I got interested in this space a number of years ago, and have some investments in it; overall my takeaway is that supply chain integration is the main thing, not necessarily hardware innovation, at least so far.
Sadly, this is unlikely to be deployed commercially. But it's cool to come up with new ideas in the space!
A couple key points:
* Readers work at a 4cm distance
* Rather than a key database, the researchers propose an AI to memorize patterns
These are no-go for almost all product ID scenarios I can imagine. Not least because the AI will have a harder and harder time validating patterns the more patterns are thrown at it. As described, a registry would be better, much better. But still bad.
David Chaum has done some work using glitter patterns on banknote bills, which I think is super cool, essentially: random reflective pattern from glitter -> some sort of FFT / visual identification signature -> stored in a registry.
Even that is going to be somewhat tough because you'll need the registry. Or alternately a chip that can store a signature and a reference to the pattern, in which case you'll just need a reader that knows the public key of the signer.
What is the latest in this world? (Apart from this post)
I developed some prototypes in the authentication space about ten years ago. Our approach was to detect fluorescence; first in IR, then shifted to Blue-to-Yellow shift that could be triggered by a mobile phone screen and simultaneously “read” by the front facing camera.
The fluorescing dyes were trademarkable and very hard to develop, which we compared to holograms as markers of authenticity.
So, some tech like that is used in Banknotes, although the specifics are often covered under extremely strict NDAs. Companies that offer these NDAs around often offer product that watermarks in non-visible spectra, so you might infer they do something similar in the central banking space. It's a fairly patent-heavy field; I wouldn't be surprised if your work is covered at least in part by industry patents. If you have the patents still, I'd probably try and market them to companies like Kurz which have built large profitable businesses doing security layers for printed goods, among many other things.
As you note, inks are a big deal, and control of inks and the ink supply chain can be a big deal.
I put a bunch of money into Noteworthy a few years ago, which successfully embedded ARM chips into banknotes, the proposal being that you could at-note security with challenge/response over NFC. Noteworthy picked Bitcoin notes as a first product/demo tech. They work, it's very cool tech, and, shockingly, the chip embedding part of the tech stack isn't even the most expensive part of making a banknote.
I also invested in a company looking at drug supply chains in low-data areas, which just used SMS-based single authentication checks (great idea -- didn't pan out), a company embedding chips in sneakers (great idea -- this one works, but it's not clear if it matters for mid-tier large issuance sneakers), ...
I spent the most time with Noteworthy, and learned the banknote folks think of authentication in three tiers: individual (e.g. can you or a checkout person at a gas-station tell a note is fake), retail (e.g. can a bank teller tell a note is fake), and redacted, (e.g. can Treasury tell a note is fake). This multi-tier approach is practical and sensible to me; in brief, the farther up the chain, the more power you can bring to bear on determining a fake, and the longer you can take.
I think the same dynamics are there in a lot of consumer goods -- and the upshot is that, at least in the states with consumer goods, people mostly want to / need to trust their supply chains; it's very rare anyone is going to even take a picture of something with their phone to check its authenticity.
The way I understand it (or at least the way I'd design it), only the tag itself stores the pattern (or the AI-generated hash thereof), there is no external "registry". Then the pattern hash is used to access a private key (e. g. the key is stored XOR-ed with the hash when the tag is installed) to authenticate a challenge. Recognizing similar patterns is to make sure the pattern always evaluates to the same hash as long as it's not tampered with.
The MIT link doesn't explain how exactly they've done it, so that's only speculation.
The input from a scan can be quite a lot of data, a high resolution
photograph, a point cloud, a set of RF timings/phases or whatever.
The key for future matching must be something small that can be
distributed or sent ahead of the delivery, so a hash seems the way to
go.
But standard hash algorithms are designed for non-collision and
sensitivity - any changes of input lead to wildly different outputs.
But the physical product has to endure;
- handling by humans or machines
- mechanical vibration and stress
- temperature variations
- gravity, natural creep, thermoplasticity
- bleaching due to light
- variations in the reader, angle, lighting, nearby metal objects
That means we need a threshold of fuzziness, where the hash is not
broken, until suddenly it is. The more fuzzy we make it the more scope
an attacker who knows the method has to craft a deliberate collision
to repair tampering effects.
