- ISCAS 2021
Assuring the authenticity of products and assets is a fundamental need across industries like electronics, pharmaceuticals, gas and petroleum, automotive, aerospace, defense, and retail, where there is a high risk of causing major harm when fake products go unnoticed. Authenticity is critical for raw materials, food, drugs, diagnostic tests, electronic components, hardware parts and finished goods, such as luxury bags and gold bars. A related demand is to track and trace the logical and physical route, condition and chain of custody (or ownership) of goods throughout the supply chain and the lifecycle of the assets. For both applications, proof of authenticity as well as track and trace, a tight link between physical objects and their digital representation is essential.
Typically, an object is linked to a digital record by a unique identifier (UID) that represents either the individual object or a class of objects by model, batch, production site, manufacturer or similar. The UID is printed, embossed or attached as a tag to the object or its packaging. Many of these identifiers are easily copied or transferred to a clone of the object. Hence, an identifier alone cannot uniquely and securely identify, i.e., authenticate an object.
A crypto anchor ties a UID to the physical object with a property of the object that is hard to clone, forge and transfer to another object. Such a property acts as a source of authenticity. The property may be inherent to the object or it may be unalterably attached (entangled), for instance, with a strong adhesive or in a way that destroys the property, the object itself or a functionality of it when removed. We consider three different types of sources of authenticity: configured secrets (for instance in electronic tags), embedded security features (such as surface structures), and physical fingerprints (as in banknotes). The following diagram shows our classification of crytpo anchors.
Electronic devices can be configured with secrets such as cryptographic keys that prove their identity in a challenge- response protocol. In the case of public-key cryptography, the secret is not revealed in the process but the party that generated and configured the key pair (e.g., the manufacturer, distributor, or owner) might retain a copy and could reuse it in multiple devices.
Physical fingerprints (PFPs) are the result of variability in the material or the manufacturing process of an object. Examples are the structure of leather, the optical characteristics of a type of oil, the imprint of a production line, or the doping in semiconductors. The variability is of a type that cannot be controlled and, therefore, cannot be duplicated—not even by the original manufacturer. The variability may be a common production side-effect (intrinsic) or specifically introduced (extrinsic), for instance, by adding special fibers into paper.
Embedded security features require an expensive application process such as micro-printing, hologram generation or printing with security ink. A bar code produced in this way can be read by anyone but cannot be copied without special equipment. The difficulty and cost to reproduce an embedded security feature should deter most attackers.
For further details please see our paper introducing the concept.
We have built a blockchain-based crypto-anchor platform that integrates a wide range of crypto-anchor vendors, providing interoperability between their technologies and supporting application development from sustainable sourcing to supply-chain management and consumer engagement. As one example we've integrated our platform with IBM Blockchain Transparent Supply, the foundation of industry networks such as IBM Food Trust or FarmerConnect.
- IBM J. Res. Dev