Figure 2 Implementation of AT Safeguards
replaceable unit (LRU) or pluggable
circuit board, the printed wiring board
(PWB), and the silicon. Figure 3 shows
two Abaco products: a 6U OpenVPX
rugged single-board computer and a
ruggedized display computer.
AT from the Ground Up
The threat model for a given systemwill
vary depending on how it is deployed,
the capabilities of the attacker, the
type of critical technology or program
information, and other factors.
Therefore the goal is to provide useful
COTS-based anti-tamper options, and
allow the inclusion of Commissioned
aspects to best address specific
threats. To achieve this, AT principles
are incorporated into the early stages
of hardware design.
and then actively or passively thwart
them. Protection meshes and low-
power or no-power tamper sensors
can signal breaches, and physical
unclonable functions (PUFs) in silicon
provide a means to uniquely identify
devices for validation.
Respond
When a threat has been detected, the
system can actively respond, often by
destroying its own critical elements.
Zeroizing memory resources, disabling
communication interfaces, erasing
encryption keys, and inducing
pyrotechnic or high current damage
are examples of responses to a tamper
event. Figure 2 shows some basic AT
features in four layers of an example
system: the enclosure, the line
components. Active attacks include
physical intrusion and hardware
modification; as well as fault induction
through signal corruption, protocol
attacks or malicious software.
Prevent
Ideally, AT in a secure system
prevents attacks from compromising
it, but in the event that a threat is
more sophisticated than the security
strategy, it will at least work to delay
the acquisition of critical information,
in the hopes that a sufficiently
long time delay will render that
information useless. Examples of
preventive safeguards are shielding,
encapsulation, and encryption.
Detect
AT safeguards can also detect threats,
42 l New-Tech Magazine Europe