{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T16:33:39Z","timestamp":1769013219771,"version":"3.49.0"},"reference-count":33,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2020,6,25]],"date-time":"2020-06-25T00:00:00Z","timestamp":1593043200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2020,6,25]],"date-time":"2020-06-25T00:00:00Z","timestamp":1593043200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100000739","name":"University of Southampton","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100000739","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2021,6]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>The complexity of today\u2019s integrated circuit (IC) supply chain, organised in several tiers and including many companies located in different countries, makes it challenging to assess the history and integrity of procured ICs. This enables malicious practices like counterfeiting and insertion of back doors, which are extremely dangerous, especially in supply chains of ICs for industrial control systems used in critical infrastructures, where a country and human lives can be put at risk. This paper aims at mitigating these issues by introducing Anti-BlUFf (Anti-counterfeiting Blockchain- and PUF-based infrastructure), an approach where ICs are uniquely identified and tracked along the chain, across multiple sites, to detect tampering. Our solution is based on consortium blockchain and smart contract technologies; hence, it is decentralised, highly available and provides strong guarantees on the integrity of stored data and executed business logic. The unique identification of ICs along the chain is implemented by using physically unclonable functions (PUFs) as tamper-resistant IDs. We first define the threat model of an adversary interested in tampering with ICs along the supply chain and then provide the design of the tracking system that implements the proposed anti-counterfeiting approach. We present a security analysis of the tracking system against the designated threat model and a prototype evaluation to show its technical feasibility and assess its effectiveness in counterfeit mitigation. Finally, we discuss several key practical aspects concerning our solution ad its integration with real IC supply chains.<\/jats:p>","DOI":"10.1007\/s10207-020-00513-8","type":"journal-article","created":{"date-parts":[[2020,6,25]],"date-time":"2020-06-25T12:02:21Z","timestamp":1593086541000},"page":"445-460","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":33,"title":["Anti-BlUFf: towards counterfeit mitigation in IC supply chains using blockchain and PUF"],"prefix":"10.1007","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2886-8445","authenticated-orcid":false,"given":"Leonardo","family":"Aniello","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Basel","family":"Halak","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Peter","family":"Chai","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Riddhi","family":"Dhall","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mircea","family":"Mihalea","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Adrian","family":"Wilczynski","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,6,25]]},"reference":[{"key":"513_CR1","doi-asserted-by":"publisher","unstructured":"Al-Bassam, M.: SCPKI: a smart contract-based pki and identity system. In: Proceedings of the ACM Workshop on Blockchain, Cryptocurrencies and Contracts, ACM, New York, BCC \u201917, pp 35\u201340 (2017). https:\/\/doi.org\/10.1145\/3055518.3055530","DOI":"10.1145\/3055518.3055530"},{"key":"513_CR2","doi-asserted-by":"publisher","unstructured":"Alzahrani, N., Bulusu, N.: Block-supply chain: a new anti-counterfeiting supply chain using nfc and blockchain. In: Proceedings of the 1st Workshop on Cryptocurrencies