Product Authentication Using Hash Chains and Printed QR Codes

This thesis explores the usage of simple printed tags for authenticating products. Printed tags are a cheap alternative to RFID and other tag based systems and do not require specialized equipment. Due to the simplistic nature of such printed codes, many security issues like tag impersonation, server impersonation, reader impersonation, replay attacks and denial of service present in RFID based solutions need to be handled differently. An algorithm that utilizes hash chains to secure such simple tags while still keeping cost low is discussed. The security characteristics of this scheme as well as other product authentication schemes that use RFID tags are compared. Arguments for static tags being at least as secure as RFID tags is discussed. Finally, a scheme for combining RFID authentication with static tags to achieve security throughout the supply chain is discussed

QR Code Integrity Verification Based on Modified SHA-1 Algorithm

The modified SHA-1 algorithm was applied in the data integrity verification process of certificates with QR code technology. This paper identified the requirements needed in the certificate verification that uses the modified SHA-1. The application was tested using legitimate and fraudulent certificates. Based on the results, the application successfully generated QR codes, printed certificates, and verified certificates with 100% accuracy. During the trial run of the app, four test cases were seen which involves correct names and QR codes, and three other possible test cases of faking certificates such as modification of the name, regeneration of QR codes using valid hash and a fake name, and modification of the QR code. Although these cases exist, the app successfully verified all thirty certificates correctly. Also, it is noticed that during the scanning, the smartphone camera should be in focus to capture the QR code clearly

Secure Lifecycle Management for Internet of Things Devices

In recent years, IoT devices have been adopted for various uses cases including for home applications such as smart lighting and heating and cooling systems. The IoT devices are simple and constrained devices. Usually, these simple devices are paired with and managed by controller devices such as smartphones over home wireless network. The pairing protocol along with the command and control protocols between the IoT device and the smartphone are usually proprietary. Therefore, users are required to install a dedicated application to access and control each brand and type of device. LwM2M has been designed as an open standard to increase interoperability between the simple devices from different ecosystems. It can be used to secure the connection between the simple device and the controller. The LwM2M protocol uses pre-shared keys, raw public keys, and X.509 certificates for authentication. However, these authentication methods have some deployment and scalability problems, and out-of-band authentication has been suggested as an alternative. This thesis project aims to adapt the LwM2M protocol for secure device pairing and lifecycle management for Internet of Things device in such a way that it can be used with out-of-band authentication. A proof-of-concept prototype has been implemented with Raspberry Pi 3 B+ as the simple device and an Android smartphone as the controller

Improving the Transparency of the Pharmaceutical Supply Chain through the Adoption of Quick Response (QR) Code, Internet of Things (IoT), and Blockchain Technology: One Result: Ending the Opioid Crisis

Over the past two years, Americans in nearly every state have suffered adverse effects from counterfeit medications, many of whom have died. The main culprit is Fentanyl-tainted counterfeit opiates which often lead to fatal overdoses. The increasing epidemic of counterfeit prescription medications extends beyond social classes, gender, race, and age. For instance, pop star Prince recently overdosed on counterfeit Hydrocodone containing synthetic Fentanyl. Shockingly, one in ten medications sold in developing countries are counterfeit; either containing incorrect doses of active ingredients or containing toxic contaminants retained from the production process. The popularity of counterfeit medications stems from cheaper costs, but also because of the ease with which these counterfeit products can be purchased. While the blockchain has gained its fame from Bitcoin, its potential implications are far reaching. In this paper, I propose the use of QR code and the IoT (Internet of Things) sensor devices leveraging the blockchain for increased transparency of the pharmaceutical supply chain and manufacturing process. The data collected from the devices would then be transferred to the blockchain, enabling consumers to use an app to verify the provenance of their medication

Key parameters linking cyber-physical trust anchors with embedded internet of things systems

Integration of the Internet of Things (IoT) in the automotive industry has brought benefits as well as security challenges. Significant benefits include enhanced passenger safety and more comprehensive vehicle performance diagnostics. However, current onboard and remote vehicle diagnostics do not include the ability to detect counterfeit parts. A method is needed to verify authentic parts along the automotive supply chain from manufacture through installation and to coordinate part authentication with a secure database. In this study, we develop an architecture for anti-counterfeiting in automotive supply chains. The core of the architecture consists of a cyber-physical trust anchor and authentication mechanisms connected to blockchain-based tracking processes with cloud storage. The key parameters for linking a cyber-physical trust anchor in embedded IoT include identifiers (i.e., serial numbers, special features, hashes), authentication algorithms, blockchain, and sensors. A use case was provided by a two-year long implementation of simple trust anchors and tracking for a coffee supply chain which suggests a low-cost part authentication strategy could be successfully applied to vehicles. The challenge is authenticating parts not normally connected to main vehicle communication networks. Therefore, we advance the coffee bean model with an acoustical sensor to differentiate between authentic and counterfeit tires onboard the vehicle. The workload of secure supply chain development can be shared with the development of the connected autonomous vehicle networks, as the fleet performance is degraded by vehicles with questionable replacement parts of uncertain reliability

An Architecture for Biometric Electronic Identification Document System Based on Blockchain †

