1. Home
  2. Electronics Design
  3. Protecting a data bus from malicious attack

Protecting a data bus from malicious attack

I'm currently involved in freedom of information litigation before a tribunal here in Australia.

One of the issues I need to address is the extent to which knowledge of the physical and logical structure of the bus would allow a malicious actor with physical access to the bus to sabotage it.

I want to argue that this is not a practical consideration because there are much easier ways of doing that.

My thinking for an attack is first to place something like 24V on the bus from a very high current source (couple of Sealed Lead Acid batteries), to blow any TVS diodes. If they fail shorted, then the job is done. If they vaporise, then the next step is to put rapid 25KV pulses on the bus, using an ignition coil and a suitable driver. That should kill anything connected to the bus, even through ordinary optical isolators or Ethernet transformers.

But is there a way to defend against such an attack? I can see resistors connected before the TVS diodes where a device is only reading the bus, but not where it has to be able to drive the bus.

Thoughts on a defence, or a more devastating attack? Has to be portable

- no mains supply.

Reply to
Sylvia Else
Loading thread data ...

You're over thinking it. A hammer is all the MALACT would need.

Reply to
Bob Engelhardt

Or zinc dust galvanising paint in a spray can.

ISTR there are weapons based on carbon fibre strands and/or graphite intended to take out HT mains distribution systems.

formatting link 

--
Regards, 
Martin Brown
Reply to
Martin Brown

I have worked in safety critical areas where there was a specific requirement to cope with 24V supplied on any pin, indefinitely without permanent damage or adverse reaction.

A mixture of transorbs and limiting resistors were used, and in order to mitigate failure of a single component, 2 transorbs and 2 resistors were used for each pin connected to the outside world. I might add this included the driver side.

Without knowing more it really is very difficult to comment.

--
Mike Perkins 
Video Solutions Ltd 
www.videosolutions.ltd.uk
Reply to
Mike Perkins

Do you just want to blow it up? Tapping any normal data bus with line voltage will blow every chip in sight. I know, because I did that once.

Ignition coils don't deliver much energy. A charged capacitor would be lot more effective.

--

John Larkin         Highland Technology, Inc 

Science teaches us to doubt. 

  Claude Bernard
Reply to
jlarkin

For slow bus defence is pretty easy: use "open collector" signaling with keyed current sink on output and current source on input. Plus HV diodes to protect against reverse polarity. Using lovely

2N3904/2N3906 one can tolerate 40V for indefinite time. Bipolar HV transistors seem to be dirt cheap, so without increase in cost one can get to something like 300V. For higher voltages use depletion mosfets as current limiter. Of course we still need something to protect against high voltage spikes, but that my be high voltage TVS or even spark gap (if semiconductors are resistant enough).

It is pretty clear that knowledge of physical structure of the bus is helpful in an attack. One probably needs to try increasingly higher voltages (say doubling voltage after each trial). Assuming that HV protection is via spark gap I would expect that failure will by burning out the line, which would requre rather special source, capable of high voltage needed to trigger spark gap, but after that delivering high current at lower voltage.

Also, it is not clear what sabotage you have in mind. If you want to disable the bus, then just shorting it should be enough (alternatively break it). If you want to induce malfunction into device connected to the bus by electic interference on the bus, then in well designed system this should be impossible (smaller perturbation should be absorbed by protective elements, larger burn the line or a fuse). OTOH if they do not want to tell you about physical structure, then I would expect rather lame protection...

--
                              Waldek Hebisch
Reply to
antispam

"We need to keep it secret for your security" is code for "We need to keep the fact that it is not secure a secret".

Are you looking for a witness to testify against security through obscurity? I am not he, but have heard several very convincing arguments. FSF may be able to assist.

Optical isolators are available in higher separation voltages, there's no upper limit: If you go high enough they manufacure the two sides and the channel as separate pieces.

For the 24V threat: "polyzen" type combined self-resetting fuse and TVS - the TVS triggers the fuse earlier.

for the kilovolt threat: gas-filled impulse supressors like used in comms equipment

crowbar crcuits.

low impedance 35KV impules like from a capacitor, EMP device.

--
  Jasen.
Reply to
Jasen Betts

If one has that kind of access, some battery acid squirted or poured in through the access hole will short everything together, even as it starts dissolving everything. Actually, battery acid can make its own access port.

Then there is the old standby, a fire axe.

Joe Gwinn

Reply to
Joe Gwinn

I've seen Coca~Cola do guitar amps in. Accident ya know. ;-)

Reply to
gray_wolf

All gone, unfortunately. They're amazing devices, but Tyco wanted a buck apiece in volume.

Physical and chemical attacks are harder to defend against, but maybe not impossible. A good conformal coating would help resist the spray galvanizing attack. Silicone conformal coating ought to resist most acids as well, at least for awhile.

There's always lighter fluid and a Zippo. ;)

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs 
Principal Consultant 
ElectroOptical Innovations LLC / Hobbs ElectroOptics 
Optics, Electro-optics, Photonics, Analog Electronics 
Briarcliff Manor NY 10510 

http://electrooptical.net 
http://hobbs-eo.com
Reply to
Phil Hobbs

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.