Aug_EDFA_Digital

edfas.org ELECTRONIC DEV ICE FA I LURE ANALYSIS | VOLUME 23 NO . 3 14 but, as will be seen, simply adding a component is much easier. Other assumptions (such as how such an attack could be carried out, how difficult or expensive it would be, or who would need to be involved) depend on the type of attack and will be explained below. As will be shown, a successful attack only requires two to three skilled indi- viduals, and theonly expense is the cost of thebareboards. REVIEW OF CIRCUIT-BOARD DESIGN, FABRICATION AND ASSEMBLY To understand how a circuit board can be altered, it is worth reviewing how they are created and put to use. Circuit boards are a means to an end. They are used to houseelectronic components andprovidewiring intercon- nection between components. As a result, they are found in nearly all electronic products. Therefore, circuit-board design normally lies at the center of product design. The design of a circuit board starts with an idea for a product. The shape of the circuit board is dictated by the product’s mechanical design and the wiring on the board is dictated by the electronic needs of the product. The first step is the creation of a schematic. The sche- matic is a graphical representation of all the components and how they are interconnected. The schematic is a logical diagram, not a physical one, showing how com- ponents fit together, how they receive their power, etc. For designers, the schematic is the “gold standard” that describes how a design ought to be. The second step is the creation of a layout. Here, a physical representation is created. Guided by the inter- connections found in the schematic, the layout contains the location of each component and the wiring intercon- necting them. Automated tools allow comparison of the layout to the schematic to ensure that the interconnec- tion network specified by the schematic is captured in the layout. After both have been created, checked, and double- checked, the circuit board design can be sent out for fabrication. This is a crucial step for at least two reasons. First, the board design is converted to a set of design files. In the case of the most commonly used file format (Gerber, discussed more in a moment), the files actually represent a loss of information. Rather than capturing the interconnections of a design, a Gerber file is merely geometric, specifying the rectangles and circles needed to create the circuit board. Second, the design files almost always leave the company. At this point the files no longer enjoy the cyber-security protection of the companywhere they were created. As with any files that exit a company, keeping track of the files and preventing unwanted access becomes more complicated. The circuit boards are then fabricated using the design files. Often features are added to the boards by the fabrica- tor, such as the name of the fabricator and safetymarkings that indicate the flammability rating of the material used to construct the board. Tomake a long story short, fabrica- tion involves creation of masks and a photolithographic process involving photographic exposure, chemical etching, stacking, laminating, drilling, and plating. The important point is that the design files are used to create actual, bare circuit boards. Themost common design-file format is the Gerber file format, or RS-274X. A Gerber file contains the geometric information needed to formwires, vias, and other circuit- board structures. It is an exact description of the geometry of every circuit-board feature. AGerber file has no informa- tionabout thewiringother than its geometry. For example, it does not contain any signal names. The actual Gerber file is human-readable; it consists of ordinary ASCII (plain computer text) characters and can even be editedwith an ordinary text editor. Because it is sowidely used, there are numerous (perfectly legitimate) software packages avail- able to view and edit Gerber files graphically. The fabricated circuit boards are sent to specialized manufacturers for assembly into complete boards. The components that the board was designed to hold are placed and soldered onto the board. The completed assemblies are tested and, if necessary, repaired, and sent on to the rest of themanufacturing process. For example, boards are almost always then placed inside mechanical assemblies. Eventually, complete working products are shipped to customers. This process is summarized in Fig. 1. Every step in this process is vulnerable to a different extent, and so oneway to classify possible attacks is by considering the point at which the alteration is made. REVIEW OF PROCESSOR-BASED DESIGN One aspect of a possible circuit-board attack is to consider where an attack might be made. As will be seen, the key to a successful attack is stealth, placing an extra component in such a way as to make it unlikely to attract notice. A corollary is that a smaller component is easier to hide than a large one, and a consequence is that the smaller number of signals involved, the easier it is to hide an extra component. Also, many modern buses use