I understood it as: a signature of each pattern is stored as 'known' in a dataset. An AI learns which patterns are "known".
I don't believe their method has fine control of placement of the 'readable' parts under the glue; this cuts out methods where you're writing something in data as part of authentication. But, it also makes production MUCH cheaper - you can later just read what you "wrote" under a tag. I would guess in the price points they imagine, this method is "random + read later".
For your method - if you can write data, why not just write a digital signature of the item's serial number?
We write data into the tag's digital memory, not the pattern. The pattern is immutable.
We use the pattern to mask the tag's private key. The tag authenticates itself with that private key (which is installed on the tag by the manufacturer and can be signed with a CA cert to prove it comes from the manufacturer). The tag can't decrypt the key without the correct pattern, so simply peeling it off and sticking it onto a counterfeit won't work. There is no need for a database. The AI runs on the tag and makes sure tiny changes to the pattern won't make the private key unrecoverable by outputting a "low-res" version of the pattern that is immune to such tiny changes.
I recall the article mentioned they got to "99% reliability". As a manufacturer of high-end products looking for a good authentication solution, I was thinking this might be cool until I read that. Having errors in 1 in 100 identification passes is nowhere near usable. I'd want I'd down under one misidentification in 10k or 100k readings (fail/redo/succeed is ok in 1%). The entire point of the system is to be able to definitely determine that "this is a counterfeit" or "yes, we made this in batch K69342". If it can't do that reliably, why would I invest in building this into our manufacturing flow?
Reading the content it seems like 99% is only for detection of physical tampering, i.e taking the chip out of real thing and putting it in fake thing, which significantly decreases the intent tamper as you need to destroy the real thing.
Wow, if it's only 99% catching that condition, it seems even worse! (I read it as 99% re-recognizing un-mangled items, but yes, if it is 99999/100k re-recognizing a good tag, it might be ok to let pass 1/100 counterfeits).
I got a textbook that had a piece of lint embedded in a sticker. I don’t remember the actual authentication workflow, but I think the idea was to enter a code to a website, which would pull up a series of photos and you could select the right one, like a captcha.
Are the readings not repeatable enough to derive a simple, secure key from the pattern? (I'm realtime of course - not suggesting caching it long term on the chip).
> "They also demonstrated a machine-learning model that helps detect tampering by identifying similar glue pattern fingerprints with more than 99 percent accuracy."
This system would probably have to be far better than 99% to be helpful. If customers test (say) a hundred thousand tags per day, we might suppose that 99% accuracy means a thousand false alarms per day. If users get suspicious and return their genuine devices upon seeing a false alarm, that's a huge cost, even without any fakes at all. Reporting "99% accuracy" allows a worrisome amount of luck into a system marketed as "tamper-proof."
Let's compare to biometric verification. Apple's TouchID claims about 1 false accept among 50,000 fake fingers (FAR=0.00002) with false rejection rates (FRR) hovering around 2%-10% or so. Even though this averages to worse than 99% "overall accuracy," it makes sense for a fingerprint matcher because the genuine user gets to retry their finger a few seconds later, so high FRR isn't a problem in practice. On the other hand, it may be better for these tags to trade off a higher FAR for a lower FRR.
I'm also worried by the article's claim that terahertz waves "travel much faster than radio waves." The speed of light doesn't depend on its frequency.
Indeed. Journalistic leeway aside: I work close to manufacturing, and at our scale we measure things in DPPM (Defective Parts Per Million (manufactured)). In my line of work, defect rates in the tens to low hundred DPPM (10 - 100 / 1000000) is noise, high hundreds is cause for attention.
When failures approach the Per Cent-age rate, that's equivalent to ~10k DPPM, and that's daily stand-up territory.
Could you share in terms of defective parts per day (or hour), how much would that be? Or roughly how many parts were being made daily? (Reason for asking is that this metric could be partially extrapolated to high-quality low-scale manufacturing as well.)
It might not be very helpful in many cases, but can still be an "ideal" reference/target especially from the point of view of someone manufacturing at a a small scale.
To be fair it says "more than 99%", which may just be popsci-journalist-speak for "very accurate". This is the same author who says terahertz waves "travel much faster than radio waves".
> This system would probably have to be far better than 99% to be helpful.
