Curious to know of any means to reliably and reversibly disable an IC. Lets say for example there is a security challenge for a peripheral and the security challenge fails, then how would a device be 'safely' disabled? I'm looking for something that cannot be defeated if possible.
This is for an embedded project.

 

Put an addressable relay on the power pin.

 

IF all of the protection mechanism must be inside the chip

AND IF the IC must remain disabled even if power is removed and re-applied

THEN the chip needs some form of non-volatile memory. Not a problem if it is a uC or a non-volatile digi-pot. Otherwise, problem.

ak

 

Curious to know of any means to reliably and reversibly disable an IC. Lets say for example there is a security challenge for a peripheral and the security challenge fails, then how would a device be 'safely' disabled? I'm looking for something that cannot be defeated if possible.
This is for an embedded project.

If it is reversible, someone can defeat it.

 

You treat the device as a black box.
If the device can be disabled, there needs to be a way to enable the device.
A simple solution is a 1-wire interface. The device supplies power to an external dongle (such as iButton) via one wire plus ground. The dongle sends back a key-code. The device is enabled only when a valid key-code is received.

We use these for authorized door entry access and power equipment operations. (User and time of activation is logged in a computer database.)

Picture of iButton on a key fob.

 

Microchip has the KeeLoq® technology. It won't physically disable the chip, but will prevent unauthorized access.

I am sure other vendors may have similar secure technologies, but I am only familiar with Microchip's

 

Curious to know of any means to reliably and reversibly disable an IC. Lets say for example there is a security challenge for a peripheral and the security challenge fails, then how would a device be 'safely' disabled? I'm looking for something that cannot be defeated if possible.
This is for an embedded project.

Use a relay to reverse the power and ground pins!

 

Curious to know of any means to reliably and reversibly disable an IC. Lets say for example there is a security challenge for a peripheral and the security challenge fails, then how would a device be 'safely' disabled? I'm looking for something that cannot be defeated if possible.
This is for an embedded project.

Anything can be defeated, and that goes doubly-true for something where it must be able to be re-enabled. But, within those bounds, there are already systems that do what you want.

An example are smart cards that require the use of a PIN to enable functionality that they control. If the wrong PIN is provided some number (usually three) times in a row, the card is disabled until it is reset by an authorized device. These systems often use public-key cryptography to authenticate themselves to each other.

 

Best way, what ever you do, keep it a secret.

 

Best way, what ever you do, keep it a secret.

Yes, because security through obscurity has always worked out so well.

 

Yes, because security through obscurity has always worked out so well.

Actually security through obscurity has been historically the most undefeated security scheme. How do you unlock something you don't even know is locked?

 

Anything can be defeated, and that goes doubly-true for something where it must be able to be re-enabled. But, within those bounds, there are already systems that do what you want.

An example are smart cards that require the use of a PIN to enable functionality that they control. If the wrong PIN is provided some number (usually three) times in a row, the card is disabled until it is reset by an authorized device. These systems often use public-key cryptography to authenticate themselves to each other.

Thank you. I am looking downstream, after the security ICs have been placed on the PCB and the security challenge has occurred. My question is more about how to disable the machinery being designed. Obviously a dedicated team of engineers would be able to crack the security mechanism but that is not really realistic for my application. I need a security scheme that would be robust against a technologically savvy individual who is most likely not a technical professional. Think of a very handy and capable advanced user.

 

You treat the device as a black box.
If the device can be disabled, there needs to be a way to enable the device.
A simple solution is a 1-wire interface. The device supplies power to an external dongle (such as iButton) via one wire plus ground. The dongle sends back a key-code. The device is enabled only when a valid key-code is received.

We use these for authorized door entry access and power equipment operations. (User and time of activation is logged in a computer database.)

Picture of iButton on a key fob.

View attachment 336301

Thank you. I will definitely investigate this further.

 

Use a relay to reverse the power and ground pins!

That will destroy the part.

ak

 

Actually security through obscurity has been historically the most undefeated security scheme. How do you unlock something you don't even know is locked?

Uh...no. That line of thinking has resulted in a plethora of roll-your-own security schemes that have been defeated in pretty short order. The cause is typically because the person/people designing the lock can only envision ways to break it that they can think of, so it is only, at best, secure against the tiny set of attacks that they can envision. But when it is then exposed to everyone else, there are lots of people that can envision all kinds of other ways to try to unlock it that the designers never dreamed of.

This has been the case both in software and hardware (including strictly mechanical systems). In the realm of cryptography, Mary Queen of Scots literally lost her head because she was using a code that was "secret" and that was broken by someone that had no idea about the code itself, but had ideas on how to attack codes in general. But since none of the coconspirators involved had heard of that attack, despite it having been around for centuries, their code was vulnerable to it. If they had, instead, used a different cipher that was relatively new and very publicly known, and even if they had told their adversaries exactly which code they were using, she could have kept her head for another few centuries, because that's how long it took the best minds to figure out how to break it.

 

Thank you. I am looking downstream, after the security ICs have been placed on the PCB and the security challenge has occurred. My question is more about how to disable the machinery being designed. Obviously a dedicated team of engineers would be able to crack the security mechanism but that is not really realistic for my application. I need a security scheme that would be robust against a technologically savvy individual who is most likely not a technical professional. Think of a very handy and capable advanced user.

It depends very heavily on what kind of access this technologically savvy individual has. If they have unfettered physical access to the system, it becomes very difficult to keep them from doing what they want. The place to start is to define what your physical security does to limit their access so that you can focus on what they can and can't do based on what they have access to. You aren't in a good position to defend your attack surface until you have a pretty good idea of just what that attack surface is.

 

OK, depending on if the intruder has physical access or not. If no physical access, then a small fuse in series with the device V+ line, and a small SCR triggered to short the V+ pin to common if the security is failed. The popped fuse will stop the protected IC from functioning until the fuse is bypassed or replaced. AND THAT will require gaining physical access and knowing where the fuse is. If a low current diode is used as the fuse it nay not be at all obvious what to replace.

 

The fuse approach raises a question.

I'm looking for something that cannot be defeated if possible.

reversibly disable an IC.

Since reversing the disable is essentially the same as defeating it, then what methods are allowed - reversing/defeating it remotely (a pass code or signal sequence over wires or a comm port), defeated with a soldering iron, or other? My initial assumption was that resetting the board would be an electrical function, but there is nothing in the thread to prevent a physical approach.

ak

 

Certainly the question of being reversible depends on what sort of access to reverse the disable is required. A processor system with erasable memory can be programmed to corrupt that memory when triggered. THEN, a memory reload would be required. That is about the only scheme that fully satisfies the requirement. Fully capable of re-enabling and yet not possible to defeat unless the code to be reloaded is available. But terribly inconvenient.

 

Curious to know of any means to reliably and reversibly disable an IC. Lets say for example there is a security challenge for a peripheral and the security challenge fails, then how would a device be 'safely' disabled? I'm looking for something that cannot be defeated if possible.
This is for an embedded project.

Certainly the question of being reversible depends on what sort of access to reverse the disable is required. A processor system with erasable memory can be programmed to corrupt that memory when triggered. THEN, a memory reload would be required. That is about the only scheme that fully satisfies the requirement. Fully capable of re-enabling and yet not possible to defeat unless the code to be reloaded is available. But terribly inconvenient.

This method is being investigated and will probably be implemented with other features to sorta 'raise the bar' on how difficult it would be to defeat. The purpose isn't to beat a sophisticated software and engineering team but rather to prevent technicians from circumventing certain controls on OEM components.