DUST Identity Emerges From Stealth to Protect Device Supply Chain
DUST, an anagram for ‘diamond unclonable security tag’, has developed a method to ensure the provenance and integrity of any object. Its purpose is to protect the physical supply chain from manufacture to installation, and during continued use. In essence, a very tiny spray of diamond particles is applied to any surface. The pattern created is random but unique to each object. This is scanned and recorded, and becomes the object’s fingerprint. Any physical attempt to tamper with the object disturbs the fingerprint and becomes known.
The spray pattern is random by design. DUST takes the view that if it could predefine a pattern, then an adversary would be able to copy it. Instead it allows the vagaries of nature and the environment to create an unclonable unique pattern.
DUST does not prevent physical tampering, but will highlight any such attempt — successful or not. The identity of the original object can be confirmed, and the integrity of the supply chain can be proven. If the fingerprint at installation matches the fingerprint at manufacture, the object provenance within the supply chain is guaranteed.
CEO and co-founder Ophir Gaathon explains the process. "We take diamonds that are tiny and cheap," he told SecurityWeek. "We add that to the conformal coating process." Conformal process is a standard process that adds a protective chemical coating or polymer film 25-75µm thick (50µm typical) that ëconformsí to the circuit board or object topology. Its purpose is to protect electronic circuits from harsh environments that may contain moisture and or chemical contaminants.
"We’re flavoring that polymer with a little bit of diamond," continued Gaathon."From that point on you effectively have an identity layer that is completely random — we cannot replicate that signature — and the customer organization can decide which specific location on the board it wishes to authenticate. In order to deploy Dust as an anti-tamper solution, you first need identify the object, and then define a specific fingerprint or fingerprints on that object that will allow you to see if anyone has tried to scratch off any part of the polymer coating, or lift off a specific component or access a programming port on the board itself — and all of that can be done with the same workflow you’ve been using." Light touches won’t affect the identity — but serious attempts to get under the polymer coating will.
It is the size of the particulate spray that makes the system both workable and affordable. "What we’ve built is a game changer for supply-chain security," said Gaathon. "Lack of hardware integrity can have a devastating impact on many levels, and our goal is to elevate the entire business operations ecosystem with more accountability and transparency. We help enterprises and governments to prevent hardware tampering and data breaches, improve suppliers trust, and modernize supply chain data management. Compared to other technologies such as RFID, holograms or barcodes, our proprietary solution is significantly more secure, durable, agile, customizable and cost effective."
At an area of 0.0025 mm2 DUST fits on the world’s smallest electronic components — and Gaathon confirmed to SecurityWeek that it could uniquely fingerprint the tip of a needle. With the potential for 10^230 unique fingerprints it could theoretically identify every needle in the world. The carbon content is at a non-toxic level, and the diamond material is durable — ensuring that the coating will safely outlast the life-cycle of the electronic devices it protects.
"DUST Identity is introducing a scientifically-backed solution for supply chain management fit for mission-critical enterprises — from military defense to automation to healthcare — who prioritize security first, but also want tools that are cost-efficient and easy to deploy," said Ilya Fushman, General Partner at Kleiner Perkins. "DUST Identity’s technology is truly cutting-edge and we’re excited to partner with this unique team of scientists, engineers and technologists."
Supply chain attacks of the type reported by Bloomberg in October 2018 — subsequently denied by all parties — could be prevented by DUST. Any attempt to attach an additional chip, however tiny, to a coated motherboard would disturb the fingerprint and be detectable on delivery.
DUST Identity has come out of MIT. It was formed by a team of quantum physics, nanotechnology and cyber experts, and has participated in several DARPA programs.