Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Hardware

Xerox PARC Creates Self-Destructing Chip 96

angry tapir writes: Engineers at Xerox PARC have developed a chip that will self-destruct upon command, providing a potentially revolutionary tool for high-security applications. The chip, developed as part of DARPA's vanishing programmable resources project, could be used to store data such as encryption keys and, on command, shatter into thousands of pieces so small, reconstruction is impossible.
This discussion has been archived. No new comments can be posted.

Xerox PARC Creates Self-Destructing Chip

Comments Filter:
  • by Anonymous Coward

    from the here-today-gone-tomorrow dept.

    From the halt-and-catch-fire dept. surely?

  • Impossible? (Score:2, Funny)

    by Anonymous Coward

    Challenge accepted?

    • Re:Impossible? (Score:5, Interesting)

      by fuzzyfuzzyfungus ( 1223518 ) on Friday September 11, 2015 @07:42AM (#50501773) Journal
      I don't know how reconstructable these things will be(I wouldn't underestimate patience, or machine vision, when reassembling lots of broken bits; but if the destruction of the circuit disrupts floating gates or other such delicate structures used for semiconductor data storage there may be nothing to read even if you rebuild the entire thing); but I'd be very curious to see how they propose to safeguard the circuitry that is used to initiate destruction.

      The demo involved resistive heating sufficient to mechanically stress the glass into failure. That sounds exactly like the sort of mechanism where attacking the chip's supply of power(either undervolting it, putting it on a tightly limited constant-current supply, or both) might allow you to keep the chip's logic functions operational; but keep the heater from being able to destroy the glass. Depending on the sensitivity of the circuit layer, one could also slowly and evenly heat the entire package, to increase the power required to induce enough localized thermal expansion to cause catastrophic cracking.

      It reminds me of the old fight between satellite and cable 'conditional access' system manufacturers and pirates: you had the really early conditional access cards with separate contacts for the higher voltages needed to reprogram the EEPROM; so people covered those with tape to make the cards read only. Then they moved to onboard charge pumps, and people moved to sabotaging those without damaging the read circuitry. And so forth.

      This seems like a similar situation. I don't doubt the ability of stressed glass to shatter violently(semi-related; but fun, "Prince Rupert Drops" are a great demonstration of this); but if you want to turn that into a security mechanism, you need to protect the glass-shatterer componenents, and the sensors that trigger them, from sabotage or deception for the mechanism to be useful in practice. It is an advance over a normal silicon wafer with a small explosive charge, and probably a lot more legal for consumer goods; but you still need to know when to shatter the glass, and make sure that the attacker can't remove your ability to do so without triggering the failsafe.
      • (semi-related; but fun, "Prince Rupert Drops" are a great demonstration of this

        That is just freaky... (Here's a nice video [youtube.com] including some high FPS shots of one breaking)

        • Re:Impossible? (Score:5, Informative)

          by fuzzyfuzzyfungus ( 1223518 ) on Friday September 11, 2015 @09:08AM (#50502233) Journal
          Incidentally, if you want to play with some, they can be made at home more easily than one would expect: Getting a nice big one, as in the video you link to, and getting reliable results, is tricky without a proper glassworking apparatus; but you can make small ones with a basic hardware store blowtorch and some cheap 'lampworking' glass rods(not borosilicate, that has a higher melting point and deals with thermal stress better, typically a virtue but not for this application); I don't have a specific recommended vendor but 'lampwork rod' should bring up numerous options.

          You pretty much just blowtorch the end of the rod until it melts and drips into a bucket of water. In my tests, either my technique or my materials sucked enough that I couldn't get above ~10% success rate; but a pound or so of lampwork rod is cheap, so it didn't matter too much. And it is weird to interact with a piece of glass that you can't break with a sledgehammer; but which tears itself apart in the blink of an eye if you snip its tail. Wear your damn safety goggles; but good clean fun.
      • by mlts ( 1038732 )

        I was wondering that myself, since I was thinking of the fracture patterns in Prince Rupert Drops, and how an attacker could mount a DoS, similar to the old mainframe systems that permanently locked accounts after three wrong guesses [1].

