Cyber-Physical Trust Anchors for a Secure Supply Chain

M. Maasberg, I. Taylor, L.G. Butler
United States Naval Academy,
United States

Keywords: cyber-physical trust anchor, secure supply chain, X-ray imaging, blockchain

Summary:

Industry 4.0 requires a secure supply chain. The goal is a secure supply chain with security costs matched to the threats and consequences. The current approaches of chain of custody and special packaging is vulnerable. The regulatory agencies show a tendency to select a single solution, a path which lacks the flexibility to optimize costs and security. Rather than a single solution, we recommend taking some guidance from currency, such as the security features of the US $100 and $1 paper currency and the $1 coin. In addition, we recommend procedures to establish ownership. For example, if you should drop your $100 bill in a crowded bar, how do you establish ownership, peacefully? Our team has crafted procedures for combining features, imaging, hashes, smart contracts, blockchain and non-fungible tokens to create a suite of cyber-physical trust anchors appropriate for high-value parts as well as commodity parts. We have two years’ experience with a supply chain for sustainable farming, where the product is grown on small, isolated farms, then transported thousands of kilometers with multiple transactions. Our cyber-physical trust anchor has improved product security as demonstrated by a four-fold increase of income to the farmer. Our team has written three manuscripts on details of the cyber-physical trust anchor and its application to high-value parts as well as commodity parts. The publications describe cyber-physical trust anchors over a wide range of implementation costs and security performance. For example, high value additive manufactured items can be securely labeled with a unique identifier, invisible to conventional X-ray imaging, the part provenance tracked throughout the part’s lifecycle and end of life. Provenance is key to protect dumpster diving and re-injection of a used part back into the supply chain, a known problem in the semiconductor sector. For commodity parts, our publications describe use of unique features at the batch level and on-demand authentication. In the world of commodity parts, low-cost quality assurance is a key feature according to interviews with potential customers. One of our publications discusses automobile tires and a crime script in which current security options are vulnerable to attack; we show how cyber-physical trust anchors offer a cost-efficient procedure to authenticate new tires mounted on the car. Our team is funded by a NIST SBIR grant, derived from NIST IR 8419 (April, 2022), to further develop cyber-physical trust anchors. We assert that cyber-physical trust anchors are a cost-efficient route to securing both commodity and high-value parts. We are seeking early adopters to prototype trust anchors customized for their product. To better communicate the technology in the boardroom environment, we have developed a laptop/cell phone demonstration package. The customer can try their hand at hacking the system, and appreciate the flexibility and security offered by cyber-physical trust anchors. The manufacturing industry is welcomed to participate in the development of procedures for a secure supply chain, and to express their opinions to regulatory bodies guided by the NIST IR 8419 publication.