This article does talk about this specifically:
> “One drawback is that we had a limited data sample for this demonstration, but we could improve the neural network in the future if a large number of these tags were deployed in a supply chain, giving us a lot more data samples,” Lee says.
I.e. they're well aware that 99% would need to be improved, but it sounds like they've managed to hit that level with a handful of individually created samples and a tiny project to train a model. This is just a prototype really, and 99% accuracy when testing a prototype doesn't seem unreasonable, it's not like they're planning to ship this tomorrow. It's a demonstration that recognizing these patterns automatically is actually possible in the first place, and in a serious roll-out scenario it would _probably_ be possible to train a model to do very significantly better.
I think this could have lots of novel ways of being accurate.
it might not be like biometrics, because it could have an identifier repeated 100 times, and then the glue/tampering part could be a completely different sort of algorithm that could be optimized to physical removal, not just degradation.
The interesting part is it’s not the tag. It’s the adhesive behind the tag. I agree 99% is not good enough. But if it’s some sort of backup verification to the tag itself, at no extra cost, there might be something.
I read 99% percent accuracy in a given time. For 1% the algorithm could ask the user for patience and perform a "deeper" search increasing its overall accuracy.
> This tiny tag, which offers improved security over RFIDs, utilizes terahertz waves, which are smaller and have much higher frequencies than radio waves. But this terahertz tag shared a major security vulnerability with traditional RFIDs: A counterfeiter could peel the tag off a genuine item and reattach it to a fake, and the authentication system would be none the wiser.
Instant defeat of this device: Manufacture a tag that returns the signature of a known legitimate tag.
In order to be useful it would need to be challenge and response. Maybe they do this, but this MIT release doesn't actually give any link to a paper which is super annoying.
> Their antitampering tag contains a series of miniscule slots that enable terahertz waves to pass through the tag and strike microscopic metal particles that have been mixed into the glue.
Another issue: You would figure out how to destroy the connection between the material and the glue whilst leaving the surface of the chip intact. You would then simply re-attach it using another glue without particles in it.
> But when it came time to test the antitampering tag, Lee ran into a problem: It was very difficult and time-consuming to take precise enough measurements to determine whether two glue patterns are a match.
> He reached out to a friend in the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) and together they tackled the problem using AI. They trained a machine-learning model that could compare glue patterns and calculate their similarity with more than 99 percent accuracy.
As others have pointed out, this is a bad idea. You'd want some form of a probabilistic hash and for that to be stored in a database.
> Another issue: You would figure out how to destroy the connection between the material and the glue whilst leaving the surface of the chip intact. You would then simply re-attach it using another glue without particles in it.
That was my first thought. If that's on a banknote, you'll have people cutting the paper around the tag and gluing it to the counterfeit, including the old paper it sticks to. This means you already need to look at the "watermark" again, you can't just read the tag.
Add some micromechanical sanding/grinding, chemical etching or laser ablation, and not only can't you read the tag with an antenna, but you need a microscope to look at - and a spectrometer, to look at the glue.
> As others have pointed out, this is a bad idea. You'd want some form of a probabilistic hash and for that to be stored in a database.
I think the reason they went with ML to do pattern recognition is because the THz response of the tag is a finicky analog signal, which might change in fundamental ways if you do things like reposition the antenna, or change what's in front/behind the tag. The problem is probably pretty similar to identifying whether two images are similar in the special case where you allow pretty significant distortions to one of the images. Hashing usually doesn't work to well for cases like that, but maybe a wavelet transform approach would work.
> I think the reason they went with ML to do pattern recognition is because the THz response of the tag is a finicky analog signal, which might change in fundamental ways if you do things like reposition the antenna, or change what's in front/behind the tag.
I don't doubt one second that it's difficult, but it's where the value really is. For security, you need a private key that is stored in an unreadable format that is destroyed by trying, followed by a challenge-response system to query it.
Unfortunately, without the whole picture coming together, the method cannot be adopted. With security it's kind of all or nothing. Given the value they propose it has as a solution, bypassing these checks almost definitely has value.
> terahertz waves, which are smaller and have much higher frequencies than radio waves.
Strange language, this journalist uses. "Terahertz waves" are radio waves, although they're more commonly called far-infrared.
