Abstract

Most current product anti-counterfeiting approaches can detect tag modification and tag cloning attacks, but cannot detect tag reapplication attacks, in which a counterfeiter removes a legitimate tag from a genuine product and reapplies it to a counterfeit or expired product. Reapplying a legitimate tag to a counterfeit product can result in major health and economic consequences. We propose a new Tag Reapplication Detection (TRD) approach to detect reapplication attacks, using low-cost Near Field Communication (NFC) tags and public key cryptography. The use of NFC makes TRD user- friendly since a large number of current cell phones are NFC-enabled. To detect reapplication attacks, TRD tracks how many times a tag has been read in the supply chain using an online authentication protocol. When tagged products are in the market, TRD allows customers to use their cell phones in authenticating products using an offline authentication protocol. We analyzed the security of TRD and found that it can detect reapplication attacks, in addition to modification and cloning attacks.