        There is also the impact/shock resistant element. Would the vibrations of car eventually cause enough microfractures to get the chip to shatter?

        Of course, I'm guessing the use for this chip will be in applications where security is far more important than recoverability.

      • It is an advance over a normal silicon wafer with a small explosive charge, and probably a lot more legal for consumer goods; but you still need to know when to shatter the glass, and make sure that the attacker can't remove your ability to do so without triggering the failsafe.

        When it comes to military applications, they will likely continue to use both an explosive charge and this technology. When an attack helicopter is downed, for instance, the pilots hit the master destruct button which blows up the PCMCIA card that contains encryption keys, maps and other sensitive data. Then the DART comes out (Downed Aircraft Rescue Team). If they can't save or salvage the aircraft, they pull out their WP grenades and attach them to key areas of the airframe and watch the fireworks show

    • Challenge accepted?

      Hey if you can drop it into a black hole and still get the information out later, this should be a breeze!

    • They did it about ten years ago. We had a Xerox copier that self-distructed, one night. Unfortunately it also ignited our main building.
  • That's going to make DoS attacks very effective.
  • by Anonymous Coward

    Halt and Catch Fire?

    • by stooo ( 2202012 )

      Yea. The innovation here is they don't use fire...
      (explosive or exothermic melting security electronics exists since a long time but is dangerous...)

  • by rtkluttz ( 244325 ) on Friday September 11, 2015 @07:21AM (#50501701) Homepage

    The only companies interested in it will be consumer electronics companies just waiting for the next big thing to lock consumers out of their own shit.

    • by Buggz ( 1187173 )
      Those companies, and the Impossible Mission Force.
    • by AmiMoJo ( 196126 )

      Similar chips are already used in things like smart cards and POS terminals, where crypto keys need to be protected. The physical design causes the key to be wiped if the chip is tampered with. This is a new level of paranoia.

      • by mlts ( 1038732 )

        Those devices either wipe a value, or perhaps blow eFuses to disable circuits permanently.

        It is a new level of paranoia, but having the ability to physically destroy a chip without resorting to electrical arcing, shorts, explosives, or other means which can cause big problems where intrinsic safety is needed, is a true innovation.

        I can see this quite useful in a few consumer products:

        1: An IronKey-like hardware encrypting USB flash drive, with a clear window showing the chip. If the chip is shattered, it

    • by Chrisq ( 894406 )

      The only companies interested in it will be consumer electronics companies just waiting for the next big thing to lock consumers out of their own shit.

      I was thinking the same thing. Set a timer to warranty period plus a day....

    • by mlts ( 1038732 )

      At first, I doubted this, but was reminded of Samsung Knox, and the eFuses which permanently blow on a device (no way . Thankfully the latest rooting/bootloader mods don't cause Knox to trip, but it is there, and likely will only get worse in future revs of the phone.

      • by mlts ( 1038732 )

        Looks like a chunk of my message got eaten. There is no known way to reset the Knox value back to 0x0, which allows the phone to use Samsung's pay system.

  • So... (Score:5, Insightful)

    by fuzzyfuzzyfungus ( 1223518 ) on Friday September 11, 2015 @07:24AM (#50501709) Journal
    Coming soon to a toner cartridge near you?
  • .....obsolescence.

    Now companies will be able to impose the upgrade cycle to all of us for every device known to man (including cars, fridges, etc.)

    Ownership of anything is now dead......

    • Re: (Score:3, Interesting)

      by iTrawl ( 4142459 )

      If proven to be used for enforced obsolescence I'm sure they're in for a bankrupting class action. You break my stuff, you pay me to buy a new one, plus moral damages for the pain you've caused me, regardless of how you did it.

