Next Article in Journal
Techno-Economic Analysis of a Residential PV-Storage Model in a Distribution Network
Next Article in Special Issue
Condition Monitor System for Rotation Machine by CNN with Recurrence Plot
Previous Article in Journal
Proof-of-Concept of Spent Mushrooms Compost Torrefaction—Studying the Process Kinetics and the Influence of Temperature and Duration on the Calorific Value of the Produced Biocoal
Previous Article in Special Issue
Current Control of the Permanent-Magnet Synchronous Generator Using Interval Type-2 T-S Fuzzy Systems

Energies 2019, 12(16), 3061; https://doi.org/10.3390/en12163061

Article
Design of a Logistics System with Privacy and Lightweight Verification
1
School of Computer and Information Engineering, Xiamen University of Technology, Xiamen 361024, China
2
School of Information Engineering, Changchun Sci-Tech University, Changchun 130600, China
3
Department of Computer Science and Information Engineering, Chaoyang University of Technology, Taichung 41349, Taiwan
4
Department of Information Management, Chaoyang University of Technology, Taichung 41349, Taiwan
5
Department of Computer Science and Information Engineering, Asia University, Taichung 41354, Taiwan
6
Department of Medical Research, China Medical University Hospital, China Medical University, Taichung 40402, Taiwan
7
Department of Bioinformatics and Medical Engineering, Asia University, Taichung 41354, Taiwan
*
Authors to whom correspondence should be addressed.
Received: 29 April 2019 / Accepted: 27 June 2019 / Published: 8 August 2019

Abstract

:
Presently, E-commerce has developed rapidly as a result of many services and applications integrating e-commerce technologies offered online. Buyers can buy goods online and sellers can then deliver the goods to them. Logistics therefore plays an important role in online e-commerce applications, with a focus on rapid delivery, the integrity of goods, and the privacy of personal information. Previous studies have proposed secure mechanisms for the transfer of electronic cash and digital content, in which only the sender and the receiver know the secret information hidden in the signature. However, they did not consider requirements such as the anonymous and lightweight verification in the logistics architecture. Therefore, this study designs a secure logistics system, with anonymous and lightweight verification, in order to meet the following requirements: Mutual authentication, non-repudiation, anonymity, integrity and a low overhead for the logistics environment. A buyer could check the goods and know if the parcel has been exchanged by a malicious person. Moreover, the proposed scheme not only presents a solution to meet the logistics system’s requirements, but also to reduce both computational and communication costs.
Keywords:
mutual authentication; privacy; logistics system; ECC; ban logic

1. Introduction

Background

In recent years, with the rapid development of e-commerce, online shopping has become a current trend and many shopping and financial transactions can now be completed via online shopping. These activities include online orders and online payments [1]. As buyers and sellers interact online, the purchase of goods is divided into digital and physical products. If a product is physical, the seller will entrust their logistics to deliver the goods to the buyer. As these logistics requirements grow, greater focus is required, not only on rapid delivery, but also on ensuring the integrity of goods and the privacy of personal information [2,3,4,5,6,7].
Unfortunately, the current process of goods delivery and online shopping does not entail an immediate physical exchange of goods. There is therefore a risk of counterfeiting and fraud, in addition to a risk that goods may be lost due to human error, and this may be compounded by information errors, which could mean that it cannot be determined where the goods were lost. In 2016, Liu and Wang [6] noted that the means of preventing the loss of goods has become a very important issue in this field.
However, during the goods transportation process, the logistics provider will copy both the buyer and seller’s personal information on an order detail and paste the order detail on the packages. That is, the goods can only be accurately delivered to the buyer, but this process includes the risk of private personal information being leaked, which may result in improper use or theft of that personal information. The delivery verification can also include the risks of identity impersonation, parcel exchange, and the loss of packages. Since there is no reliable mechanism for the buyer and seller to identify each other, it is impossible to know who has the goods or when goods are lost.
In 2006, Aijaz et al. [1] classified various attacker behaviors as active and passive attackers, internal and external personnel, and malicious and rational attackers. Active attackers tamper with shopping information, while passive attackers do not actively participate in tampering with information, but rather eavesdrop on shopping information. The stolen information may then be forwarded to other attackers. Internal attackers are very dangerous in the transmission process. As a consequence of their good understanding of items and personal information, internal personnel can cause various kinds of complex attacks. External personnel are not members of the transaction process, so they are much less harmful than internal personnel. The main goal of malicious attackers is to steal or tamper with information and cause the loss of property.
This paper proposes a logistics method using the public key crypto system to protect the personal privacy and the shopping information of buyers, sellers, and logistics companies during the transmission process to prevent information from being stolen. In addition, lightweight encryption technology is used to protect personal tag information to prevent personal information from being leaked during the delivery process.
In 2016, Liu and Wang [6] published papers on an NFC-based security-enhanced express delivery systems, in which the individuals’ personal information was hidden in tags and only authorized people could get permission to access that information, thus protecting personal information from being stolen and achieving fast identity authentication. Digital signatures are then used by buyers, sellers, and logistics companies to achieve non-repudiation. The proposed system thus achieves mutual authentication, lightweight and fast verification, cost savings, the anonymity of personal information, non-repudiation in the transaction, and the completeness of the product.
The remainder of this paper is arranged as follows. Section 2 presents the system architecture. Section 3 presents the proposed secure package logistics system, based on protecting personal information anonymously by tag. Section 4 presents a security analysis and then illustrates the computation cost, communication cost, and performance analysis of the proposed scheme. Section 5 offers conclusions.

