Minuscule Combination Lock Safeguards Silicon Capital

August 1999
By Maryann Lawlor
E-mail About the Author

Dot-sized security mechanism throws a wrench in wheels of hacker breach attempts.

The mechanical principles that protect personal belongings inside a high school locker may hold the key to guarding digital assets. Creators of a miniature combination lock, which consists of six gears that together are the size of a shirt button, believe the device guarantees that systems can be shielded from invasions with a one-in-a-million chance that an intruder can break the code.

While software developers are designing intricate programs to thwart the best efforts of unwanted visitors, engineers at Sandia National Laboratories, Albuquerque, New Mexico, developed the recodable locking device to form a virtually impenetrable firewall that they claim even the best hacker cannot beat.

Capitalizing on experience gained from preventing the inadvertent detonation of nuclear weapons, the scientists have built a hardware component that, when placed inside a server or central processing unit, would prevent access to the information that resides in the locked area. Based on microelectromechanical system technology, the apparatus is not intended to replace current information security software such as firewalls, but rather is designed to complement it and act as a final roadblock between hackers and their prey.

“Computer firewalls have always been dependent on software, which means they are ‘soft’ and subject to manipulation,” Larry Dalton, manager, high-integrity software systems engineering department, Sandia, offers. Dalton is one of three co-inventors of the new tool. “Our device is hardware and is extremely difficult to break into. You have a one—and only one—chance in a million of picking exactly the right code compared to a one-in-10,000 chance, with many additional chances, in most firewalls. After one failed try, this new device mechanically shuts down and can’t be reset and reopened except by the owner.”

Frank Peter, another co-inventor of the device and senior member of the technical staff at Sandia, agrees that software security solutions can still leave loopholes that hackers can exploit. “One rule is that every time you write software, it will have bugs in it. So you can never have a 100 percent guarantee that the software will do what it’s supposed to do. And as the software gets bigger and bigger, there are more and more bugs,” Peter says.

Although Dalton notes that the device was originally designed to allow only one attempt to enter, Peter adds that additional experimentation and input from testers led the group to conclude that the final iteration will probably allow a set number of attempts—for example, three—before the lock is engaged.

According to Dalton, development of the device is merely a continuation of Sandia’s history of service in the national interest. It is part of the nuclear weapons complex comprising Los Alamos National Laboratory, Los Alamos, New Mexico; Lawrence Livermore National Laboratory, Livermore, California; and Sandia. While Los Alamos and Lawrence Livermore are physics laboratories that design weapons capabilities, Sandia is an engineering facility with a primary mission of packaging the nuclear explosives, making them fieldable systems. Part of this effort involves the safety systems that prevent the inadvertent detonation of the nuclear arsenal, Dalton explains.

Approximately one-half of Sandia’s $1.4 billion budget continues to be devoted to this mission. However, today’s threats, which include assaults against information systems, pose new dangers to national security and have expanded its mission. Consequently, the other 50 percent of Sandia’s budget is dedicated to information security and assurance. “Of course nuclear weapons are the core, but information security today is surely critical to the national interest. The question becomes how to apply what we are already doing at Sandia to protecting information,” Dalton says.

The answer, in this instance, came from a code storage scheme used successfully in existing weapon surety subsystems, Peter says. Although Peter, Dalton and the head of Sandia’s electromechanical engineering department, David Plummer, devised the lock’s general concept, Peter is credited with the current design.

A single device consists of a series of six code wheels. Each wheel is less than 300 microns in diameter and features 10 notches. These gears are moved by electrostatic comb drives that turn electrical impulses into mechanical motion. The entire apparatus is approximately 9.4 x 4.7 millimeters.

The user side and secure side form the security tool set. To unlock the device, a user must input a code that identically matches the one stored mechanically in the six code wheels. If the user keys in even a single wrong entry, the device mechanically locks up and, under its current design, does not allow any further attempts until the owner resets it from the secure side.

For use in this new context, the six gears and the comb drives would be put on a small chip that could be incorporated into any computer, network or security system. An external keypad, separate from the computer, would set the combination. The code could be set to change at given time intervals or to open access to the lock for a specific window of time and allow remote access to the section of the computer being protected. This capability, which mimics that of bank-vault time locks, would require software to receive the code input during the designated time period. After the open time interval expires, the lock would re-engage and deny access.

According to Peter, all the mechanical parts of the lock have been tested and proved to work. During the next several months, the team will be involved in the integration of the lock and the optical path section of the device. Peter describes this using a camera’s shutter mechanism analogy. By entering the correct code, the aperture is unlocked, allowing a laser diode to shine through to the receiver and carry the electronic signal. Users would be unaware that a hardware device is protecting their system, he adds. The team applied for a patent for the technology this spring.

The idea for the locking device stems from a failure in software systems that controlled radiation therapy equipment for cancer patients. The software that determined the amount of radiation delivered to the cancerous area increased the dosage from 2,000 rads to 20,000 rads, resulting in the death of six people. “We wanted to isolate the control signal that will control this. We wanted to force the software system to do what it was supposed to do as well as linearly compute a combination to the lock. At each and every critical way point, it would have to recompute the seat value and continue to have to come up with the correct code,” Dalton explains.

The number of wheels and the one-in-a-million concept is purely subjective, he adds. “One in a million makes people feel safe. But if they don’t feel safe with those odds, then more wheels can be added to make it a one-in-a-billion chance or a one-in-a-trillion chance,” he offers.

Dalton and Peter agree that this concept would not be feasible without microelectromechanical technology. “If MEMS [microelectromechanical systems] technology were not available, we couldn’t have done this because the piece would have been too big and too expensive,” Dalton says. Peter estimates that the current piece would cost $2 each.

Because the chip is built using integrated circuit fabricating techniques, hundreds can be constructed on a single 6-inch silicon wafer. Sandia developed this unique multilevel polysilicon fabrication process, making it one of the few locations where this kind of invention could take place, laboratory officials claim.

From a security standpoint, a recodable locking device offers both isolation and incompatibility, two important concepts in “stronglinks,” which are mechanical locks used as safety devices in weapons.

“If you want to isolate your computer from all the junk out there, you can do it using this device because, with the Internet, once the information gets out, everyone has it,” Peter says. Dalton describes it as a dynamic security manager, totally removing a protected system from vulnerability to attacks. Applications range from electronic commerce to banking to the medical field, and, to some extent, the tool could protect specific sections of a computer from being exposed to viruses, he adds.

In addition, a variety of safety applications exist for the device. The mechanism can confirm that a critical system is operating as expected. If it detects a problem, it will not permit execution of a function. This process can be applied to deter unauthorized missile launches.

Once refined, the recodable locking device technology will be transferred to the commercial sector for production, most likely through Technology Ventures Corporation, Albuquerque, New Mexico. The company is a nonprofit organization established in 1993 by Lockheed Martin Corporation to identify technologies with commercial potential. Lockheed Martin manages Sandia for the Department of Energy.

Technology Ventures acts as a bridge between government laboratories and the private sector and helps in business management practices as well as in securing investment capital to support the commercialization of technology developed in public facilities. Through the company, government scientists would team with foundries such as Dell, Gateway or Hewlett Packard for systems engineering and marketing efforts, Dalton says. “If we don’t transfer this technology to the commercial sector, then we’re not providing exceptional service in the national interest,” he adds. The team predicts the technology will be available in the next one to two years.

Dalton believes the introduction of this device into the marketplace raises the bar for information security technology development. “Software and firewalls are robust, but there is no guarantee. This technology is guaranteed, and no such guarantee can be given on software,” he says.

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.