Xerox PARC Creates Self-Destructing Chip 96
angry tapir writes: Engineers at Xerox PARC have developed a chip that will self-destruct upon command, providing a potentially revolutionary tool for high-security applications. The chip, developed as part of DARPA's vanishing programmable resources project, could be used to store data such as encryption keys and, on command, shatter into thousands of pieces so small, reconstruction is impossible.
From the halt-and-catch-fire dept. (Score:2, Funny)
From the halt-and-catch-fire dept. surely?
Re: (Score:3)
Re: (Score:1)
Yeah, this is a "your device is now out of warranty. please purchase a new one." thing.
Re:From the halt-and-catch-fire dept. (Score:5, Funny)
Nah, that's the last status message sent:
or the more traditional:
"CPU#0: Possible thermal failure (CPU on fire?)
I can't wait till they put one in a printer. Then this error message [wikipedia.org] will become a reality:
Or I should say
lp0 on fire
Re: (Score:2)
HTTP status code 451 should really be "server on fire."
Re: (Score:2)
Like anyone who works at Slashdot would get that.
Impossible? (Score:2, Funny)
Challenge accepted?
Re:Impossible? (Score:5, Interesting)
The demo involved resistive heating sufficient to mechanically stress the glass into failure. That sounds exactly like the sort of mechanism where attacking the chip's supply of power(either undervolting it, putting it on a tightly limited constant-current supply, or both) might allow you to keep the chip's logic functions operational; but keep the heater from being able to destroy the glass. Depending on the sensitivity of the circuit layer, one could also slowly and evenly heat the entire package, to increase the power required to induce enough localized thermal expansion to cause catastrophic cracking.
It reminds me of the old fight between satellite and cable 'conditional access' system manufacturers and pirates: you had the really early conditional access cards with separate contacts for the higher voltages needed to reprogram the EEPROM; so people covered those with tape to make the cards read only. Then they moved to onboard charge pumps, and people moved to sabotaging those without damaging the read circuitry. And so forth.
This seems like a similar situation. I don't doubt the ability of stressed glass to shatter violently(semi-related; but fun, "Prince Rupert Drops" are a great demonstration of this); but if you want to turn that into a security mechanism, you need to protect the glass-shatterer componenents, and the sensors that trigger them, from sabotage or deception for the mechanism to be useful in practice. It is an advance over a normal silicon wafer with a small explosive charge, and probably a lot more legal for consumer goods; but you still need to know when to shatter the glass, and make sure that the attacker can't remove your ability to do so without triggering the failsafe.
Re: (Score:3)
(semi-related; but fun, "Prince Rupert Drops" are a great demonstration of this
That is just freaky... (Here's a nice video [youtube.com] including some high FPS shots of one breaking)
Re:Impossible? (Score:5, Informative)
You pretty much just blowtorch the end of the rod until it melts and drips into a bucket of water. In my tests, either my technique or my materials sucked enough that I couldn't get above ~10% success rate; but a pound or so of lampwork rod is cheap, so it didn't matter too much. And it is weird to interact with a piece of glass that you can't break with a sledgehammer; but which tears itself apart in the blink of an eye if you snip its tail. Wear your damn safety goggles; but good clean fun.
Re: (Score:2)
I was wondering that myself, since I was thinking of the fracture patterns in Prince Rupert Drops, and how an attacker could mount a DoS, similar to the old mainframe systems that permanently locked accounts after three wrong guesses [1].
There is also the impact/shock resistant element. Would the vibrations of car eventually cause enough microfractures to get the chip to shatter?
Of course, I'm guessing the use for this chip will be in applications where security is far more important than recoverability.
Re: (Score:3)
It is an advance over a normal silicon wafer with a small explosive charge, and probably a lot more legal for consumer goods; but you still need to know when to shatter the glass, and make sure that the attacker can't remove your ability to do so without triggering the failsafe.
