SoK: A Security Architect's View of Printed Circuit Board Attacks

TL;DR

This paper reviews printed circuit board attack methods, emphasizing the importance of security architecture and implementation over solely electrical or inspection-based defenses, and highlights that many attacks can be mitigated through proper design.

Contribution

It provides a comprehensive analysis of PCBA security, emphasizing the role of security architecture and implementation, and critiques recent research focus on specific attack detection methods.

Findings

Most PCBA attacks can be prevented with proper security architecture.

Implementation errors are a major root cause of vulnerabilities.

Recent research often overlooks security architecture in favor of detection techniques.

Abstract

Many recent papers have proposed novel electrical measurements or physical inspection technologies for defending printed circuit boards (PCBs) and printed circuit board assemblies (PCBAs) against tampering. As motivation, these papers frequently cite Bloomberg News' "The Big Hack", video game modchips, and "interdiction attacks" on IT equipment. We find this trend concerning for two reasons. First, implementation errors and security architecture are rarely discussed in recent PCBA security research, even though they were the root causes of these commonly-cited attacks and most other attacks that have occurred or been proposed by researchers. This suggests that the attacks may be poorly understood. Second, if we assume that novel countermeasures and validation methodologies are tailored to these oft-cited attacks, then significant recent work has focused on attacks that can already be mitigated instead of on open problems. We write this SoK to address these concerns. We explain which tampering threats can be mitigated by PCBA security architecture. Then, we enumerate assumptions that security architecture depends on. We compare and contrast assurances achieved by security architecture vs. by recently-proposed electrical or inspection-based tamper detection. Finally, we review over fifty PCBA attacks to show how most can be prevented by proper architecture and careful implementation.