Aug_EDFA_Digital

edfas.org 15 ELECTRONIC DEV ICE FA I LURE ANALYSIS | VOLUME 23 NO . 3 extremely high-speed signaling and generally such high- speed buses are difficult to modify surreptitiously; the added wiring and capacitance is likely to make the bus malfunction. So low-pin-count, low-speed buses are the most likely targets. One common example, and the one most studied in the literature, is a serial port. Serial ports, sometimes also called craft ports, are based on the RS-232 standard and are widely used for debugging and low-level access to systems such as routers. The standard has no native secu- rity and no clearly designated bus master. One recently published article describes how a microcontroller was added to a router to give unwanted serial-port access. [3] Two buses are widely used in embedded systems and on computer motherboards, SPI and I 2 C (also known as SMBus). SPI is a four-wire interface used in a variety of sensors and as an interface to flash memory. On a PC or server motherboard, the BIOS software is loaded over a SPI bus. The SPI standard has no native security but does have a clearly designated bus master. I 2 C, or SMBus, is a two-wire interface used to connect sensors, such as tem- perature sensors, and connects a PC processor to system elements such as the power supply, clock, and fan control. The standard has no native security and natively supports multiple bus masters. In automotive circles, the bus that controlsmost auto- mobiles is a two-wire bus named CAN (controller area network). Besides having no native security, the CAN bus has no centralized controller or bus master. Reviewing the four buses, all of them are commonly supported by low-cost, low-pin-count microcontrollers. On PC motherboards, there is another bus called the lowpincount (LPC) bus. This bus is normallyused toattach a processor to a “super I/O chip” that supports serial ports and other basicmotherboard functions. The LPC bus uses sevenmandatory signals andup to six optional signals. The LPC bus normally connects a processor to a baseboard manage- ment controller (BMC). The BMC is often found on servers and enables remote access for maintenance pur- poses. TheBMC isdesigned toboot up separately and has its own Ethernet port, so that even a server with no functioning operating system can be powered up and managed via its BMC. Many motherboards have a trustedplatformmodule (TPM) which is a chip designed to provide security functions. Thismodule is typically connectedusing an LPC bus or a SPI bus. There are at least five buses found in PCmotherboards and embedded systems that have relatively low speed (10s of MHz clock speed or lower), low pin counts (seven pins or less), and no native security, and are therefore vulnerable to attack. It should be noted that it is possible to add layers of security on top of the native standards. For example, BIOS code can be protected by code signing, and the trusted platform module operating over an LPC bus has its own cryptographic protection techniques. Nevertheless, the low-level buses themselves are insecure. TAXONOMY OF ATTACKS Previously publishedwork has explained that it is pos- sible to construct a taxonomy of possible attacks. [4] The taxonomy is based on the places where an attack can be made and the manner of the attack. First, there is a taxonomy based on the point of attack. A schematic attack is one in which the circuit-board schematic file ismaliciously altered. Thiswould represent the most serious attack, as the schematic represents the entire electronic design at a symbolic level. A personwith access to a schematic would have access to all aspects of the design, including which components were used and how they were interconnected. Detecting a schematic attack might be difficult, as an attacker would have a nearly unlimited number of ways to hide an unwanted component. Conversely, mounting a successful schematic attack would be difficult. An attacker would need access to an actual schematic, and therefore would either have to be an insider (malicious employee) or would have to launch a successful cyberattack. Fig. 1 Steps in the circuit-board design process (from Russ [4] ). (continued on page 18)