anti-tamper circuit for Arduino Mega

Hi,

I need to make an arduino Mega tamper-evident. The traditional way of doing this is to put a micro-switch under the lid of the box that the device is in and when the lid is removed the switch operates.

I need to be able to detect that this has happened even when the power is disconnected and the processor isn't running. Any suggestions as to how to do this? I'm thinking something along the lines of a normally charged capacitor that get's discharged when the microswitch closes. This can be connected to one of the input pins, and as soon as the processor is powered up the state of the pin is checked and thus the tampering has been detected.

I suspect that this method probably wouldn't work because the capacitor would lose it charge naturaly over just a few hours. Another option would probably be to use a button cell to keep the capacitor charged up, but then I'd have to have some circuitry to ensure the cell gets charged up.

Is there a better way? has anyone done this before and is there a circuit diagram available? I guess I'm looking for some sort of one byte storage device that will work with no power, does such a thing exist?

Cheers

A smoke bomb?

Have a look for "flip dots", you could probably rig one up to a battery (can't think of a way to do it with no power at all) through the switch.

Is it important that the opener not know something has been set?


Rob

Version 2, a stiff wire mounted on a spring that allows the wire to rotate by 180 degrees, prime the wire when you close the door, open and it will spring to the other position.

No good if it has to be discrete though.

EDIT: Actually you wouldn't need the wire, just a small spring that wouldn't be very obvious.


Rob

If it's an enclosure why not put some tamper-evident tape on the enclosure:

--
The Arduino Drum Machine: MIDI development system with 14-track MIDI drum machine sequencer / groove-box software

Thanks for the responses, just to clarify, the arduino device will be writing data to an SD card sealed inside the same box. The anti-tamper device is needed to guarantee the integrity of the data on the SD card, I'm not trying to stop anyone from opening the box, I just want to ensure that if they do I get to know about it! It doesn't mater if the persons who opens the box knows he's been caught, but he mustn't be able 'reset' anything or cover his tracks in any way, that why it needs to be something electrical, rather than something mechanical.

Maybe this is just out of my imagination, what if you have a light-sensitive film, like a regular film. You tape it in the box in a dark room. If you want to check it, take it back to the dark room and look at it under red light. ?!

Is the device on line except when tampering is taking place? Is evidence of powering down and back up evidence of tampering?

Are you thinking of detecting sophisticated malicious tampering or regular wonder-what-is-in-the-box? tampering?

Since you have an SD, is a RTC part of the mix?

Perhaps you could spring load the backup battery into and out of the holder. Figure out a way to pull a battery retainer wire after the battery is secured by the lid or cover. it would catch you as well. Amplify this effort with a mandatory write the time to the disk every little while. If not to the file, then maybe update the last modified date in the directory of the file. There are lots of ways to leave tracks in the files. If you need to know how to set the time after it is all locked up and boots the first time, drop an email

In line with this last theme a spring switch could change an input and write that fact to a file, or erase a file.

The SD and RTC give you lots of options.

Simple... weld / glue the box shut.

Fill the box with potting compound (epoxy, machineable wax, silicone, etc)...

How about this solution: Use conductive glue to seal the box top on, with jumpers leading from the seal to an analog input. Write code to sample the value of the connection and store in the EEPROM (or where ever) on startup (one-shot). If the box is opened, the glue seal would be broken. Putting it back together, even if the contact is made, will likely change the resistance by a large percentage (vs differences due to age and temperature, which will likely occur over time, but be much smaller). To reset, clear the EEPROM, and re-glue. Likely you would want to use a non-epoxy conductive glue, unless you want a more physical barrier (many conductive glues use silver-bearing epoxy; I think there are silicone as well as polyurethane-based conductive glues as well).

Another very effective method for securing things ... padlock. Get a box with a lock hasp.

If your not trying to keep anyone out, but rather just to know that the door has been opened, then just some evidence type paper sticker or other broken seal indicator is more then enough? I think any electrical circuit is kind of overkill for your stated needs?

Lefty

I really like the paper sticker. It meets about every criteria for everything. Good call

Write the event to EEPROM?

Lima7:
I need to be able to detect that this has happened even when the power is disconnected and the processor isn't running.

Why this particular requirement? For an unpowered circuit to "know" something is pushing it a bit. Are you trying to minimize battery consumption?

And most other things can be undone by someone who has physical control over the device.

How about this? Have the Mega powered by a battery, but be in low-power sleep mode. Have an interrupt connected to a switch that is attached to the lid (or walls or whatever) of the box. The switch causes the interrupt to wake up the Mega from sleep. It takes a few microseconds to write into EEPROM some zeroes, on top of some random secret number only you know. Now even if they are a computer expert, and power up the Mega, and check the EEPROM, they won't know what data used to be there before it was overwritten, so they can't put it back.

As for some of the other solutions - how does the original poster get to his device to know if it has been tampered with, without triggering the anti-tamper action (like opening the box?). If he can get the data from it without opening it (and triggering the security device) then why can't someone else?

Thanks guys, lots of good ideas.

The device in question is a gps data logger designed for long-distance cycling. The requirements are the organisers, not mine. I think it's overkill, but the idea is that the data integrity needs to be guaranteed whilst the device is on and logging, and the device integrity needs to be guaranteed even when the device is powered down. The main power for the device is external, I could add an extra internal button cell just for the anti-tamper circuit, but then I'd have to add circuitry to charge it.

The data being written to the SD card is encoded, the idea is that every time the device is powered up it will check if it's been tampered with, and write the results of that check (in an encrypted format) to the SD card. So long as no-one works out how to write encoded data to the card themselves then the data should be secure.

The use of low power sleep mode looks good - I wasn't aware the arduino had this option, I'll do some research on this. Thanks

Use the paper seals and write firmware to force creation of sequentially numbered files. Each reboot creates the next file, never a repeat. While everyone is waiting to start, the data will accumulate to file # x. A few minutes before the race starts every one presses the reset button. File # x+1 is created. After the end of the race the box is reset again and file x+2 is created and logs a little data. The timing, presence of the file, and the continuity of data verifies the validity.

If the race goes for more than one day, the thing is shut down with or without opening the box and process starts again in the morning with a new sequential file. If the battery is changed or other accident, it will start over when power is applied.

A secure web based application would accept upload of the data, provide as much scrutiny to the recorded data as desired, format the data and allow public access to view it.