[en] We study how to authenticate objects, a problem that is relevant to buyers who seek proof that a purchase is authentic. Typically, manufacturers watermark their goods or assign them IDs with a certificate of authenticity; then, buyers can check for the presence of the watermark or verify the authenticity of the certificate, matching it with the good’s ID. However, this solution falls short when manufacturers and buyers are geographically separated, such as in retail or online purchases. Since certificates can be forged and goods can be substituted with substandard clones, buyers should verify the authenticity of the goods directly. This suggests a process: honest manufacturers should provide goods with an ID and securely register it along with some unforgeable and unique data that can be (re)generated only from the original physical object. In turn, buyers can verify whether the data registered under that ID matches the data retrieved by the buyer for the good just acquired. Such enrollment and authentication processes are complex when realized as protocols because they must withstand attacks against both the physical object and the communication channel. We propose a cyber-physical solution that relies on two elements: (i) a material inseparably joined with an object from which cryptographically strong digital identities can be generated; (ii) two novel cryptographic protocols that ensure data integrity and secure authentication of agents and objects. We present a comprehensive threat model for the artifact authenticity service. We also implemented and optimized the image processing pipeline, which takes under two seconds per image set, representing a notable improvement over previous versions.
