Douglas, thanks for your engaging article. I am not sure, however, whether it is a vote of confidence in the APDN technology that is currently available, or a preference for the PUF technology under development. You had mentioned you were going to meet with the Applied DNA Science team with regard to costs and timetable, any news there? By the way, I understand APDN is working with the College of Nanoscale Science and Engineering in an effort to intergrate their DNA tech within computer chips, here's a link to the video/press release FYI..http://cnse.albany.edu/Newsroom/NewsReleases/Details/12-01-17/UAlbany_NanoCollege_Applied_DNA_Sciences_Partner_on_Nanochip_Anti-Counterfeiting_Program.aspx Thanks again!
I believe what really nails the security for Applied is that they also manipulate the plant DNA with an integrated marker so it is more than just the raw DNA. I think it is their secret process which locks down the security. The PUF solution is not an add-on process in the marking stage because the bit train is already intrinsic to the device. The sequence is picked up before packaging and recorded instantaneously for electronic verification via a secure server access. While DNA marking cost is virtually negligent, it is the cost of post-scanner verification/authentication via lab testing that may be not practical for small companies. Also, remember the other trade-off, PUFs are limited to semiconductors with latches or SRAMs and therefore, currently device application is limited. In the end, I think we might see hybrid security measures using multiple technologies across the supply chain.
In my opinion, all these new technologies are going to be expensive for encryption at the manufacturers end and decryption at the buyer end.
If such advanced technologies are applied on the packaging ( not the chip packaging but the material packaging) and if the packaging is made more secure and tamperproof then it will become an economical and feasible for all suppliers and buyers.
Such technologies can then be applied for all size, passive as well as active components and won';s require a special process to be added in the manufactruing of the components.
Prabhakar and WaqasAltaf,
We have been talking mostly concentrated ink DNA solutions, but the DNA can also be added to adhesives so if a packaging tape has the OEM's Logo printed (ink) marker and the adhesive tape securing the shipping carton flaps and edges together, throw in a DNA spray all over the carton as in the case of the earlier article mentioning the company marking their rolls of copper, then we have an even harder to clone security method. I will be meeting with the tech folks at Applied very soon and I will explore with them the directions they have been considering and mention carton/container level security. I will follow up with another post. I know Opeters has been following this with great interest.
I am getting dangerously close to mere speculation on the full capabilities and limitations of DNA marking. I do not want to go too much deeper Into this until I have met with the scientist involved. Let me make sure we are on solid technical ground before this subject coverage becomes too diluted and mushy to be of any real worth. Standby for the rock solid information.
Philips are the key pioneers of PUF research. There are a number of papers online that you can read by searching "Philips Using PUFs". Some of the PDFs are general introductions and others go into testing detail that is really intriguing. Can you help me find an article where they are actually shipping their products with PUF security for the mass market?
Since, there is no immediate introduction of DNA expected, so counterfeiters can relax. They can probably enjoy the counterfeiting era as RFID and other measures are in their pockets. Even if DNA method comes, there will be solution through reverse engineering soon as the counterfeiting market is too lucrative and the participants cant accept defeat. The even bigger challenge will be to make this DNA technology cheap enough so that small-size manufacturers are able to adopt it.
Douglas - You note in your post that you "discovered that -- for about 10 euros -- a duplicate tag can be produced". I'm a long-tiome RFID guy, and have anticipated such a thing happening eventually, but had not heard about it until I saw your post.
It has long been possible to copy the user-programmed number in an RFID tag and load it into another tag, but all of the RFID chips being produced today by mainstream suppliers also have a unique Tag IDentifier, or TID, which cannot be changed. So if a true clone can be produced, that means that some (rogue?) chipmaker is producing a chip with a writeable TID. If that's the case, I'd love to learn more. Can you pass on any background you might have on the topic? Thanks!