2. Related Works and Requirement

2.1. Related Works

In 2016, Liu and Wang noted that digital tags may not be able to perform complex encryption and decryption operations due to computation limitations [6]. In general, current logistics schemes lack face to face package checking procedures and rely on buyers to ensure that packages are intact upon receipt. In addition, the security issues of RFID systems are not completely suitable for the scheme proposed in this study [8]. Instead, this study uses ECC (elliptic curve cryptography) to generate session keys that are used to secure data transmissions and the BAN logic model [9] to prove the correctness of the proposed scheme with mutual authentication. Recently, many authentication schemes have applied BAN logic to prove the correctness of authentication and key establishment. The following is the notation of BAN logic.
P | X P believes X, or P would be entitled to believe X.
P X P sees X. Someone has sent a message containing X to P, who can read and repeat X.
P | ~ X P once said X. P at some time sent a message including X.
P | X P has jurisdiction over X. P is an authority on X and should be trusted on this matter.
< X > Y This represents X combined with Y.
# ( X ) The formula X is fresh, that is, X has not been sent in a message at any time before the current run of the protocol.
P K Q P and Q may use the shared key K to communicate.
P S Q The formula S is a secret known only to P and Q and possibly to principals trusted by them.

2.2. Requirements

In order to achieve a good logistics system, the following security requirements must be met and known attacks must be prevented:
(1)
Mutual authentication: The basic requirement for good system communication is the identity authentication during the transmission process. The message must guarantee the validity of a sender and receiver [10,11].
(2)
Non-repudiation: In the information transmission process, if each identity is not authenticated, the sender and the receiver are vulnerable to being sent false information by an impersonation attack. Therefore, the non-repudiation of information is crucial to effectively prevent impersonation [4,12].
(3)
Anonymity: It is easy for buyer and seller to disclose information in the goods delivery process. Therefore, the contents should not disclose any information about the buyer and seller [13].
(4)
Integrity: In an unencrypted environment, information is easily tampered with in the transmission process, resulting in the receiver being vulnerable to the information received not being that sent by the original sender’s information. Therefore, the integrity of the information must be ensured during transmission [14].
(5)
Low overhead: Identity verification in the information transmission process must ensure information integrity and maintain transmission speed, so reduced computation is necessary for a faster system [15,16].
There are several common malicious attack patterns that can target package logistic systems [15,17,18,19], as follows:
(1)
Modification attack: The attacker intercepts the information of the transmitting party and the receiving party, and modifies the contents of the shopping information, resulting in the loss of the transmitting party and the receiving party. Therefore, the transmitted information must be secure against modification in order to prevent such attacks.
(2)
Impersonation attack: The attacker uses a fake identity to disguise themselves as a sender and sends a fake message to the receiver, causing the receiver to receive a false message.
(3)
Man-in-the-middle-attack: The attacker establishes independent contact with both ends of the communication and exchanges the information so that both sender and receiver of the communication think that they are talking directly with each other through a private connection. In fact, the entire conversation is completely controlled by the attacker. In a man-in-the-middle attack, an attacker can intercept calls from both parties and insert new content.
(4)
Clone attack: An attacker steals items by copying a label and impersonating a deliverer to deliver a non-original item.

3. The Proposed Scheme

3.1. System Architecture

The system consists of the following parties: Seller (S), logistics (L), buyer (B), and deliverer (D). The architecture and information flow are shown in Figure 1. The four parties in the scheme, in detail, are the following:
(1)
Seller: An online shopping store. People can shop there and the seller sends the goods to the buyer, who will sign for the delivered package.
(2)
Logistics: A company entrusted to deliver the packages to the buyer.
(3)
Deliverer: The logistics employee. They assist the logistics company to deliver the package to the buyer.
(4)
Buyer: Someone who buys something from the seller and who signs for the delivered package.
The eight steps in the scheme, in detail are as follows:
(1)
The buyer requests a product from the seller.
(2)
The seller provides the buyer and seller’s information to the logistics.
(3)
The logistics generates the transaction number and sends the buyer’s tag to the seller.
(4)
The seller sends the transaction number and the buyer’s tag to the buyer.
(5)
The logistics gives the tag of the seller’s information to the deliverer. The deliverer goes to the seller’s home and sends his/her identity to the seller.
(6)
The seller verifies the deliverer’s identity. The seller then transmits their signature and gives the goods and the buyer’s tag to the deliverer. The deliverer goes to the buyer’s house and sends his/her identity to the buyer.
(7)
The buyer transmits their signature to the deliverer.
(8)
The deliverer brings the buyer and the seller’s signature back to the logistics to verify the signature and complete the transaction.

3.2. Notations

The notations used in this paper are listed below:
IDXIdentification of X
MXX’s address and telephone information
MProductProduct information
TIDTransaction number
TagX,YThe tag used for X to Y
PukX,PrkXThe public key and private key of X, respectively
SigX,YThe signature for X to Y
CiThe ith ciphertext
PBase point
SKXYSession key between X and Y
E S K X Y (M)Encrypt message M with session key SKXY
DprkX(M)Decrypt message M with session key SKXY
SprkX(M)Sign message M with X’s private key prkX
VpukX(M)Verify message M with X’s public key pukX
EpukX(M)Encrypt message M with X’s public key pukX
DprkX(M)Decrypt message M with X’s private key prkX
h(M)The message M calculated by one-way hash function
Exclusive-or operation for any two operands with same binary size
||Concatenation operator
A ? = BDetermine if A is equal to B
Energies 12 03061 i001A secure channel
Energies 12 03061 i002An insecure channel

3.3. Initialization Phase

During the initialization phase, the Certificate Authority (CA) issues the public key and private key, and selects a large prime, P, and elliptic curve, E, over a finite field for each party.