and Blockchains for Distributed Systems. ACM, New York. CryBlock\u201918, pp 30\u201335 (2018). https:\/\/doi.org\/10.1145\/3211933.3211939","DOI":"10.1145\/3211933.3211939"},{"key":"513_CR3","doi-asserted-by":"crossref","unstructured":"Axon L, Goldsmith M (2016) PB-PKI: a privacy-aware blockchain-based PKI. In: Proceedings of the 14th International Joint Conference on e-Business and Telecommunications, SCITEPRESS","DOI":"10.5220\/0006419203110318"},{"key":"513_CR4","doi-asserted-by":"crossref","unstructured":"Bessani, A., Sousa, J., Alchieri, E.E.: State machine replication for the masses with BFT-smart. In: 44th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (2014)","DOI":"10.1109\/DSN.2014.43"},{"key":"513_CR5","unstructured":"Castro, M., Liskov, B.: Practical byzantine fault tolerance. In: Proceedings of the Third Symposium on Operating Systems Design and Implementation, USENIX Association, Berkeley, CA, USA, OSDI \u201999, pp. 173\u2013186 (1999). http:\/\/dl.acm.org\/citation.cfm?id=296806.296824"},{"key":"513_CR6","doi-asserted-by":"crossref","unstructured":"Chatterjee, U., Govindan, V., Sadhukhan, R., Mukhopadhyay, D., Chakraborty, R.S., Mahata, D., Prabhu, M.M.: Building PUF based authentication and key exchange protocol for IoT without explicit CRPs in verifier database. IEEE Trans. Dependable Secure Comput. (2018)","DOI":"10.1109\/TDSC.2018.2832201"},{"key":"513_CR7","unstructured":"Crockett, L.H., Elliot, R.A., Enderwitz, M.A., Stewart, R.W.: The Zynq Book: Embedded Processing with the Arm Cortex-A9 on the Xilinx Zynq-7000 All Programmable Soc. Strathclyde Academic Media (2014)"},{"key":"513_CR8","unstructured":"Fromknecht, C., Velicanu, D., Yakoubov, S.: A decentralized public key infrastructure with identity retention. In: IACR Cryptology ePrint Archive 2014, 803 (2014)"},{"key":"513_CR9","unstructured":"Gaetani, E., Aniello, L., Baldoni, R., Lombardi, F., Margheri, A., Sassone, V.: Blockchain-based database to ensure data integrity in cloud computing environments. In: Proceedings of the First Italian Conference on Cybersecurity (ITASEC17), Venice, Italy, January 17\u201320. pp. 146\u2013155 (2017). http:\/\/ceur-ws.org\/Vol-1816\/paper-15.pdf"},{"key":"513_CR10","unstructured":"Guardtime (2017) Internet of Things Authentication: A Blockchain Solution Using SRAM Physical Unclonable Functions. Available online: https:\/\/www.intrinsic-id.com\/wp-content\/uploads\/2017\/05\/gt_KSI-PUF-web-1611.pdf"},{"key":"513_CR11","doi-asserted-by":"crossref","unstructured":"Halak, B.: Hardware-based security applications of physically unclonable functions. In: Physically Unclonable Functions, Springer, Berlin pp 183\u2013227 (2018)","DOI":"10.1007\/978-3-319-76804-5_6"},{"key":"513_CR12","doi-asserted-by":"crossref","unstructured":"Halak, B.: Security attacks on physically unclonable functions and possible countermeasures. In: Physically Unclonable Functions. Springer, Berlin, pp 131\u2013182 (2018)","DOI":"10.1007\/978-3-319-76804-5_5"},{"key":"513_CR13","doi-asserted-by":"crossref","unstructured":"Halak, B., Zwolinski, M., Mispan, M.S.: Overview of puf-based hardware security solutions for the internet of things. In: Circuits and Systems (MWSCAS), 2016 IEEE 59th International Midwest Symposium on, IEEE, pp. 1\u20134 (2016)","DOI":"10.1109\/MWSCAS.2016.7870046"},{"issue":"5","key":"513_CR14","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1016\/j.jom.2014.01.005","volume":"32","author":"J Hartmann","year":"2014","unstructured":"Hartmann, J., Moeller, S.: Chain liability in multitier supply chains? Responsibility attributions for unsustainable supplier behavior. J. Oper. Manag. 32(5), 281\u2013294 (2014). https:\/\/doi.org\/10.1016\/j.jom.2014.01.005","journal-title":"J. Oper. Manag."