11-04-2013, 04:55 PM
Smart Metering: Security threats and Counter measures
[attachment=52982]
How Much Security?
What are you trying to protect?
What types of attack do you need to protect against?
What are the likely attack points, and methods?
How much security do you require?
•How much are you willing to pay?
How will security impact the underlying system?
How will you upgrade/maintain the system and security over time?
Physical Access to Components on Board
Using BGA packages increases the difficulty of casual probing, manipulation, and attack, due to the fact that all die connections are located underneath the device packaging
It is also recommended to add some type of epoxy encapsulation or glue to help prevent easy removal of components.
Another solution is to employ Chip-on-Board (COB) packaging, in which the silicon die of the integrated circuit is mounted directly to the PCB and protected by epoxy encapsulation.
RTC Clock Compensation
A hacker may change the RTC Crystal characterstics (by variation in temperature, pressure, voltage or even by inducing certain chemicals) this running the clock faster or slower.
RTC should compensate for the inaccuracies in clock, thus maintaining accurate time.
Firmware may choose to indicate a tamper or crystal failure if compensation that needs to be done is more than acceptable range.
Debug Port Manipulation
Debug port manipulation is one of the known hackers’ ways of executing unauthorized program code, getting control over secure applications and running code in privileged modes
Debug ports such as the IEEE standard 1149.1 (AKA JTAG) provides a hacker with all the means required to break the system’s security mechanisms and get control over the OS
Unauthorized debug port usage should be strictly forbidden in order to properly secure the system
However, a debug port must be available during platform initial laboratory development, manufacturing tests and software debugging
In order to prevent debug port manipulation while allowing access for manufacturing tests and software debugging, SoC can incorporate a debug port access regulator that provides four different protection levels represented
[attachment=52982]
How Much Security?
What are you trying to protect?
What types of attack do you need to protect against?
What are the likely attack points, and methods?
How much security do you require?
•How much are you willing to pay?
How will security impact the underlying system?
How will you upgrade/maintain the system and security over time?
Physical Access to Components on Board
Using BGA packages increases the difficulty of casual probing, manipulation, and attack, due to the fact that all die connections are located underneath the device packaging
It is also recommended to add some type of epoxy encapsulation or glue to help prevent easy removal of components.
Another solution is to employ Chip-on-Board (COB) packaging, in which the silicon die of the integrated circuit is mounted directly to the PCB and protected by epoxy encapsulation.
RTC Clock Compensation
A hacker may change the RTC Crystal characterstics (by variation in temperature, pressure, voltage or even by inducing certain chemicals) this running the clock faster or slower.
RTC should compensate for the inaccuracies in clock, thus maintaining accurate time.
Firmware may choose to indicate a tamper or crystal failure if compensation that needs to be done is more than acceptable range.
Debug Port Manipulation
Debug port manipulation is one of the known hackers’ ways of executing unauthorized program code, getting control over secure applications and running code in privileged modes
Debug ports such as the IEEE standard 1149.1 (AKA JTAG) provides a hacker with all the means required to break the system’s security mechanisms and get control over the OS
Unauthorized debug port usage should be strictly forbidden in order to properly secure the system
However, a debug port must be available during platform initial laboratory development, manufacturing tests and software debugging
In order to prevent debug port manipulation while allowing access for manufacturing tests and software debugging, SoC can incorporate a debug port access regulator that provides four different protection levels represented