Douglas – Thanks! The authors of the report you referred to (the EU-funded BRIDGE program) do a pretty good job of laying things out, and I don't see anything to disagree with. The 2 key takeaways regarding cloned tags, in my opinion:
1.Tags (the chips, specifically) cannot currently be cloned, at least in the form of normal tags placed on any large volume of items. However, it is possible – and will likely be financially rewarding – for bad guys to, at some point, produce "blank" chips that can be programmed as clones. Once that happens, the clones will be detectable by firms which maintain good databases and communications infrastructures, but perhaps not quickly enough to prevent significant losses.
2.Although tags cannot be cloned yet, a tag can be impersonated by a relatively simple battery-powered PC board-based solution. This is the 10-euro fake that you mentioned in your original post. Such a tag generally won't look like a normal RFID tag, but in some cases it can be hidden or possibly disguised as a large ruggedized tag. This is potentially an immediate threat for some high-value items.
It will be interesting to see how long it takes for the above scenarios to have an impact.
The marker is intrinsic in the silicon. And the marker disappears if I remove the power from the part. This is going to slow my business down for sure.
@Douglas, I think PUF's now only slow down the business but they have reliability issue as well because they are subject to environmental variations such as temperature, supply voltage and which can affect their performance.
Actually, they are not subject to these stresses which makes them more robust. In accelerated stress screenings, it was determined that even the aging of the silicon did not impact the integrity of the PUF. That is why this is a viable security. If you are interested in the lab reports, email me and I will forward them to you. The test simulated 20 years over a couple of months. It is called HALT and HASS testing. Highly Accelerated Life Testing for HALT.
Your question is very significant. It is probably the most asked question from a standpoint of universal application deployment. Right now I need to ask that question of some key researchers. If ceramics and organic materials can be included then there has to be some other kind of PUF not based upon silicon gate technology. Polymers might be infused with carbon nanotubes for this purpose, but let me look into this as the implications for a positive response are tremendous. Standby.
Very Interesting. I took away these things from the article: 1) A Sticker on a Container of parts is not a solution; 2) Solution must be automated and also identify counterfeits already in the inventory.
DNA technology points out that the verification must be inherent to the component in question. With the stakes as high as it is, relying on Chain of custody is not just a huge mistake, but have likely already pervaded Global component inventories with counterfeits. People are corruptible.
If I were a counterfeiter, rather than breach a secure system, I'd pay people to vouch counterfeit products into secondary or tertiary supply chains upstream that would drift into primary markets. Keep trying until you find one that taps into your target market.
A better solution is Quality Control/Testing. If you come up with a testing standard, you can create devices that automaticxally puts a component through a round of tests with random inputs that knows what outputs to expect. If a component's features return the correct answer to the questions, within specced performance, then you can consider the component non-counterfeit.
This device(s) should also vouch components already in the industry so serves a dual purpose. And counterfeiting provides a company with cost justifications for purchasing equipment, hiring Component QA professionals, and implementing robust procedures.
If I were a well-funded Chinese Company or North Korean operative with adequate resources, I could pay more to get the top-secret technologies and product a counterfeit product of equal quality that will perform reliably, but this is a far less attractive and profitable endeavor. I'd switch to an easier target and market.
Paulwolb, I like the term "chain of custody" and especially your assessment that this cannot be relied upon to fight counterfeiting. In fact, the reliance on that "chain of custody" is the centerpiece of many people's argument. Buyers are asked to buy only from franchise distributors alone or the actual manufacturers. This presupposes that these sources cannot be corrupted. It represents a baseline, only, though. As you noted, people can be bought.
Wow. There goes the path of least resistance for counterfeiters. I'm sure a lot of these guys can out-engineer the best of security tags, but I'm thinking about ROI. How much money would you have to make to make it worthwhile? Pulling parts off a board is one thing, but dodging RFID and plant DNA takes it to another level. I'm wondering if there is a cadre of tecchies out there that develop this stuff and then sell or license it to counterfeiters? Do counterfeiters have R&D budgets? Fascinating stuff...
