Using ICT for Reliable Identification and Authentication of Medicine

Abstract

The production and marketing of counterfeit medicine is a health related issue that has been growing despite efforts by government, pharmaceuticals and international organizations. Due to weak legislature and law enforcement issues, the problem continues to threat the health and lives of millions of people world over. Recently, there have been efforts to create medicine tracking and authentication mechanisms to restrain the counterfeit medicine sales and growth. In this thesis we review and analyze these existing solutions and identify their weaknesses and drawbacks. Different aspects these of authentication mechanisms are discussed and a criteria is determined for a practical solution. None of the existing solutions have all the desired features. The solutions that are simple to use are prone to attacks and counterfeiting whereas solutions that are secure are too complicated to implement in real world and may not provide end user level verification. The desirable solution would be scalable so that its implementation can be extended over a large geographic region under the same servers. It should also be easy to use and useable by medicine users. The security of the system is the most important factor and it should be resistant to counterfeiting and attacks. The architecture should be such that different functional components can perform independent of each other. In this thesis we propose a solution that meets these criteria of scalability, usability and reliability. The proposed solution is based on existing infrastructure of GSM networks and does not require any specialized equipment. The proposed solution aims at enabling the medicine consumer to verify the medicine using a simple camera phone. Machine readable 2-D Data matrix is used for conveying the verification code. This feature saves the user‟s time and effort of typing in a long code and allows for the code to be long and complex enough to deter counterfeiters from mounting any successful attacks. A mathematical ii proof is given to show the security of the verification codes, and an intensive security analysis is carried out for the proposed solution. Different possible attacks such as Brute Force, DoS, DDoS, Man in the middle and Spoofing are considered and their countering techniques are discussed. The results show that the proposed solution is extremely scalable and can potentially support billions of registered products. The solution also meets the most stringent security requirements and is as secure against different attacks as international cryptographic standards. A skeletal prototype of the proposed framework has been developed to demonstrate the usability of the system from a common user‟s perspective. Practical testing has been carried out to determine the proper dimensions of the data matrix to be used. It is determined that QR codes of medium size, ranging from 5 to 8 cm square have good readability for a lengthy character string comprising of more than 60 characters from the basic SMS character set. In the end, suggestions for implementation, future directions and further possible uses of the proposed solution are given. The proposed solution has numerous applications in the domain of authentication and product verification. The character set using the full length of a single SMS is complex enough to provide billions of unique identifiers for each individual in the entire population of planet earth. The limits on scalability in this regard are virtually non-existent if the processing is distributed over cloud servers.