Elsevier

Computer Networks

Volume 181, 9 November 2020, 107558
Computer Networks

IoT in medical & pharmaceutical: Designing lightweight RFID security protocols for ensuring supply chain integrity

https://doi.org/10.1016/j.comnet.2020.107558Get rights and content

Abstract

Nowadays the sharing of trade in counterfeit and pirated goods is constantly growing and fake products are found in a large number of industries – particularly pharmaceuticals, food, and medical equipment – that can pose serious health and safety risks. With the intention of avoiding any loss of client confidence and any disclosure of sensitive information, Internet of Things (IoT) solutions are increasingly used to fulfill this need for a reliable and secure infrastructure in medical & pharmaceutical industry. When looking at the technologies used to identify products and packaging, balancing security and hardware limitations is often a difficult task and using cost-effective techniques such as bit-oriented lightweight functions is a challenge. In this study, we first assess the security level of a recently proposed protocol and prove its vulnerabilities, due to a lack of complexity in bit-oriented functions. Then, to address these exposed flaws, a lightweight improved protocol based on Authenticated Encryption (AE) cryptosystems is presented. Security analysis results demonstrate that weaknesses of previous efforts have all been adequately addressed; additionally, the improved protocol has a robust security posture in terms of confidentiality and integrity. Moreover, FPGA and ASIC simulations are carried out using five different AE schemes from CAESAR competition to develop three use-cases, in whose best scenario the proposed tag has 731 LUT and needs 3335 gates for the security module.

Keywords

Internet of Things
Medical IoT
Supply chain
Security
RFID
Authenticated Encryption
SecLAP

Cited by (0)

Masoumeh Safkhani is an assistant professor at Computer Engineering Department, Shahid Rajaee Teacher Training University, Tehran, Iran. She received her Ph.D. in electrical engineering from Iran University of Science and Technology, 2012, with the security analysis of RFID protocols as her major field. Her current research interests include the security analysis of lightweight and ultra-lightweight protocols, targeting constrained environments such as RFID, IoT, VANET and WSN. She is the author/coauthor of more than 50 technical articles in information security and cryptology in major international journals and conferences.

Samad Rostampour is a professor at Vanier College, Montréal-Canada and a Researcher at IoT Laboratory in the department of Analytics, Operations & Information Technology (AOTI) / School of Management (ESG) at the Université du Québec à Montréal (UQAM). He works in the design and the implementation of IoT systems. Prior to join the IoT Lab., Samad completed his Ph.D. in computer systems architecture where he worked on the security of RFID systems. As a specialist in RFID/IoT he is a member of the judges for RFID Journal awards.

Ygal Bendavid is a full professor in the department of Analytics, Operations & Information Technology (AOTI)/School of Management (ESG) at the Université du Québec à Montréal (UQAM) - Canada. Dr. Bendavid holds M.Sc. and Ph.D. degrees in industrial engineering from the École Polytechnique de Montréal. He is the director of the IoT Lab, a collaborative applied research environment with the goal to develop and share an expertise in IoT. As a specialist in RFID/IoT he is a frequent presenter at RFID Journal LIVE! Conferences, and a member of the judges for RFID Journal awards.

Nasour Bagheri is an associate professor at the Electrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran, Iran. He is also a part-time researcher with the Institute for Research in Fundamental Sciences (IPM). Nasour Bagheri received the M.S. and Ph.D. degrees in electrical engineering from the Iran University of Science and Technology (IUST), Tehran, Iran, in 2002 and 2010, respectively. He is the author of more than 100 articles in information security and cryptology. His research interests include cryptology, more precisely, designing and analysis of symmetric schemes, such as lightweight ciphers, e.g., block ciphers, hash functions, and authenticated encryption schemes, cryptographic protocols for constrained environments, such as RFID tags and the IoT edge devices and hardware security, e.g., the security of symmetric schemes against side-channel attacks, such as fault injection and power analysis.

View Abstract
© 2020 Elsevier B.V. All rights reserved.