This paper proposes an architecture for biometric electronic identification document (e-ID) system based on Blockchain for citizens identity verification in transactions corresponding to the notary, registration, tax declaration and payment, basic health services and registration of economic activities, among others. To validate the user authentication, a biometric e-ID system is used to avoid spoofing and related attacks. Also, to validate the document a digital certificate is used with the corresponding public and private key for each citizen by using a user’s PIN. The proposed transaction validation process was implemented on a Blockchain system in order to record and verify the transactions made by all citizens registered in the electoral census, which guarantees security, integrity, scalability, traceability, and no-ambiguity. Additionally, a Blockchain network architecture is presented in a distributed and decentralized way including all the nodes of the network, database and government entities such as national register and notary offices. The results of the application of a new consensus algorithm to our Blockchain network are also presented showing mining time, memory and CPU usage when the number of transactions scales up

Blockchain-based Provenance Solution for Handcrafted Jewellery

Käsitsi tehtud ehete valmistamiseks kasutatakse tootmismasinate asemel inimeste kätetööd. Kui masinate poolt tehtud ehted on samasugused, odavad ja kergesti kättesaadavad, siis käsitsi valmistatud ehted on ainulaadsed ja küllaltki kallid. Seda eriti siis, kui tegemist on tuntud käsitöölise või disaineriga. Käesolev tehnoloogiaajastu on tõstnud tarbijate teadlikkust ning inimesed on valmis rohkem maksma tõestatud päritoluga toodete eest. Samuti soovivad tootjad oma töö eest saada tunnustatud ja omada selle õigusi. Praegused lahendused on pärituolu osas poolikud ning see võimaldab tarneahelal olla läbipaistmatu ning seetõttu kõrvale hiilida läbipaistvusest ning jälgitavusest. Seetõttu on hüppeliselt kasvanud võltstoodangu arv, mis toob kaasa majandusliku ja keskkondliku kahju, terviseriskid, valdkonna halva maine ning rikutud usalduse. Käesolev dissertatsioon vaatleb ja selgitab plokiahela tehnoloogial põhinevaid lahendusi ja võimalusi taustakontrolli tegemiseks ning teostab Ethereumi plokiahelal põhineva lahenduse käsitööehete päritolu kontrolliks. Uurimuse tulemus aitab kaasa taustakontrollimehhanismide arengule ning aitab seda rakendada ülemaailmse tarneahela läbispaistvamaks muutmisel.Handcrafted jewellery involves use of hand labour rather than manufacturing machinery. Unlike manufactured jewellery which is similarly crafted, cheap and easy to find, handcrafted jewellery tend to be uniquely crafted and fairly expensive, especially when it is attributed to a well known artisan or designer. The current information age has birthed a new era of conscious consumers who are willing to pay more for products with proven origins. Likewise, creators desire to be rightfully attributed and acknowledged for their work. However, the partial implementation of provenance by current solutions has encouraged opaque supply chains that hinder transparency and traceability. For this reason, there has been a rapid increase in counterfeit products, unprecedented economic loss, environmental degradation, health risks, increase in defamation cases, and broken trust. In this thesis, we review related provenance solutions using blockchain technology, identify key provenance features and implement a provenance solution for handcrafted jewellery on Ethereum blockchain. The output of this research can be used towards the development of provenance as a subject and its implementation in global supply chains

Blockchain is not a silver bullet for agro-food supply chain sustainability: Insights from a coffee case study

Information sharing lies at the core of most governance interventions within agro-food commodity supply-chains, such as certification standards or direct trade relationships. However, actors have little information available to guide sustainable consumption decisions beyond simple labels. Blockchain technology can potentially alleviate the numerous sustainability problems related to agro-food commodity supply-chains by fostering traceability and transparency. Despite significant research on blockchain, there is limited understanding of the concrete barriers and benefits and potential applications of blockchain in real-world settings. Here, we present a case study of blockchain implementation in a coffee supply-chain. Our aim is to assess the potential of blockchain technology to promote sustainability in coffee supply chains through increased traceability and transparency and to identify barriers and opportunities for this. While our pilot implementation clearly illustrates certain benefits of blockchain, it also suggests that blockchain is no silver bullet for delivering agro-food supply chain sustainability. Knowledge on provenance and transparency of information on quality and sustainability can help trigger transformation of consumer behaviour, but the actual value lies in digitising the supply chain to increase efficiency and reduce costs, disputes, and fraud, while providing more insight end-to-end through product provenance and chain-of-custody information. We identify a need to understand and minimize supply chain barriers before we can reap the full benefits of digitalization and decentralization provided by blockchain technology

FoodSQRBlock: Digitizing Food Production and the Supply Chain with Blockchain and QR Code in the Cloud

Food safety is an important issue in today’s world. The traditional agri-food production system does not offer easy traceability of the produce at any point of the supply chain, and hence, during a food-borne outbreak, it is very difficult to sift through food production data to track produce and the origin of the outbreak. In recent years, the blockchain based food production system has resolved this challenge; however, none of the proposed methodologies makes the food production data easily accessible, traceable and verifiable by consumers or producers using mobile/edge devices. In this paper, we propose FoodSQRBlock (Food Safety Quick Response Block), a blockchain technology based framework that digitises the food production information and makes it easily accessible, traceable and verifiable by the consumers and producers by using QR codes. We also propose a large-scale integration of FoodSQRBlock in the cloud to show the feasibility and scalability of the framework, as well as give an experimental evaluation to prove this