Portland State University. Department of Computer Science
Date of Award
Doctor of Philosophy (Ph.D.) in Computer Science
1 online resource (xii, 162 pages)
Counterfeit products, especially in the pharmaceutical sector, have plagued the international community for decades . To combat this problem, many anti-counterfeiting approaches have been proposed [43,79,88,99]. They use either Radio Frequency Identification (RFID) or Near Field Communication (NFC) physical tags affixed to the products. Current anti-counterfeiting approaches detect two counterfeiting attacks: (1) modifications to a product's tag details, such as changing the expiration date; and (2) cloning of a genuine product's details to reuse on counterfeit products. In addition, these anti-counterfeiting approaches track-and-trace the physical locations of products as the products flow through supply chains.
Existing approaches suffer from two main drawbacks. They cannot detect tag reapplication attacks, wherein a counterfeiter removes a legitimate tag from a genuine product and reapplies it to a counterfeit or expired product. Second, most existing approaches typically rely on a central server to authenticate products. This is not scalable and creates tremendous processing burden on the server, since significant volumes of products flood through the supply chain's nodes. In addition, centralized supply chains require substantial data storage to store authentication records for all products. Moreover, as with centralized systems, traditional supply chains inherently have the problem of a single-point of failure.
The thesis of this dissertation is that a robust, scalable, counterfeiting-resistant supply chain that addresses the above drawbacks and can be simultaneously achieved by (i) using a combination of NFC tags on products and a distributed ledger such as blockchain for reapplication-proof, decentralized, and transparent product authentication (ii) a novel game-theoretical consensus protocol for enforcing true decentralization, and enhancing the protocol's security and performance.
In this dissertation, we first propose a new Tag Reapplication Detection (TRD) system to detect reapplication attacks using low-cost NFC tags and public key cryptography. To detect reapplication attacks, TRD tracks the number of times a tag has been read in the supply chain using a 'central' authentication server. Second, leveraging the blockchain technology, we propose the Block-Supply Chain, a transformation of TRD into a decentralized supply chain. In this chain, each node maintains a blockchain (distributed public ledger) per product. This blockchain comprises chained blocks, where each is an authentication event. The Block-Supply Chain can detect tag reapplication attacks and can replace the centralized supply chain design, thus overcoming the centralization issues.
One of the fundamental characteristics of blockchain technology is the consensus protocol. Consensus protocols ensure that all nodes in the blockchain network agree on the validity of a block to be included in the public ledger. The first and most popular of the existing consensus protocols is Proof of Work (PoW). However, PoW requires massive computational effort, resulting in high energy and computing resources consumption. Alternatively, Byzantine Fault Tolerance (BFT) protocols, such as Tendermint [9, 47], were adapted in blockchain technology to be efficient and easy to implement. Nevertheless, not all of BFT protocols guarantee true decentralization, and they are mostly based on fixed-validators. BFT fixed-validators protocols typically rely on fixed, static validators responsible for validating all newly proposed blocks. This opens the door for adversaries to launch several attacks on these validators, such as Distributed Denial of Service (DDoS) and Eclipse attacks. In contrast, a truly decentralized protocol ensures that variable sets of anonymous validators execute the blocks' validations. Building on this observation, we propose the TrueBFT, a truly decentralized BFT-based consensus protocol that does not require PoW and randomly employs a different set of validators on each block's proposal. TrueBFT is designed for permissioned blockchains (in such blockchains, the participants who can transact on the blockchain are limited, and each participant is required to have permission to join the system). Our simulations show that TrueBFT offers remarkable performance with a satisfactory level of security compared to the state-of-the-art protocol Tendermint.
Another issue with current consensus protocols, particularly the BFT, is that the majority of them do not take the number of employed validators into consideration. The number of validators in a blockchain network influences its security and performance substantially. In response, we integrate a game theoretical model into TrueBFT that analyzes the risk likelihood of each proposer (i.e., the node that creates and proposes the new block). Consequently, each time a new block is proposed, the 'number of validators' becomes proportional to the risk likelihood block's proposer. Additionally, the game model reinforces the honest behavior of the validators by rewarding honest validators and punishing dishonest ones.
Together, TRD, Block-Supply Chain, and the game-theoretical TrueBFT consensus protocol enable robust, scalable, decentralized anti-counterfeiting supply chain that is resistant to tag reapplication attacks, as well as attacks to consensus protocols such as DDoS and Eclipse attacks.
Alzahrani, Naif Saeed, "A Secure Anti-Counterfeiting System using Near Field Communication, Public Key Cryptography, Blockchain, and Bayesian Games" (2019). Dissertations and Theses. Paper 5038.