressed suffix arrays and suffix trees with applications to text indexing and string matching (extended abstract). In Yao, F. F. and Luks, E. M., editors, Proceedings of the ThirtySecond Annual ACM Symposium on Theory of Computing, May 21-23, 2000, Portland, OR, USA, pages 397–406. ACM.
Herder, C., Yu, M. D., Koushanfar, F., and Devadas, S. (2014). Physical unclonable functions and ap plications: A tutorial. Proceedings of the IEEE, 102(8):1126–1141.
Huang, S.-Y. and Wu, J. (2007). Optical watermarking for printed document authentication. IEEE Transactions on Information Forensics and Security, 2(2):164–173.
Li, N., Guo, F., Mu, Y., Susilo, W., and Nepal, S. (2017). Fuzzy extractors for biometric identification. In 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pages 667–677. IEEE.
Li, Q., Sutcu, Y., and Memon, N. (2006). Secure sketch for biometric templates. Lecture Notes in Computer Science, 4284 LNCS:99–113.
Marktscheffel, T., Gottschlich, W., Popp, W., Werli, P., Fink, S. D., Bilzhause, A., and de Meer, H. (2016). QR code based mutual authentication protocol for Internet of Things. In 2016 IEEE 17th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM), pages 1–6.
Maurya, P. K. and Bagchi, S. (2018). A Secure PUF-Based Unilateral Authentication Scheme for RFID System. Wireless Personal Communications, 103(2):1699– 1712.
McGrath, T., Bagci, I. E., Wang, Z. M., Roedig, U., and Young, R. J. (2019). A PUF taxonomy. Applied Physics Reviews, 6(1):011303–(1–25).
Nam, H., Song, K., Ha, D., and Kim, T. (2016). Inkjet Printing Based Mono-layered Photonic Crystal Patterning for Anti-counterfeiting Structural Colors. Scientific Reports, 6(1).
Noh, J., Liang, H.-L., Drevensek-Olenik, I., and Lagerwall, J. P. (2014). Tuneable multicoloured patterns from photonic cross-communication between cholesteric liquid crystal droplets. Journal of Materials Chemistry C, 2(5):806–810.
Pappu, R., Recht, B., Taylor, J., and Gershenfeld, N. (2002). Physical One-Way Functions. Science, 297(September):2026–2031.
Schwartz, M., Geng, Y., Agha, H., Kizhakidathazhath, R., Liu, D., Lenzini, G., and Lagerwall, J. P. F. (2021). Linking Physical Objects to Their Digital Twins via Fiducial Markers Designed for Invisibility to Humans. Multifunctional Materials.
Schwartz, M., Lenzini, G., Geng, Y., Rønne, P. B., Ryan, P. Y., and Lagerwall, J. P. (2018). Cholesteric Liquid Crystal Shells as Enabling Material for InformationRich Design and Architecture. Advanced Materials, 30(30):1–19.
Shariati, S., Standaert, F. X., Jacques, L., and Macq, B. (2012). Analysis and experimental evaluation of image-based PUFs. Journal of Cryptographic Engineering, 2(3):189–206.
Suh, G. E. and Devadas, S. (2007). Physical Unclonable Functions for Device Authentication and Secret Key Generation. In 2007 44th ACM/IEEE Design Automation Conference, pages 9–14. ISSN: 0738-100X.
Tuyls, P., Akkermans, A. H., Kevenaar, T. A., Schrijen, G. J., Bazen, A. M., and Veldhuis, R. N. (2005). Practical biometric authentication with template protection. Lecture Notes in Computer Science, 3546:436– 446.
Tuyls, P. and Goseling, J. (2004). Capacity and examples of template-protecting biometric authentication systems. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3087:158–170.
Voloshynovskiy, S., Holotyak, T., and Bas, P. (2016). Physical object authentication: Detection-theoretic comparison of natural and artificial randomness. In 2016 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pages 2029–2033, Shanghai. IEEE.
Wen, Y. and Liu, S. (2018). Robustly Reusable Fuzzy Extractor from Standard Assumptions. In Peyrin, T. and Galbraith, S., editors, Advances in Cryptology – ASIACRYPT 2018, volume 11274, pages 459–489. Springer International Publishing, Cham. Series Title: Lecture Notes in Computer Science.
