The present embodiments relate to testing tamper protection of a field device and to a field device having tamper protection.
Field devices, for example in the form of points, signals, or barriers for railroad crossings, etc., are usually connected to a signal tower or a control center. Field devices in the form of signaling systems are connected to a corresponding signal tower to control rail traffic, for example by temporarily freeing or blocking a particular section by the signaling system. In order to enable secure communication between the field device and the control center, the field device stores a cryptographic key that is used to encrypt the interchange of data between the field device and the control center.
In order to make it difficult for an attacker to read or manipulate this cryptographic key, hardware security integrated circuits may be used. These circuits may store cryptographic keys and may carry out cryptographic operations. These integrated circuits have sensors, for example on the integrated circuit itself, in order to detect unauthorized opening of the integrated circuit. Such a hardware security integrated circuit is, for example, the AT98 integrated circuit from Atmel, the data sheet for the AT98 may be retrieved from: http://www.atmel.com/dyn/resources/prod_documents/doc6528.pdf.
Furthermore, in the field of fire alarms or theft/intrusion detectors switches may be used that detect the opening of a respective housing or detect removal of the respective detector, for example by unscrewing it from a wall or the like. Such a switch is, for example, the Ademco 5870API model from Honeywell, the data for which may be retrieved from http://library.ademconet.com/MWT/fs2/7/5877.pdf.
Magnetic particles may be embedded in a protective layer on an integrated circuit to protect the cryptographic key. An example of this is shown in U.S. Pat. No. 7,685,438. These magnetic particles may be detected by sensors and may be used to derive and provide a cryptographic key. If the protective layer is removed, the information needed to provide the key is also destroyed, with the result that the integrated circuit may no longer communicate in encrypted fashion. This deactivates the integrated circuit itself.
Evaluation of an optical waveguide may also be used to detect physical manipulation of the optical waveguide. One such approach is illustrated in US Patent Application Publication 2008/192240.