3.4. Session Key Generation Phase and Order Request Phase

In the session key generation phase and order request phase, the buyer provides shopping information to the seller. The seller sends the buyer and the seller’s information to the logistics and asks for the goods to be delivered. The logistics generates the transaction number and the tag for the seller and sends the transaction numbers to the buyer. Figure 2 presents the session key generation and order request phase of the proposed scheme.
Step 1:
The buyer selects a random rB and computes RB as follows:
RB = rB*P,
The buyer signs the (RB,IDB) with the private key PrkB, as follows:
SigBS = SprkB(RB,IDB),
The buyer then sends (RB,IDB,SigBS) to the seller.
Step 2:
The seller selects a random number rS and then computes RS and signs the (RS,IDS) with the private key PrkS, as follows:
RS = rS*P,
SigSL = SprkS(RS, IDS).
The seller then sends (RS,IDS,SigSL) to logistics.
The seller then verifies the SigBS with the public key PukB to determine whether the signagture is legal or not, as follows:
V pukB ( Sig BS ) ? = ( R B , ID B ) .
If it passes the verification, the seller computes session key SKBS, as follows:
SKBS = h((rs*RB)||IDB||IDS),
uses the SKBS to encrypt (RB, IDB) with SKBS, as follows:
C 1 = E S K B S ( R B , ID B ) ,
and signs the (RS,IDS) with the private key PrkS, as follows:
SigSB = SprkS(RS, IDS),
The seller then sends (RS, IDS,C1,SigSB) to the buyer.
Step 3:
The logistics selects a random number rL, and computes RL, as follows:
RL = rL*P.
Logistics then verifies the SigSL with the public key PukS to determine whether the signagture is legal or not, as follows:
V pukS ( Sig SL ) ? = ( R S , ID S ) ,
If it holds, logistics computes session key SKSL, as follows:
SKSL = h((rL*RS)||IDS||IDL).
Then the logistics encrypts (RS,IDS) with SKSL, as follows:
C 3 = E S K S L ( R S , ID S ) .
Next, logistics signs the (RL,IDL) with the private key PrkL, as follows:
SigLS = SprkL(RL,IDL),
and sends (RL,IDL,C3,SigLS) to the seller.
Step 4:
The buyer verifies the SigSB with the public key PukS to determine whether the signagture is legal or not, as follows:
V pukS ( Sig SB ) ? = ( R S , ID S ) .
The buyer then computes session key SKBS, as follows:
SKBS = h((rB*RS)||IDB||IDS),
and uses the SKBS to decrypt C1, as follows:
( R B * , ID B * ) = D S K B S ( C 1 ) ,
and determines whether (RB,IDB) is equal or not, as follows:
( R B , ID B ) ? = ( R B , ID B ) * .
The seller then encrypts (RS,IDS,IDB,MB,Mproduct) with SKBS, as follows:
C 2 = E S K B S ( R S , ID S , ID B , M B , M product ) ,
Then buyer then sends (IDB,C2) to the seller.
Step 5:
The seller decrypts C2 with SKBS, as follows:
( R S * , ID S * , ID B , M B , M product ) = D S K B S ( C 2 ) ,
and then gets (RS*,IDS*), and determines whether (RS,IDS) is equal or not, as follows:
( R S , ID S ) ? = ( R S * , ID S * ) .
The seller verifies the SigLS with the public key PukL to determine whether the signagture is legal or not, as follows
V pukL ( Sig LS ) ? = ( R L , ID L ) .
If it passes the verification, the seller computes SKSL, as follows:
SKSL = h((rS*RL)||IDS||IDL),
and decrypts C3 with SKSL, as follows:
( R S * , ID S ) = D S K S L ( C 3 ) .
The seller gets (RS*,IDS*), determines whether (RS,IDS) is equal or not, as follows:
( R S , ID S ) ? = ( R S * , ID S * ) ,
If it holds, the seller encrypts (RL,IDL,IDS,MS,IDB,MB) with SKSL, as follows:
C 4 = E S K S L ( R L , ID L , ID S , M S , ID B , M B ) ,
and then sends (IDS,C4) to logistics.
Step 6:
The logistics decrypts C4 with SKSL, as follows:
( R L * , ID L * , ID S , M S , ID B , M B ) = D S K S L ( C 4 ) ,
and then gets (RL*,IDL*) and determines whether (RL,IDL) is equal or not, as follows:
( R L , ID L ) ? = ( R L * , ID L * ) ,
Logistics generates TID and TagDB, and computes the following:
TagDB = IDD⊕(IDB,MB).
and then uses the SKSL to encrypt (TagDB,TID), as follows:
C 5 = E S K S L ( Tag DB , TID ) ,
then sends (IDL,C5) to the seller.
Step 7:
The seller decrypts C5 with SKSL, as follows:
( Tag DB , TID ) = D S K S L ( C 5 ) .
The seller encrypts (TID) with SKBS, as follows:
C 6 = E S K B S ( TID ) ,
then sends (IDS,C6) to the buyer.
Step 8:
The buyer decrypts C6 with SKBS, as follows:
TID = D S K B S ( C 6 ) ,
and then gets TID.

