[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

"It's a Hardware Problem..."

--- begin forwarded text

Delivered-To: [email protected]
X-Sender: [email protected]
Date: Tue, 13 Oct 1998 06:33:46 -0500
To: [email protected]
From: [email protected]
Subject: IP: Sandia Labs: Foiling Hackers: World's Smallest Combination Lock
Mime-Version: 1.0
Sender: [email protected]
Precedence: list
Reply-To: [email protected]

Source:  EurekAlert!


 Contact: Chris Burroughs
 [email protected]
 Sandia National Laboratories

 "World's Smallest Combination Lock" Promises
 To Foil The Best Computer Hacker, Say Sandia

ALBUQUERQUE, N.M. -- The "world's smallest combination lock," a minuscule
mechanical device developed at Sandia National Laboratories, promises to
build a virtually impenetrable computer firewall that even the best hacker
can't beat. The Recodable Locking Device, which uses microelectromechanical
system (MEMS) technology so small that it takes a microscope to see it, is
a series of tiny notched gears that move to the unlocked position only when
the right code is entered. It's the first known mechanical hardware
designed to keep unwanted guests from breaking codes and illegally entering
computer and other secure systems.

"Computer firewalls have always been dependent on software, which means
they are 'soft' and subject to manipulations," says Larry Dalton, manager
of Sandia's High Integrity Software Systems Engineering Department. "Our
device is hardware and is extremely difficult to break into. You have one
and only one chance in a million of picking exactly the right code compared
to a one in 10,000 chance, with many additional chances, in most software
firewalls. After one failed try, this new device mechanically shuts down
and can't be reset and reopened except by the owner."

Patent filed

Sandia, a Department of Energy (DOE) national security lab, recently filed
for a patent for the mechanism. The first working units were fabricated in
July. The Sandia team, which is refining the device and doing reliability
tests, expects to have it ready for commercialization in about two years.
Once it is perfected, a commercial partner will be tapped to produce and
sell it. "The Recodable Locking Device should be of great interest to
businesses and individuals who have computer networks, have sites on the
Web, or require secure computers," says Frank Peter, engineer who designed
the device. "It would make it virtually impossible for break-ins to Web
sites, like what occurred with The New York Times in September." (Hackers
broke into the Times' electronic edition in mid-September and shut it down
for several hours.)

Computer crime is a growing problem nationwide. The Computer Security
Institute together with the Federal Bureau of Investigation (FBI) recently
surveyed 520 security practitioners in US corporations, government
agencies, financial institutions, and universities. Results showed that 64
percent of the respondents reported computer security breaches within the
last 12 months. And although 72 percent said they suffered financial losses
from these breaches, only 42 percent were able to quantify their losses --
estimating them to be more than $136.8 million.

Dalton says he 'had the notion' of the device for three years, calling it
the 'digital isolation and incompatibility' project. Digital was for the
digital world, and isolation and incompatibility are important concepts in
stronglinks, which are mechanical locks used as safety devices in weapons.
He turned to Sandia's Electromechanical Engineering Department, headed by
David Plummer, to do the design because of that group's expertise in
stronglinks as well as its ability to design using the new MEMS technology.

Simple system

"It took about three months to go from concept to the final design," Peter
says. "Based on a code storage scheme used successfully in existing weapon
surety subsystems, we were able to design a very simple device -- and it's
the simplicity of the device that makes it easy to analyze from a
vulnerability standpoint."

The Sandia Microelectronics Development Laboratory used Peter's design to
build a working device, which consists of a series of six code wheels, each
less than 300 microns in diameter, driven by electrostatic comb drives that
turn electrical impulses into mechanical motion. The 'lock owner' sets a
lock combination to any value from one to one million. The entire device is
about 9.4 millimeters by 4.7 millimeters, about the size of a button on a
dress shirt. The Recodable Locking Device consists of two sides -- the user
side and the secure side. To unlock the device, a user must enter a code
that identically matches the code stored mechanically in the six code
wheels. If the user makes even one wrong entry -- and close doesn't count
-- the device mechanically 'locks up' and does not allow any further tries
until the owner resets it from the secure side.

The six gears and the comb drives would be put on a small chip that could
be incorporated into any computer, computer network, or security system.
Because the chip is built using integrated circuit fabricating techniques,
hundreds can be constructed on a single six-inch silicon wafer. The end
result is that the device will be very inexpensive to produce.

Plummer says Sandia is the only place where development of such a mechanism
could have occurred. "That's due to the unique multilevel polysilicon
fabrication process developed by Sandia and our heritage of designing
mechanical locking devices," he says. Besides being a deterrent to hackers,
the device has other security applications, Peter says. For example,
controlled information could be made available only in a window of
opportunity. The information owner could tell the party needing the data
that he or she has five minutes to enter in a specific code and gain
access. Then, after five minutes, the code would be reset and access denied.

A variety of potential safety applications are also possible with the
Recodable Locking Device. The mechanism can confirm that a critical system
is operating as expected. And if it detects a problem, it will not permit
execution of a function. In this safety capacity, the device could be used,
for example, to ensure that a radiation therapy machine delivers the
correct radiation dosage. "This device has a powerful potential -- one that
is readily understood by most everyone," Dalton says. "I've been told by
Department of Defense people that this is the first real technical
advancement in information security that they've seen in a long time."

Sandia is a multiprogram DOE laboratory, operated by a subsidiary of
Lockheed Martin Corp. With main facilities in Albuquerque, N.M., and
Livermore, Calif., Sandia has major research and development
responsibilities in national security, energy, and environmental
technologies and economic competitiveness.
NOTE: In accordance with Title 17 U.S.C. section 107, this material is
distributed without profit or payment to those who have expressed a prior
interest in receiving this information for non-profit research and
educational purposes only. For more information go to:

To subscribe or unsubscribe, email:
     [email protected]
with the message:
     (un)subscribe ignition-point [email protected]

--- end forwarded text

Robert A. Hettinga <mailto: [email protected]>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'