When it comes to military applications, they will likely continue to use both an explosive charge and this technology. When an attack helicopter is downed, for instance, the pilots hit the master destruct button which blows up the PCMCIA card that contains encryption keys, maps and other sensitive data. Then the DART comes out (Downed Aircraft Rescue Team). If they can't save or salvage the aircraft, they pull out their WP grenades and attach them to key areas of the airframe and watch the fireworks show
Re: (Score:2)
Challenge accepted?
Hey if you can drop it into a black hole and still get the information out later, this should be a breeze!
Re: (Score:1)
Denial of Service (Score:2)
So then... (Score:1)
Halt and Catch Fire?
Re: (Score:2)
Yea. The innovation here is they don't use fire...
(explosive or exothermic melting security electronics exists since a long time but is dangerous...)
Annnnnd.... (Score:3)
The only companies interested in it will be consumer electronics companies just waiting for the next big thing to lock consumers out of their own shit.
Re: (Score:2)
Re: (Score:2)
Thanks Buggz! If I only had mod points...
Re: (Score:3)
Similar chips are already used in things like smart cards and POS terminals, where crypto keys need to be protected. The physical design causes the key to be wiped if the chip is tampered with. This is a new level of paranoia.
Re: (Score:2)
Those devices either wipe a value, or perhaps blow eFuses to disable circuits permanently.
It is a new level of paranoia, but having the ability to physically destroy a chip without resorting to electrical arcing, shorts, explosives, or other means which can cause big problems where intrinsic safety is needed, is a true innovation.
I can see this quite useful in a few consumer products:
1: An IronKey-like hardware encrypting USB flash drive, with a clear window showing the chip. If the chip is shattered, it
Re: (Score:2)
The only companies interested in it will be consumer electronics companies just waiting for the next big thing to lock consumers out of their own shit.
I was thinking the same thing. Set a timer to warranty period plus a day....
Re: (Score:2)
If mission aborts, details of hardware vanish on loss of power, and battery life is limited ...
Of course, I cannot tell you what the application was...
Re: (Score:2)
At first, I doubted this, but was reminded of Samsung Knox, and the eFuses which permanently blow on a device (no way . Thankfully the latest rooting/bootloader mods don't cause Knox to trip, but it is there, and likely will only get worse in future revs of the phone.
Re: (Score:2)
Looks like a chunk of my message got eaten. There is no known way to reset the Knox value back to 0x0, which allows the phone to use Samsung's pay system.
So... (Score:5, Insightful)
Hail to forced..... (Score:2, Insightful)
Now companies will be able to impose the upgrade cycle to all of us for every device known to man (including cars, fridges, etc.)
Ownership of anything is now dead......
Re: (Score:3, Interesting)
If proven to be used for enforced obsolescence I'm sure they're in for a bankrupting class action. You break my stuff, you pay me to buy a new one, plus moral damages for the pain you've caused me, regardless of how you did it.
Yet nobody seems to have proven even the existence of "warranty fuses" (ones that make your equipment break just after warranty expires)...
Re: (Score:2)
As far as I know, there is no way to build a fuse to will break at exactly the time you want it to, without it looking suspicious. Besides replacing a fuse in most cases is trivial.
And they can easily avoid class action suit by including in the licensing agreement that you do not own the device, you are renting it for a certain amount of time and the the real owner is the producer and they can, if they so chose, to burn the device at any time for any reason and you agree to it (you know like those credit ca
Re: (Score:2)
Replacing a fuse when you suspect that's the problem, and you're one of the few who isn't scared for taking a screwdriver to a piece of electronics.
Most consumers? Meh, printer's broke, warranty went out last week. Time to buy a new one, now with even more useless buttons and blinky lights!
Re: (Score:2)
Silly. You don't buy a new printer because the warranty is up, you buy it because you used up the ink in the last one and it's cheaper than replacement cartridges. If you reach the warranty period you're not printing enough to bother; go to Kinko's :)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Use a Laser Saber, Luke...
