Self-Destructing Computer Chip

Shattering the glass is straightforward. When the proper circuit is toggled, a small resistor within the substrate heats up until the glass shatters. According to Corning, it will continue shattering even after the initial break, rendering the entire chip unusable. The demo chip resistor was triggered by a photo diode that switched the circuit when a laser shone upon it. The glass plate quickly shattered into fragments once the laser touches it.

Tags: cryptography, encryption, physical security, security engineering

Posted on September 17, 2015 at 7:17 AM • 38 Comments

Comments

ianf • September 17, 2015 7:53 AM

So, apart from its premier OBVIOUS application, an integrated circuit version of a SPY BURN-BAG[*], a way to quickly & safely (though hardly instantaneously) destroy important data and/or decryption methods, are there [m]any other, not weapon-oriented, uses for it?

[^*] in “A Perfect Spy” by John Le Carré: Magnus Pym’s diplomatic steel-framed briefcase with integral ignition system and two locks: “clockwise, or it fires.”

Mace Moneta • September 17, 2015 8:04 AM

Back in my younger days, I order assorted electronics from a surplus catalog. One of the items was a WWII VHF aircraft radio. It had weird large diameter threaded holes in the bottom. Reading through the included documentation, they were for explosive charges, activated if the aircraft was going down. The intent was to prevent technology from falling into enemy hands.

I can see something like this used to “tamper-resist” products – even from those that have purchased them. Warranty void if case opened. 🙂

jayson • September 17, 2015 8:08 AM

Wonder how to trigger one from afar.

BillK • September 17, 2015 8:09 AM

Is this similar to what is already used in modern devices that expire soon after the guarantee runs out? 😉

paul • September 17, 2015 8:21 AM

Sweet. And nice use of the internal stresses often found in glass.

But I do wonder just the tiniest bit how robust the system is against accidental triggering. Most things that are important enough to protect with that kind of tech are also important enough that you really want them to survive if they’re not about to be compromised.

Ivan Gluscic • September 17, 2015 8:44 AM

I can hear it now…

“Yeah, yeah. Next, next, OK, yes I’m sure… NO!!!”

Clive Robinson • September 17, 2015 9:21 AM

Hmm, using the internal stress of glass and also more esoteric solids used in chip manufacture can have unfortunate consequences.

Some here I know have suffered the effects of “glass shower screens” apparently “spontaneously shattering”. And some semiconductor substrates will do similar things.

It’s led to the idea that these materials “have memory of abuse”, that is if you subject them to rough handeling or other stresses they don’t immediately shatter they “store the stress, and release it at a future point in time”. Nice as this idea sounds it’s not quite true, but the exact mechanisms by which this apparent “memory effect” happens is still under investigation.

Thus one has to ask the question of if this chip might suffer from “spontaneous shattering” if used in say HighG environments such as fighter jets, planes launched of carriers, drones, rockets, munitions etc… or more prosaically in your phone etc which might get accidently dropped or involved in motor vehicle accident etc.

There is a reason the military do not put glass “relockers” in safes and locks, they don’t want to be subject to a “self denial of service”, especialy when response time may be very short…

Sometimes it pays to step back from a “security solution” and ask “How badly could this go wrong…” a question some people wish they had asked before they discovered they could nolonger get at their encrypted backups, because some one did not follow reliable KeyMan recording and auditing…

ianf • September 17, 2015 9:25 AM

@ Paul, as this is such a key issue, presumably, unless Corning/ the inventor/ already has tackled the problem of runtime/ fieldwork prevention of accidental triggering, the chip wouldn’t have been previewed.

In all probability, they defined some kind of (enumerated statistically “sound”) triggering thresholds, and then tested batches of those chips in accordance with set values. Then they iterated ever-strengthened batches until they reached their no-trigger goals in a controlled repetitive process. First then it was safe to unveil these new chips’ existence for OEM exploitation. PRESUMABLY.

