Boston, MA-based start-up firm DUST Identity has emerged from stealth with $2.3 million seed funding led by Kleiner Perkins, with participation from New Science Ventures, Angular Ventures, and Castle Island Ventures. It was founded in 2018 by Ophir Gaathon (CEO), Jonathan Hodges (VP engineering) and Dirk Englund (board member).
DUST, an anagram for ‘diamond unclonable security tag’, has developed a method to ensure the provenance and integrity of any object. Its purpose is to protect the physical supply chain from manufacture to installation, and during continued use. In essence, a very tiny spray of diamond particles is applied to any surface. The pattern created is random but unique to each object. This is scanned and recorded, and becomes the object’s fingerprint. Any physical attempt to tamper with the object disturbs the fingerprint and becomes known.
The spray pattern is random by design. DUST takes the view that if it could predefine a pattern, then an adversary would be able to copy it. Instead it allows the vagaries of nature and the environment to create an unclonable unique pattern.
DUST does not prevent physical tampering, but will highlight any such attempt — successful or not. The identity of the original object can be confirmed, and the integrity of the supply chain can be proven. If the fingerprint at installation matches the fingerprint at manufacture, the object provenance within the supply chain is guaranteed.
CEO and co-founder Ophir Gaathon explains the process. “We take diamonds that are tiny and cheap,” he told SecurityWeek. “We add that to the conformal coating process.” Conformal process is a standard process that adds a protective chemical coating or polymer film 25-75µm thick (50µm typical) that ëconformsí to the circuit board or object topology. Its purpose is to protect electronic circuits from harsh environments that may contain moisture and or chemical contaminants.
“We’re flavoring that polymer with a little bit of diamond,” continued Gaathon.”From that point on you effectively have an identity layer that is completely random — we cannot replicate that signature — and the customer organization can decide which specific location on the board it wishes to authenticate. In order to deploy Dust as an anti-tamper solution, you first need identify the object, and then define a specific fingerprint or fingerprints on that object that will allow you to see if anyone has tried to scratch off any part of the polymer coating, or lift off a specific component or access a programming port on the board itself — and all of that can be done with the same workflow you’ve been using.” Light touches won’t affect the identity — but serious attempts to get under the polymer coating will.
It is the size of the particulate spray that makes the system both workable and affordable. “What we’ve built is a game changer for supply-chain security,” said Gaathon. “Lack of hardware integrity can have a devastating impact on many levels, and our goal is to elevate the entire business operations ecosystem with more accountability and transparency. We help enterprises and governments to prevent hardware tampering and data breaches, improve suppliers trust, and modernize supply chain data management. Compared to other technologies such as RFID, holograms or barcodes, our proprietary solution is significantly more secure, durable, agile, customizable and cost effective.”
At an area of 0.0025 mm2 DUST fits on the world’s smallest electronic components — and Gaathon confirmed to SecurityWeek that it could uniquely fingerprint the tip of a needle. With the potential for 10^230 unique fingerprints it could theoretically identify every needle in the world. The carbon content is at a non-toxic level, and the diamond material is durable — ensuring that the coating will safely outlast the life-cycle of the electronic devices it protects.
“DUST Identity is introducing a scientifically-backed solution for supply chain management fit for mission-critical enterprises — from military defense to automation to healthcare — who prioritize security first, but also want tools that are cost-efficient and easy to deploy,” said Ilya Fushman, General Partner at Kleiner Perkins. “DUST Identity’s technology is truly cutting-edge and we’re excited to partner with this unique team of scientists, engineers and technologists.”
Supply chain attacks of the type reported by Bloomberg in October 2018 — subsequently denied by all parties — could be prevented by DUST. Any attempt to attach an additional chip, however tiny, to a coated motherboard would disturb the fingerprint and be detectable on delivery.
DUST Identity has come out of MIT. It was formed by a team of quantum physics, nanotechnology and cyber experts, and has participated in several DARPA programs.
Related: Assessing Cyber and Physical Risks to Manufacturers
More from Kevin Bowers
- Alexa May Be Recording More Than You Realize
- UK’s NCSC Adopts HackerOne for Vulnerability Coordination Disclosure
- Artificial Intelligence in Cybersecurity is Not Delivering on its Promise
- Untangle Partners With Malwarebytes to Bring Layered Security to SMBs
- Testing Security Products: Third-Party Standards vs. In-House Testing
- New Cyber Readiness Program Launched for SMBs
- Personal Details of 120 Million Brazilians Exposed
- Researchers Find Thousands of Twitter Amplification Bots in Just One Day
Latest News
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- China Says It’s Looking Into Report of Spy Balloon Over US
- GoAnywhere MFT Users Warned of Zero-Day Exploit
