NFC tags and authenticating wine

From the random innovations department comes an unusual application of NFC tags: authenticating rare wine bottles. According to the NFC Times story, ClikGenie demonstrated NFC-based solution to the problem of counterfeit wine. The idea is based on embedding tags in the label affixed to the bottle, along with a mobile application running on Android for scanning these tags. The description of target audience is somewhat contradictory: one section suggests that any consumer could verify the certificate of authenticity by scanning the label, but a subsequent paragraph hints at a restricted audience: “The CLIKSecure app itself is available only to designated employees, such as product inspectors.” (Or counterfeiters posing as one in order to reverse engineer the system, one might add.)

This is an interesting use case enabled by the combination of decreasing prices for NFC tags on the one hand, and increased popularity of Android devices with embedded NFC readers. It can be extended to other luxury goods subject to high incidence of counterfeiting. But the design and implementation are fraught with problems.

While technical details are sparse, the article suggests the scheme is relying on the unique ID of the tag. There in lies the first problem. NXP Semiconductors has been clear on pointing out that UID is intended for anti-collision Anti-collision refers to distinguishing between multiple tags present in the range of an NFC reader. When the reader turns on the RF field, all tags will be activated and start responding back. UID permits separating these responses. It was not intended as a way to authenticate a tag with any degree of assurance. While genuine Mifare tags do not permit overwriting the UID assigned at factory, counterfeit tags allows setting UID arbitrarily. This effectively “clones” the tag from the perspective of any application relying purely on UID.  Given that tags with cryptographic protection such as  Ultralight-C or Mifare classic are only marginally more expensive, not to mention the scanning device likely has Internet connectivity, the standard Mifare authentication could have been proxied. (Granted the original Mifare cryptography is broken, but the cost of an attack is higher than programming a bogus tag with same UID.)

The second issue is that tags can not authenticate wine per se, because it is relatively easy for the precious contents and their container to part ways. In fact it does not even authenticate the bottle, because the tag is part of a label affixed to the bottle. The article already points out that moderately sophisticated counterfeiting operations “… might remove an authentic label and place it on a bottle with a similar shape.” So the risk of replenishing an authentic bottle with cheaper wine already exists, and could impact the resale market. Suppose a bottle is purchased by consumer Alice and a few years later after it has appreciated in value, she wants to sell it back. Is it the original wine or was it replaced? Meanwhile the bottle and its label are still intact, and the tag will continue to authenticate.

At best the scheme only prevents Alice from scaling this fraud and creating many copies from one bottle. Such cloning can be detected if scanned UIDs are transmitted to an online service for reconciliation, where new entries are compared against existing ones in the database. (Although we have to account for the legitimate resale scenario where Alice scans the tag, then makes an honest sale to Bob who also insists on scanning the tag to verify the product.) Indeed the article implies the presence of such checks, involving a unique ID assigned to the phone and its GPS location. But even this reasoning is dubious, as it assumes everyone is using the application and diligently scanning every bottle. The final irony is that NFC is not required to prevent cloning when there is an online service keeping track of all observed labels. QR codes or plain serial numbers printed in digits would be equally effective. Sure they are easier to clone than NFC tags. But the cloud will notice any duplicate entries just as quickly, with no fancy hardware or mobile apps required. If anything  removing the need for specialized hardware could increase the chance of locating clones because more people are able to report on their inventory.

The choice quote:

“[…] CLIKSecure’s partners are working with customers in the luxury apparel and wine industries, though he declined to name any clients, he said, for fear of alerting counterfeiters.”

Because criminals can’t buy their own Android phones to check for tags before counterfeiting some object?


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s