In addition to its benefits, the popular Internet of Things (IoT) technology has also opened the way to novel security and privacy issues. The basis of IoT security and privacy starts with trust in the IoT hardware and its supply chain. Counterfeiting, cloning, tampering of hardware, theft, and lost issues in the IoT supply chain have to be addressed, in order to ensure reliable IoT industry growth. In four previous works, radio-frequency identification (RFID)-enabled solutions have been proposed by the same authors, aimed to bring security to the entire IoT supply chain. The works propose a new RFID-traceable hardware architecture, device authentication, and supply chain tracing procedure. In each of these works, a variant of the same is proposed. However, the same variant of lightweight RFID authentication protocol coupled with the offline supply chain proposed in these works has such security vulnerabilities that make the whole supply chain unsafe. In our present work, an online supply chain hop-tracking procedure supported by a novel RFID mutual authentication protocol, based on the strong matching of the RFID readers-their operators-central database present at the transfer hops is proposed. Our proposed Strong RFID Authentication Protocol (STRAP) has been verified by two well-accepted formal protocol analyzers Scyther and AVISPA. The verification results demonstrate that STRAP overcomes the previous works’ vulnerabilities. Furthermore, our proposed novel online supply chain tracing procedure supporting STRAP removes the previous offline supply chain tracing procedure weaknesses.
Read full abstract