It's not clear to me what the tag itself does, apart from the glue. Apparently it serves only to hold the glue in place, and so is 100% redundant. Or perhaps the talk about "slots" explains the purpose of the tag: it sounds like a grating, but the article doesn't explain why you need a grating.
What prevents somebody from scanning it and reconstructing the position of the metal pieces?
Perhaps a better solution is to create a small chip powered by electric induction. The chip would have an embedded private key and solve challenge-response queries issued by the scanning device.
I'm not sure how that compares in cost though.
Edit: it looks like these already exist and cost less than 10 cents a piece. They are called NFC tags.
It says in the article that the idea behind this implementation is that if the tag is swapped it breaks the authentication since the glue is involved in authenticating. NFC/RFID chips can just be swapped from a real product to a fake one as-is.
>What prevents somebody from scanning it and reconstructing the position of the metal pieces?
You're talking about very, very small pieces of metal whose position/orientation is not deterministic when laying the glue and that information is combined with the tag itself to present some kind of challenge response.
Yeah if I’m understanding the article correctly it’s not that the glue is pre-printed with a specific code but rather the glue has a bunch of particles suspended in it and take on an arbitrary pattern when used. Conceptually similar to https://trmm.net/Glitter/ but at a much smaller scale.
Why is it not possible to embed the NFC tag in a destructible medium? Like those annoying stickers that you cannot peel without ripping?
If you use that, then the only way to move the NFC tag to another item would be to cut it out of the original item (including the original adhesive). But this attack also works against the technique in the article.
Regarding the orientation, I understand that it is nondeterministic in the original, but what prevents an attacker from copying it deterministically? Is it just that technology is not good enough to manipulate such small pieces of metal? How long will this limitation persist?
Yes, like other similar tamperproofing options (glitter, vacuum-sealed colored beads, etc) it's trivial, cheap and fast to get a random pattern, but absolutely impractical to control the pieces to get any specific pattern - perhaps someone like a microsurgeon could manipulate them properly given enough time, but that would take an absurd time (since there are many tiny pieces which each need to be manipulated within a gooey substance where each movement disturbs previous ones as well) and be absurdly expensive, and nobody has a "printing" technology to do it in a cost-efficient way.
Perhaps in future someone could develop an advanced combination of 3d printer and pick&place machines that could do it, but such future potential doesn't disqualify this tech from currently detecting counterfeiting of fancy shoes or something.
Why would you need a 3D printer or pick&place machines? You can just do it photolithographically.
Coat a piece of glass with a thin layer of metal. Put a photoresist on top. Project the desired pattern onto it with UV light. Wash the unhardened photoresist away and etch the unnecessary metal.
Now you've got metal in exact the spots you'd like, of exactly the thickness you'd like. You can get the accuracy down to a few hundred micrometers for cheap today.
That would work only for a planar distribution of material. A 3D distribution would require multiple layers (I guess it might quickly become infeasible if it requires thousands of layers).
In the case of 3D arrangements, I think some substrate materials (and also some properties of the particles) would be very difficult to get using photolithography (or some kind of micro 3D printing).
In the case of 3D arrangements, you don't necessarily need to create all the layers photolithographically. You might be able to flatten N layers into 1 layer, then add a plastic coating equivalent to N-1 layers ontop, then repeat that. You'll have a very similar result to every layer being separate.
Imagine e.g. the "multiple layers of cardboard cutouts" scenery in theater vs it actually being 3D.
I don't know much about photolithography, but doesn't it rely on relatively expensive fixed masks prepared for each layer?
Assuming that doing the process you describe is sufficient, what's the ballpark of what "for cheap" means for you if you needed to print 1000 different fake tags, assuming many layers of "the desired pattern" to print the metal flakes?
> doesn't it rely on relatively expensive fixed masks prepared for each layer
If you need perfectly sharp edges and high precision, sure. But I'm sure in this case that'd be unnecessary.
> Assuming that doing the process you describe is sufficient, what's the ballpark of what "for cheap" means for you if you needed to print 1000 different fake tags, assuming many layers of "the desired pattern" to print the metal flakes?
I described in another comment an additional way to quantize the layers to reduce the repetition steps, which would reduce costs further.
Regarding costs, you could fake a THzID chip for about 500€ per fake. Not cheap enough to do it for household items, but if you're faking designer bags, clothing, sneakers, or electronics, it'd be absolutely worth it.
