Planning a surprise party involves a lot of moving parts. Generally, one person heads up the invitations to avoid someone unintentionally spoiling the event. Logistics are important because anyone arriving too close to the celebrant will ruin the surprise. Even having too many vehicles or recognizable vehicles parked near the location can tip off someone before the ultimate reveal.
PCB security is somewhere you don’t want surprises, as these are much less enjoyable than party streamers and cake with friends. Like a surprise party, though, intense planning and construction guarantees information is only shared between trusted actors.
An Ingenious Manufacturing Solution to PCB Security
PCBs represent a dual layer of security liability, as the hardware and the data it conveys, stores, and exchanges can represent significant compromisable information. Boards stored on-site or embedded deep within a facility have the advantage of external security features preventing numerous avenues of low-risk attack, but not every installation has this luxury. At the board level, security elements are costly and highly localized, usually only able to prevent access to particular features, which may still be accessible from adjacent channels.
A major focus on hardware security relies on creating physical unclonable functions, or PUFs. Think of a PUF as a manufacturing thumbprint: because of slight variations in processes, even boards in the same lot have minor variations. Assuming a high enough resolution level exists for these parameters, security design can utilize this intrinsic manufacturing “fault” as a unique identifier. Importantly, these variations are process-dependent for the board but not state-dependent of the board. In other words, this key remains constant despite fluctuations (at least within operating conditions) in temperature and other notable metrics.
Security can take many forms, but at the hardware level, it could follow a three-pronged approach:
COVER | Using flex materials, a layer of conductive traces is placed that serve a dual purpose as a barrier that senses disruptions via capacitance and a cryptographic tool. For the former, sensors can finely measure the capacitance of these intersecting traces and detect any changes that may arise from someone damaging the cover to access sensitive information contained within. More interesting is that these traces feature some inherent randomness as a PUF that is extremely difficult to solve because it arises naturally rather than due to a mapped randomization model. |
ASSESSMENT SYSTEM | Serves as the interface between the cover and the host system, though its functionality can be encompassed by the host system instead. However, by serving as its independent security layer, there is a greater amount of flexibility in the design. The evaluation may incorporate one or many detection styles. Those include direct measurement of the PUF metric(s), generating a digital key, blanking sensitive data in the event of a breach, and general communication between the cover and host system levels. |
HOST SYSTEM | The host system initializes and identifies a heartbeat signal and synchronizes to it for a dual-layer approach to detection; all of these must occur before any communication between the host and assessment system is established. Even when communication is established, it is never direct between these two levels to prevent software vulnerabilities. Instead, any information conveyed needs to be decrypted using the particular PUF(s) of the security implementation. |
Additional Methods To Forbid Access
Security methods may prescribe to the outlined three-step approach or operate in entirely different modes. One of the difficulties with designing security systems is the totality of attacks always outpaces efforts to impede them, so systems may need to adopt multiple complementary security systems to repel intrusions better.
Some additional methods to employ include the following:
- Coating: One way to deny access to components is to coat them within a PUF system, in effect, a quantization of the overall cover outlined above. This is generally an inviable solution due to the coating cost per component, and procurement may face difficulties. While components are cryptographically secure, there is no prevention of physical access to the board, which allows for many attacks.
- Battery-powered enclosure: The entire board can be placed inside a module that stores sensitive data within volatile memory formats, lost when the power supply is interrupted. Access to hardware is prevented by a mesh wrapping that senses any disruptions to the resistance, and tight routing prevents optical inspection methods such as X-ray from peering inside. Alternatively, the enclosure can be constructed so that opening distributes pressure to the PCB, opening multiple critical connections. The power delivery for this detection circuit must exist outside of the board’s supply due to the intended destruction when compromised. Continuous battery support adds extra cost and logistics, especially for remote deployment.
- Z/C/R sensing: Although other security methods are mentioned, parameter sensing can form a security layer all its own. The major advantage of these systems is cost and field reliability, as the device operates passively without needing power. Capacitive sensors perform well across various conditions and can detect minute environmental changes, though coupling with power planes may prove challenging. For resistance and impedance measurements, systems can be set up to detect changes in the traces arising from solder deposits that attempt to bypass the system’s security.
Your Contract Manufacturer Holds The Keys To Secure System Design
PCB security requires a multidisciplinary defense to the many known avenues through which an attacker could access sensitive or proprietary data. While the exact implementation may change, designers must be confident that their system defenses provide coverage of the most common and catastrophic vulnerabilities. If your board lacks the necessary features to protect you and your customer’s valuable information, VSE can guide your revision for maximum security. Here at VSE, we’re a team of engineers who build electronics for our customers, and coupled with the finest manufacturing partners, we’re committed to producing exemplary PCBs that surpass expectations.