Magnesium-bulb Analogue Memory add-on to the Tamper-evident box
You never know if your MCU itself has been tampered with on a hardware level - you can never trust it 100%. Obsolete analogue technology comes in to rescue again - Eve can surely recover info from internal SRAM after power-down, so why not try the same with burnt ashes of paper or a cassette tape?
The Tamper-evident Paper-mail Box will surely warn Bob if it has been opened by Eve along the way - because Eve won't be able to restore codes in MCU's SRAM and the state of the travel timer (also in SRAM) after it is all zeorized. Codes in SRAM are bit-wise inverted every two seconds - so we did everything to avoid residual burn-in on SRAM cells..
Alice and Bob are fully secure now - or maybe... Eve won't be able to recover and restore the SRAM,- unless Mallory steps in beforehand! All she actually has to do is to plant a pre-rigged variant of ATmega328P to Alice's mailbox the next time Alice makes an order from RS!
Unless Alice has access to very high-end lab equipment, she can't know if her ATM328P is original or tampered variant. Take a look here and you will see that Mallory can add hardware backdoors without even changing the MCU silicon dye microcircuit blueprints! She can actually do it solely by manipulating dopant levels, leaving the microcircuits look intact, even to Alice's super-microscope!.
So Alice and Bob better stop spying low-profile on DIY budget and seek employment at some major 3-letter agency or... Maybe they still stand some chance if they redesign the papermail box to operate with East German cold war clone of Zilog Z80 ("Ux880D" by VEB Mikroelektronik "Karl Marx" from Erfurt) - they can reasonably presume that they were not pre-rigged by STASI simply because it was way too expensive to pull off in mid-1980s even for them. This would, however, work only if Alice has already kept a stash of U880s since 1980s, securely stored in her safe. "ZMC" project here:
https://www.elektormagazine.com/labs/crypto-dev-shield-for-zmc-zilog-z80-system-1
may be a good starting point, but this is definitely very impractical for this purpose :)
Well, they still have a chance to continue their low-budget operations, thanks to this circuit! It will work both against general-purpose and application-specific hardware Trojans, still on a shoestring budget. Firing the magnesium photo-flash bulb will burn a piece of cassette tape or thin paper wrapped around it, so the information on it (i.e. an additional response code) can't be recovered by Eve after she opens the box.
See the videos below. Note how the sheet of paper with the schematic printed on it below the flash bulb does not catch fire.
Alice and Bob are fully secure now - or maybe... Eve won't be able to recover and restore the SRAM,- unless Mallory steps in beforehand! All she actually has to do is to plant a pre-rigged variant of ATmega328P to Alice's mailbox the next time Alice makes an order from RS!
Unless Alice has access to very high-end lab equipment, she can't know if her ATM328P is original or tampered variant. Take a look here and you will see that Mallory can add hardware backdoors without even changing the MCU silicon dye microcircuit blueprints! She can actually do it solely by manipulating dopant levels, leaving the microcircuits look intact, even to Alice's super-microscope!.
So Alice and Bob better stop spying low-profile on DIY budget and seek employment at some major 3-letter agency or... Maybe they still stand some chance if they redesign the papermail box to operate with East German cold war clone of Zilog Z80 ("Ux880D" by VEB Mikroelektronik "Karl Marx" from Erfurt) - they can reasonably presume that they were not pre-rigged by STASI simply because it was way too expensive to pull off in mid-1980s even for them. This would, however, work only if Alice has already kept a stash of U880s since 1980s, securely stored in her safe. "ZMC" project here:
https://www.elektormagazine.com/labs/crypto-dev-shield-for-zmc-zilog-z80-system-1
may be a good starting point, but this is definitely very impractical for this purpose :)
Well, they still have a chance to continue their low-budget operations, thanks to this circuit! It will work both against general-purpose and application-specific hardware Trojans, still on a shoestring budget. Firing the magnesium photo-flash bulb will burn a piece of cassette tape or thin paper wrapped around it, so the information on it (i.e. an additional response code) can't be recovered by Eve after she opens the box.
See the videos below. Note how the sheet of paper with the schematic printed on it below the flash bulb does not catch fire.
Updates from the author
lux36 4 years ago
-C1 holds enough charge to send a 1-2A pulse for several ms, which is needed to fire the Mg bulb
-C3 holds enough charge to turn on the Q1 and charge C2 above Ugs0 threshold of Q2.
-L1 and D1 will swing the C2 voltage at least 50% above Vcc1 - if Vcc1=2.0V, the Q2 gate will come to 3.0V
-C3 and C1 hold enough charge to fire Mg even if there is a short circuit on Vbat or Vcc
-LED1 and LED2 will warn Alice not to connect the bulb if something is not ready. Mg bulbs are not expensive, but misfiring close to naked eyes is not pleasant, especially in the dark.
Schmitt trigger built around IC2:
-IC3 and D6 provide a stable voltage threshold reference
-IC2 output will drop low and trigger if Vcc1 or Vbat drop too low - battery drained or short circuit somewhere
-IC2 wil also trigger if S3 is pressed, or if IC1 decodes a firing command from the MCU
-IC2 trigger will be blocked through D3 if IC1 decodes a "disarm" command from the MCU
Barometric sensor BME280 add-on:
-Communicates with MCU through bitbanged I2C interface
-Air is sucked out of the box with a vacuum pump when arming the box, down to 0.5-0.7 bar.
-If the air pressure (temperature compensation must be taken into count) changes (due to a possible drilling attack), the zeroization will be triggered
If some general-purpose Trojan copies the SRAM contents to secret EEPROM or FLASH, Eve could restore the SRAM after opening the box and copying the SD card. However, she won't be able to restore the secret response code from a burnt paper or tape.
Mallory could also plant an application-specific Trojan that would sabotage the Mg bulb firing. This is why IC1 is installed. This kind of Trojan needs to recognize the papermail box firmware in order to work- this is why Alice and Bob will have to write their own version, not use the exact one published in Elektor. Their version will have whole 32kB of MCU flash filled with obfuscated code - the most of that code will be useless, just to camouflage the useful code. The PD1-PD4 and PB4 outputs will be constantly pseudo-randomly shuffled, but only 2 out of 16 combinations will do something useful (fire or disarm). These decoder outputs are chosen by hardwire jumpers JP1 and JP2, which can't be read or altered by Mallory's Trojan.
mg-bulb-and-a-cassette-tape.jpg (587kb)
mg-bulb-and-paper.jpg (718kb)
Mg_flash_analog_memory_ver5.pdf (24kb)
BST-BME280_DS001-10.pdf (1892kb)
160109-1-BME280-eBoB-v1.0-circuit-diagram.pdf (37kb)