3.5. Package Collection Phase

The logistics sends the tag containing the seller information to the deliverer. The deliverer decrypts the tag and goes to the seller’s house. After verifying the delivery identity, the seller transmits their signature to give the goods and the buyer’s tag to the deliverer. The package collection phase is illustrated in Figure 3.
Step 1:
The logistics signs (IDD,IDL,TID) with private key PrkL, as follows:
SigLS = SprkL(IDD,IDL,TID),
The logistics uses SKSL to encrypt (IDD,IDL,TID), as follows:
C 7 = E S K S L ( ID D , ID L , TID ) ,
then generates TagDS, as follows:
TagDS = IDD⊕(IDS,MS),
and sends (IDL,TagDS,C7,SigLS) to the deliverer.
Step 2:
The deliverer computes the following formula:
(IDS,MS) = TagDS⊕IDD,
and the deliverer can then get (IDS,MS).
Step 3:
The deliverer sends (IDD,IDL,TagDS,C7,SigLS) to the seller for verification and the seller computes IDD* as follows:
IDD* = TagDS⊕(IDS,MS),
and verifies whether IDD is equal or not, as follows:
ID D ? = ID D .
The seller decrypts C7 with SKSL, as follows:
( ID D , ID L TID ) * = D S K S L ( C 7 ) .
The seller verifies the SigLS with the public key PukL to determine whether the signagture is legal or not, as follows:
V pukL ( Sig LS ) ? = ( ID D , ID L , TID ) * .
If it passes the verification, the seller signs the (IDS,IDD,IDL,TID) with the private key PrkS, as follows:
SigSL = SprkS (IDS, IDD,IDL,TID),
and uses SKSB to encrypt (IDS, DD, IDL,TID), as follows:
C 8 = E S K S B ( ID S , ID D , ID L , TID ) .
The seller then gives the goods and (IDS,TagDB,C8,SigSL) to the deliverer.
Step 4:
The deliverer computes as following formula:
(IDB,MB) = TagDB⊕IDD,
and gets (IDB,MB).

3.6. Product Transfer Phase

The deliverer decrypts the tag and sends the goods to the buyer’s address. After verifying the deliverer’s identity, the buyer obtains the goods and sends a signature to the deliverer. The deliverer takes the signatures of the buyer and the seller. The deliverer then returns to the logistics for confirmation and completes the transaction. The product transfer phase is illustrated in Figure 4.
Step 1:
The deliverer sends the goods and (IDD, TagDB, C8) to the buyer to verify the identity, using the following formula:
IDD* = TagDB⊕(IDB,MB),
Once the deliverer has IDD*, they determine whether the IDD is equal or not, as follows:
ID D * ? = ID D .
The buyer decrypts C8 with SKSB, as follows:
( ID S , ID D , ID L , TID ) = D S K S B ( C 8 ) ,
and then gets TID* and determines whether the TID, which is stored in the session key generation and order request phase, is equal or not, as follows:
TID * ? = TID .
The deliverer uses PrkB to sign (IDB,IDS,IDD,IDL,TID), as follows:
SigBL = SprkB(IDB,IDS,IDD,IDL,TID),
The buyer sends (SigBL, IDB) to the deliverer.
Step 2:
The deliverer returns to the logistics.
Logistics verifies SigS with public key PukS, as follows:
V pukS ( Sig SL ) ? = ( ID S , ID D , ID L , TID ) ,
and then determines whether the signagture is legal or not.
Logistics verifies SigB with public key PukB, as follows:
V pukB ( Sig BL ) ? = ( ID B , ID S , ID D , ID L , TID ) ,
and determines whether the signagture is legal or not.
If it passes the verification, the transaction is completed.

