If I Were a Counterfeiter...

If I were to think as a counterfeiter, I would want to exploit every weakness in anti-counterfeiting technologies and also want my illicit products to slip into the supply chain as quietly as possible.

Before exploring how a counterfeiter thinks, let's look at the strategies that work and the ones that aren't as effective. In a previous article, I discussed Applied DNA Sciences and botanical DNA as a new anti-counterfeiting technology. The key to the best security is to have processes and materials that cannot be cloned so that the counterfeiters are unable to imitate the markers themselves. (See: Counterfeiters Meet Their Match in DNA Tagging.)

I've also written about the effectiveness of RFID tagging but discovered that -- for about 10 euros -- a duplicate tag can be produced. Consequently, the best technology for anti-counterfeiting must be both unclonable and affordable so that even small businesses can protect their product lines from incorporating illicit parts and materials.

Counterfeiters are beginning to realize this. So, let's take a trip into a counterfeiter's mind.

If I am a counterfeiter, RFID wouldn't really scare me because all I have to do is get my cloned tag through the supply chain before the real one enters it. In that case, the subsequent scan on the original tag will set off the alarm that a cloned tag must have been scanned previously at the same scanning station. The alarm bells flagged the existence of my counterfeit, but now it is a race to get the bogus tag through all remaining scanning stations and into the distribution system before the real tag is scanned for the first time.

That won't be a big problem if the first and bogus shipments go by air and the second by ocean freight. Or, I could just grab the original RFID tag off one container and slap it on my own container, which is filled with my bogus parts. As far as the shipper knows, it has the licit goods in its cargo holds. No, with my sophisticated network in full swing, RFID isn't really a problem. I just have to make sure I keep my people at the logistics end of things well paid and happy.

What am I going to do with plant DNA markers? It can't be as easy as making my own DNA ink with just any plant growing in my backyard. That would be too easy. I have to assume that the boys in white coats have some kind of extra security built into their DNA markers. But I also know that it still costs time and money to verify a genome sequence. So, if I want to defeat the DNA tech, I had better focus on moving as quickly as possible to beat the wholesale DNA deployment timeframe. This technology will become truly ubiquitous, spurred on by the ever decreasing cost of sequencing.

Just a few short years ago, a sequencing operation required weeks or months of intensive lab forensics and cost many thousands of dollars. Now, the same operation can be performed on a table top sequencer in a matter of hours and at a cost of about $1,000.

I know that DNA tagging is only in the early testing and verification stages, so I don't have to be too concerned about it now, but I had better start using some of the millions of dollars I am making from my counterfeit parts and invest my own R&D into reverse engineering. I need to discover the ingredients of the secret sauce that has the military's confidence level so high in this technology.

There's another technology that, as a counterfeiter, I'm not sure how to crack. My own lab techs have been able to look at and clone every encryption key on all the non-volatile memory devices like EEPROMS and Flash because all the data is still there when the power is switched off and the chips are removed from the board. And, I'm not even using expensive forensic techniques for reading those keys. Everything I am doing is standard operating procedure for the usual failure analysis processes. For those encryption schemes that have off-board keys, all I have had to do is tie into the bus circuit and read the bits as they come streaming by.

But I have my work cut out for me with this new anti-counterfeiting technology incorporating Physically Unclonable Functions (PUFs). The new hardware-intrinsic security is based on the properties of device materials at sub-micron levels. That, in itself, is not a big hurdle, but the encryption key is only present when the device is powered on, and every single chip has its own unique key. Even if I could get one key, it would only be for that one chip, and I would have to destroy it in the process. Every chip key is different. The marker is intrinsic in the silicon. And the marker disappears if I remove the power from the part. This is going to slow my business down for sure.

I will have to learn much more about this technology; otherwise, I am out of business for semiconductor devices.

Right now, I understand that microprocessors, microcontrollers, certain oscillators, and FPGAs are inherently primed for this technology, but it is only a matter of time before they build these dedicated encryption arrays into smaller devices that don't need memory except for incorporating encryption key placement.

My boys downtown tell me Douglas is going to write a follow-up article about this technology. I'm going to make sure we follow this guy closely. We may have to make him a nice pair of cement overshoes and take him for a little ride down by the East River. Ain't that right, boys?