Embedded Systems Presentation

David Tietz EEL6935 Spring 2009

Paper Selected:

“Secure Embedded Systems:

The Threat of Reverse Engineering”

By Ian McLoughlin Published in IEEE 2004

Reverse Engineering (RE)

•What is it?•Purpose:

To Gain A Better UnderstandingFor Design Piracy

Methods of Piracy

•Network attacks•Insider attacks•Head-hunters•Full on RE process

Creating A Product

•A company spends time and money in development of a product•The company releases the product•The company benefits from sales•In time, competition enters the market

Which helps to improve the original design.

Why RE is bad economics

•A company spends time and money in development of a product•The company releases the product•A competitor cheaply and rapidly reverse engineers the pioneering design

Can greatly undercut the selling price

•Hinders risk-taking

Economic Analysis

•Foiling RE takes money and time•Best outcome: You stop them

You never see the benefitCompetitors break into the market anyhow

•Difficult to sell a strategy•Even more difficult to gauge success

Bad for Embedded Systems

•By nature, they are generally small, portable, widely available devices•They tend to embody valuable intellectual property designs

Goal

•Maximize reverse engineering cost•Keep increased development cost low

Reverse Engineering Process

•Functionality•Physical Structure•Bill of Materials•System Architecture•Detailed Physical Layout•Schematic of Electrical Connectivity•Software

How to Increase RE Costs

1. Additional time taken to reverse engineer the system

2. Greater levels of expertise required

3. The need for specialized equipment

RE Mitigation

•Not possible to completely prevent it•Two Methods:

PassiveActive

RE Mitigation Costs

•Increases NRE Costs•Increase in BOM•Delay in time to market

Low Cost Mitigation Techniques

•Protecting documentation•Monitor and limit information that employees may inadvertently provide•Custom casings•Missing silk screen•Wiring unused pins•Leaving unused planes on layers of the PCB

RE Mitigation of Programmable Devices

•Custom Silicon•Ball Grid Array (BGA) Packaging•Back to Back BGA Layout

RE Mitigation of Programmable Devices

•Don’t build ports onto PCB (jtag,etc)•Some provide security setting prevent readout of programmed bit stream•Use mesh overlays in custom ASICs

RE Mitigation of Programmable Devices

FPGAs:•Use Antifuse devices•Use encryption for flashing

Flash:• Fill Unused space •Encrypt

Costs of Anti Reverse Engineering

Questions?