Slashdot Mirror

← Back to Stories (view on slashdot.org)

Xerox PARC Creates Self-Destructing Chip

Posted by samzenpus on from the here-today-gone-tomorrow dept.

angry tapir writes: Engineers at Xerox PARC have developed a chip that will self-destruct upon command, providing a potentially revolutionary tool for high-security applications. The chip, developed as part of DARPA's vanishing programmable resources project, could be used to store data such as encryption keys and, on command, shatter into thousands of pieces so small, reconstruction is impossible.

14 of 96 comments (clear)

  1. From the halt-and-catch-fire dept. by Anonymous Coward · · Score: 2, Funny

    from the here-today-gone-tomorrow dept.

    From the halt-and-catch-fire dept. surely?

    1. Re:From the halt-and-catch-fire dept. by ThaumaTechnician · · Score: 2

      Not new, PARC just discovered the long-existing, well-known(?) CE (Chip Explode) pin.

    2. Re:From the halt-and-catch-fire dept. by UnknownSoldier · · Score: 4, Funny

      Nah, that's the last status message sent:

      ERROR_CPU_ON_FIRE

      or the more traditional:

        "CPU#0: Possible thermal failure (CPU on fire?)

      I can't wait till they put one in a printer. Then this error message will become a reality:

      ERROR_PRINTER_ON_FIRE

      Or I should say

      lp0 on fire

  2. Impossible? by Anonymous Coward · · Score: 2, Funny

    Challenge accepted?

    1. Re:Impossible? by fuzzyfuzzyfungus · · Score: 4, Interesting

      I don't know how reconstructable these things will be(I wouldn't underestimate patience, or machine vision, when reassembling lots of broken bits; but if the destruction of the circuit disrupts floating gates or other such delicate structures used for semiconductor data storage there may be nothing to read even if you rebuild the entire thing); but I'd be very curious to see how they propose to safeguard the circuitry that is used to initiate destruction.

      The demo involved resistive heating sufficient to mechanically stress the glass into failure. That sounds exactly like the sort of mechanism where attacking the chip's supply of power(either undervolting it, putting it on a tightly limited constant-current supply, or both) might allow you to keep the chip's logic functions operational; but keep the heater from being able to destroy the glass. Depending on the sensitivity of the circuit layer, one could also slowly and evenly heat the entire package, to increase the power required to induce enough localized thermal expansion to cause catastrophic cracking.

      It reminds me of the old fight between satellite and cable 'conditional access' system manufacturers and pirates: you had the really early conditional access cards with separate contacts for the higher voltages needed to reprogram the EEPROM; so people covered those with tape to make the cards read only. Then they moved to onboard charge pumps, and people moved to sabotaging those without damaging the read circuitry. And so forth.

      This seems like a similar situation. I don't doubt the ability of stressed glass to shatter violently(semi-related; but fun, "Prince Rupert Drops" are a great demonstration of this); but if you want to turn that into a security mechanism, you need to protect the glass-shatterer componenents, and the sensors that trigger them, from sabotage or deception for the mechanism to be useful in practice. It is an advance over a normal silicon wafer with a small explosive charge, and probably a lot more legal for consumer goods; but you still need to know when to shatter the glass, and make sure that the attacker can't remove your ability to do so without triggering the failsafe.

    2. Re:Impossible? by JaredOfEuropa · · Score: 2

      (semi-related; but fun, "Prince Rupert Drops" are a great demonstration of this

      That is just freaky... (Here's a nice video including some high FPS shots of one breaking)

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    3. Re:Impossible? by fuzzyfuzzyfungus · · Score: 4, Informative

      Incidentally, if you want to play with some, they can be made at home more easily than one would expect: Getting a nice big one, as in the video you link to, and getting reliable results, is tricky without a proper glassworking apparatus; but you can make small ones with a basic hardware store blowtorch and some cheap 'lampworking' glass rods(not borosilicate, that has a higher melting point and deals with thermal stress better, typically a virtue but not for this application); I don't have a specific recommended vendor but 'lampwork rod' should bring up numerous options.

      You pretty much just blowtorch the end of the rod until it melts and drips into a bucket of water. In my tests, either my technique or my materials sucked enough that I couldn't get above ~10% success rate; but a pound or so of lampwork rod is cheap, so it didn't matter too much. And it is weird to interact with a piece of glass that you can't break with a sledgehammer; but which tears itself apart in the blink of an eye if you snip its tail. Wear your damn safety goggles; but good clean fun.

    4. Re:Impossible? by jittles · · Score: 2

      It is an advance over a normal silicon wafer with a small explosive charge, and probably a lot more legal for consumer goods; but you still need to know when to shatter the glass, and make sure that the attacker can't remove your ability to do so without triggering the failsafe.

      When it comes to military applications, they will likely continue to use both an explosive charge and this technology. When an attack helicopter is downed, for instance, the pilots hit the master destruct button which blows up the PCMCIA card that contains encryption keys, maps and other sensitive data. Then the DART comes out (Downed Aircraft Rescue Team). If they can't save or salvage the aircraft, they pull out their WP grenades and attach them to key areas of the airframe and watch the fireworks show. So they already use double redundancy when it comes to destroying the data. The first go around is to make sure the data is destroyed if the aircraft is captured before salvage attempts are made. The second to prevent anyone from salvaging anything in the case of a total loss.

  3. Annnnnd.... by rtkluttz · · Score: 2

    The only companies interested in it will be consumer electronics companies just waiting for the next big thing to lock consumers out of their own shit.

    --
    Digital is, by definition, imperfect. Analog is the way to go.
    1. Re:Annnnnd.... by AmiMoJo · · Score: 2

      Similar chips are already used in things like smart cards and POS terminals, where crypto keys need to be protected. The physical design causes the key to be wiped if the chip is tampered with. This is a new level of paranoia.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  4. So... by fuzzyfuzzyfungus · · Score: 4, Insightful

    Coming soon to a toner cartridge near you?

  5. Re:Hail to forced..... by iTrawl · · Score: 3, Interesting

    If proven to be used for enforced obsolescence I'm sure they're in for a bankrupting class action. You break my stuff, you pay me to buy a new one, plus moral damages for the pain you've caused me, regardless of how you did it.

    Yet nobody seems to have proven even the existence of "warranty fuses" (ones that make your equipment break just after warranty expires)...

    --
    "Everybody's naked underneath" -- The Doctor
  6. Congrats - you've invented the Sony Vaio! by xxxJonBoyxxx · · Score: 2

    >> The chip could self-destruct on command

    Congratulations! You've invented the Sony Vaio!
    http://www.techhive.com/articl...

  7. Re:Hail to forced..... by ArhcAngel · · Score: 2

    While purely anecdotal I had the displeasure of supporting a large bank call center which used IBM 15" CRT displays. When I say large we had at least two thousand monitors of this make. Almost on cue they would fail within a couple of months after the warranty expired. Since it seemed a bit suspicious I did some research and discovered I was not alone in my suspicions. It was determined there was in fact a single resistor in one of the main circuits that would burn out almost as if it was designed to last only so long.

    --
    "A person is smart. People are dumb, panicky dangerous animals and you know it." - K