关键词: 3D printing , IP protection, SHA-256, challenge-and-response authentication
It is fair to say that 3D printing is revolutionizing the manufacturing landscape. Can you imagine sending a 3D print of your feet to have a pair of shoes customized for you? This is not really that far-fetched.
Modern 3D printing, also known as additive manufacturing, is the process of making a three-dimensional solid object of virtually any shape from a 3D model or other electronic data source. As an additive manufacturing method, the manufacturer “adds” material to an object, layer by layer, to create the final product (Figure 1). Given the staggering sudden growth of 3D printing and the several different 3D printing methods, all indications suggest that 3D printing is, or should be, considered a disruptive technology.1 Following from that assertion, to say that 3D printing will change the world is not at all a stretch.
Figure 1. Sample objects created by 3D printing. Photo courtesy of 3DPS.
The 3D printing technique has been evolving to create 3D models and prototypes in the automotive, aerospace, healthcare, and consumer industries. Aficionados believe that these 3D models could help companies complete a project in less time and/or with fewer resources. Consequently, 3D printing is emerging quickly,2 the impetus for a radical shift from rapid prototyping to rapid manufacturing. This is, indeed, a disruptive technology.
For vendors in this space, the dream is to put a 3D printer in every house. Costing often from $2,000 (U.S.), some 3D printers are now priced just under $1,000 (U.S.).3 Many see this as a fast-evolving market, still in its infancy. Canalys, an independent market research firm, predicts that the size of the overall 3D printing market (including printer sales, materials, and related services) will rise to $3.8 billion in 2014; that by 2018 the market will amount to $16.2 billion, an expected 45.75% CAGR during that period.4 Given these forecasted numbers, it is not surprising that 3D printing has received considerable press attention in recent years. As a disruptive technology, it has the power to reshape the industry and change manufacturing processes. Nonetheless, there remain several fundamental barriers to such a remarkable market uptake, including the cost of the printer. Even at less than $1,000 today, a 3D printer is still very expensive for a consumer product.
If you have ever purchased razors and their replacement blades, you have experienced the Razor-Razorblade business model. This business practice involves selling a main item at a discount just so the complementary (often disposable) secondary goods can be sold at a considerably higher price.5 Beyond razor blades, this business model has been successfully used for the traditional printer market for a long time and continues to be a very successful strategy.
One could argue that this Razor-Razorblade model is the best business strategy and the fastest path for moving a 3D printer to mainstream with a printer in every home. In simple terms, you would dramatically increase the adoption rate of 3D printing by selling the printer at a much reduced cost, even almost for free, and then make consistent money on the sale of the cartridge spool or printing filament. Figure 2 below shows an example of a disposable 3D printing filament package.
Figure 2. A Cube® 3D plastic cartridge. (Image provided courtesy of 3D Systems.)
The 3D printer cartridge spool or printing filament will also let the printer support a large combination of materials, colors, and finishes at different price points. Just as with traditional ink cartridges where the customer is given the ink level in each color, the 3D printing filament usage status can be provided as well. As history has taught us well, the Razor-Razorblade model only works when there has been a strong IP protection scheme implemented on the disposable against cloning, counterfeiting, replicating, and imitating.6 There is little doubt that counterfeiters will try to replicate 3D cartridges and defraud the legitimate manufacturers of those products. How can that IP theft be thwarted? The answer is straightforward: embed secure identifying technology into each 3D printer and cartridge.
For many years in countless products and applications a secure hash algorithm (SHA) authentication scheme has been a very effective way to protect IP from counterfeiting and illegal copying. A SHA-256 security system based on a secure hashing standard, Publication FIPS PUB 180-4, defined by the National Institute of Standards and Technology (NIST) makes for a strong anticounterfeiting or anticloning tool. Secure authentication of disposable products also has the positive affect of controlling material quality which, in turn, greatly affects the manufacturer’s brand identity.
As a short digression here, Maxim’s DeepCover® secure authenticators like the DS28E15 with 1-Wire® interface and 512 bits user EEPROM have enjoyed a front-runner position in many embedded applications. System designers have used the DS28E15 to protect their R&D investments because this authenticator implements advanced physical security and provides the ultimate in low-cost IP protection.