Uh, no, wrong movie.
Use a Laser Printer, Luke....
Re: (Score:1)
Yet nobody seems to have proven even the existence of "warranty fuses" (ones that make your equipment break just after warranty expires)...
That's because they're looking at the correlation backwards (a very common problem).
Products are stress-tested so manufacturers learn the approximate durability distribution. From those, they can calculate the warranty so that it ends two standard deviations before the mean time to failure. If I remember my distribution math correctly, this results in the free warranty covering about 2.5% of product failures. If repair costs are cheap enough, they might pick a line near (but slightly before) one standard
Terminology (Score:2)
"reconstruction is impossible."
After watching things for awhile I would steer away from saying something's impossible. Highly unlikely, next-to-impossible. Something like that. But never underestimate the ability for technology to evolve to solve "impossible" problems. Or even finding a critical mistake (hello AM passwords!) that makes it not so impossible after all.
broken but not stirred = sand castle (Score:2)
> Entropy cannot be reversed
Everybody who has ever assembled a jigsaw puzzle begs to differ. Unlight something? You can burn hydrogen and oxygen to make water, then electrically reverse that process as many times as you want. Reversing entropy requires energy.
In this particular case, cracking the glass into many pieces, without stirring those pieces, creates something like a fully-assembled jigsaw puzzle. If the pieces of glass are really small, they're called sand. An object composed of many piec
Re: (Score:1)
There are things that denature: you can't uncool an egg, you can't unmelt butter, etc.
Re: (Score:2)
I'm not sure about uncooking and egg, but you can unboil them.
http://www.livescience.com/49610-scientists-unboil-egg.html [livescience.com]
Re: (Score:2)
You can burn hydrogen and oxygen to make water, then electrically reverse that process as many times as you want.
Yes, but you can't tell what shape a chunk of ice was before it was melted.
Re: (Score:2)
sure it can; it just takes work (which increases entropy somewhere else). Give it a few years (okay, a couple decades) and I bet someone will have an atom-level deposition device that can take a burnt match and air and place the atoms for an unburnt match (not fast, mind you...)
Re: (Score:2)
I'll skip the 1960 pop culture reference, Mr. Phelps.
I know why you wanna hate me: because hate is all the world has even seen lately.
So, they invented... (Score:2)
... chips with integrated plastic explosives? As in, standard Mission Impossible/Inspector Gadget [tvtropes.org] type stuff. If there was actually a market for such devices in the real world, wouldn't it have already been fulfilled by now?
Or... are we just now learning about this, because certain "spy-craft" methods have recently been declassified, or something of that nature? Hmmmmmm.....
Re: (Score:2)
... chips with integrated plastic explosives? As in, standard Mission Impossible/Inspector Gadget [tvtropes.org] type stuff. If there was actually a market for such devices in the real world, wouldn't it have already been fulfilled by now?
There actually is a market for such devices in the real world. Anti-tamper implementations are required by DoD for the protection of "Critical Technologies" and "Critical Program Information" in order to prevent (well, really to make it as hard/expensive/time-consuming as practicable) an adversary from reverse-engineer a weapons system so it can be copied or countered. Implementations are invariably classified Secret.
Anti-tamper approaches that involve hardware can range from placing crucial software code
Re: (Score:2)
There actually is a market for such devices in the real world. ...
While you may be correct on that minor point, you skipped over my primary point entirely: If the government had a need for such things, then the tech almost certainly already exists in some form, as the idea has itself existed for decades in fictional representations. And we're not talking about Star Trek futuristic technologies here, either; it wouldn't be terribly difficult to literally pack small amounts of plastic explosives alongside (or even inside) the microchips in those critical technologies that y
Re: (Score:2)
"why did the PARC researchers need to investigate this topic in the first place? "
Plausible deniability.