Fred • September 17, 2015 9:54 AM

I could see certain software companies using it to distribute very large packages on USB sticks with tight time bounds or limits of installation instances. It might also have applications in distributing beta versions that are disabled shortly prior to production product launch.

Karellen • September 17, 2015 10:18 AM

So, will this be activated by executing the HCF (Halt and Chip Fragment) instruction? 🙂

Screechy Lobster • September 17, 2015 10:54 AM

Great concept, but a legal caveat: if a legal proceeding is in place when you destroy the disc (and chances are it will be by the time you get the knock on the door), your action will be considered spoliation of evidence, which could land you a hefty jail sentence, so this solution might not be ideal to protect individuals from authoritarian nation-states.

ianf • September 17, 2015 11:15 AM

@ Screechy … will be considered spoliation of evidence, which […] might not be ideal to protect individuals from authoritarian nation-states.

A lesser worry then, where actions of authoritarian nation-states are concerned. Besides, assuming “the spoilage” is instantaneous, who’s to say WHEN & WHO reverted it back to silicon dust?

Peter A. • September 17, 2015 11:26 AM

@Karellen: nice! I have thought of the HCF instruction immediately upon reading this but failed to conceive a backronym… Congrats!

@Lobster: it works this way only after you got to know that a legal proceeding is going, at least theoretically. In somewhat more authoritarian states, you get spanked whatever you do or fail to do.

ianf • September 17, 2015 11:33 AM

@ Fred … sees certain software companies using it to distribute very large packages on USB sticks with tight time bounds or limits of installation instances.

That could never be cost effective enough. If it gets adopted & deployed in numbers, it will be in critical military applications like drones, cruise missiles, autonomous ordnance delivery vehicles etc., in which their “brains on a chip” will undergo dead-man-grip-triggered destruction even when their main payloads fail to explode.

Bob Paddock • September 17, 2015 11:44 AM

Link: “Vishay’s New Electro-Pyrotechnic Initiator Chip Resistor is Industry’s First to Offer Joule Effect Ignition For Fast Firing Times Down to 50 μs, and a No Fire/All Fire Ratio up to 70 %”

They are hard to get samples and DigiKey still doesn’t carry them. 🙁

“EPIC resistors, also known as bridge resistors, are resistive elements that convert electrical energy into heat energy in a precise electro-thermal profile for the purpose of initiating a series of pyrotechnic events in a controlled energetic reaction.”

http://www.vishay.com/docs/53041/epic.pdf 0603 package.

“Except as expressly indicated in writing, Vishay products are not designed for use in medical, life-saving, or life-sustaining applications or for any other application in which the failure of the Vishay product could result in personal injury or death.
Customers using or selling Vishay products not expressly indicated for use in such applications do so at their own risk. Please contact authorized Vishay personnel to obtain written terms and conditions regarding products designed for such applications.”

Parts designed to burn up may not be used to cause damage or injury…

Bob • September 17, 2015 12:05 PM

Wouldn’t it be easier to put a little thermite in the package and have the chip go up in smoke? For that matter, electricity will do the same thing, as so many of us can attest to.

ianf • September 17, 2015 12:37 PM

@ Bob
the more mechanically/ dynamically complex a critical-destruction component, the higher its (theoretical) failure rate. What this (pre-stressed?) glass substrate chip promises is that it will require only a minuscule input of some specific close-proximity kind to enable self-destruct at once (presumably impervious to trigger false positives).

Tony H. • September 17, 2015 1:45 PM

@Paul: “But I do wonder just the tiniest bit how robust the system is against accidental triggering. Most things that are important enough to protect with that kind of tech are also important enough that you really want them to survive if they’re not about to be compromised.”

I imagine it could be made extremely robust. Look up Prince Rupert’s Drops for a very old example of glass that can be hit with a hammer at one spot without damage, but shatters explosively by just nicking a “tender” point. Protect the tender point from everything except the initiator and you’re good.