With the right techniques it's often possible to remove those annoying stickers without ripping them. Some of the techniques involve using a solvent or very thin and slippery blade. They are supposed to be resistant against that, but in practice a lot of time not enough.
NFC tag usually consists of two parts very tiny IC (small piece of silicon the size of sand grain) and antenna (a piece of metal foil in a fancy shape). You could make an NFC tag where attempting to remove it rips antenna, but that wouldn't destroy the IC. It's probably a matter of product price and quantities whether, counterfeiting it by reattaching the NFC chip to a new antenna is economically viable. As the process is not only possible it's performed at the NFC tag factory at very large quantities at very low cost. It might also be possible to repair parts of broken antenna assuming area around IC is undamaged.
So overall you get simplicity and cost of regular tamper resistance stickers, with better resistance against solvent and blade attacks, and security properties closer to what you get from secure NFC chip (except you can't perform more complicated cryptographic operations like signing arbitrary data).
> Is it just that technology is not good enough to manipulate such small pieces of metal? How long will this limitation persist?
I would expect that at any point in future, whatever the best controlled manufacturing technique invented are, it will be possible to create uncontrolled pattern at finer scale, or at least much cheaper. Unless we reach the point where maintaining stable state without deteriorating becomes a problem, or the quantity of data for storing and processing becomes impractical.
Though the re-construction of the pattern is effectively impossible, I think you raise a good point regarding the use of NFC. The article mentioning a cloud database was a red flag for me as it introduces another attack vector. Sure, it's not as simple as replacing the tag as you can with RFID, but we know the counterfeiters will go to impressive lengths to replicate the real deal. If verification can be all-local that's ideal, imo. The issue there, though, is that you then need to trust either the scanned or scanning device with a private key. A private key that, if obtained, could be used to create infinite counterfeits. Either way, I think this glue-based method is a great solution, even if it does rely on a cloud service which is dependent on the company that maintains it.
I don't know if I understood correctly. But it might be that the metal pieces in glues are pure random process, and there are no way to reproduce or re-print it again. The metal pieces are then recorded as a key in central database or some sort of AI, just like human fingerprint or retina how are collected and used for authentication???
Why not just record a microscopic look at some specific quadrant of the items? It seems like there'd be at least as much entropy to exploit that way as with these metal fragments. I don't mean just a photo, but some way of describing a fairly stable quality of the material at a level of detail minute enough to ensure sufficient entropy.
"The issue not mentioned is one I've encountered in other similar
projects which is false negatives cause by "creep" in plastics and
general thermoplastic movement. We had a near-UV scanner that could
map the surface of a test object (sensitive circuit boards) down to a
few wavelengths, but it was too damn accurate. Go back and scan the
same object a week later and stuff (like solder joints) has moved
naturally. That doesn't work when things are in transit for weeks
with vibrations and temperature variations"
> which someone seems determined to bury for some reason
People may be downvoting the top message because it contributes nothing. It doesn't require some nebulous malicious actor somehow trying to keep you down.
Well, this meta speculation about people's machinations is generally
unhelpful anyway. But my claim was somewhat different; that the same
article was spammed to HN three times in a 24 hours. I was surprised
it wasn't flagged as a dupe and merged, which meant only the slight
inconvenience that my earlier relevant comment had to be copy-pasted.
I was wondering if degradation of the glue might too. Also, presumably this only works on solid surfaces - i.e. things that flex (clothes? ...glass?) might not work as the pattern might change over short/long periods of time too.
There's several ways the original ID-less item is not a problem:
* The attacker might have physical access to the genuine item, but not have ownership of it. A counterfeit seller might peel of stickers in a legitimate store, and use them in the fake store. Walking out with a bunch of stickers in a Farraday cage is a lot easier than walking off with the actual merchandise. The original retailer is then stuck with an unauthenticatable genuine item.
* The attacker might transplant a sticker from a defective genuine item (e.g. in a repair shop) to a counterfeit item. The genuine item was already worthless at this point.
* The attacker might transplant a sticker from an authorized object (e.g. locked suitcase that has passed inspection) to an unauthorized object (e.g. locked suitcase with contraband). The original object can then be discarded.
