During a discussion on this subject in one of the newsgroups I used to frequent, I suggested the ultimate tamper-proof mechanism for potted components (at least, what I though could pass for ultimate... ;-) Pot your device in a clear potting compound, irregularily shaped (I'm imagine a large gemstome type cut). Then pot it again in the normal opaque black, rectangular block. The tamper mechanism consists of one or more LED Lasers as part of your circuitry, and corresponding photodetectors. Aim the lasers such that they bounce off all the flat (or curved, if you're into hardcore math) surfaces inside the clear potting, and eventually fall back onto photodetectors. This is all happening inside the clear potting, inside the black potting. ANY change to the clear potting (whether they are removing it be mechanical or chemical means) will alter either (or both) the path and the intensity of one or more of the laser beams. The SRAM and flash can be overwritten, bondout wires fused, etc. Just about any destructive mechanism after that can be employed. This would require an internal power supply to enable the destructive mechanisms should power be removed (done automatically if power is removed). At least *I* thought this was a cool idea. It would be interesting to see if anyone got this to work. I haven't done a patent search for it, but I wouldn't be /too/ surprise if someone else came up with it first... But it was an original thought for me, anyway. -Adam David VanHorn wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > >And yet another technical remark. The use of external RAM could solve the > >problem of lacking memory, however it is unsafe. If this RAM were used > >for "challenge" encryption, monitoring of PIC<->RAM communication > >could lead to the private key recovery. Well, it should be done very fast, > >untill the device remains "armed", but it is not impossible. > > Our terminals were approved by the banks, and the card industry, simply by > potting the processor and memory into a module, with the SRAM backup > battery outside the module. > > Knowing what I know now, we should have had an algorithm to move the keys > around, or maybe Xor them periodically with an incrementing value. > Data that sits in an SRAM for a long time becomes quasi-permanent. In many > cases, if the data has been in for 6 months to a year without moving, you > can power down the ram for hours, with VCC shorted to ground, and on > powerup, retrieve the key. This cheap scrambling system adds no > cryptographic security, but when the lights go out, the keys would be GONE. > > I like this end of the discussion. One of the major weaknesses I've seen in > access control is that it all ends up in something like "short these two > wires to grant access", so the obvious attack is to get to those two wires. > Tamper switches are ok, as far as they go, but obviously if you've bought > one and taken it apart, you know where the switches are, and how they work. > > This is one reason I never put access pads outside a secured area. I want > you to open a door, trip a sensor, and be on a short fuse before you get to > muck around with a keypad. I've been known to install weak key switches > (easily picked) or cheap keypads outside the protected area, that will trip > the alarm if operated. > > Another fun one is a wire running along the external wall to the bell. > (where used) The real wire rund directly back through the wall of course, > the accessable wire is the trap. > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.2 for non-commercial use > > iQA/AwUBOM1974FlGDz1l6VWEQLgowCfeeP5phjbuB15vmGzpUKMtI5JwkMAoPPH > HKjUiI1B8/opk5Z/HGjXWzpr > =ty6c > -----END PGP SIGNATURE-----