"World's Smallest Combination Lock" Promises To Foil The Best Computer Hacker,Say Sandia Developers

October 12, 1998

ALBUQUERQUE, N.M. -- The "world's smallest combination lock," a minuscule mechanical device developed at Sandia National Laboratories, promises to build a virtually impenetrable computer firewall that even the best hacker can't beat. The Recodable Locking Device, which uses microelectromechanical system (MEMS) technology so small that it takes a microscope to see it, is a series of tiny notched gears that move to the unlocked position only when the right code is entered. It's the first known mechanical hardware designed to keep unwanted guests from breaking codes and illegally entering computer and other secure systems.

"Computer firewalls have always been dependent on software, which means they are 'soft' and subject to manipulations," says Larry Dalton, manager of Sandia's High Integrity Software Systems Engineering Department. "Our device is hardware and is extremely difficult to break into. You have one and only one chance in a million of picking exactly the right code compared to a one in 10,000 chance, with many additional chances, in most software firewalls. After one failed try, this new device mechanically shuts down and can't be reset and reopened except by the owner."

Patent filed

Sandia, a Department of Energy (DOE) national security lab, recently filed for a patent for the mechanism. The first working units were fabricated in July. The Sandia team, which is refining the device and doing reliability tests, expects to have it ready for commercialization in about two years. Once it is perfected, a commercial partner will be tapped to produce and sell it. "The Recodable Locking Device should be of great interest to businesses and individuals who have computer networks, have sites on the Web, or require secure computers," says Frank Peter, engineer who designed the device. "It would make it virtually impossible for break-ins to Web sites, like what occurred with The New York Times in September." (Hackers broke into the Times' electronic edition in mid-September and shut it down for several hours.)

Computer crime is a growing problem nationwide. The Computer Security Institute together with the Federal Bureau of Investigation (FBI) recently surveyed 520 security practitioners in US corporations, government agencies, financial institutions, and universities. Results showed that 64 percent of the respondents reported computer security breaches within the last 12 months. And although 72 percent said they suffered financial losses from these breaches, only 42 percent were able to quantify their losses -- estimating them to be more than $136.8 million.

Dalton says he 'had the notion' of the device for three years, calling it the 'digital isolation and incompatibility' project. Digital was for the digital world, and isolation and incompatibility are important concepts in stronglinks, which are mechanical locks used as safety devices in weapons. He turned to Sandia's Electromechanical Engineering Department, headed by David Plummer, to do the design because of that group's expertise in stronglinks as well as its ability to design using the new MEMS technology.

Simple system

"It took about three months to go from concept to the final design," Peter says. "Based on a code storage scheme used successfully in existing weapon surety subsystems, we were able to design a very simple device -- and it's the simplicity of the device that makes it easy to analyze from a vulnerability standpoint."

The Sandia Microelectronics Development Laboratory used Peter's design to build a working device, which consists of a series of six code wheels, each less than 300 microns in diameter, driven by electrostatic comb drives that turn electrical impulses into mechanical motion. The 'lock owner' sets a lock combination to any value from one to one million. The entire device is about 9.4 millimeters by 4.7 millimeters, about the size of a button on a dress shirt. The Recodable Locking Device consists of two sides -- the user side and the secure side. To unlock the device, a user must enter a code that identically matches the code stored mechanically in the six code wheels. If the user makes even one wrong entry -- and close doesn't count -- the device mechanically 'locks up' and does not allow any further tries until the owner resets it from the secure side.

The six gears and the comb drives would be put on a small chip that could be incorporated into any computer, computer network, or security system. Because the chip is built using integrated circuit fabricating techniques, hundreds can be constructed on a single six-inch silicon wafer. The end result is that the device will be very inexpensive to produce.

Plummer says Sandia is the only place where development of such a mechanism could have occurred. "That's due to the unique multilevel polysilicon fabrication process developed by Sandia and our heritage of designing mechanical locking devices," he says. Besides being a deterrent to hackers, the device has other security applications, Peter says. For example, controlled information could be made available only in a window of opportunity. The information owner could tell the party needing the data that he or she has five minutes to enter in a specific code and gain access. Then, after five minutes, the code would be reset and access denied.

A variety of potential safety applications are also possible with the Recodable Locking Device. The mechanism can confirm that a critical system is operating as expected. And if it detects a problem, it will not permit execution of a function. In this safety capacity, the device could be used, for example, to ensure that a radiation therapy machine delivers the correct radiation dosage. "This device has a powerful potential -- one that is readily understood by most everyone," Dalton says. "I've been told by Department of Defense people that this is the first real technical advancement in information security that they've seen in a long time."

Sandia is a multiprogram DOE laboratory, operated by a subsidiary of Lockheed Martin Corp. With main facilities in Albuquerque, N.M., and Livermore, Calif., Sandia has major research and development responsibilities in national security, energy, and environmental technologies and economic competitiveness.

DOE/Sandia National Laboratories

Related National Security Articles from Brightsurf:

Men less likely to see food as national security issue amid pandemic
On average, men not only showed less empathy toward temporary agricultural laborers but also were less likely to see food supply and production as national security issues, according to a study led by a Washington State University researcher.

National trash: Reducing waste produced in US national parks
When you think of national parks, you might picture the vast plateaus of the Grand Canyon, the intricate wetlands of the Everglades, or the inspiring viewscapes of the Grand Tetons.

UBC study: Publicizing a firm's security levels may strengthen security over time
New research from the UBC Sauder School of Business has quantified the security levels of more than 1,200 Pan-Asian companies in order to determine whether increased awareness of one's security levels leads to improved defense levels against cybercrime.

3-D printing of weapons threatens security on global, national and personal level
A new RAND Corporation paper suggests additive manufacturing could benefit military adversaries, violent extremists and even street criminals, who could produce their own weapons for use and sale.

National Academies review of the draft Fourth National Climate Assessment
The US Global Change Research Program (USGCRP) asked the National Academies of Sciences, Engineering, and Medicine to review the draft Fourth National Climate Assessment (NCA4) -- a congressionally mandated report that evaluates the state of climate science and the broad range of impacts of climate change in the United States every four years - and the draft Second State of the Carbon Cycle Report (SOCCR2) - a report that feeds into the overall assessment process developed by USGCRP.

Morgridge, UW scientists explore national security implications of gene editing
A trio of scientists from the University of Wisconsin-Madison and the Morgridge Institute for Research participated in an international think tank this month on the intersection of genome editing technology and national security.

Installing solar to combat national security risks in the power grid
Power grid vulnerabilities are one of the most prevalent national security threats.

Bring your own (security) disaster
Bring your own device (BYOD) to work is common practice these days.

Blurring of national security interests & global health agendas are an unavoidable reality
Society must align the overlapping priorities and often clashing interests of medical intelligence, national security agendas and the global health community, according to global health advocates writing in the Journal of the Royal Society of Medicine.

Steve Elgar named National Security Science and Engineering Faculty Fellow
Steve Elgar, a senior scientist at Woods Hole Oceanographic Institution, has been selected as a 2016 National Security Science and Engineering Faculty Fellow by the Department of Defense.

Read More: National Security News and National Security Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.