Researchers develop self-destructing circuits to defend against attacks, counterfeiting

[Shawn Knight]

In a nutshell: Researchers from the University of Vermont have developed a self-destructing mechanism that, when triggered, can render hardware useless. The techniques can serve as both a security measure and a way to thwart counterfeiters, we are told.

The team shared their findings during the recent IEEE International Solid-State Circuits Conference (ISSCC) in San Francisco. Their methods work alongside physically unclonable functions (PUFs), which utilize unique characteristics in individual transistors to create code that acts like a unique digital fingerprint.

When compromised, the system can boost operating voltage across circuits to trigger electromigration – literally blowing metal atoms out of place to create open circuits and voids. A similar method can also be used to increase the operating voltage from less than one volt to around 2.5 V, which accelerates time-dependent dielectric breakdown to create short circuits. Translation - death.

The team, led by Eric Hunt-Schroeder, worked with Marvell Technology on the project. Hunt-Schroeder said he was inspired to develop the self-destructing mechanisms after reading that researchers were able to use a scanning electron microscope to clone SRAM-based PUFs.

The technique could also be effective in preventing counterfeit chips from flooding the market. When a company is done with a chip, Hunt-Schroeder noted, they can ensure it is destroyed in a way that makes it useless.

The self-destructing system was one of a handful of novel security techniques highlighted during the conference.

A team from Columbia University showcased a solution that is able to detect if a probe has been attached to a circuit, which could be helpful in defending against attacks in which the bad actor has physical access to a system.

At UT Austin, meanwhile, researchers came up with a way to mask signals emanating from power and electromagnetic sources. In testing, the team was able to capture a key from an unprotected chip after about 500 attempts. With their protections in place, they were unable to crack the key even after 40 million tries.

Image credit: Alexandre Debieve, Zan

Permalink to story.

https://www.techspot.com/news/102098-researchers-develop-self-destructing-circuits-defend-against-attacks.html

 

[NumberNine]

Apple taking notice.

 

[Mr Majestyk]

China in panic mode.

 

[VariableSpike]

Couldn't you do this with efuses already? Just design them in such a way where they break at a critical part of the chip, seems like *****ic wasteage though as a determined intruder (especially at the state actor level) will spend a fair bit of time to circumvent it, or get their info another way

 

[Theinsanegamer]

Couldn't you do this with efuses already? Just design them in such a way where they break at a critical part of the chip, seems like *****ic wasteage though as a determined intruder (especially at the state actor level) will spend a fair bit of time to circumvent it, or get their info another way

Yes but one could reverse engineer said fuses. Doing it this way ensures total destruction.

magnetic wipe of a HDD VS a hammer.

 

[Bartie Musa]

Bartie Musa - Hmm this is interesting but It could be dangerous or triggered accidently?

 

[Freddie159]

Bartie Musa - Hmm this is interesting but It could be dangerous or triggered accidently?

Or even on purpose by hackers, a hacker tells you you are going to replace alot of 'fuses' or pay up, you don't pay and you pay even more to replace all the fuses!! Then after you get them replaced the hackers come back again and again for more and more money!!

 

[return]

Apple already does that.

 

[Bartie Musa]

Apple already does that.

Bartie Musa - Like downgrading people's battery performance remotely in planned obsolesce and getting sued for it?

 

[human7]

Couldn't you do this with efuses already? Just design them in such a way where they break at a critical part of the chip, seems like *****ic wasteage though as a determined intruder (especially at the state actor level) will spend a fair bit of time to circumvent it, or get their info another way

Ultimately this is about defeating side-channel attacks or direct monitoring of the hardware outside of the way the hardware was intended to operate on. There's a mantra that if you don't have physical control over a device, you should assume that its security has been broken. The point of this and related research is to break that mantra. Whether it will succeed remains an open question.

 

[Bartie Musa]

Ultimately this is about defeating side-channel attacks or direct monitoring of the hardware outside of the way the hardware was intended to operate on. There's a mantra that if you don't have physical control over a device, you should assume that its security has been broken. The point of this and related research is to break that mantra. Whether it will succeed remains an open question.

Bartie Musa - That is a good point, I think ultimately that mantra will hold, but this may add a layer of complexity or fail-safe to that axiom.

 

[human7]

Bartie Musa - That is a good point, I think ultimately that mantra will hold, but this may add a layer of complexity or fail-safe to that axiom.

Yeah, but they may be able to make it infeasible to carry out certain kinds of attacks against their hardware. I don't believe we can engineer an "impossible to hack" device, but we can make it very expensive and challenging to do so (that's essentially how encryption works, too).

While this specific tech could be useful for ensuring the integrity of the device, you bring up a good point - could it destroy itself accidentally? Another question is what this tech will be used for, the obvious applications for PUFs are DRM and encryption. This could lead to better TPM security for device encryption, but it could also be used for one of the things TPMs are feared to be used for someday: wrestling control over what consumers are allowed to do on their devices.

 

[erickmendes]

<p>A team from Columbia University showcased a solution that is able to detect if a probe has been attached to a circuit, which could be helpful in defending against attacks in which the bad actor has physical access to a system.</p>

On a side note... You can make the "probe" destroy itself if detected to make it harder to track it's origin.

 

[Disiw]

Apple already does that.

Really? I wonder why my iPhones always last well and my Androids are slowly dying.

Even if an Android phone lasts a few years, it is unsellable because demand is zero and price went off a cliff since release.