      Yet nobody seems to have proven even the existence of "warranty fuses" (ones that make your equipment break just after warranty expires)...

      • by dablow ( 3670865 )

        As far as I know, there is no way to build a fuse to will break at exactly the time you want it to, without it looking suspicious. Besides replacing a fuse in most cases is trivial.

        And they can easily avoid class action suit by including in the licensing agreement that you do not own the device, you are renting it for a certain amount of time and the the real owner is the producer and they can, if they so chose, to burn the device at any time for any reason and you agree to it (you know like those credit ca

        • by kyrsjo ( 2420192 )

          Replacing a fuse when you suspect that's the problem, and you're one of the few who isn't scared for taking a screwdriver to a piece of electronics.

          Most consumers? Meh, printer's broke, warranty went out last week. Time to buy a new one, now with even more useless buttons and blinky lights!

          • by suutar ( 1860506 )

            Silly. You don't buy a new printer because the warranty is up, you buy it because you used up the ink in the last one and it's cheaper than replacement cartridges. If you reach the warranty period you're not printing enough to bother; go to Kinko's :)

        • While purely anecdotal I had the displeasure of supporting a large bank call center which used IBM 15" CRT displays. When I say large we had at least two thousand monitors of this make. Almost on cue they would fail within a couple of months after the warranty expired. Since it seemed a bit suspicious I did some research and discovered I was not alone in my suspicions. It was determined there was in fact a single resistor in one of the main circuits that would burn out almost as if it was designed to last o
        • For roughly 50 years, perhaps much longer, there have been electrical devices designed to pass a given number of Ampere-hours and then open-circuit. They're electro-chemical based: an electrode gives off ions until it's exhausted.
      • by Anonymous Coward

        Yet nobody seems to have proven even the existence of "warranty fuses" (ones that make your equipment break just after warranty expires)...

        That's because they're looking at the correlation backwards (a very common problem).
        Products are stress-tested so manufacturers learn the approximate durability distribution. From those, they can calculate the warranty so that it ends two standard deviations before the mean time to failure. If I remember my distribution math correctly, this results in the free warranty covering about 2.5% of product failures. If repair costs are cheap enough, they might pick a line near (but slightly before) one standard

  • "reconstruction is impossible."

    After watching things for awhile I would steer away from saying something's impossible. Highly unlikely, next-to-impossible. Something like that. But never underestimate the ability for technology to evolve to solve "impossible" problems. Or even finding a critical mistake (hello AM passwords!) that makes it not so impossible after all.

  • ... chips with integrated plastic explosives? As in, standard Mission Impossible/Inspector Gadget [tvtropes.org] type stuff. If there was actually a market for such devices in the real world, wouldn't it have already been fulfilled by now?

    Or... are we just now learning about this, because certain "spy-craft" methods have recently been declassified, or something of that nature? Hmmmmmm.....

    • by tsqr ( 808554 )

      ... chips with integrated plastic explosives? As in, standard Mission Impossible/Inspector Gadget [tvtropes.org] type stuff. If there was actually a market for such devices in the real world, wouldn't it have already been fulfilled by now?

      There actually is a market for such devices in the real world. Anti-tamper implementations are required by DoD for the protection of "Critical Technologies" and "Critical Program Information" in order to prevent (well, really to make it as hard/expensive/time-consuming as practicable) an adversary from reverse-engineer a weapons system so it can be copied or countered. Implementations are invariably classified Secret.

      Anti-tamper approaches that involve hardware can range from placing crucial software code

      • There actually is a market for such devices in the real world. ...

        While you may be correct on that minor point, you skipped over my primary point entirely: If the government had a need for such things, then the tech almost certainly already exists in some form, as the idea has itself existed for decades in fictional representations. And we're not talking about Star Trek futuristic technologies here, either; it wouldn't be terribly difficult to literally pack small amounts of plastic explosives alongside (or even inside) the microchips in those critical technologies that y

        • "why did the PARC researchers need to investigate this topic in the first place? "

          Plausible deniability.

