We report progress towards development of a cyber-physical trust anchor for additive manufacturing systems. The additive manufacturing commercial sector needs cyber-physical trust anchors to establish a secure supply chain, to detect counterfeiting and to ensure part provenance. However, the underlying technology of cyber-physical trust anchors requires optimization and spans several sectors ranging from mathematics, additive manufacturing, materials science, nondestructive evaluation, to cyber science. The fast and effective deployment of cyber-physical trust anchors requires an educational component. This project present a novel method for authenticating additively manufactured parts. Features are extracted using advanced X-ray imaging, transformed into unique identifiers, and bound with security features for cloud-based blockchain authentication. A plan for the low-cost and safe incorporation of cyber-physical trust anchor research in education is included. The anticipated outcome is an optimized trust anchor prototype and educational product suitable for interdisciplinary research and coursework to develop the workforce needed for cyber-secured physical supply chainsd.
This content will become publicly available on November 30, 2024
Key parameters linking cyber-physical trust anchors with embedded internet of things systems
Integration of the Internet of Things (IoT) in the automotive industry has brought benefits as well as security challenges. Significant benefits include enhanced passenger safety and more comprehensive vehicle performance diagnostics. However, current onboard and remote vehicle diagnostics do not include the ability to detect counterfeit parts. A method is needed to verify authentic parts along the automotive supply chain from manufacture through installation and to coordinate part authentication with a secure database. In this study, we develop an architecture for anti-counterfeiting in automotive supply chains. The core of the architecture consists of a cyber-physical trust anchor and authentication mechanisms connected to blockchain-based tracking processes with cloud storage. The key parameters for linking a cyber-physical trust anchor in embedded IoT include identifiers (i.e., serial numbers, special features, hashes), authentication algorithms, blockchain, and sensors. A use case was provided by a two-year long implementation of simple trust anchors and tracking for a coffee supply chain which suggests a low-cost part authentication strategy could be successfully applied to vehicles. The challenge is authenticating parts not normally connected to main vehicle communication networks. Therefore, we advance the coffee bean model with an acoustical sensor to differentiate between authentic and counterfeit tires onboard the vehicle. The workload of secure supply chain development can be shared with the development of the connected autonomous vehicle networks, as the fleet performance is degraded by vehicles with questionable replacement parts of uncertain reliability.
more » « less- Award ID(s):
- 1946231
- NSF-PAR ID:
- 10496352
- Publisher / Repository:
- https://www.frontiersin.org/articles/10.3389/frcmn.2023.1096841/full
- Date Published:
- Journal Name:
- Frontiers in Communications and Networks
- Volume:
- 4
- ISSN:
- 2673-530X
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
more » « less
Abstract -
Substandard and falsified (SF) pharmaceuticals account for an estimated 10% of the pharmaceutical supply chain in low- and middle-income countries (LMICs), where a lack of regulatory and laboratory resources limits the ability to conduct effective post-market surveillance and allows SF products to penetrate the supply chain. The Distributed Pharmaceutical Analysis Laboratory (DPAL) was established in 2014 to expand testing of pharmaceutical dosage forms sourced from LMICs; DPAL is an alliance of academic institutions throughout the United States and abroad that provides high quality, validated chemical analysis of pharmaceutical dosage forms sourced from partners in LMICs. Results from analysis are reported to relevant regulatory agencies and are used to inform purchasing decisions made by in-country stakeholders. As the DPAL program has expanded to testing more than 1000 pharmaceutical dosage forms annually, challenges have surfaced regarding data management and sample tracking. Here, we describe a pilot project between DPAL and ARTiFACTs that applies blockchain to organize and manage key data generated during the DPAL workflow, including a sample’s progress through the workflow, its physical location, provenance of metadata, and lab reputability. Recording time and date stamps with this data will create a permanent and verifiable chain-of-custody for samples. This secure, distributed ledger will be linked to an easy-to-use dashboard, allowing stakeholders to view results and experimental details for each sample in real time and verify the integrity of DPAL analysis data. Introducing this blockchain-based system as a pilot will allow us to test the technology with real users analyzing real samples. Feedback from users will be recorded and necessary adjustments will be made to the system before the implementation of blockchain across all DPAL sites. Anticipated benefits of implementing blockchain for managing DPAL data include efficient management for routing work, increasing throughput, creating a chain of custody for samples and their data in alignment with the distributed nature of DPAL, and using the analysis results to detect patterns of quality within and across brands of products and develop enhanced sampling techniques and best practices.more » « less