Your point is the sticking point in any security environment. If you can appeal to the greed response in an unscrupulous character placed in a critical position in a security network, your security is compromised. In that event, the employee himself could be a counterfeit with the only intention for hiring on was to be able to get the critical information for his REAL employer. OOOOOOOOOOOOO7 intrigue! I am trying to leave plenty of room here for healthy paranoia.
A thousand apologies for "Baraba"...although it is kind of a cool name. I guess in Hebrew that would mean something close to Son of aba which is close to abba which means Father in a very endearing way.
Douglas, Glad to see Barbara's name can be upended too. I have had the pleasure of being known as blji, bojali, bojo or some other variation of my name. Interestingly, some of these errors have come in emails, which makes me wonder about the emails I didn't receive because somebody couldn't figure out how my correct mailing address!
Wouldn't a large part of this problem go away if customers purchased from Authorized, Franchised Distributors / or Manufacturers direct, instead of searching the world for anyone who can supply a product for 'less'?
@BLYNCH: In theory, absolutely. In practice, independents don't just sell stuff, they buy it as well. The imperfections in forecasting mean there will always be a supply/demand imbalance. The supply chain is a two-way street where partners buy and sell, and most independents buy and sell the same factory-made products OEMs and EMS companies are buying. While it is true that buying from an independent increases the risk you may end up with a counterfeit part, the terms "independent distributor" and "counterfeit" are not interchangeable. Reputable independents go to great lengths to avoid counterfeits.
Could you identify some of the independent distributors and tell us what they do to catch the counterfeit parts before they go into their stockrooms? Do they hire outside companies to do the work or do they have internal people assigned full time to the job.
Hi Douglas: I've spoken with America II, World Micro directly, and corresponded with several other independents within the past year or so. One of our bloggers, Dawn Gluskin, is a principal at an independent and writes at length about some of the techniques.
America II buys its own equipment which consists of x-ray and scanning equipment and really good (forget the term--micron?) microscopes. Components go through both tests before they are sold. Most of the independents seem to do their inspection in-house, although I've heard of some that outsource it.
I know there are a couple of different ways to scan/x-ray components. I know AmII uses the more robust of the options.
I'll check a few sites and back to you with more technical terms. "Really good" microscopes doesn't really cut it...
EBN Dialogue enables and encourages you to participate in live chats with notable leaders and luminaries. Not only editors and journalists, but the entire EBN community is able to comment and ask questions. Listed below are upcoming and archived chats.
Thailand Stages a Comeback Join EBN contributor Jennifer Baljko on Thursday August 23, 2012, at 11:00 a.m. EST for a live chat on how electronic manufacturers in Thailand have shored up their supply chain to reduce the impact of future natural disasters.
Microsoft Surface: Potential Winners & Losers What are the implications for the electronics industry supply chain of Microsoft Corp.'s decision to launch its own tablet PC? Join industry veteran and EE Times' systems and OEM expert Rick Merritt on Tuesday, July 3, at 12:00 pm EDT for a Live Chat on this subject.
Join EBN contributor Jennifer Baljko on Thursday August 23, 2012, at 11:00 a.m. EST for a live chat on how electronic manufacturers in Thailand have shored up their supply chain to reduce the impact of future natural disasters.
Peter Drucker famously said "Trying to predict the future is like trying to drive down a country road at night with no lights while looking out the back window." Yet in the razor's-edge world of electronics—with a lean supply chain and just-in-time demands—the need to know the future is vital.
While no one really can accurately predict the future, we can take guidance from another Drucker saying which is the best way to predict the future is to create it.
You've heard the saying "the No. 1 supply chain risk is your people." That hasn't always been the case. But today's complex global supply chain requires a new type of multitalented employee. It's one who understands, finance, marketing, economics, is savvy with technology, graceful with relationships and can think analytically.
Where are these people? Are universities properly preparing the next generation supply chain professionals? How do train your existing workforce for these new, demanding positions?
Brian Fuller, editor-in-chief of EBN, will lead a 60-minute Avnet Velocity panel discussion that will ask and answer these and other questions swirling around today's supply-chain talent challenges.