3

I've been trying to build up certain Embedded systems and i wonder how people make them secure. Or else it would have been reproduced well. I know there is an extent to provide security if you are using Controllers like PIC/AVR and well known chips from established companies like ATMEL/MICROCHIP/TI EEPROM. But Still i don't have any clue how they secure their Code and Hardware. I'm asking from the perspective of a Product Developer and what methods he/she normally opts for.

Or Is it like that people don't make things secure which i trust is a No.

I would extremely happy if you input some suggestions through which you make your PCB/Software not reproducible so easily...By reverse engineering enthusiasts.

All tried or tested methods or Nerdy methods would be welcome.

Anindo Ghosh
  • 50,188
  • 8
  • 103
  • 200
Rookie91
  • 2,108
  • 4
  • 29
  • 46
  • 4
    If I ever make a PCB and want it to be hard to reverse engineer I will make it multilayer with dummy tracks on the outer surfaces, superfluous vias, all 0201 SMT, grind off all markings and have additional devices mounted that don't do anything useful - maybe linked to prominent ISP connectors as a honeypot. I suspect the tried and tested methods actually just involve international patents and armies of Ferrari-driving lawyers. Security costs. – RedGrittyBrick Dec 26 '13 at 12:13
  • I will take your 0201 SMT and add 0603 metric components, buried components, buried vias and exotic material (anything but FR4) PCB. for fun, I will add an obsolete DIP component which only I have in stock. – Lior Bilia Dec 26 '13 at 12:40
  • 3
    I would put a DE-9 serial port and PS-2 mouse socket on there on there because then everyone will think it is so old it's not worth reverse engineering :) – geometrikal Dec 26 '13 at 13:21

2 Answers2

2

If your board size and thermal requirements allow this you can use a potting compound to encapsulate the PCB.

enter image description here

You wouldn't like being assigned to remove that staff and whoever does try will have to put some really serious effort and I still doubt he will be able to remove it and furthermore identify the components used.

http://www.echeloninc.com/Resins.htm

Another idea of similar nature is to fill the box with Polyurethane foam, that stuff sticks as heel and no one will be able to identify any of the components even if he manages to remove it.

alexan_e
  • 11,070
  • 1
  • 28
  • 62
  • Well, they could just xray through that stuff – Passerby Dec 26 '13 at 15:09
  • @Passerby Assuming they will manage to "read" the PCB this way, how are they going to identify the components? – alexan_e Dec 26 '13 at 15:11
  • Etching on the crystals, labels and markings in the ic's silicon, general shape for passives, board labels. Using the xray to locate pins or test points which allow a mill/router to drill down safely and precisely to access them. – Passerby Dec 26 '13 at 15:16
  • @Passerby What you describe seems to be someone with very sophisticated tools and not the norm. If your product is so valuable that someone like that tries to copy it and put all that effort then I think you'd better patent it. – alexan_e Dec 26 '13 at 15:25
  • 3
    An xray is easy to get. Anyone with a friend that works at a dental or animal hospital can get it. And a cnc? You can make your own with an arduino and a a few spare printers. Sophisticated? Nah, nothing complex. And if you look online, people do this for fun/profit all the time. – Passerby Dec 26 '13 at 19:47
  • 1
    Check this article out: [Tamper proof, tamper evident encryption technology](http://dc.org/files/tamper_proof_encryption_smta.pdf) (also [here](https://www.smta.org/knowledge/proceedings_abstract.cfm?PROC_ID=3665)). Potted. In a metal box. Surrounded by tamper-evident mesh. – Nick Alexeev Dec 27 '13 at 05:38
2

In my experience, outside of some very specialized contexts, most people don't try, at least not very hard. Most microcontrollers have a way to prevent firmware from being read. Simple PCB designs are probably easier to do from scratch than reverse engineer, and complex designs are difficult to reverse engineer no matter what you do.

The reason people don't try is every measure you take makes it a lot harder on yourself, and still only slows down a reverse engineer, if anyone is even actually trying to reverse engineer your board. Every time you have a manufacturing problem, or need to spin a new design, or need to troubleshoot a customer return, you're adding layers of difficulty on yourself.

If you happen to be someone like Microsoft or the military, you can try using ASICs or a self-destruct mechanism. Otherwise, find a good intellectual property lawyer.

Karl Bielefeldt
  • 1,744
  • 11
  • 20