Laser-Scripted Modification of Nanomaterials for Supply-Chain Integrity
A major concern in supply-chain security is that a component should not be modified after it has been constructed and verified to meet its specifications; that is, the integrity of the component must be maintained. But because the communication and transportation channels required to deliver the component are not themselves secure, modification prior to integration and delivery generally cannot be prevented, and the integrity cannot be guaranteed, with absolute certainty. Usually, the best that can be done is to test a delivered component to try to determine whether it has been subjected to unauthorized modification.
In testing such components, the same general principles can be applied to both software and hardware—but the actual implementations are quite different. For example, both hardware and software can be protected by a secure layer or “armor.” For software, this armor can be produced through a mathematical formula. In this case, the string of bits that comprises the software would include a cryptographic algorithm and a secret key to bind the software to a particular “label” at the trusted site of verification; this label can be checked against the software when it is delivered to confirm that it has not been altered. For hardware, the process is much harder, because the armor and tests must be physical. Furthermore, in an age of aggressive miniaturization, they must be applicable at a very small scale (e.g., microns) and suitable even for liquids and gaseous products.
Aerospace has a rich history of research involving laser-scripted modification of nanomaterials (see Crosslink, Spring 2011). One unexpected application of this technology could provide a new way to address the supply-chain challenges for hardware. Specifically, the technology can be used to bind the hardware to a label composed of a carefully selected recipe of nanoparticles that have been placed in a predefined physical state. The basic idea is that at the trusted verification site, a nanomaterial on or in a component is irradiated with a secret series of write-laser pulses, which induce a known physical transformation of the nanomaterial. At the receiving end of the supply chain, the unit is irradiated again, this time with a corresponding secret series of read-laser pulses. The return value of this scan is a pattern of photoemissions that can be checked against an expected value. Any change in the component would be accompanied by a change in the nanomaterial from its prescribed physical state; thus, this test becomes a proper analog to the software integrity check.
Furthermore, the laser-reading process itself also induces a change in the nanomaterial, so that a subsequent read test will receive (and should be expecting) a different return value. If the nanomaterial is altered in some unauthorized manner, the return value will not match the expected value. This dynamic evolutionary property of the irradiated nanomaterial makes the label extremely difficult to copy and forge.
An adversary would gain no benefit by stealing the nanomaterial or write/read units, nor would the adversary be better off as a person-in-the-middle listener. To gain an advantage, an adversary must have access to the entire fabric of matched read/write pairs of scripts along with the light-matter interaction history of that component. Unauthorized reading of the code could be detected because the nanomaterial would evolve differently if read by a different script, and this could be used to identify a component as tampered. A complex supply chain with numerous intermediate integration steps can exploit this property to maintain a viable integrity check all the way through to final delivery of the hardware system.
Two crucial elements lie at the foundation of this approach—the use of nanoparticles whose possible evolutionary paths under scripted laser radiation have been investigated in advance, and the use of a programmed amplitude-modulated sequence of laser pulses (a tailored script) that specifically modifies the particle’s physical state to emit a unique optical signature when interrogated by a subsequent tailored script. (It has long been known that a material’s photoemission spectrum could depend on the intensity of the scanning laser; what is less commonly known is that it is also possible to alter this photoemission spectrum through a burst of amplitude-modulated laser pulses.)
Recent advances have made this approach more feasible—notably, the emergence of MEMS-based handheld spectrometers; the advent of handheld solid-state laser units capable of providing watts of optical power and digital amplitude modulation at megahertz frequencies; and advances in the production of nanosystems rich in photoemission properties, now manufactured with high uniformity in bulk quantities.
The marking and checking processes as described could be implemented using a standard laser-marking station now found in many factory floors; however, this has not yet been subjected to a comprehensive analysis of its viability. Several questions remain to be answered. For example: What exactly are the secret keys, and how are they shared? What is the cryptographic strength of the process? What is the fidelity requirement of the marking and scanning process? What improvements in the technology are necessary to make these ideas work? What can be done to mitigate mistakes and hostile interference that would otherwise undermine confidence in the process or its results?
Whether or not this particular idea bears fruit in its current form, it is clearly a harbinger of a potential surge of innovation in physical science research spurred by the increasing awareness of the challenges faced in protecting the supply chain of national security space systems.
— Henry Helvajian
Back to the Spring 2012 Table of Contents
Go to main article: Cyber Protection and Space System Acquisition
Go to sidebar: Secure Coding
Go to sidebar: The Risk Management Framework