NIST: Atoms can Help Secure Supply Chain

Last week, the National Institute of Standards and Technology (NIST) revealed a prototype that used atoms to authenticate an item before it left a factory floor. The methodology is called “doping” and involves the insertion of ‘foreign’ atoms of a different element from those in the device. The implant causes the electrical properties of the “topmost layer” of the device to form a unique “label” that can be read by a scanner.

The Atom Implant

The doping technique described by NIST researcher Yaw Obeng uses the “sharp tip of an atomic force microscope (AFM) probe to implant atoms, [and] is simpler, less costly and requires less equipment than other doping techniques using lasers or a beam of ions,” according to the research. Obeng added, “We’re putting a sticker on every device, except that the sticker is electronic and no two are identical because in each case the amount and pattern of the dopant atoms is different.” The NIST announcement noted that their prototype effectively created “a nanometer-scale version of a QR code for the wafer.”

While it is easy to associate counterfeit goods to knock-off designer watches and purses, the reality is that pharmaceuticals and electronics/components make up the vast majority of counterfeit products in the consumer and manufacturing product acquisition chains.

According to the Organization for Economic Cooperation and Development, (OECD), approximately 2.5% of all global goods are counterfeit. The National Institute of Justice, to help researchers focused on counterfeiting, has created a database of over 8.6 million counterfeit items discovered ranging from pharmaceuticals, electronics—even food—numbering in the thousands. Interestingly, over half (53%) involved brick-and-mortar businesses. Meanwhile, the National Archive of Criminal Justice Data published their analysis of counterfeiting across 43 states and 42 countries from 2000-2015 in July 2021.

Supply Chain Security

While the NIST atom doping prototype may not be useful with respect to dynamic updates of a software application or IT network, it absolutely is of import when it comes to the hardware that makes up data centers. John Boyens, a researcher within NIST’s Computer Security Division (and not associated with the study) observed, “This research is key because it offers a means to uniquely identify components by a secure, unalterable and inexpensive means.”

Components fail, reach their end-of-life, or new items are added due to the expansion of a network, be it on-premises or in the cloud. Similarly, operations managers have a shopping list of components ranging from raw materials to completed plug-and-play hardware devices. Each of those items is susceptible to counterfeiting or being altered by an adversary. This doping methodology holds promise for CISOs and operations managers that need a higher degree of confidence that the parts or hardware they are purchasing are indeed from the OEM and not from a third-party counterfeit operation, even if the third party managed to get their items inserted into their “secure” supply chain.

Brand protection and information technology teams will want to keep an eye on the evolution of atom doping technology and processes, as it has the potential to be a game-changer in their efforts to distinguish genuine from counterfeit within their own supply chain, as well as those of their customers.

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

burgesschristopher has 178 posts and counting.See all posts by burgesschristopher