There are cool high frame rate videos online showing the crack propagation and explosive results.

k14 • September 17, 2015 2:40 PM

Charming.

k14 • September 17, 2015 2:43 PM

This is also done to people, right? Is there anyone who it would not be effective against?

Terry • September 17, 2015 4:08 PM

@Clive Spontaneous shattering is caused by an inclusion in the glass called a stone. I have seen thermally tempered glass shatter due to them and have been told that they have a half life so it is not predictable. I have not seen the same thing happen in chemically tempered glass but I have been away from the glass industry for decades.

Lawrence • September 17, 2015 4:10 PM

Why it need like a laser to trigger it? It sounds like the laser is what powers the destruction circuit, being most circuit are not design to handles that amount of power needed to handle glass shattering.

Unless you can really miniaturized the laser power circuitry, this is still a long way off from reality.

Tim! • September 17, 2015 4:37 PM

@Lawrence: the laser is not powering the destruction circuit, the laser is triggering a photodiode, which switches the destruction circuit on. The destruction circuit draws power from the same source that powers the chip itself. The laser and photodiode are just a switch, like the opposite of a laser tripwire. You could use a mechanical switch and your hand to trigger the destruction circuit instead, or a relay or transistor triggered by some other circuit.

rgaff • September 17, 2015 5:08 PM

@ BillK

That’s what the “lifetime guarantee” is for… when the product dies, warranty expired.

Godel • September 17, 2015 6:42 PM

This would be perfect for printer manufacturers to make DAMN SURE that their ink cartridges can’t be refilled.

marc • September 18, 2015 1:37 AM

The use cases I can think of:
1. Try to reverse engineer a spying device that is used by rouge nations to spy on their population and it will be destroyed.
2. The ‘copy’ command to copy digital content from a device will render it useless.

latsot • September 18, 2015 2:19 AM

So my phone company can destroy my phone if I don’t pay my bill. My insurance company can destroy my car if I don’t pay theirs or, you know, if they really just want to; maybe if I drive in places they think are dangerous. The idea of self-destructing chips isn’t new but if anyone touts them as a security measure, you should be skeptical.

latsot • September 18, 2015 2:43 AM

I get a pacemaker cheap because I’ve got no insurance and fail to make the payments. We need to own our devices, even the ones not sewn into us.

John Galt IV • September 18, 2015 12:14 PM

A nation-state may have the resources to reverse engineer the pieces back to the device state that existed before the self-destruct was triggered. It is a 3D analog of the shredded paper problem that DARPA (OSD?) paid to have resolved about the time of the 2003 invasion of Iraq for fairly obvious reasons. Scanning electron microscopy can provide detailed geometry of every piece of recovered glass, including the elemental analysis of the circuit features on each piece and likely the magnetic state from GMR memory. It is a safe bet that some academic research group have tackled the computational problem of figuring out how to fit the pieces together, likely by genetic algorithm. Obviously, they would only deploy such forensics when the information is high value. A nation-state may have an agency with an acronym FBI that has forensic experts who lie routinely in court cases, who will make up a story that the stress relaxation that occurs after fracture of glasses can be measured with neutron scattering to establish the time at which the fracture occurred. In case you missed it, those forensic experts also lied in cases where they claimed that bullets from a particular melt could be unequivocally tied to the lot number. And countless other times, in countless other cases. BTW, the Bulger story apparently is going to be a movie. But Ephraim Zimbalist Junior is no longer with us.

John Galt IV • September 18, 2015 12:18 PM

speaking of high-tech remote repossession

http://dealbook.nytimes.com/2014/09/24/miss-a-payment-good-luck-moving-that-car/

speaking of pacemakers, maybe you can get a good deal on rapid-response ambulance service if you give your insurance company access to the data feed

http://www.sun-sentinel.com/health/ct-allstate-patent-data-0618-biz-20150618-story.html