Hi,
A part client floated an RFQ by me for comments before sending it out for bid (I'm not interested in the job).
One aspect that caught my attention was the potential for malicious "subversion" of the device by manipulating the (unprotected) inputs. I.e., an "adversary" could (easily) gain physical access to the (digital) inputs and try to "confuse" the device (by presenting conditions that the device shouldn't encounter in normal operation).
I can advise him of this vulnerability and mechanisms to detect/protect against that subversion.
But, an adversary can also choose to destructively attack the device -- e.g., connecting a hand-held tesla coil to the digital I/O's (singly OR in groups!)
I've designed devices that deliberately "fail" under such assaults by leaving the input "nonfunctional". In my cases, I don't even care that the input is "dead" -- unless someone needs it to be "un-dead"!
But, in his case, he either needs the input to be robust/resilient (recovering when the assault is over) *or* an INDICATION that it has failed -- so he can decide whether or not it needs to be repaired, soon.
Assume each input is a pair of conductors that are shorted (or opened) to signal the events of interest. Assume they are low frequency (~10 Hz). Low power and low cost (always!) are the only other prerequisites.
What can I point him at? I.e., is this a reasonable criteria for him to include in the RFQ? Or, should he just see what bidders have to say (and hope some notice the vulnerability and offer good suggestions)?
Thanx!
--don