Information Technology Reference
In-Depth Information
based on monitoring the physical working parameters (energy consumption, variation
in electromagnetic fields, etc…) and relay attacks (recording of a password of a pre-
vious transaction and repeating it when presented with the same challenge).
4 Robustness of the System Against Threats
In view of these various threats, we will examine those that probably affect most the
system and the protection measures adopted, some of them based on the guidelines
suggested in [1] and [13].
4.1 Physical Layer
It is quite likely that a tag may become detached or damaged during the process. In
such a case, at the first point at which the tag fault or absence is detected, the product
is withdrawn from the production chain, the database is checked to confirm up to
what point the process has been recorded, a new tag is issued with all the information
and the process continues from that point.
The KILL [14], [15] and DESTROY [16] command, created to defend the privacy
of the future buyer once the product is acquired [17] and which permanently disables
the tag, is not relevant in this process because the tag is only for internal use and is not
supposed to reach the final user. Note that some works like [18] suggest that kill tag
state may be reversible. For more information about attacks based on the use of these
commands is recommended reading [19].
It seems unlikely that active interference could be carried out by a supposed at-
tacker given that the process always takes place in private installations, so that it
should be enough to observe the physical protection measures proposed in [13] which
are: access control, security cameras, security guards and similar precautions. Never-
theless, there should also be a contingency plan in case a checkpoint in the traceability
system fails so that the productive process can continue and data continue to be taken.
The possibility of relay attacks, as suggested in [20], is remote due to the nature of
the installations and the short communication distances between tags and readers.
Moreover, the use of aggregate signatures protects the system from possible malicious
alterations of the data as it is all protected by the signature and a temporary seal. In
these circumstances it is highly unlikely that the system does not realise data is tam-
pered with.
The most worrying risk from the point of view of its impact would be tag cloning.
However, cloning a tag with the same physical appearance is difficult given that this
would involve manufacturing an identical model of tag. Furthermore, these cloned
tags would have to be introduced into the market when the production process of the
product has finished, otherwise they would be easily detected by the system. Even so,
if an increase in the level of security was required, it would be possible to turn to
hardware solutions based on the use of physically unclonable functions (PUFs) [21-
23]. In the case of similar tags being cloned but with a different unique identification
number, this would immediately be detected because the aggregate signature includes
the unique identifier, and therefore if the card is not the same the identifier changes
and it is automatically detected that the signature is not correct. Moreover, other tag
Search WWH ::




Custom Search