Re: (Score:2)
Plausible deniability.
Touche'.
Re: (Score:2)
If the government had a need for such things, then the tech almost certainly already exists in some form, as the idea has itself existed for decades in fictional representations. And we're not talking about Star Trek futuristic technologies here, either; it wouldn't be terribly difficult to literally pack small amounts of plastic explosives alongside (or even inside) the microchips in those critical technologies that you mentioned. So why did the PARC researchers need to investigate this topic in the first place? Unless they're just trying to build a better mouse trap...
If that was your major point, you're right -- I missed it. Pretty sure it was the references to Mission Impossible and Professor Gadget that led me astray.
Suppliers in the anti-tamper arena are always trying to build a better mouse trap. This is one of those areas where developers are always trying to stay one step ahead of the "enemy". Government V&V authorities are notoriously biased against approaches and implementations that have been used in the past, especially for protection of technology improve
Re: (Score:2)
Yeah, they will use it as screen cover glass, and it will break just before touching ground...
Based on toner cartridge designs? (Score:2)
Cue the music (Score:2)
Diddle-little-liddle-little
dun dun dun-DUN, dun dun DUN-dun, dun dun dun-DUN, dun dun DUN-dun
Na na naaaaaa, na-na naaaaaaa, na-na naaaaaaa, na-nuh
Good thing, yes? (Score:2)
One of the reasons why computer security has turned in to a cat and mouse game - that quite frankly we are losing, is the computer architecture model we use for everything hasn't really changed. A physical separation of user space and kernel space in to two systems, then ideas like this become rather useful.
And alternatively (Score:2)
Use a low-power microcontroller like an MPS430, power from lithium-battery, keep keys in RAM and invert them every minute or so. You can wipe that MPS430 in a few microseconds on command and without using much energy.
Seriously, this is a stunt, not anything new or special.
Re: (Score:2)
Congrats - you've invented the Sony Vaio! (Score:3)
>> The chip could self-destruct on command
Congratulations! You've invented the Sony Vaio!
http://www.techhive.com/articl... [techhive.com]
Not for use by us commoners (Score:2)
Any non-famous/non-rich private individual using this tech would just be thrown in jail for destruction of evidence.
Alpha-Omega (Score:2)
Isn't it ironic that the Xerox ushered the both the beginning of the personal computer, and it's end.
Surely we are beyond this... (Score:2)
Making a self destructing chip, will not destroy the software and data on the electronic device powering and commanding the chip (chips need, power, storage, memory and other i/o stuff to be useful)
dd if=/dev/zero of=/dev/keystore (Score:2)
There is no practical need for theatrics, just a controller that supports reliable overwrite of data. If permanent hardware alteration is needed, there is a mainstream, inexpensive e-fuse technology.
Stressed glass chip destruction could be triggered unintentionally. Since you are a secret agent, you might drop things or travel to hot places. Wouldn't want to lose all your secret photos just because you left your phone on car dash or something.
A new app for the market - post mortum wiping! (Score:2)
It's a simple plan.. your iWatch monitors your biometrics, right? When you die it kicks off an app to wipe all your browser history, and the special chip/drive where you store your porn gets shattered into a million pieces. No more embarrassed children, spouses, or friends when your dirty dirty secrets come to life after yours has left.
Re: (Score:2)
I am pretty sure... (Score:2)
I am pretty sure this technology is already in use in Comcast and AT&T U-verse routers.
Al Qaeda is probably drooling over this... (Score:2)
The year is 2020. A massive arctic high sits over North America on a very cold January day. An Al Quaeda operative sends a command from his PC to a botnet which activates multiple zero-day "sleeper" trojans that have been waiting for the command. PC's, printers, and various other machinery in offices and electric power plants and water pumping stations and telephone offices fail.
A second command is sent that hijacks satellite downlinks for GM Onstar and similar systems. They can shut down the car via satell
this already exists (Score:1)