4. Security Analysis and Discussion

4.1. Mutual Authentication Issue

This study uses BAN logic to prove that the proposed scheme achieves mutual authentication in each phase. In the session key generation and order request phases of the proposed scheme, the main goal is to determine whether the data has been modified between the buyer and seller, or the seller and the logistics provider.
The notation of BAN logic is described below:
P|≡XP believes X, or P would be entitled to believe X.
P⊲XP sees X, someone has sent a message containing X to P, who can read and repeat X.
P|~XP once said X. P at some time sent a message including X.
P| K XP has X as a public key.
P k XP and X may use the session key K to communicate
P | XP has jurisdiction over x.
#(X)The formula X is fresh.
{X}KThe formula X encrypted by K.
The main goals of the scheme must be achieved in order to verify that the transmitted data has not been modified between buyer and seller, or between the seller and the logistics provider. These goals are listed below:
G1S|≡S S K B S B
G2S|≡B|≡S S K B S B
G3B|≡S S K B S B
G4B|≡B|≡S S K B S B
G5S|≡S S K S L L
G6S|≡L|≡S S K S L L
G7L|≡S S K S L L
G8L|≡S|≡S S K S L L
G9S|≡IDB
G10S|≡B|≡IDB
G11B|≡IDS
G12B|≡S|≡IDS
G11L|≡IDS
G12L|≡S|≡IDS
G11S|≡IDL
G12S|≡L|≡IDL
According to the purchase phase, BAN logic is used to produce an idealized form, as follows:
M1({RB,IDB}prkB,{RS,IDS,IDB,MB,Mproduct}SKBS),
M2({RS,IDS}prkS,{RB,IDB}SKBS),
M3({RS,IDS}prkS,{RL,IDL,IDS,MS,IDB,MB}SKSL),
M4({RL,IDL}prkL,{RS,IDS}SKBS).
In order to analyze the proposed improved scheme, this study makes the following assumptions:
A1S|≡#(RB)
A2B|≡#(RB)
A3S|≡#(RS)
A4B|≡#(RS)
A5L|≡#(RS)
A6S|≡#(RS)
A7L|≡#(RL)
A8S|≡#(RL)
A9S|≡#SKBS
A10B|≡#SKBS
A11L|≡#SKSL
A12S|≡#SKSL
A13B|≡| p u b B S
A14S|≡| p u b B S
A15B|≡| p u b S B
A16S|≡| p u b S B
A17L|≡| p u b S L
A18S|≡| p u b S L
A19L|≡| p u b L S
A20S|≡| p u b L S
A21S|≡B | S S K B S B
A22B|≡S | S S K B S B
A23L|≡S | S S K S L L
A24S|≡L | S S K S L L
A25S|≡B | IDB
A26B|≡S | IDS
A27L|≡S | IDS
A28S|≡L | IDL
According to these assumptions and the rules of BAN logic, this study shows the session key generation and order request phases of the proposed scheme as follows:
  • Seller S authenticates Buyer B
    By M1 and the seeing rule, derive the following:
    S⊲ ({RB,IDB}prkB,{RS,IDS,IDB,MB,Mproduct }SKBS).
    By A1 and A2 and the freshness rule, derive the following:
    S|≡#({RB,IDB}prkB,{RS,IDS,IDB,MB,Mproduct }SKBS).
    By (Statement 1), A9, A13, and A14 and the message meaning rule, derive the following:
    S|≡B|~#({RB,IDB}pukB,{RS,IDS,IDB,MB,Mproduct }SKBS).
    By (Statement 2), (Statement 3), and the verification rule, derive the following:
    S|≡B|≡({RB,IDB}pukB,{RS,IDS,IDB,MB,Mproduct }SKBS.
    By (Statement 4) and the belief rule, derive the following:
    S | B | S S K B S B .
    By (Statement 5), A21, and the jurisdiction rule, derive the following:
    S | S S K B S B .
    By (Statement 6) and the belief rule, derive the following:
    S|≡B|≡IDB.
    By (Statement 7), A25, and the belief rule, derive the following:
    S|≡IDB.
  • Buyer B authenticates Seller S
    By M2 and the seeing rule, derive the following:
    B⊲({RS,IDS}prkS,{RB,IDB}SKBS).
    By A3, A4, and the freshness rule, derive the following:
    B |≡#({RS,IDS}prkS,{RB,IDB}SKBS).
    By (Statement 9), A10, A15, A16, and the message meaning rule, derive the following:
    B|≡S|~#({RS,IDS}pukS,{RB,IDB}SKBS).
    By (Statement 10), (Statement 11) and the verification rule, derive the following:
    B|≡S|≡({RS,IDS}prkS,{RB,IDB}SKBS).
    By (Statement 12) and the belief rule, derive the following:
    B | S | S S K B S B .
    By (Statement 13), A22 and the jurisdiction rule, derive the following:
    B | S S K B S B .
    By (Statement 14) and the belief rule, derive the following:
    B|≡S|≡IDS
    By (Statement 15), A26 and the belief rule, derive the following:
    B|≡IDS.
    By (Statement 6), (Statement 8), (Statement 14), and (Statement 16), it is proved that buyer B and seller S authenticate each other in the proposed scheme. The seller authenticates the buyer by (5).
    If it passes the verification, the seller authenticates the legality of the buyer and then the buyer authenticates the seller by (14).
  • Logistics L authenticates Seller S
    By M3 and the seeing rule, derive the following:
    L⊲({RS,IDS}prkS, {RL,IDL,IDS,MS,IDB,MB}SKSL).
    By A5, A6, and the freshness rule, derive:
    L|≡#({RS,IDS}prkS, {RL,IDL,IDS,MS,IDB,MB}SKSL).
    By (Statement 17), A11, A17, A18, and the message meaning rule, derive the following:
    L|≡S|~#({RS,IDS}pukS, {RL,IDL,IDS,MS,IDB,MB}SKSL).
    By (Statement 18), (Statement 19), and the verification rule, derive the following:
    L|≡S|≡({RS,IDS}pukS, {RL,IDL,IDS,MS,IDB,MB}SKSL).
    By (Statement 20) and the belief rule, derive the following:
    L | S | S S K B S B .
    By (Statement 21), A23, and the jurisdiction rule, derive the following:
    L | S S K B S B .
    By (Statement 22) and the belief rule, derive the following:
    L|≡S|≡IDS.
    By (Statement 23), A27, and the belief rule, derive the following:
    L|≡IDS.
  • Logistics L authenticates Seller S
    By M4 and the seeing rule, derive the following:
    S⊲({RL,IDL}prkL, {RS,IDS}SKBS).
    By A7, A8, and the freshness rule, derive the following:
    S|≡#({RL,IDL}prkL, {RS,IDS}SKBS).
    By (Statement 25), A12, A19, A20 and the message meaning rule, derive the following:
    S|≡L|~#({RL,IDL}prkL, {RS,IDS}SKBS).
    By (Statement 26), (Statement 27), and the verification rule, derive the following:
    S|≡L|≡({RL,IDL}prkL, {RS,IDS}SKBS).
    By (Statement 28) and the belief rule, derive the following:
    S | L | S S K S L L .
    By (Statement 29), A24, and the jurisdiction rule, derive the following:
    S | S S K S L L .
    By (Statement 30) and the belief rule, derive the following:
    S|≡L|≡IDL.
    By (Statement 31), A28, and the belief rule, derive the following:
    S|≡IDL.
    By (Statement 22), (Statement 24), (Statement 30), and (Statement 32), it is proved that logistics L and seller S authenticate each other in the proposed scheme. The logistics authenticates the seller by (14):
    If it passes the verification, the logistics provider authenticates the legality of the seller and then the buyer authenticates the logistics as (21).

