How a Cybersecurity Problem Can Be a Physical Security Problem
October 23, 2023
Is cybersecurity all you need? Even though your system may be protected by “physical” security including fences, gates, guards, and cameras, is that enough? For companies building next-generation weapons systems for the military, the answer is clear.
But what about the broader non-defense market? What about designs destined for industrial, energy, communications, or automotive applications?
Cybersecurity is not enough. If you start thinking about security when designing your software, you’re already too late. All the equipment you create will fall into the hands of your competitors and bad actors. So, your hardware must be secure from the ground up.
So … under what conditions could a bad actor have access to a piece of your equipment? And what could they do to exploit your equipment’s function, extract its data, or even steal your intellectual property? Does equipment ever get “lost?” How does equipment get de-commissioned? Who services your equipment and how is it upgraded?
The answers lie in whether your supply chain is managed securely.
There are three critical areas to consider – the areas where electronic systems are the most vulnerable. And, thankfully, there are things you can put in place to address that.
- Manufacturing - building your printed-circuit board, assembly, and test. During programming of non-volatile devices, are you using hashed and signed images? Is there an auditable log of what’s been provisioned, the number of boards that have been provisioned and the number of boards that have failed the outgoing test? Are these logs hashed and signed? Also, are debug ports disabled?
- Shipping to your clients, distributors, and resellers. Can you account for units shipped versus units received by your customer? Most customers will tell you right away, “Hey, we’re short one!” But what if the customer missed one, for any reason? You would have to assume you have a piece of equipment in the wild. Also, can you and your customer verify the integrity of the equipment shipped? And that it hasn’t been tampered with in transit?
- Managing deployed equipment. Are there anti-tamper seals on the equipment? Are only authorized technicians allowed to service equipment? Are remote updates allowed? And if so, are the images verified to be intact and authentic? Are there mechanisms in place to prevent roll backs? And finally when equipment is de-commissioned is it zeroized? Made inoperable? Destroyed?
If the answer is “no” to any of the above, you should strongly consider semiconductors that have anti-tamper countermeasures built-in so you can tailor your tamper responses to the risk scenarios a piece of equipment is likely to see during its life cycle.
Here are some of the most important features to look for:
- Digital tamper flags
- Ensure your selected hardware device has analog windowed voltage detectors that give you high and low trip points for each critical supply. It is important for these detectors be high speed analog comparators to detect voltage glitches which are sometimes used to trigger faults in the device.
- Digital windowed temperature – this gives you a high and low die temperature.
- Raw voltage and temperature values from a built-in temperature detector
- A system controller slow clock indicating a system controller brownout condition.
- A digital bus that indicates the source of a device reset – whether it’s a DEVRST pin, tamper macro input, system controller watchdog, security lock tamper detectors have fired, or any other type of reset.