Arnold Reinhold writes:
> A sophisticated attacker could measure the pressure in each
> compartment and work in a pressurized, darkened room.
You don't know the pressure inside, that's the point: it varies among
the units. Whenever there is a (nonthermal) pressure change the thing
nukes itself (integrated thermometers and MEMS pressure sensors are
not black magic anymore these days).
The light sensor is just another layer of icing on the cake: the more
layers, the more sophisticated/expensive attack required. It will
never be 100% secure, however it should be secure enough for daily
use.
> One thought I had is to include a circuit on chip (perhaps duplicated
> in several places) that would monitor on-chip supply voltage and keep
> the program from executing sensitive code for some period if dV/dt
> were too high. If the cap or Li battery were disconnected, the
> circuit would see continuous fluctuations and shut the processor
> down. A accidental power glitch would only cause a short delay in
> execution.
The thing should nuke itself whenever it is about to run out of
juice. Perhaps literally so, by igniting a pellet of lead azide
turning the die to dust (there might be residual charges left in the
flash which could be read).
> If an attacker can get to the chip and disable these power monitor
> circuits, he can probably also put a logic analyzer on the memory
> lines and extract the key that way.
You need access to the chip if the memory is embedded. Imo the chip
should be powered by an external optical source: much more difficult
to introduce transients which could lead to malfunction/information
leakage. Oh yes, and the thing needs to absolutely RF-tight, so
talking back with light is another good idea. Could couple in/out with
a light fibre (made from tin oxide to shield RF?).
> Arnold Reinhold