4.2. Non-Repudiation Issue

The proposed scheme uses digital signatures to achieve non-repudiation between the parties in each phase. The sender uses their private key to sign the transmitted message and then the receiver verifies the received message. The receiver uses their private key to sign the response message. Table 1 shows the non-repudiation of the proposed scheme.

4.3. Anonymity Issue

All personal information, TagDS = (IDS,MS)⊕IDD and TagDB = (IDB,MB)⊕IDD, is protected so that only the legal identities IDD, IDS, and IDB can read the content. Therefore, the contents will not disclose any information about buyer or seller.

4.4. Low Overhead Issue

In the package collection phase and the product transfer phase, this study uses exclusive operation or encryption to quickly verify and reduce the verification cost. This study also uses session keys to substitute public key encryption to enhance calculation speed, thus meeting the low overhead requirement.

4.5. Data Integrity Issue

This study uses digital signatures to ensure data integrity. A malicious attack can be detected using digital signatures to verify the integrity of the data, even if an attacker has tampered with the transmitted data. Thus, attackers cannot tamper with the transmitted data without being detected. Therefore, the proposed scheme achieves data integrity.

4.6. Security Against Known Attacks

4.6.1. Modification Attack

In the information transmission process, encryption is performed using session keys, preventing the modification of transmitted data:
(1)
The session key generation and order request phase is as follows:
C1 = E S K B S (RB,IDB),(7)
C3 = E S K S L (RS,IDS),(12)
C2 = E S K B S (RS,IDS,IDB,MB,Mproduct),(18)
C4 = E S K S L (RL,IDL,IDS,MS,IDB,MB),(25)
C5 = E S K S L (TagDB,TID),(29)
C6 = E S K B S (TID).(31)
(2)
Package collection phase:
C7 = E S K S L (IDD,IDL,TID),(34)
C8 = E S K S B (IDS,IDD,IDL,TID).(42)

4.6.2. Impersonation Attack

In the session key generation and order request phase, package collection phase, and product transfer phase of information transmission, digital signatures cannot be disguised.
(1)
The session key generation and order request phase is as follows:
SigBS = SprkB(RB,IDB),(2)
SigSL = SprkS(RS,IDS),(4)
SigSB = SprkS(RS,IDS),(8)
SigLS = SprkL(RL,IDL).(13)
(2)
Package collection phase:
SigSL = SprkS (IDS,IDD,IDL,TID).(41)
(3)
Product transfer phase:
SigBL = SprkB(IDB,IDS,IDD,IDL,TID),(48)

4.6.3. Man-in-the-Middle Attack

The proposed scheme uses signature mechanisms SigBS = SprkB(RB,IDB), SigSL = SprkS(RS,IDS), and SigLS = SprkL(RL,IDL) to prevent modification of the RB, RS, and RL, and uses those variables to generate session keys SKBS = h((rs*RB)||IDB||IDS) and SKSL = h((rL*RS)||IDS||IDL). The session key encryption/decryption offers security against man-in-the-middle attacks.

4.6.4. Clone Attack

In the package collection phase and the product transfer phase, the deliverer must give their own information, IDD and TagDS, and the seller can then execute the exclusive-or operation or encrypt the TagDS and verify the identity of the deliverer IDD* = TagDS⊕(IDS,MS). In the product transfer phase of the proposed scheme, the deliverer must give their own information, IDD and TagDB, and the buyer can then execute the exclusive-or operation or encrypt the TagDB and verify the identity of the deliverer IDD* = TagDB⊕(IDB,MB), thus preventing a clone attack.

4.7. Computation Cost

Table 2 shows the computation costs of the proposed scheme.
Notes:
TasyThe time required for an asymmetrical signature/verifying a signature.
TsysThe time required for a symmetrical encryption/decryption operation.
ThThe time required for a one-way hash function.
TxorThe time required for an exclusive-or operation.
TmulThe time required for a multiplication operation.
In Table 2, the proposed scheme’s computation costs are analyzed for the buyer, seller, logistics, and deliverer in each phase. Due to the insignificant comparison operation impacts, they are not considered. For the highest computation cost reduction in the session key generation and order request phase, a buyer needs three asymmetrical signatures/verifying a signature, three symmetrical encryption/decryption operations, one hash function operation, and one multiplication operation. A seller needs four asymmetrical signatures/verifying a signature, six symmetrical encryption/decryption operations, two hash function operations, and two multiplication operations. The logistics provider needs two asymmetrical signatures/verifying a signature, three symmetrical encryption/decryption operations, one hash function operation, one exclusive-or operation, and one multiplication operation.

4.8. Communication Cost

Table 3 shows the communication cost of the proposed scheme.
Notes:
TsigThe time required to transmit a signature (1024 bits).
TsysThe time required to transmit a symmetric encryption/decryption ciphertext (256 bits).
TxorThe time required to transmit an exclusive-or operation (80 bits).
From Table 3, the communication cost of the proposed scheme during the transaction process of each phase was analyzed and, since other operations have little impact, they were not considered in the communication cost. For the highest communication cost reduction in the session key generation and order request phase, four signature operations and six symmetric encryption/decryption operations must be transmitted. It thus requires 1024 × 4 + 256 × 6 = 5632 bits. In a 3.5G environment, the maximum transmission speed is 14 Mbps, which only takes 0.402 ms to transfer all messages. In a 4G environment, the maximum transmission speed is 100 Mbps and the transmission time is reduced to 0.056 ms (ITU 2016).

