Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

DUST Identity Emerges From Stealth to Protect Device Supply Chain

Boston, MA-based start-up firm DUST Identity has emerged from stealth with $2.3 million seed funding led by Kleiner Perkins, with participation from New Science Ventures, Angular Ventures, and Castle Island Ventures. It was founded in 2018 by Ophir Gaathon (CEO), Jonathan Hodges (VP engineering) and Dirk Englund (board member).

Boston, MA-based start-up firm DUST Identity has emerged from stealth with $2.3 million seed funding led by Kleiner Perkins, with participation from New Science Ventures, Angular Ventures, and Castle Island Ventures. It was founded in 2018 by Ophir Gaathon (CEO), Jonathan Hodges (VP engineering) and Dirk Englund (board member).

DUST, an anagram for ‘diamond unclonable security tag’, has developed a method to ensure the provenance and integrity of any object. Its purpose is to protect the physical supply chain from manufacture to installation, and during continued use. In essence, a very tiny spray of diamond particles is applied to any surface. The pattern created is random but unique to each object. This is scanned and recorded, and becomes the object’s fingerprint. Any physical attempt to tamper with the object disturbs the fingerprint and becomes known.

DUST IdentityThe spray pattern is random by design. DUST takes the view that if it could predefine a pattern, then an adversary would be able to copy it. Instead it allows the vagaries of nature and the environment to create an unclonable unique pattern.

DUST does not prevent physical tampering, but will highlight any such attempt — successful or not. The identity of the original object can be confirmed, and the integrity of the supply chain can be proven. If the fingerprint at installation matches the fingerprint at manufacture, the object provenance within the supply chain is guaranteed.

CEO and co-founder Ophir Gaathon explains the process. “We take diamonds that are tiny and cheap,” he told SecurityWeek. “We add that to the conformal coating process.” Conformal process is a standard process that adds a protective chemical coating or polymer film 25-75µm thick (50µm typical) that ëconformsí to the circuit board or object topology. Its purpose is to protect electronic circuits from harsh environments that may contain moisture and or chemical contaminants. 

“We’re flavoring that polymer with a little bit of diamond,” continued Gaathon.”From that point on you effectively have an identity layer that is completely random — we cannot replicate that signature — and the customer organization can decide which specific location on the board it wishes to authenticate. In order to deploy Dust as an anti-tamper solution, you first need identify the object, and then define a specific fingerprint or fingerprints on that object that will allow you to see if anyone has tried to scratch off any part of the polymer coating, or lift off a specific component or access a programming port on the board itself — and all of that can be done with the same workflow you’ve been using.” Light touches won’t affect the identity — but serious attempts to get under the polymer coating will. 

It is the size of the particulate spray that makes the system both workable and affordable. “What we’ve built is a game changer for supply-chain security,” said Gaathon. “Lack of hardware integrity can have a devastating impact on many levels, and our goal is to elevate the entire business operations ecosystem with more accountability and transparency. We help enterprises and governments to prevent hardware tampering and data breaches, improve suppliers trust, and modernize supply chain data management. Compared to other technologies such as RFID, holograms or barcodes, our proprietary solution is significantly more secure, durable, agile, customizable and cost effective.”

At an area of 0.0025 mm2 DUST fits on the world’s smallest electronic components — and Gaathon confirmed to SecurityWeek that it could uniquely fingerprint the tip of a needle. With the potential for 10^230 unique fingerprints it could theoretically identify every needle in the world. The carbon content is at a non-toxic level, and the diamond material is durable — ensuring that the coating will safely outlast the life-cycle of the electronic devices it protects.

DUST Identity is introducing a scientifically-backed solution for supply chain management fit for mission-critical enterprises — from military defense to automation to healthcare — who prioritize security first, but also want tools that are cost-efficient and easy to deploy,” said Ilya Fushman, General Partner at Kleiner Perkins. “DUST Identity’s technology is truly cutting-edge and we’re excited to partner with this unique team of scientists, engineers and technologists.”

Advertisement. Scroll to continue reading.

Supply chain attacks of the type reported by Bloomberg in October 2018 — subsequently denied by all parties — could be prevented by DUST. Any attempt to attach an additional chip, however tiny, to a coated motherboard would disturb the fingerprint and be detectable on delivery.

DUST Identity has come out of MIT. It was formed by a team of quantum physics, nanotechnology and cyber experts, and has participated in several DARPA programs. 

Related: Watch Cisco’s Edna Conway Talk Supply Chain Security With Microsoft Cybersecurity Field CTO Diana Kelley (Video)

Related: Assessing Cyber and Physical Risks to Manufacturers 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

IoT Security

An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars.

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

IoT Security

Hikvision patches CVE-2023-28808, a critical authentication bypass vulnerability that exposes video data stored on its Hybrid SAN and cluster storage products.