-
The Internet of Things (IoT), forming the foundation of Cyber Physical Systems (CPS), connects a huge number of ubiquitous sensing and mobile computing devices. The mobile IoT systems generate an enormous volume of a variety of dynamic context data and typically count on centralized architectures to process them. However, their inability to ensure security and decline in communication efficiency and response time with the increase in the size of IoT network are some of the many concerning weaknesses that are holding back the fast-paced growth of IoT. Realizing the limitations of centralized systems, recently blockchain-based decentralized architecture is being considered as the key to redesigning the IoT systems in a way that is designed to be secure, transparent, highly resistant to outages, auditable, and efficient. However, before realizing the new promise of blockchain for IoT, there are significant challenges to address. One fundamental challenge is the scale issue around data collection, storage, and analytic as IoT sensor devices possess limited computational power and storage capabilities. In particular, since the chain is always growing, IoT devices require more and more resources. Thus, an oversized chain poses storage and scalability problems. With this in mind, the overall goal of our research is to design a lightweight scalable blockchain framework for IoT of mobile devices. This framework, coined as "Sensor-Chain", promises a new generation of lightweight blockchain management with a superior reduction in resource consumption, and at the same time capable of retaining critical information about the IoT systems of mobile devices.more » « less
-
The rapid development of three-dimensional (3D) acquisition technology based on 3D sensors provides a large volume of data, which are often represented in the form of point clouds. Point cloud representation can preserve the original geometric information along with associated attributes in a 3D space. Therefore, it has been widely adopted in many scene-understanding-related applications such as virtual reality (VR) and autonomous driving. However, the massive amount of point cloud data aggregated from distributed 3D sensors also poses challenges for secure data collection, management, storage, and sharing. Thanks to the characteristics of decentralization and security, Blockchain has great potential to improve point cloud services and enhance security and privacy preservation. Inspired by the rationales behind the software-defined network (SDN) technology, this paper envisions SAUSA, a Blockchain-based authentication network that is capable of recording, tracking, and auditing the access, usage, and storage of 3D point cloud datasets in their life-cycle in a decentralized manner. SAUSA adopts an SDN-inspired point cloud service architecture, which allows for efficient data processing and delivery to satisfy diverse quality-of-service (QoS) requirements. A Blockchain-based authentication framework is proposed to ensure security and privacy preservation in point cloud data acquisition, storage, and analytics. Leveraging smart contracts for digitizing access control policies and point cloud data on the Blockchain, data owners have full control of their 3D sensors and point clouds. In addition, anyone can verify the authenticity and integrity of point clouds in use without relying on a third party. Moreover, SAUSA integrates a decentralized storage platform to store encrypted point clouds while recording references of raw data on the distributed ledger. Such a hybrid on-chain and off-chain storage strategy not only improves robustness and availability, but also ensures privacy preservation for sensitive information in point cloud applications. A proof-of-concept prototype is implemented and tested on a physical network. The experimental evaluation validates the feasibility and effectiveness of the proposed SAUSA solution.more » « less
-
As in-vehicle communication becomes more complex, the automotive community is exploring various architectural options such as centralized and zonal architectures for their numerous benefits. Common characteristics of these architectures include the need for high-bandwidth communication and security, which have been elusive with standard automotive architectures. Further, as automotive communication technologies evolve, it is also likely that multiple link-layer technologies such as CAN and Automotive Ethernet will co-exist. These alternative architectures promise to integrate these diverse sets of technologies. However, architectures that allow such co-existence have not been adequately explored. In this work we explore a new network architecture called Named Data Networking (NDN) to achieve multiple goals: provide a foundational security infrastructure and bridge different link layer protocols such as CAN, LIN, and automotive Ethernet into a unified communication system. We have created a proof-of-concept bench-top testbed using CAN HATS and Raspberry PIs that replay real traffic over CAN and Ethernet to demonstrate how NDN can provide a secure, high-speed bridge between different automotive link layers. We also show how NDN can support communication between centralized or zonal high-power compute components. Security is achieved through digitally signing all Data packets between these components, preventing unauthorized ECUs from injecting arbitrary data into the network. We also demonstrate NDN's ability to prevent DoS and replay attacks between different network segments connected through NDN.more » « less
