Embedded Systems Presentation David Tietz EEL6935 Spring 2009.
-
Upload
mark-wilkins -
Category
Documents
-
view
215 -
download
2
Transcript of Embedded Systems Presentation David Tietz EEL6935 Spring 2009.
Embedded Systems Presentation
David Tietz EEL6935 Spring 2009
Paper Selected:
“Secure Embedded Systems:
The Threat of Reverse Engineering”
By Ian McLoughlin Published in IEEE 2004
Reverse Engineering (RE)
•What is it?•Purpose:
To Gain A Better UnderstandingFor Design Piracy
Methods of Piracy
•Network attacks•Insider attacks•Head-hunters•Full on RE process
Creating A Product
•A company spends time and money in development of a product•The company releases the product•The company benefits from sales•In time, competition enters the market
Which helps to improve the original design.
Why RE is bad economics
•A company spends time and money in development of a product•The company releases the product•A competitor cheaply and rapidly reverse engineers the pioneering design
Can greatly undercut the selling price
•Hinders risk-taking
Economic Analysis
•Foiling RE takes money and time•Best outcome: You stop them
You never see the benefitCompetitors break into the market anyhow
•Difficult to sell a strategy•Even more difficult to gauge success
Bad for Embedded Systems
•By nature, they are generally small, portable, widely available devices•They tend to embody valuable intellectual property designs
Goal
•Maximize reverse engineering cost•Keep increased development cost low
Reverse Engineering Process
•Functionality•Physical Structure•Bill of Materials•System Architecture•Detailed Physical Layout•Schematic of Electrical Connectivity•Software
How to Increase RE Costs
1. Additional time taken to reverse engineer the system
2. Greater levels of expertise required
3. The need for specialized equipment
RE Mitigation
•Not possible to completely prevent it•Two Methods:
PassiveActive
RE Mitigation Costs
•Increases NRE Costs•Increase in BOM•Delay in time to market
Low Cost Mitigation Techniques
•Protecting documentation•Monitor and limit information that employees may inadvertently provide•Custom casings•Missing silk screen•Wiring unused pins•Leaving unused planes on layers of the PCB
RE Mitigation of Programmable Devices
•Custom Silicon•Ball Grid Array (BGA) Packaging•Back to Back BGA Layout
RE Mitigation of Programmable Devices
•Don’t build ports onto PCB (jtag,etc)•Some provide security setting prevent readout of programmed bit stream•Use mesh overlays in custom ASICs
RE Mitigation of Programmable Devices
FPGAs:•Use Antifuse devices•Use encryption for flashing
Flash:• Fill Unused space •Encrypt
Costs of Anti Reverse Engineering
Questions?