So I though of a simple idea. Modern FPGAs and modern microcontrollers all have various firmware protection logic. Enable a simple flag in the device configuration, and you cannot read the firmware stored on the flash of the device through the device’s ports. You can also encrypt it in some cases to block an attack where someone cuts the chip open and tries to read the individual memory cells.
So all you do when you construct the “export” version of a guided missile, intended for shipping to allies you don’t trust very much (but they are the enemy of your enemy), is write a timer function in the FPGA or microcontroller firmware. The device needs a soldered in battery with a lifespan of about 3-5 years, and it keeps the timer running.
If the expiration time passes or if power to the timer is interrupted, the device wipes it’s own firmware and zeroes out it’s ram as a final step.
For the high end anti-tank and anti-aircraft man-portable missiles, this would let you ship some to Ukraine or anti-ISIS groups and the firmware expiration would prevent the missiles from being used against Americans in the guided mode later. (because the firmware on one of these things is an immensely complex piece of code. There’s image recognition, flight calculations, and years and years of R&D was needed to make it work reliably)
How so? The battery just runs the timer. If the timer undergoes a power-up cycle (there’s a way for the circuitry to tell), it zeroes the firmware. If the timer runs out, it zeroes the firmware.
I don’t see how recharging it helps. In fact, the reason there has to be a power up check is to prevent someone from removing the battery which causes the timer to not tick down when the battery is missing.
Sorry, hit post before I’d completed the thought. If the owners have complete control of the weapon, there’s very little that can be done to keep them from cloning the firmware and reverse-engineering it. You’d have to protect the protection on the protection, and sooner or later you’re going to either screw something up or compromise the weapon’s reliability.
It’s a good idea, but forgets that “locks are for honest men.”
How are they going to clone the firmware? Be specific. The firmware is inside the chip which uses modern feature sizes (10s of nanometers) for the gates. The chip is locked - the chip itself refuses to output it’s own firmware out any of the IO ports. You cannot change the firmware without erasing the whole chip.
The Department of Defense has an executive agent for anti-tamper technologies. Virtually all advanced weapons system encompass some type of anti-tamper features. Even radios that have some type of encryption will use some features to avoid an adversary acquiring and exploiting the hardware.
The idea of putting a timer on a missile so that it goes dead after a certain amount of time is probably too crude an idea to ever be used. It’s hard to imagine selling a country an advanced weapon, lets say an AIM-120 air to air missile or a Patriot SAM system, and only allow that country to use it for a limited duration. I would think the US would be concerned about having to fight alongside that country in a war that begins 48 hours before all those missiles go bricked.