Before we begin it is important to note nothing is ever 100% secure. A device that is secure one day can easily become vulnerable the next day. Nonetheless increasing security measures in modern devices, especially hyper-connected devices such as IoT products, is an important on-going topic of conversation. Although traditionally the industry has relied heavily on software-based cyber security measures, in today’s wired world engineers are beginning to find ways of implementing hardware security into their designs for an extra layer of protection from hackers and reverse engineering.
Security measures should be thoroughly discussed and thought out prior to the development of any product where it may be a top priority or concern. It is helpful to put specific guidelines in place in order to reach some level of consistency within the company. Ideally, security measures should be built into every aspect of the system, including both its software and hardware elements. Protection at the board level offers a unique opportunity for engineers to further secure their boards in case of an attack.
Keeping Your Product and Your Customer’s Data Safe
The primary objective of this post is to help you prevent attacks, damage, or access to sensitive information in your PC board. Once a circuit board has fallen into an attackers hands, they will most likely try to take it apart and reverse-engineer the design. In doing so the attacker can replicate the schematic and identify possible points of attack within the system. As a result, PCB design engineers should take special precautions to create boards that are difficult to reverse-engineer. There are several actions engineers already take to increase security in their PC boards including; using uncommon chips, scratching off the tops of chips to obscure them, and utilizing silicone solutions to harden designs making it much harder to take the board apart. These are great methods to begin implementing, however, as hackers develop more advanced tactics so should we as hardware designers. Below is a list we have compiled of additional security measures to consider when designing your next PCB:
- Remove any unnecessary test points: Removing test points will make it harder for traces to be probed by an outsider, thus preventing someone from determining where the point-to-point connections are. If test points are necessary and cannot be removed, consider using a copper-filled pad opposed to a through-hole pad to obscure the connections.
- Hide critical traces in inner PCB layers: In order to conceal critical traces you do not want compromised, consider sandwiching them between two solid copper layers to prevent them from being visible.
- Use buried or blind vias wherever possible: In an attempt to alleviate routing density two methods are available, buried vias and blind vias. Buried vias connect two or more inner layers, but no outer layers and therefore cannot be seen from either side of the board, where buried vias avoid the top and bottom layers. Both methods reduce the potential probing points for an attacker.
- Use advanced packages like Ball Grid Array (BGA) and Chip-on-board (COB): Advanced packaging limits the visibility of the connections to strictly x-ray vision. Since all die connections will be located under the device packaging, it will be more difficult for an attacker to probe, manipulate or attack the board. Although there is a higher cost to advanced packaging because the verification of solder points must be confirmed through x-ray vision, in the end, if security is a concern it can be worth the expense to protect the integrity of your board.
- Align differential lines parallel even if located on separate layers: Differential signals are used to improve immunity to noise and amplify the dynamic range. Aligning differential lines parallel hides them above and below routed traces on that layer helping to obscure the visibility.
As society continues to demand connected devices in our wired world, it will become increasingly important to understand and initiate more advanced security measures. The above list has been compiled as a way to get you thinking about different tactics you can implement to increase the security of the boards you build. Just remember hackers evolve quickly, requiring you to stay one step ahead of them at all times.