How It Works
This attack is anticipated against Brand Owners using our Anti-Counterfeiting Protocol.
Codel Can't Permit Sloppy Security
The software will do much of the work, but there is a window of vulnerability between the generation of the VRs and shipment of goods, so well rehearsed manual security protocols will be essential.
Leave VR generation as late as possible
Whatever that period is, between labelling with VRs and final despatch, this is the window of maximum vulnerability. During this period, the bulk data exists in two places - as physical labels on the products and as raw data in the VR application database on the manufacturer's site.
The physical data represents the lower risk (except in the case of RFIDs - see below). Routine packaging security should cope. If the packaging is tampered with while still on the factory premises, then all the products therein can, in most cases, simply be re-labelled and the original VRs voided. (Note, a similar procedure also applies to any goods reported stolen from the supply chain. By voiding their VRs (or flagging them as stolen), we make them impossible to validate and they become a high risk for the thief to dispose of. Essentially he can only sell to the CC market at a low price. The FD market consumer is too likely to attempt registration)
Protecting the Computers
Restrict Physical Access to VR generation areas
RFID - additional risks
RFID - possible countermeasures
Neither solution would providee complete protection. In the first case, for example, how do you ensure the jammer is always on when its required? How do you ensure that when the jammer has to be switched off, so that the RFIDs can be officially read, some rogue isn't nearby capturing the data? In the second, stolen RFIDs would not help the counterfeiter much (too much chance of collisions between valid and invalid RFIDs) But they could be attached to dummy replacements and used to mask (during transit at least) theft of the real product (presumably for sale on the CC market).
Protection from VR Generation to Shipping
For Brand Owners who already have anti-counterfeit measures in place, their existing physical security is probably adequate. For those who do not already implement such security, it does represent an additional cost.
Protecting VR data
Why retain any of the plaintext at all? Isn't the hash all we need? Yes but...
We can anticipate telephone queries from consumers based on their plaintext. Whilst it is, of course, possible to insist that the consumer reads out all 25 characters, (in which case we could find the item by matching the hash) this is neither friendly nor necessary. We can search for any VR on a "popup" and by the time you have entered the first 5 characters, you are, in most cases, looking at the correct VR. If we allow for the first 10 we can guarantee uniqueness (by rejecting 10-character duplicates at the generation stage). Incidentally this allows the manufacturer to create 2,758 Trillion IDs unique at the 10 character point (3510).
The need to retain those 10 plaintext characters provides the clue to why we need 20 character VRs (plus check digits).
If the VR was only 10 characters to start with, then the retained data would, of course, be the complete data and remain permanently vulnerable. If it was originally only 15 characters and we retain 10, then the counterfeiter has 2/3 of his job done for him and the calculation of the missing 5 characters is within the bounds of feasible computation. It is only by ensuring that at least 10 characters are removed (and thus have to be "cracked") that we also ensure that any stolen data still poses a huge computational barrier. In losing 15 characters we can be confident that the remaining 10 characters do not represent any significant security risk.
System Resistant - Attackers Can't cover their tracks
Had the Codel system been in place, the thieves in this case would still have to register their VRs (or they couldn't be sold in the lucrative FD market), and unless they have corrupted the entire management layer at any given factory, the illicit VR upload must be noticed. Even if it isn't, and the management is completely corrupt, the protected audit trail would eventually reveal these illicit activities to anyone who went looking. Thus, even if they can succeed in producing illicit product by subverting entire sites, they cannot cover their tracks.