I was recently offered the chance to buy N-95 masks to protect myself from COVID-19. I hesitated, however, because I had no way of knowing if they were authentic. The CDC has published guidance on counterfeit masks, but as a regular guy, how would I ever know how to spot a fake? I can’t. But, what if there were a way to determine for sure that an N-95 mask was actually made by an accredited manufacturer? That would require precise authentication of a physical object. That’s the problem DUST Identity is setting out to solve.
DUST, which is an acronym for “Diamond Unclonable Security Tag,” creates a unique physical identifier for an object by calculating a unique number from the patterns of quantum-engineered diamond nanocrystals. Easy, right? The company takes tiny (nano-sized) diamond crystals and embeds them in clear plastic. It then generates a number based on the unique patterns created by the random scatter of the diamond crystals.
The ability of diamonds to produce unique patters of light is well known to fans of the Pink Panther movies. Inspector Clouseau went looking for the famous diamond that created a glow so special that one could see a “leaping panther” in its gleam. DUST is merely following in the footsteps of this legendary investigator.
Given the properties of diamond crystals of this size, the DUST technique can produce a range of 10230 unique identifiers. To put that number in perspective, consider that the entire Internet of Things (IoT) is projected to have 7.4 × 1010 devices in five years. So, you could say that DUST has room to grow.
According to the company, each DUST “fingerprint” cannot be reverse engineered. The identifier can be quite small, too. The DUST physical tag can be .0025 square millimeters—small enough to fit on an individual resistor.
There are several applications of the DUST technology to security. At a high level, they all contribute to solving the problem of physical authentication, a root cause of cyber risk. A great deal of risk exposure flows from a fundamental inability to establish, for certain, that a device is what it says it is.
“We close the trust gap,” said Ophir Gaathon, DUST’s Co-Founder and CEO. “We create a durable physical-digital binding for an object. This creates product integrity that lasts the entire product lifetime.” A microprocessor, for example, can now be tracked across its lifecycle, from manufacturing through installation and retirement. This capability is critical for people who are concerned with potential tampering with electronics components at the manufacturing stage.
“If you have a million IoT sensors deployed, you need to know for sure that the data you’re getting from each one of them is legitimate,” Gaathon added. “Being able to authenticate the device physically gets you a long way toward this goal. Similarly, if you can authenticate the silicon in the server that’s updating the firmware in those sensors, you’ve gotten even further along the path to trusting your IoT data.”
The DUST origin story is also cool. The company sprang out of Gaathon, Jonathan Hodges and Dirk Englund’s research on quantum characteristics of diamonds in 2011 (first at Columbia University and later at MIT ). A few years later, while developing capabilities for DARPA the team was set to address supply chain security concerns related to the trusted physical identity of mission-critical components and systems. They founded DUST in 2018 to commercialize the innovations they had devised using nano-scale diamonds.
DUST has applications outside of cybersecurity. The technology can be used for pharmaceuticals, aerospace, defense industries and more. The company is now offering a range of adaptable modes of deployment, so it fit into existing manufacturing processes.