I'm attempting to build a mechanism to prevent frauds and provide traceability of physical resources in a distributed system. The idea is straightforward: the resource travels hop-by-hop on a network and each hop is held by a different actor which must log the receiving and sending of resources in a distributed database. Each log entry is signed by its corresponding actor. The resources have two mutually exclusive states, in_transit
and stopped
, which are checked and set each time the resource arrives at or leaves a hop. I assume an adversary in the network may be an actor and will attempt to:
- Clone an ID, as to seamlessly steal a resource;
- Change IDs, i.e. replace the ID with the ID from another resource, as to generate errors in state checks;
- Remove an ID, as to prevent the traceability of a resource;
- Create a fake ID, as to insert fake resources in the network.
A key challenge to this problem is to provide a tamperproof manner to uniquely identify resources in a network. In my (little) experience, I see three manners for accomplishing this:
Forcing the resources to log each hop actively. This could be achieved by implementing sensors on each resource capable of public-key cryptography. Secure but expensive. The sensors may be compromised as well.
QR Codes. Cheap and widespread but easily clonable. I don't know if QR Codes can really be used for this purpose. I just thought of them because every phone today can read a QR Code.
RFIDs. This seems a limited but fairly secure solution. Each actor must have a reader machine and metal-made resources such as kegs or metal sheets can be a problem for the readers.
Of course, there is never a perfect solution and each of these solutions has its vulnerabilities and its costs. So my questions are: what could be a secure manner of uniquely identifying physical resources in this system? Do any my suggestions provide a real way to mitigate attacks? Are there best practices or standards for this purpose?
Thanks in advance.