[langsec-discuss] Isolating code for mechanical relay control ( request for ideas )

matt matt at nycresistor.com
Tue Dec 2 19:09:25 UTC 2014


Salutation and Disclaimer:

I am hesitant to post to this list, you are all amazingly awesome people (
some of whom I know IRL ).  I am hoping this is not wasting your valuable
time.  Disclaimer the pursuit I am engaged in is entirely frivolous,
however it brought up an important issue ( from my perspective ) in
security for automation of mechanical relays.  Read on for details or close
and continue on your merry way.

Background / Context:

I am working on converting a 1951 leonard to operate under the control of a
microcontroller board, the intel edison.  I intend to make the entire unit
and added sensors / devices to operate from an API of some sort.  Current
plan is python / REST.

Issue / Concern:

As with many things that involve mechanical relays, there are safety
concerns.  For one, rapidly toggling a relay can break it.  However, the
risks can grow rather greatly in the case of something like a refrigeration
condensor.  In the event someone were to compromise the refrigerators
programming or otherwise induce a scenario of the relay closing the loop
indefinitely, on many refrigeration units this could potentially cause
irreparable harm to the condensor, and even potentially ( however unlikely
) start a fire.  There are hardware work arounds, which are a good and
necessary safeguard, such as directly cutting power to the condensor based
off of a thermal sensor and/or timer hardwired into the circuit and kept
isolated from the programatic logic of the appliance.

However, this raised a point.  Is there a way to isolate an area of code
and ensure that it cannot be replaced, impeded, or otherwise changed in the
carrying out of it's duties.  In short, in software is there a way to
isolate the logic controlling the mechanical relays from any potential
intruder?  I immediately thought of tpm as a potential vector to a
solution, however no tpm on your average low power supporting MCU.

Summary / Conclusion:

Basically, does anyone have any ideas?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20141202/59e12ce4/attachment.html>


More information about the langsec-discuss mailing list