Implementing Physical Layer Security in IoT Devices Using Additive Manufacturing
Ziv Cohen
Application Manager, Nano Dimension
Imagine the scenario: an important surveillance asset or other battlefield asset is captured and the enemy starts probing the circuit board for data connections and communication capabilities to try and reverse engineer the system. Important electronic military assets need some measures for physical layer security at the board level and at the firmware level to prevent this type of tampering. These security measures span beyond mission-critical battlefield systems and include government WiFi networks, cellular networks, premises that hold important IT assets, networking equipment, and much more.
At the PCB level, physical layer security measures can be designed to detect and report tampering, or even to disable a device upon tampering. As part of a Defense in Depth strategy, there are some simple design choices that can provide physical layer security for Internet of Things (IoT) devices used by the military or any other organization that wants to prevent and detect tampering. Using an additive manufacturing system to implement physical layer security in IoT devices provides greater design freedom and security for sensitive systems.
You can implement physical layer security in IoT devices with the right design and manufacturing techniques.
Board-level Physical Layer Security for IoT Devices
Security at the firmware/software and wireless communications level is its own beast that requires encryption, frequency hopping, or other measures to prevent an unauthorized party from receiving and reading important information. At the board level, physical layer security measures are intended to prevent probing circuits, prevent reverse engineering of a system, or disable a device should the system be tampered with. Here are some of the goals of physical layer security and how they can be implemented:
Disable the Device Upon Tampering
The simplest way to prevent tampering is to place a lock on the enclosure, but this can easily be defeated with the right hand tools. In addition to designing a tamper-resistant enclosure for electronic systems that carry sensitive information, preventing tampering can involve disabling a device. It may be desirable to wipe the system’s memory or destroy sensitive components in the event the device is tampered with.
This is most easily done by triggering an electrostatic discharge or short circuit in the event an enclosure is opened. This can disable or destroy critical components in the board in the event a device is captured. Another option for a board that must run with perpetual uptime is to design a fuse or switch in the enclosure. If the enclosure is ever opened, the switch/fuse can cut power to the rest of the board and send an alert to a base station.
Prevent Probing of Conductors
Conductors that carry data or analog signals can be probed with a test instrument, and probing should be prevented to ensure data security. An easy way to do this is to simply bury conductors in the internal layers of a multilayer board. Using stripline routing is desirable for high speed and high frequency signals, and it provides the added benefit traces cannot be probed without destroying the board.
Similarly, designing a unique buried via architecture in the interior layers can eliminate access points. In typical multilayer PCBs, this would involve using buried vias with non-conductive fill between interior layers. For any vias that reach the surface layer, these vias would need to be completely covered in thick solder mask to prevent tampering, and only vias that do not carry sensitive signals should be allowed to reach the surface layer.
Prevent Probing of Components
Sometimes, the least elegant solution is the best solution. In order to prevent reverse engineering a system in the event it is captured, sensitive components should be blacked out so that attackers cannot directly identify the manufacturers or model numbers. One solution is to encase a component in a non-conductive epoxy. This prevents attackers from physically probing pins on components.
A more elegant solution is to embed components and conductors directly into the substrate. Once a component and its electrical leads are encased in the substrate, they can’t be accessed without destroying the board, effectively preventing the tampering of the device.
Gathering information from a working circuit board is as easy as tapping probes on different conductors.
Security measures like component, trace, and via embedding in a multilayer PCB are simple to implement with an additive system for electronics, while these same measures can be difficult and costly to implement with a standard PCB manufacturing process. However, fabricating a multilayer PCB with a unique interconnect architecture or embedding components in the substrate are easy when you work with an additive manufacturing system.
Adding Physical Layer Security to IoT Devices with Additive Manufacturing
The unique characteristics of additive manufacturing systems make them ideal for adding unique physical layer security measures to your PCBs without exposing your designs to an external manufacturer. These designs can be produced with a fixed lead time that only depends on the weight of materials used for fabrication, rather than on the complexity of the board’s architecture. Board-level physical layer security measures are very difficult and costly to implement with traditional PCB manufacturing processes, yet they can be quite easy to implement with an additive manufacturing system since the “layer by layer” manufacturing concept eliminates much of the design constraints. This makes it possible to make designs with, up until now, almost impossible geometries.
Using an additive manufacturing system to implement physical layer security in IoT devices allows designers to take control over intellectual property and prevent exposing their security measures. Using the right additive manufacturing system for in-house prototyping and production allows designers to experiment with new physical layer security measures and implement those that work best for new products. A designer can produce a single complex device with experimental physical layer measures without sending their design to an external manufacturer.
These designs with experimental physical layer security measures can be produced with fixed fabrication time, regardless of complexity. This increases the number of design iterations, hastens R&D cycles and helps ensure a physically secure product can be deployed in less time. Working with an inkjet 3D printer is ideal for implementing complex board-level physical layer security in IoT devices and in other systems.
The design freedom provided by additive manufacturing systems allows designers to easily innovate and implement physical layer security for IoT devices. The DragonFly LDM system from Nano Dimension is ideal for on-demand fabrication of complex electronics with a planar or non-planar architecture. This system is ideal for implementing physical layer security in IoT devices and other sensitive systems. Read a case study or contact us today if you’re interested in learning more about the DragonFly LDM system.
Ziv Cohen has both an MBA and a bachelor’s degree in physics and engineering from Ben Gurion University, as well as more than 20 years of experience in increasingly responsible roles within R&D. In his latest position, he was part of Mantis Vision team—offering advanced 3D Content Capture and Sharing technologies for 3D platforms. The experience that he brings with him is extensive and varied in fields such as satellites, 3D, electronic engineering, and cellular communications. As our Application Manager, he’ll be ensuring the objectives of our customers and creating new technology to prototype and manufacture your PCBs.