Communications of the ACM
Pervasive, Dynamic Authentication of Physical Items
Credit: Andrij Borys Associates / Shutterstock
Authentication of physical items is an age-old problem.3 Common approaches include the use of bar codes, QR codes, holograms, and RFID tags. Traditional RFID tags and bar codes use a public identifier as a means of authenticating. A public identifier, however, is static: it is the same each time when queried and can be easily copied by an adversary. Holograms can also be viewed as public identifiers: a knowledgable verifier knows all the attributes to inspect visually. It is difficult to make hologram-based authentication pervasive; a casual verifier does not know all the attributes to look for. Further, to achieve pervasive authentication, it is useful for the authentication modality to be easy to integrate with modern electronic devices (for example, mobile smartphones) and to be easy for non-experts to use.
Identification is not the same as authentication. A public identifier alone cannot distinguish a genuine product from a counterfeit copy, since a public identifier is static and can be openly queried. An adversary can "get ahead" of a legitimate authentication event by querying a genuine product ahead of time, and subsequently replaying the response or making a copy of the identifier.
No entries found