Schneier on Security
A blog covering security and security technology.
« Authentication by "Cognitive Footprint" |
| Research into an Information Security Risk Rating »
January 24, 2012
Using Plant DNA for Authentication
Turns out you can create unique signatures from plant DNA. The idea is to spray this stuff on military components in order to verify authentic items and detect counterfeits, similar to SmartWater. It's a good idea in theory, but my guess is that the security is not going to center around counterfeiting the plant DNA, but rather in subverting the systems that apply, detect, and verify the chemicals.
Posted on January 24, 2012 at 6:46 AM
• 12 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I'm confused by this. Is the claim that people will swap out real for counterfeits at some point in the production process? I mean, what's their threat model like? I would imagine the counterfeiter sells you the counterfeited part before you have had time to apply the plant DNA spray.
@PrometheeFeu: indeed this is a problem.
I would assume that the threat was not at the manufacturer itself but at the supply chain. Like various bulk resellers of electronic parts which stock up on parts bought from various manufacturers or other bulk sellers, often multiple times, making the whole chain untraceable, then selling to anyone that wants them, including the military. Within goverment procurment, often the price is the only or major factor in choosing a supplier, so for small contracts (i.e. ordering a small batch of replacement parts) they often end up buying from some intermediary, not directly from a manufacturer, as the manufacurers often sell in large quantities only, or set the price for small batches very high.
Also, in case of parts long out of production, you have to rely on someone having still some stock of them stashed in a dark corner, now completely untraceable, and simply can't buy directly from the original manufacturer. I think this is where various 'counterfeit' parts enter the chain.
There are other issues, like controlling the distribution of the magic DNA paint itself.
If that's the problem they are trying to solve, the only way to do it is to have the manufacturers in question (lots of people, many of which are not in the US) spray all their components. That doesn't sound really likely to happen and if it does, I can't imagine it will be hard to get counterfeited stuff sprayed.
As for the stashes of old parts, well, they're out of luck.
It seems like this is trying to fix an insecure supply chain (caused by being cheap and so avoiding reputable suppliers) by applying an expensive integrity check.
Just go buy a real iPad from the store instead of the cheap (wooden) one in the McDonalds parking lot.
I'm neither a procurement expert nor a molecular biologist, but I'm having difficulty seeing how this would work. The original article really doesn't have enough detail to assess this idea.
What I think they're trying to solve is this: my airplane/spy satellite/killer robot relies on XYZ Company's widget. I need to make sure that I have a genuine XYZ widget, and not a counterfeit one. If it's counterfeit, my mission could be compromised in some way (lives lost, data leaked, etc.)
The solution is that XYZ Company applies
magic pixie fairy dust, er, plant DNA to the genuine components they manufacture. However, the article skimps on what happens next. I can point my scanner at the item and read the barcode, see it glow, etc. but all that does is tell me there's SOME kind of tailored DNA present. We can assume supplies of this stuff will be lost and that various parties will have the ability to manufacture their own, so that's a nearly useless test in my mind. The only real validation would be to sequence the DNA tag, and compare the sequence against XYZ's database of valid sequences that they have used. Only then do I have a strong indicator that they made the part.
There's a couple problems, though: first, this is akin to using a shared key, and depending on how many unique sequences XYZ uses and how many components they make it may be widely shared. The assumption is that nobody can create a sequence that matches XYZ's real sequences in testing - in practice, esp. if foreign powers are involved, that may be a bad assumption.
DNA degrades over time, particularly in harsh environments ... exactly where a lot of these items operate. So if I test after time in service, do I get false results that make me replace perfectly legitimate equipment? How often can I swab the thing and submit for testing before the DNA traces are gone? Lab accuracy (per TFA) may be 1 in a trillion, but what about out in the real world after time has passed?
Finally, where do I apply the tag? The article mentions protecting things like "circuit boards to microchips to routers". The tag has to be on a non-replaceable part of the assembly or it's pretty worthless - I could always use a genuine XYZ router case to house my counterfeit/tampered innards.
Somehow, all this DNA marking reminds me of grade school: "I licked that apple, it's mine".
If it can be swabbed off for analysis presumably multiple times throughout the supply chain, it can also be reapplied to the counterfeit items from a legitimate item.
Also, DNA analytical methods operate by duplicating the specimen to test thousands of times over. The agents to effect the replication are readily available to all kinds of laboratories. While in fact it may be difficult to recreate a specific strand from scratch, it sure is not difficult to replicate it once a specimen is obtained.
To me it looks like a not particularly good or robust solution looking for a problem it might appear to solve.
I really don't think people are doing their problem analysis correctly from a sufficiently great distance.
Fundamentaly the problem was the US Government trying to do things on the cheap because they had allowed themselves to fall into a trap of being owned by their suppliers who were basically taking them thus the US tax payer for a ride.
The standard economic solution to "being owned by your suppliers" is to get rid of what put's the suppliers in a monopolistic or cartel possition. In effect a competative thus open market. The problem with "open" is it does not sit well with various aspects of "National Security" items which require the very opposite of open in the form of secrecy.
The other problem with many "National Security" items is "life time" most consumer products have lifetimes measured in sub five year spans, most NatSec items have product lifetimes that start around twenty five years...
One change the military and others that actualy use NatSec items have not yet caught up to is that technology change is now so fast that many NatSec items are actually compleatly obsolete before the end of their design cycle let alone first production and test cycle. And that the supposed "technology edge" of many NatSec items is now nologer the "bleeding edge" but the "trailing edge" when compared to consumer product technology. That is the average smart phone in a soldiers pocket is way more technicaly advanced than the NatSec kit they draw out of stores...
Something has to change, either NatSec has to get with the conssumer program fully and accept the 18month or less product cycles. Or the Government has to be responsable for not just holding a secure and verifiable inventory of spares but ensuring that they hold sufficient for the entire NatSec item product span...
Anything else is going to be a failure, and to be honest so is attempting to hold a secure and verifiable inventory of spares...
There are other solutions but most suffere from the exponentialy increasing complexity issue...
Wouldn't it be possible for others to counterfeit the plant DNA, as there are only so many plants they could possibly use. They would of have to change their plant DNA non-stop to keep up with the counterfeit. Sounds like a lot of work to me.
It's just a new kind of security through obscurity. The number of "locksmiths" who have the equipment to analyze the DNA marker and to reproduce a sample and install a copy would be vanishingly small at first. But if, say, Iran, came out with this kind of security on their centrifuges, I'm pretty sure someone or other not to be named would be able to reproduce the DNA markers.
I also wonder how easy it is to denature the DNA. It would be a shame if you could just spray formaldehyde or acetic acid on an item and destroy the marker, and if you then did that to a warehouse full of billions of dollars worth of stuff that had to be thrown away because it could no longer be verified.... Also, they're talking about using it on electronics that may perhaps run very hot in operation. Some kind of acceptance stress test might also destroy the marker.
"to me it looks like a not particularly good or robust solution looking for a problem it might appear to solve."
That fits about 2/3 of the things Bruce blogs about. (Not blaming Bruce there, just the state of the industry.)
Just saw that this is also being pushed (same solution & company) as a solution for student identification to fight test taking fraud in New York. I'm not sure where to even begin with a critique on this.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.