        • by tsqr ( 808554 )

          If the government had a need for such things, then the tech almost certainly already exists in some form, as the idea has itself existed for decades in fictional representations. And we're not talking about Star Trek futuristic technologies here, either; it wouldn't be terribly difficult to literally pack small amounts of plastic explosives alongside (or even inside) the microchips in those critical technologies that you mentioned. So why did the PARC researchers need to investigate this topic in the first place? Unless they're just trying to build a better mouse trap...

          If that was your major point, you're right -- I missed it. Pretty sure it was the references to Mission Impossible and Professor Gadget that led me astray.

          Suppliers in the anti-tamper arena are always trying to build a better mouse trap. This is one of those areas where developers are always trying to stay one step ahead of the "enemy". Government V&V authorities are notoriously biased against approaches and implementations that have been used in the past, especially for protection of technology improve

  • Is this technology is based on their toner cartridge designs? Because every time I try to print, they seem to self-destruct on command.
  • Diddle-little-liddle-little
    dun dun dun-DUN, dun dun DUN-dun, dun dun dun-DUN, dun dun DUN-dun
    Na na naaaaaa, na-na naaaaaaa, na-na naaaaaaa, na-nuh

  • One of the reasons why computer security has turned in to a cat and mouse game - that quite frankly we are losing, is the computer architecture model we use for everything hasn't really changed. A physical separation of user space and kernel space in to two systems, then ideas like this become rather useful.

  • Use a low-power microcontroller like an MPS430, power from lithium-battery, keep keys in RAM and invert them every minute or so. You can wipe that MPS430 in a few microseconds on command and without using much energy.

    Seriously, this is a stunt, not anything new or special.

  • Comment removed based on user account deletion
  • by xxxJonBoyxxx ( 565205 ) on Friday September 11, 2015 @09:08AM (#50502231)

    >> The chip could self-destruct on command

    Congratulations! You've invented the Sony Vaio!
    http://www.techhive.com/articl... [techhive.com]

  • Any non-famous/non-rich private individual using this tech would just be thrown in jail for destruction of evidence.

  • Isn't it ironic that the Xerox ushered the both the beginning of the personal computer, and it's end.

  • Surely we are beyond this... don't we already have self destructing software?

    Making a self destructing chip, will not destroy the software and data on the electronic device powering and commanding the chip (chips need, power, storage, memory and other i/o stuff to be useful)
  • There is no practical need for theatrics, just a controller that supports reliable overwrite of data. If permanent hardware alteration is needed, there is a mainstream, inexpensive e-fuse technology.

    Stressed glass chip destruction could be triggered unintentionally. Since you are a secret agent, you might drop things or travel to hot places. Wouldn't want to lose all your secret photos just because you left your phone on car dash or something.

  • It's a simple plan.. your iWatch monitors your biometrics, right? When you die it kicks off an app to wipe all your browser history, and the special chip/drive where you store your porn gets shattered into a million pieces. No more embarrassed children, spouses, or friends when your dirty dirty secrets come to life after yours has left.

  • Comment removed based on user account deletion
  • I am pretty sure this technology is already in use in Comcast and AT&T U-verse routers.

  • The year is 2020. A massive arctic high sits over North America on a very cold January day. An Al Quaeda operative sends a command from his PC to a botnet which activates multiple zero-day "sleeper" trojans that have been waiting for the command. PC's, printers, and various other machinery in offices and electric power plants and water pumping stations and telephone offices fail.

    A second command is sent that hijacks satellite downlinks for GM Onstar and similar systems. They can shut down the car via satell

  • Old eproms stored there data with a series of fuses. When first programming the chip fuses would be selectively burnt out to store the program data. A program that burnt out the remaining fuses would brick the chip. Modern eproms have limited read write cycles. A program that rewrote the chips over and over again could brick a chip in a matter of seconds.

You know you've landed gear-up when it takes full power to taxi.

Working...