Secure Authentication Scheme for Medicine Anti-Counterfeiting System in IoT Environment

A counterfeit drug is a medication or pharmaceutical product which is manufactured and made available on the market to deceptively represent its origin, authenticity and effectiveness, etc., and causes serious threats to the health of a patient. Counterfeited medicines have an adverse effect on the public health and cause revenue loss to the legitimate manufacturing organizations. In this paper, we propose a new authentication scheme for medicine anti-counterfeiting system in the Internet of Things environment which is used for checking the authenticity of pharmaceutical products (dosage forms). The proposed scheme utilizes the near field communication (NFC) and is suitable for mobile environment, which also provides efficient NFC update phase. The security analysis using the widely accepted real-or-random model proves that the proposed scheme provides the session key security. The proposed scheme also protects other known attacks which are analyzed informally. Furthermore, the formal security verification using the broadly accepted automated validation of Internet security protocols and applications tool shows that the proposed scheme is secure. The scheme is efficient with respect to computation and communication costs, and also it provides additional functionality features when compared to other existing schemes. Finally, for demonstration of the practicality of the scheme, we evaluate it using the broadly accepted NS2 simulation.

[1]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..

[2]  Paul E. Baclace Competitive agents for information filtering , 1992, CACM.

[3]  Tim Kerins,et al.  Public-Key Cryptography for RFID-Tags , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[4]  Yan Zheng,et al.  Anonymous Authentication for Trustworthy Pervasive Social Networking , 2015, IEEE Transactions on Computational Social Systems.

[5]  Chin-Chang Rau,et al.  Constructing a security-mechanism RFID system , 2012, Anti-counterfeiting, Security, and Identification.

[6]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[7]  Athanasios V. Vasilakos,et al.  A survey on trust management for Internet of Things , 2014, J. Netw. Comput. Appl..

[8]  Ronald L. Rivest,et al.  Responses to NIST's proposal , 1992, CACM.

[9]  Refik Molva,et al.  Tracker: Security and Privacy for RFID-based Supply Chains , 2010, NDSS.

[10]  Chin-Ling Chen,et al.  An RFID Authentication and Anti-counterfeit Transaction Protocol , 2012, 2012 International Symposium on Computer, Consumer and Control.

[11]  Sherali Zeadally,et al.  Anonymous Authentication for Wireless Body Area Networks With Provable Security , 2017, IEEE Systems Journal.

[12]  Sherali Zeadally,et al.  Authentication protocol for an ambient assisted living system , 2015, IEEE Communications Magazine.

[13]  Vanga Odelu,et al.  An efficient biometric-based privacy-preserving three-party authentication with key agreement protocol using smart cards , 2015, Secur. Commun. Networks.

[14]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[15]  Chin-Chen Chang,et al.  A Provably Secure, Efficient, and Flexible Authentication Scheme for Ad hoc Wireless Sensor Networks , 2016, IEEE Transactions on Wireless Communications.

[16]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[17]  Florian Resatsch Ubiquitous computing: developing and evaluating near field communication applications , 2010 .

[18]  Hung-Yu Chien,et al.  Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards , 2007, Comput. Stand. Interfaces.

[19]  Vanga Odelu,et al.  An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card , 2015, J. Inf. Secur. Appl..

[20]  Lejla Batina,et al.  RFID-Tags for Anti-counterfeiting , 2006, CT-RSA.

[21]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[22]  S. H. Choi,et al.  Data management of RFID-based track-and-trace anti-counterfeiting in apparel supply chain , 2013, 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013).

[23]  Vanga Odelu,et al.  SEAP: Secure and efficient authentication protocol for NFC applications using pseudonyms , 2016, IEEE Transactions on Consumer Electronics.

[24]  Howon Kim,et al.  Product Authentication Service of Consumer's mobile RFID Device , 2006, 2006 IEEE International Symposium on Consumer Electronics.

[25]  Xiong Li,et al.  Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards , 2011, J. Netw. Comput. Appl..

[26]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[27]  Frédéric Thiesse,et al.  Extending the EPC network: the potential of RFID in anti-counterfeiting , 2005, SAC '05.

[28]  Manik Lal Das,et al.  Two-factor user authentication in wireless sensor networks , 2009, IEEE Transactions on Wireless Communications.

[29]  Srdjan Capkun,et al.  Tailing RFID Tags for Clone Detection , 2013, NDSS.

[30]  Paul E. Hoffman,et al.  Internet Key Exchange Protocol Version 2 (IKEv2) , 2010, RFC.

[31]  S. H. Choi,et al.  RFID tag data processing in manufacturing for track-and-trace anti-counterfeiting , 2015, Comput. Ind..

[32]  Sha Liu,et al.  The Design of Brand Cosmetics Anti-counterfeiting System Based on RFID Technology , 2015, 2015 International Conference on Network and Information Systems for Computers.

[33]  Naveen K. Chilamkurti,et al.  A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks , 2015, Inf. Sci..

[34]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[35]  Quynh H. Dang,et al.  Secure Hash Standard | NIST , 2015 .

[36]  Aasha Bodhani New ways to pay [Communications Near Field] , 2013 .

[37]  Zheng Yan,et al.  A Survey on Security in D2D Communications , 2017, Mob. Networks Appl..

[38]  S. H. Choi,et al.  Implementation issues in RFID-based anti-counterfeiting systems , 2011, Comput. Ind..

[39]  Douglas R. Stinson,et al.  Some Observations on the Theory of Cryptographic Hash Functions , 2006, Des. Codes Cryptogr..

[40]  William Burns,et al.  WHO launches taskforce to fight counterfeit drugs. , 2006, Bulletin of the World Health Organization.

[41]  Kefei Chen,et al.  An Efficient Key-Management Scheme for Hierarchical Access Control in E-Medicine System , 2012, Journal of Medical Systems.

[42]  S. H. Choi,et al.  An RFID-based Anti-counterfeiting System , 2008 .

[43]  Emmanuel Conchon,et al.  An Improvement of NFC-SEC with Signed Exchanges for an e-Prescription-Based Application , 2013, MobiCASE.

[44]  Howon Kim,et al.  A wireless service for product authentication in mobile RFID environment , 2006, 2006 1st International Symposium on Wireless Pervasive Computing.

[45]  Palash Sarkar,et al.  A Simple and Generic Construction of Authenticated Encryption with Associated Data , 2010, TSEC.

[46]  Ashok Kumar Das,et al.  A secure and effective biometric‐based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor , 2017, Int. J. Commun. Syst..

[47]  Albert B. Jeng,et al.  Survey and remedy of the technologies used for RFID tags against counterfeiting , 2009, 2009 International Conference on Machine Learning and Cybernetics.