4.9. Storage Cost

Table 4 shows the storage cost of the proposed scheme.
Notes:
TasyThe space required to storage an asymmetrical signature (1024 bits).
TsysThe space required to storage a symmetrical encryption/decryption ciphertext (256 bits).
ThThe space required to storage a one-way hash function calculated message (256 bits).
TmulThe space required to storage a multiplication calculated message (160 bits).
TotherThe space required to storage other messages (80 bits).
In Table 4, the storage cost of the proposed scheme was analyzed for the buyer, seller, logistics and deliverer in each phase. For the highest storage cost in the session key generation and order request phase, a seller needs two asymmetrical signatures storage space, three symmetrical encryption/decryption ciphertexts storage space, two one-way hash function calculated messages storage space, three multiplication calculated messages storage space, and five other messages storage space. It thus requires 1024 × 2 + 256 × 3 + 256 × 2 + 160 × 3 + 80 × 5= 4208 bits storage space.

5. Conclusions

In recent years, e-commerce services have prospered and online shopping has become a current trend. The security of personal information exchanged when purchasing a product online has thus become an important issue. This paper proposes a tag-based protection of personal information and a non-repudiable logistics system. The proposed scheme can effectively provide the secure transmission of personal information transmitted by items.
In the session key generation and order request phases, digital signatures are used to transmit data from the sender to the receiver, which ensures that the data cannot be modified. In the package collection phase and product transfer phase, tags containing hidden personal information are used to prevent personal information being leaked and to speed up the verification of the deliverer for buyers and sellers. The proposed scheme offers a reduction of computation costs, compared to other related works. The logistics can use the proposed system to achieve non-repudiation and to complete transactions by examining the digital signatures of the buyer and seller.
(1)
The process of communication between buyers and sellers is mutual authentication.
(2)
The non-repudiation of the goods delivery process is achieved through the signature mechanism.
(3)
Personal information protection is achieved through exclusive-or operations.
(4)
Tags use lightweight authentication technology to reduce the computation cost, compared to related works.
Future work will include the payment flow and applying block-chain technology to track the stream of and to prevent the loss of goods.

Author Contributions

Supervision and methodology, C.-L.C.; writing—original draft, D.-P.L.; validation, Y.-Y.D.; surveyed related work, H.-C.C. and C.-F.L.

