Component Vulnerability Assessment Improves Design Security
Key Takeaways
-
Communication protocols that become accessibility points for attackers.
-
How unauthorized changes in fabrication and assembly result in security flaws.
-
Best practices to defend against subterfuge in design or operation.
Enabling access while curbing security weaknesses is an important delineating design facet
The internet of things (IoT) has rapidly transformed latent sensor data into a wealth of valuable information for companies to harness. With this comes the new potential for functionality and automation that has thus far been overlooked. As systems tend towards greater integration, the possibilities seem nearly endless.
However, the ubiquitous ability of online interaction and remote access in modern electronics has a downside. The more devices interface, the more they open themselves up to external assailants hoping to gain access to control or sensitive data. Methods of gaining entry to devices continue to become more advanced, and architecture must be ready to meet the challenges of today’s security. Component vulnerability assessment is one manner of quality assurance that can ensure that devices are not only protected against post-manufacturing attempts to access data streams but also in-manufacturing with malevolent alterations to design intended to create significant defects in operation.
Securing Unauthorized Software Access
Vulnerability assessment examines the potential weak points of a network and offers a host of solutions to bolster overall system security. Foremost, component vulnerability assessment must evaluate all the potential access routes to software protocols that would make it liable to attack. These backdoors should be ranked by the level of susceptibility and the danger unauthorized users could cause were they to gain access. A standard checklist for software vulnerabilities may include:
-
Wireless assessment - A penetration test is performed on the device in an attempt to reverse engineer security features based on extant vulnerabilities. The test acts as an outside agent that attempts to access, scan, and establish continued network activity to build an attack. For long-term deployment, attacks will be designed to operate in a fashion that covers their operations to anonymize or prevent discovery. With the intercommunication between access points, it’s likely that a singular weakness becomes a systemic one.
-
Operating system assessment - For more complex designs, an operating system may be required to execute the software overhead. With a more robust system, however, comes a plethora of methods for outsider intrusion. DDoS and buffer overflow are a couple of ways a system can be exploited through general system instructions that render inoperability or override critical system functionality.
-
Database assessment - While not a direct consequence of design or security hygiene, component vulnerability assessment can extend to the databases where pads, land patterns, boards, and other similar files are stored. Without the necessary precautions, alterations to files used in board design could lead to an increase in time spent on reproducing design files or altered files that have been previously validated.
Component Vulnerability Assessment Extends to Hardware
While vulnerability assessment is often thought of as being confined to the realm of data, PCBs primarily represent hardware devices. As such, component vulnerability assessment, alongside other physical elements of the board, allow for potential software exploits. Moreover, compromising the design via hardware is its own entire realm of security concerns. In some ways, these attacks can be much harder to discern than those arising from software, as maleficient actors can set up and perform these during board manufacturing stages in what is commonly referred to as a Trojan.
Network attacks, though much more prevalent, are usually easier to detect than a change in fabrication or assembly. While there are many verifications and inspections a board must pass on the way to validation that serves to defer most attempts at subterfuge, highly skilled and sophisticated methods exist to keep quality assurance on their toes:
-
Component alteration - Replacing passives with slightly different characteristics that operate but can significantly reduce mean time between failure (MTBF) by creating threshold under or overvoltage conditions. This method is far more insidious and likely to pass an inspection than a swap of entirely different functional components.
-
Targeted electromigration - Electromigration is the movement of ions within a metallic structure due to gradual shifts in momentum. Once a significant barrier to IC manufacturing, Black’s equation and elevated temperature testing have provided an engineering approach to solve this issue. Unchecked, electromigration can lead to severe degradation in the crystal structure of the metal strip due to grain boundary or surface diffusion. The same conditions that create electromigration, high current density relative to the width of the trace, can ultimately cause thermal issues that need to be addressed due to the displacement of metal ions. Artificially, this can be induced by shrinking the trace width. Only a small reduction can result in significant disruptive effects. Components can either fail due to current crowding that creates charge density above rated specification, or alternatively, become starved by being at an upstream location of the electromigrated trace.
Steps to Alleviate and Address Security Weaknesses
On the software side, it’s important for designers to be cognizant of some basic network protocols and their functions. Doing so will provide knowledge not only as to where attacks may develop, but how they propagate through a system. Similarly, programmers should be aware of how security functions interact with the system in order to maximize their detection and response capabilities.
To combat the potential for physical Trojan inclusion, tests need to create conditions that effectively intercept attempts to override board functionality. Boards should contain adequate space for test point placement, which allows for a thorough check of components to ensure compliance with the BOM/schematic values. In-circuit testing can quickly verify component parameters and whether they are in adherence with proposed specifications. Furthermore, passive test points do not compromise data security in any meaningful way. Testing for a reduction in trace widths is a slightly more involved method; the loss of inductance and capacitance can be most easily detected as a change in the resonant frequency of the trace.
For any concerns relating to component vulnerability assessment, Cadence’s set of PCB design and analysis software provides teams with a wealth of options to ensure design integrity and future proof against evolving threats.
Leading electronics providers rely on Cadence products to optimize power, space, and energy needs for a wide variety of market applications. If you’re looking to learn more about our innovative solutions, talk to our team of experts or subscribe to our YouTube channel.