This tech would prevent each of these attacks (should it prove pracical)
Depending on the article it might still be possible to detach/reattach the tag without damaging the glue interface (e.g. it's on the casing of expensive devices, or fabric etc)
If the purpose is to get a fake device somewhere for nefarious purposes such as bombings, surveillance, network infiltration, or some other purpose people would do it. Yes.
Curiously, the act of unpeeling adhesive tape generates non-polarized Terahertz radiation - so the dying act in a sense for one of these being peeled off might be to have one final taste of Terahertz legitimacy of its own creation.
OTOH, online authentication doesn’t necessarily even need a tag at that point, right? If invisible or at least imperceptible the particles could just be permanently applied.
This is more like publishing hashes of a file you download. You can use it to verify the identity of an object, but that's it.
This differs from DRM in a fundamental way, namely that you are not required to do this. You can choose to ignore it if it turns out the object isn't authentic. Whereas DRM relies on making you enforce certain rules, and putting technological or legal barriers in your way to prevent you from breaking them.
True, at the right price points for tag and reader, it could be used as yet another tech for jerky DRM on consumables like printer ink.
But some hard-to-clone and viable-to-read tagging technologies can be very useful for purposes like authenticating genuine product (which consumers are starting to care about), for tracing graymarket items (sold in contract-violating ways, which some international brands care about), and for disrupting retail theft rings.
There's also engagement angles that a lot of brands want to add to the tech investment. (And there may also cost be savings/consolidation opportunities with packaging costs, and it can involve the industrial design, and affect branding, and involve manufacturing, and distribution, and retail, and multiple IT integrations, and field operatives. Which is how your enterprise sales meetings get 10x more stakeholders than the person charged with reducing counterfeiting.)
(I worked on applications of hard-to-clone tags a few years ago. Unfortunately, our startup launched its first factory integration just as Covid hit the US, which meant that investors and customers understandably both got skittish about the near future, we ran out of runway, and our talent scattered to the winds.)
That’s already happening. If companies want to be assholes, we should boycott the company and demand they change. Things are worse than printer ink. Soon, I’ll have to subscribe to turn the heat on in my car.
The ability to prove the origin of something over "Source: dude trust me bro" is critical to a great number of people.
But sure, let's stick with "yeah nah, this piece of paper says what's in the box is in the box so it must be legit" because FOSS is gonna get salty about this.
It's especially important for physical devices that are shipped. To
make sure that nobody stuck a couple of extra "implant" chips in your
new laptop, or phone.
You can hear plenty about the use of xrays (and how unwieldy that is)
to verify electronic circuits in some CCC videos. I commented about
some of the challenges of false negatives in another version of this
thread (which was strangely posted three times by MIT? Is reposting
daily until you get traction acceptable behaviour - may have to try it
myself some time :)
They probably mean faster as in transmitting data more quickly than with lower frequency. The EMR travels at the same speed, but you get more throughput.
It isn't uncommon to use verbiage where speed is associated with frequency rather than the speed at which a wave propagates across a distance. I'm not saying we should say things this way, but that it is not uncommon. (Consider the audience. It is the general public who does not have such well founded notions. Again, not that they shouldn't, but here we are)
But waves do travel at different speeds. In fact, different frequencies travel at different rates in different media. Only the speed of light __in a vacuum__ is constant. Which is pretty rare. So rare that even space doesn't have a pure vacuum, though 1 hydrogen atom per meter is pretty close if you ask me.
There's nothing wrong with saying that blue light is faster than red light, in context, it obviously means the frequency. It might be better to specify, but in many contexts that isn't necessary.
But you can't say that blue light travels faster than red light, because that's obviously wrong.
Sadly, this is unlikely to be deployed commercially. But it's cool to come up with new ideas in the space!
A couple key points:
* Readers work at a 4cm distance
* Rather than a key database, the researchers propose an AI to memorize patterns
These are no-go for almost all product ID scenarios I can imagine. Not least because the AI will have a harder and harder time validating patterns the more patterns are thrown at it. As described, a registry would be better, much better. But still bad.
David Chaum has done some work using glitter patterns on banknote bills, which I think is super cool, essentially: random reflective pattern from glitter -> some sort of FFT / visual identification signature -> stored in a registry.
Even that is going to be somewhat tough because you'll need the registry. Or alternately a chip that can store a signature and a reference to the pattern, in which case you'll just need a reader that knows the public key of the signer.