NIST: Atoms can Help Secure Supply Chain
Last week, the National Institute of Standards and Technology (NIST) revealed a prototype that used atoms to authenticate an item before it left a factory floor. The methodology is called “doping” and involves the insertion of ‘foreign’ atoms of a different element from those in the device. The implant causes the electrical properties of the “topmost layer” of the device to form a unique “label” that can be read by a scanner.
The Atom Implant
The doping technique described by NIST researcher Yaw Obeng uses the “sharp tip of an atomic force microscope (AFM) probe to implant atoms, [and] is simpler, less costly and requires less equipment than other doping techniques using lasers or a beam of ions,” according to the research. Obeng added, “We’re putting a sticker on every device, except that the sticker is electronic and no two are identical because in each case the amount and pattern of the dopant atoms is different.” The NIST announcement noted that their prototype effectively created “a nanometer-scale version of a QR code for the wafer.”
While it is easy to associate counterfeit goods to knock-off designer watches and purses, the reality is that pharmaceuticals and electronics/components make up the vast majority of counterfeit products in the consumer and manufacturing product acquisition chains.
According to the Organization for Economic Cooperation and Development, (OECD), approximately 2.5% of all global goods are counterfeit. The National Institute of Justice, to help researchers focused on counterfeiting, has created a database of over 8.6 million counterfeit items discovered ranging from pharmaceuticals, electronics—even food—numbering in the thousands. Interestingly, over half (53%) involved brick-and-mortar businesses. Meanwhile, the National Archive of Criminal Justice Data published their analysis of counterfeiting across 43 states and 42 countries from 2000-2015 in July 2021.
Supply Chain Security
While the NIST atom doping prototype may not be useful with respect to dynamic updates of a software application or IT network, it absolutely is of import when it comes to the hardware that makes up data centers. John Boyens, a researcher within NIST’s Computer Security Division (and not associated with the study) observed, “This research is key because it offers a means to uniquely identify components by a secure, unalterable and inexpensive means.”
Components fail, reach their end-of-life, or new items are added due to the expansion of a network, be it on-premises or in the cloud. Similarly, operations managers have a shopping list of components ranging from raw materials to completed plug-and-play hardware devices. Each of those items is susceptible to counterfeiting or being altered by an adversary. This doping methodology holds promise for CISOs and operations managers that need a higher degree of confidence that the parts or hardware they are purchasing are indeed from the OEM and not from a third-party counterfeit operation, even if the third party managed to get their items inserted into their “secure” supply chain.
Brand protection and information technology teams will want to keep an eye on the evolution of atom doping technology and processes, as it has the potential to be a game-changer in their efforts to distinguish genuine from counterfeit within their own supply chain, as well as those of their customers.
