New-Tech Europe Magazine | June 2016

Figure 2 Implementation of AT Safeguards

and then actively or passively thwart them. Protection meshes and low- power or no-power tamper sensors can signal breaches, and physical unclonable functions (PUFs) in silicon provide a means to uniquely identify devices for validation. Respond When a threat has been detected, the system can actively respond, often by destroying its own critical elements. Zeroizing memory resources, disabling communication interfaces, erasing encryption keys, and inducing pyrotechnic or high current damage are examples of responses to a tamper event. Figure 2 shows some basic AT features in four layers of an example system: the enclosure, the line

components. Active attacks include physical intrusion and hardware modification; as well as fault induction through signal corruption, protocol attacks or malicious software. Prevent Ideally, AT in a secure system prevents attacks from compromising it, but in the event that a threat is more sophisticated than the security strategy, it will at least work to delay the acquisition of critical information, in the hopes that a sufficiently long time delay will render that information useless. Examples of preventive safeguards are shielding, encapsulation, and encryption. Detect AT safeguards can also detect threats,

replaceable unit (LRU) or pluggable circuit board, the printed wiring board (PWB), and the silicon. Figure 3 shows two Abaco products: a 6U OpenVPX rugged single-board computer and a ruggedized display computer. AT from the Ground Up The threat model for a given systemwill vary depending on how it is deployed, the capabilities of the attacker, the type of critical technology or program information, and other factors. Therefore the goal is to provide useful COTS-based anti-tamper options, and allow the inclusion of Commissioned aspects to best address specific threats. To achieve this, AT principles are incorporated into the early stages of hardware design.

42 l New-Tech Magazine Europe