[ISN] Sandia Labs: Foiling Hackers: World's Smallest Combination Lock

From: mea culpa (jerichot_private)
Date: Tue Oct 13 1998 - 11:55:11 PDT

  • Next message: mea culpa: "[ISN] Hackershield helpos Network Admins Combat Hacker Attacks"

    Forwarded From: <anonymous>
    
    Source:  EurekAlert!
    http://www.eurekalert.org/releases/snl-wsclpt.html
    
    EMBARGOED FOR RELEASE: 12 OCTOBER 1998 AT 02:00:00 ET US
    
     Contact: Chris Burroughs
     coburrot_private
     505-844-0948
     Sandia National Laboratories
    
     "World's Smallest Combination Lock" Promises
     To Foil The Best Computer Hacker, Say Sandia
     Developers
    
    ALBUQUERQUE, N.M. -- The "world's smallest combination lock," a minuscule
    mechanical device developed at Sandia National Laboratories, promises to
    build a virtually impenetrable computer firewall that even the best hacker
    can't beat. The Recodable Locking Device, which uses
    microelectromechanical system (MEMS) technology so small that it takes a
    microscope to see it, is a series of tiny notched gears that move to the
    unlocked position only when the right code is entered. It's the first
    known mechanical hardware designed to keep unwanted guests from breaking
    codes and illegally entering computer and other secure systems. 
    
    "Computer firewalls have always been dependent on software, which means
    they are 'soft' and subject to manipulations," says Larry Dalton, manager
    of Sandia's High Integrity Software Systems Engineering Department. "Our
    device is hardware and is extremely difficult to break into. You have one
    and only one chance in a million of picking exactly the right code
    compared to a one in 10,000 chance, with many additional chances, in most
    software firewalls. After one failed try, this new device mechanically
    shuts down and can't be reset and reopened except by the owner." 
    
    Patent filed
    
    Sandia, a Department of Energy (DOE) national security lab, recently filed
    for a patent for the mechanism. The first working units were fabricated in
    July. The Sandia team, which is refining the device and doing reliability
    tests, expects to have it ready for commercialization in about two years. 
    Once it is perfected, a commercial partner will be tapped to produce and
    sell it. "The Recodable Locking Device should be of great interest to
    businesses and individuals who have computer networks, have sites on the
    Web, or require secure computers," says Frank Peter, engineer who designed
    the device. "It would make it virtually impossible for break-ins to Web
    sites, like what occurred with The New York Times in September." (Hackers
    broke into the Times' electronic edition in mid-September and shut it down
    for several hours.) 
    
    Computer crime is a growing problem nationwide. The Computer Security
    Institute together with the Federal Bureau of Investigation (FBI) recently
    surveyed 520 security practitioners in US corporations, government
    agencies, financial institutions, and universities. Results showed that 64
    percent of the respondents reported computer security breaches within the
    last 12 months. And although 72 percent said they suffered financial
    losses from these breaches, only 42 percent were able to quantify their
    losses -- estimating them to be more than $136.8 million. 
    
    Dalton says he 'had the notion' of the device for three years, calling it
    the 'digital isolation and incompatibility' project. Digital was for the
    digital world, and isolation and incompatibility are important concepts in
    stronglinks, which are mechanical locks used as safety devices in weapons. 
    He turned to Sandia's Electromechanical Engineering Department, headed by
    David Plummer, to do the design because of that group's expertise in
    stronglinks as well as its ability to design using the new MEMS
    technology. 
    
    Simple system
    
    "It took about three months to go from concept to the final design," Peter
    says. "Based on a code storage scheme used successfully in existing weapon
    surety subsystems, we were able to design a very simple device -- and it's
    the simplicity of the device that makes it easy to analyze from a
    vulnerability standpoint." 
    
    The Sandia Microelectronics Development Laboratory used Peter's design to
    build a working device, which consists of a series of six code wheels,
    each less than 300 microns in diameter, driven by electrostatic comb
    drives that turn electrical impulses into mechanical motion. The 'lock
    owner' sets a lock combination to any value from one to one million. The
    entire device is about 9.4 millimeters by 4.7 millimeters, about the size
    of a button on a dress shirt. The Recodable Locking Device consists of two
    sides -- the user side and the secure side. To unlock the device, a user
    must enter a code that identically matches the code stored mechanically in
    the six code wheels. If the user makes even one wrong entry -- and close
    doesn't count -- the device mechanically 'locks up' and does not allow any
    further tries until the owner resets it from the secure side. 
    
    The six gears and the comb drives would be put on a small chip that could
    be incorporated into any computer, computer network, or security system. 
    Because the chip is built using integrated circuit fabricating techniques,
    hundreds can be constructed on a single six-inch silicon wafer. The end
    result is that the device will be very inexpensive to produce. 
    
    Plummer says Sandia is the only place where development of such a
    mechanism could have occurred. "That's due to the unique multilevel
    polysilicon fabrication process developed by Sandia and our heritage of
    designing mechanical locking devices," he says. Besides being a deterrent
    to hackers, the device has other security applications, Peter says. For
    example, controlled information could be made available only in a window
    of opportunity. The information owner could tell the party needing the
    data that he or she has five minutes to enter in a specific code and gain
    access. Then, after five minutes, the code would be reset and access
    denied. 
    
    A variety of potential safety applications are also possible with the
    Recodable Locking Device. The mechanism can confirm that a critical system
    is operating as expected. And if it detects a problem, it will not permit
    execution of a function. In this safety capacity, the device could be
    used, for example, to ensure that a radiation therapy machine delivers the
    correct radiation dosage. "This device has a powerful potential -- one
    that is readily understood by most everyone," Dalton says. "I've been told
    by Department of Defense people that this is the first real technical
    advancement in information security that they've seen in a long time." 
    
    Sandia is a multiprogram DOE laboratory, operated by a subsidiary of
    Lockheed Martin Corp. With main facilities in Albuquerque, N.M., and
    Livermore, Calif., Sandia has major research and development
    responsibilities in national security, energy, and environmental
    technologies and economic competitiveness. 
    
    
    -o-
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:07:23 PDT