Funding

This research was funded by the Ministry of Science and Technology, Taiwan, ROC, under contract number MOST 108-2221-E-324-013.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Aijaz, A.; Bochow, B.; Dotzer, F.; Festag, A.; Gerlach, M.; Kroh, R.; Leinmuller, T. Attacks on inter vehicle communication systems—An analysis. In Proceedings of the 3rd International Workshop on Intelligent Transportation, Hamburg, Germany, 14–15 March 2006; pp. 189–194. [Google Scholar]
  2. Burrows, M.; Abadi, M.; Needham, R. A logic of authentication. ACM Trans. Comput. Syst. 1990, 8, 18–36. [Google Scholar] [CrossRef]
  3. Chen, C.L.; Chiang, M.L.; Peng, C.C.; Chang, C.H.; Sui, Q.R. A Secure Mutual Authentication Scheme with Non-repudiation for Vehicular Ad Hoc Networks. Int. J. Commun. Syst. 2015, 30, e3081. [Google Scholar] [CrossRef]
  4. Cui, J.; She, D.; Ma, J.; Wu, Q.; Liu, J. A New Logistics Distribution Scheme Based on NFC. In Proceedings of the 2015 International Conference on Network and Information Systems for Computers, Wuhan, China, 23–25 January 2015; pp. 492–495. [Google Scholar]
  5. Cho, J.-S.; Jeong, Y.-S.; Park, S. Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (RFID) tag mutual authentication protocol. Comput. Math. Appl. 2015, 69, 58–65. [Google Scholar] [CrossRef]
  6. Liu, S.; Wang, J. A Security-Enhanced Express Delivery System Based on NFC. In Proceedings of the 2016 13th IEEE International Conference on Solid-State and Integrated Circuit Technology, Hangzhou, China, 25–28 October 2016; pp. 1534–1536. [Google Scholar]
  7. Speranza, M.G. Trends in transportation and logistics. Eur. J. Oper. Res. 2018, 264, 830–836. [Google Scholar] [CrossRef]
  8. Gope, P.; Amin, R.; Hafizul Islam, S.K.; Kumar, N.; Bhalla, V.K. Lightweight and privacy-preserving RFID authentication scheme for distributed IoT infrastructure with secure localization services for smart city environment. Future Gener. Comput. Syst. 2018, 83, 629–637. [Google Scholar] [CrossRef]
  9. Liang, K.; Susilo, W. Searchable attribute-based mechanism with efficient data sharing for secure cloud storage. IEEE Trans. Inf. Forensics Secur. 2015, 10, 1981–1992. [Google Scholar] [CrossRef]
  10. Das, A.K.; Goswami, A. A robust anonymous biometric-based remote user authentication scheme using smart cards. J. King Saud Univ. Comput. Inf. Sci. 2015, 27, 193–210. [Google Scholar] [CrossRef]
  11. Madhusudhan, R.; Hegde, M. Security bound enhancement of remote user authentication using smart card. J. Inf. Secur. Appl. 2017, 36, 59–68. [Google Scholar] [CrossRef]
  12. Qi, M.; Chen, J. A fresh Two-party Authentication Key Exchange Protocol for Mobile Environment. In Proceedings of the International Conference on Industrial Technology and Management Science, Tianjin, China, 27–28 March 2015; Volume 30, pp. 933–936. [Google Scholar]
  13. Ray, B.R.; Abawajy, J.; Chowdhury, M.; Alelaiwi, A. Universal and secure object ownership transfer protocol for the Internet of Things. Future Gener. Comput. Syst. 2017, 78, 838–849. [Google Scholar] [CrossRef]
  14. Rajput, U.; Abbas, F.; Eun, H.; Oh, H. A Hybrid approach for Efficient Privacy-Preserving Authentication in VANET. IEEE Access 2017, 5, 12014–12030. [Google Scholar] [CrossRef]
  15. Sharma, V.; Vithalkar, A.; Hashmi, M. Lightweight security protocol for chipless RFID in Internet of Things (IoT) applications. In Proceedings of the 2018 10th International Conference on Communication Systems & Networks (COMSNETS), Bengaluru, India, 3–7 January 2018; pp. 468–471. [Google Scholar]
  16. Tu, Y.; Piramuthu, S. Lightweight non-distance-bounding means to address RFID relay attacks. Decis. Support Syst. 2017, 102, 12–21. [Google Scholar] [CrossRef]
  17. Whitmore, A.; Agarwal, A.; Da, X.L. The internet of things: A survey of topics and trends. Inf. Syst. Front. 2015, 17, 261–274. [Google Scholar] [CrossRef]
  18. Wang, J.; Floerkemeier, C.; Sarma, S.E. Session-based security enhancement of RFID systems for emerging open-loop applications. Pers. Ubiquitous Comput. 2014, 18, 1881–1891. [Google Scholar] [CrossRef]
  19. Zhao, S.; Aggarwal, A.; Frost, R.; Bai, X. A survey of applications of identity-based cryptography in mobile ad-hoc networks. IEEE Commun. Surv. Tutor. 2012, 14, 380–400. [Google Scholar] [CrossRef]
Figure 1. Logistics system architecture.
Figure 1. Logistics system architecture.
Energies 12 03061 g001
Figure 2. Session key generation and order request phase.
Figure 2. Session key generation and order request phase.
Energies 12 03061 g002
Figure 3. Package collection phase of the proposed scheme.
Figure 3. Package collection phase of the proposed scheme.
Energies 12 03061 g003
Figure 4. Product transfer phase of the proposed scheme.
Figure 4. Product transfer phase of the proposed scheme.
Energies 12 03061 g004
Table 1. Non-repudiation of the proposed scheme.
Table 1. Non-repudiation of the proposed scheme.
PartyProofIssuerHolderVerification
Phase
Session key generation and order request phase(RB,IDB)BuyerSellerVpukB(SigBS) ? = (RB,IDB)
(RS,IDS)SellerBuyerVpukS(SigSB) ? = (RS,IDS)
(RS,IDS)SellerLogisticsVpukS(SigSL) ? = (RS,IDS)
(RL,IDL)LogisticsSellerVpukL(SigLS) ? = (RL,IDL)
Package collection phase(IDD,IDL,TID,SigL)LogisticsSellerVpukL(SigL) ? = (IDD,IDL,TID)
Product transfer phase(IDS,IDD,IDL,TID,SigS)SellerBuyerVpukS(SigS) ? = (IDS,IDD,IDL,TID)
(IDB,IDS,IDD,IDL,TID,SigB)BuyerLogisticsVpukB(SigB) ? = (IDB,IDS,IDD,IDL,TID)
Table 2. Computation costs of the proposed scheme.
Table 2. Computation costs of the proposed scheme.
PartyBuyerSellerLogisticsDeliverer
Phase
Session key generation and order request phase2Tasy + 3Tsys + 1Th + 1Tmul4Tasy + 6Tsys + 2Th + 2Tmul2Tasy + 3Tsys + 1Th + 1Txor + 1TmulN/A
Package collection phaseN/A2Tasy + 2Tsys + 1Txor1Tasy + 1Tsys + 1Txor2Txor
Product transfer phase1Tasy + 1Tsys + 1TxorN/A2TasyN/A
Table 3. Communication cost of the proposed scheme.
Table 3. Communication cost of the proposed scheme.
PartyMessage LengthRound3.5G (14 Mbps)4G (100 Mbps)
Phase
Session key generation and order request phase4Tsig + 6Tsys = 4 × 1024 + 6 × 256 = 5632 bits85632/14000 = 0.402 ms5632/100000 = 0.056 ms
Package collection phase3Tsig + 3Tsys + 3Txor = 3 × 1024 + 3 × 256 + 3 × 80 = 4080 bits34080/14000 = 0.291 ms4080/100000 = 0.041 ms
Product transfer phase3TSig + 1Tsys + 1Txor = 3 × 1024 + 1 × 256 + 1 × 80 = 3408 bits34432/14000 = 0.243 ms4432/100000 = 0.044 ms
Table 4. Storage cost of the proposed scheme.
Table 4. Storage cost of the proposed scheme.
PartyBuyerSellerLogisticsDeliverer
Phase
Session key generation and order request phase1Tasy + 1Tsys + 1Th + 2Tmul + 4Tother = 2176 bits2Tasy + 3Tsys + 2Th + 3Tmul + 5Tother = 4208 bits1Tasy + 2Tsys + 1Th + 2Tmul + 7Tother = 2672 bitsN/A
Package collection phaseN/A1Tasy + 1Tsys + 5Tother = 1680 bits1Tasy + 1Tsys + 6Tother = 1760 bits1Tother = 80 bits
Product transfer phase5Tother = 400 bitsN/A1Tasy + 5Tother = 1424 bitsN/A

© 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Back to TopTop