},{"issue":"1\/2","key":"513_CR15","doi-asserted-by":"publisher","first-page":"90","DOI":"10.1108\/IJPDLM-05-2013-0128","volume":"45","author":"NO Hohenstein","year":"2015","unstructured":"Hohenstein, N.O., Feisel, E., Hartmann, E., Giunipero, L.: Research on the phenomenon of supply chain resilience: a systematic review and paths for further investigation. Int. J. Phys. Distrib. Logist. Manag. 45(1\/2), 90\u2013117 (2015)","journal-title":"Int. J. Phys. Distrib. Logist. Manag."},{"key":"513_CR16","unstructured":"Horvath, B.T.: Not all parts are created equal: the impact of counterfeit parts in the air force supply chain. Air War College, Air University Maxwell AFB United States, Tech. rep. (2017)"},{"issue":"1","key":"513_CR17","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1109\/TETC.2015.2389532","volume":"5","author":"J Huang","year":"2017","unstructured":"Huang, J., Li, X., Xing, C., Wang, W., Hua, K., Guo, S.: DTD: a novel double-track approach to clone detection for rfid-enabled supply chains. IEEE Trans. Emerg. Top. Comput. 5(1), 134\u2013140 (2017). https:\/\/doi.org\/10.1109\/TETC.2015.2389532","journal-title":"IEEE Trans. Emerg. Top. Comput."},{"key":"513_CR18","doi-asserted-by":"crossref","unstructured":"Islam, M.N., Patii, V.C., Kundu, S.: On IC traceability via blockchain. In: VLSI Design, Automation and Test (VLSI-DAT), 2018 International Symposium on, IEEE, pp 1\u20134 (2018)","DOI":"10.1109\/VLSI-DAT.2018.8373269"},{"key":"513_CR19","doi-asserted-by":"crossref","unstructured":"Jain, R., Chaudhary, D.K., Kumar, S.: Analysis of vulnerabilities in radio frequency identification (RFID) systems. In: 2018 8th International Conference on Cloud Computing, pp. 453\u2013457. Data Science and Engineering (Confluence), IEEE (2018)","DOI":"10.1109\/CONFLUENCE.2018.8442623"},{"key":"513_CR20","doi-asserted-by":"crossref","unstructured":"Junqueira, F.P., Reed, B.C., Serafini, M.: Zab: high-performance broadcast for primary-backup systems. In: 2011 IEEE\/IFIP 41st International Conference on Dependable Systems and Networks (DSN), IEEE, pp 245\u2013256 (2011)","DOI":"10.1109\/DSN.2011.5958223"},{"key":"513_CR21","doi-asserted-by":"crossref","unstructured":"Khojasteh-Ghamari, Z., Irohara, T.: Supply chain risk management: a comprehensive review. In: Supply Chain Risk Management, Springer, pp 3\u201322 (2018)","DOI":"10.1007\/978-981-10-4106-8_1"},{"key":"513_CR22","doi-asserted-by":"crossref","unstructured":"Mispan, M.S., Su, H., Zwolinski, M., Halak, B.: Cost-efficient design for modeling attacks resistant pufs. In: Design, Automation and Test in Europe Conference and Exhibition (DATE), IEEE, pp. 467\u2013472 (2018)","DOI":"10.23919\/DATE.2018.8342054"},{"key":"513_CR23","unstructured":"Negka, L., Gketsios, G., Anagnostopoulos, N.A., Spathoulas, G., Kakarountas, A., Katzenbeisser, S.: Employing blockchain and physical unclonable functions for counterfeit iot devices detection. In: Proceedings of the International Conference on Omni-Layer Intelligent Systems, ACM, pp 172\u2013178"},{"key":"513_CR24","doi-asserted-by":"publisher","unstructured":"OECD: Trade in Counterfeit Products and the UK Economy. OECD Publishing, Paris. (2017) https:\/\/doi.org\/10.1787\/9789264279063-en","DOI":"10.1787\/9789264279063-en"},{"key":"513_CR25","doi-asserted-by":"crossref","unstructured":"Sousa, J., Bessani, A.: Separating the wheat from the chaff: an empirical design for geo-replicated state machines. In: 2015 IEEE 34th Symposium on Reliable Distributed Systems (SRDS), IEEE, pp. 146\u2013155 (2015)","DOI":"10.1109\/SRDS.2015.40"},{"key":"513_CR26","doi-asserted-by":"crossref","unstructured":"Su, H., Zwolinski, M., Halak, B.: A machine learning attacks resistant two stage physical unclonable functions design. In: 2018 IEEE 3rd International Verification and Security Workshop (IVSW), IEEE, pp. 52\u201355 (2018)","DOI":"10.1109\/IVSW.2018.8494839"},{"key":"513_CR27","doi-asserted-by":"publisher","first-page":"17465","DOI":"10.1109\/ACCESS.2017.2720760","volume":"5","author":"K Toyoda","year":"2017","unstructured":"Toyoda, K., Mathiopoulos, P.T., Sasase, I., Ohtsuki, T.: A novel blockchain-based product ownership management system (poms) for anti-counterfeits in the post supply chain. IEEE Access 5, 17465\u201317477 (2017). https:\/\/doi.org\/10.1109\/ACCESS.2017.2720760","journal-title":"IEEE Access"},{"key":"513_CR28","doi-asserted-by":"crossref","unstructured":"Vukoli\u0107, M.: The quest for scalable blockchain fabric: proof-of-work vs. BFT replication. In: International Workshop on Open Problems in Network Security, Springer, Berlin, pp. 112\u2013125 (2015)","DOI":"10.1007\/978-3-319-39028-4_9"},{"issue":"3","key":"513_CR29","first-page":"1","volume":"5","author":"C Wachsmann","year":"2014","unstructured":"Wachsmann, C., Sadeghi, A.R.: Physically unclonable functions (PUFs): applications, models, and future directions. Synth. Lect. Inf. Secur. Privacy Trust 5(3), 1\u201391 (2014)","journal-title":"Synth. Lect. Inf. Secur. Privacy Trust"},{"key":"513_CR30","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1016\/j.ijpe.2015.03.020","volume":"171","author":"F Wiengarten","year":"2016","unstructured":"Wiengarten, F., Humphreys, P., Gimenez, C., McIvor, R.: Risk, risk management practices, and the success of supply chain integration. Int. J. Prod. Econ. 171, 361\u2013370 (2016)","journal-title":"Int. J. Prod. Econ."},{"key":"513_CR31","doi-asserted-by":"crossref","unstructured":"Wild A, Becker GT, G\u00fcneysu T: A fair and comprehensive large-scale analysis of oscillation-based PUFs for FPGAs. In: Field Programmable Logic and Applications (FPL), 2017 27th International Conference on, IEEE, pp 1\u20137 (2017)","DOI":"10.23919\/FPL.2017.8056795"},{"key":"513_CR32","doi-asserted-by":"crossref","unstructured":"Yilmaz, Y., Gunn, S.R., Halak, B.: Lightweight PUF-based authentication protocol for IoT devices. In: 2018 IEEE 3rd International Verification and Security Workshop (IVSW), IEEE, pp 38\u201343 (2018)","DOI":"10.1109\/IVSW.2018.8494884"},{"issue":"3","key":"513_CR33","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1109\/TMSCS.2016.2553027","volume":"2","author":"M Yu","year":"2016","unstructured":"Yu, M., Hiller, M., Delvaux, J., Sowell, R., Devadas, S., Verbauwhede, I.: A lockdown technique to prevent machine learning on pufs for lightweight authentication. IEEE Trans. Multi-Scale Comput. Syst. 2(3), 146\u2013159 (2016). https:\/\/doi.org\/10.1109\/TMSCS.2016.2553027","journal-title":"IEEE Trans. Multi-Scale Comput. Syst."}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-020-00513-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-020-00513-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-020-00513-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,6,24]],"date-time":"2021-06-24T23:57:31Z","timestamp":1624579051000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-020-00513-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,6,25]]},"references-count":33,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2021,6]]}},"alternative-id":["513"],"URL":"https:\/\/doi.org\/10.1007\/s10207-020-00513-8","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,6,25]]},"assertion":[{"value":"25 June 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Compliance with ethical standards"}},{"value":"Author Leonardo Aniello declares that he has no conflict of interest. Author Basel Halak declares that he has no conflict of interest. Author Peter Chai declares that he has no conflict of interest. Author Riddhi Dhall declares that she has no conflict of interest. Author Mircea Mihalea declares that he has no conflict of interest. Author Adrian Wilczynski declares that he has no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}