The SHA-256 communication involves a symmetric key-based bidirectional challenge-and-response authentication scheme. It is a hand-shaking protocol in which one party (the host or master, and in our discussion, the 3D printer) presents a secret question or challenge to another party (the slave, and here, the cartridge or spool). The slave must provide a valid answer or response in order to be authenticated. The slave cartridge’s response, moreover, depends on both the challenge that it receives and its stored secret response. If the cartridge answers the secret question wrong, then the printer will reject the cartridge.
The major components of the authentication scheme include the 256-bit random challenge, the cartridge’s ROM ID, and the secret that is unique and embedded in each slave IC at the manufacturing stage. The secret is programmed into the protected memory of a SHA-256 secure authenticator, the DeepCover DS28E15. The same secret is also programmed into the secure host authenticator, the DS2465, in the printer cartridge. A strong and secure secret key-management scheme is necessary to protect the secret key from being compromised.
Immediately after a cartridge is installed into a secured 3D printer, the following sequences of events occur (Figure 3).
Figure 3. Diagram of a SHA-2-based challenge-and-response authentication transaction sequence for a 3D cartridge.
Figure 4. A SHA-2-based secure authentication circuit implementation. This illustration shows the DS28E15 DeepCover secure authenticator connected via the 1-Wire interface to the DS2465 SHA-256 coprocessor, which helps to compute the MAC on the host side before the authenticating comparison is made.
Figure 4 illustrates how SHA-256 authentication is embedded in a 3D printer and companion ink cartridge. A DS28E15 secure authenticator is the essential, protection device embedded in the host 3D printer. The 3D printer with the DS2465 (i.e., the host master) will only accept an authentic response from a genuine cartridge (i.e., slave). All this communication happens over a 1-Wire communication interface which, in this case, is also how the DS28E15 is powered on the cartridge. This authentication scheme assumes that both the 3D printer and the cartridge have the same SHA secret which was programmed during manufacture in a secure factory environment.
The DS28E15 secure authenticator has another distinct advantage. It is built with its own unique 64-bit serial or identification number (ROM ID) used as one of the inputs of the SHA-256 engine. This makes each 256-bit MAC a unique number. The DS28E15’s memory can also be partitioned into areas with open access (e.g., unprotected) and into areas where the host (printer) must authenticate itself to the slave (cartridge) for EEPROM write accesses. Several protection modes are available and described in the data sheet.7
When EPROM Emulation (EM) protection mode on the DS28E15 is activated, individual memory bits can only be changed from 1 to 0, but not from 0 to 1. Once the EM mode is selected, this cannot be reversed. This essentially represents the best avenue to implement a countdown or limit usage features on the cartridge which can be extremely challenging to defeat. This usage-limit feature bars a user from forcing the cartridge packaging open to add their own filament martials.
The memory protection modes on the DS28E157 also provide a platform or means on the 3D printer to support other features. These features include the printer’s ability to support different print job finishes or to create objects using a greater combinations of materials and colors. These capabilities are ultimately the key features which will contribute to the market uptick of 3D printing.
Sadly, it is common for a supposedly secure disposable product to be attacked by a variety of sophisticated die-level methods to extract secure data and/or reverse device settings. All this is done to compromise system security for the sole purpose of cloning or counterfeiting it. To provide the highest affordable protection against this inevitable malicious attack, the DS28E15 employs proprietary die-level physical techniques, circuits, and cryptographic methods to protect sensitive data, control signals, and secret keys.
Maxim has a long track record, 20+ yrs of R&D, in making embedded security solutions to protect diverse end markets including financial, print consumables, medical consumables, computing, gaming, energy metering. Maxim’s expertise with crypto algorithms, complex IC-level physical protection implementations (e.g., advanced die-level physical security), and customized IC packaging remain key to helping for customers protect their R&D investments.
Could the DS28E15 DeepCover secure authenticator protect 3D cartridge manufacturers from clones and counterfeits? Could it eventually drive consumers to adopt 3D printing faster and have a 3D printer in every home? Yes. With the SHA-based challenge-and-response authentication scheme implemented in the DS28E15, the 3D printer market can ensure that a genuine and vetted cartridge is being used. With their assets, IP, and brand quality protected, the printer market can then shift a sizeable portion of revenue from the sale of the printer to sale of the disposable cartridges.
As history has taught us, the Razor-Razorblade model works only when there is a strong IP protection scheme implemented against cloning, counterfeiting, replicating, and imitating disposables. The DS28E15 DeepCover secure authenticator IC is the right path for selling more 3D printers.
A similar version of this application note appeared November 21, 2014 in EDN.